diff options
author | Øyvind Grønnesby <oyving@verizonmedia.com> | 2021-03-03 13:45:22 +0100 |
---|---|---|
committer | Øyvind Grønnesby <oyving@verizonmedia.com> | 2021-03-03 13:45:22 +0100 |
commit | f5199a595b99623ccd2ec9c7c04a969640279381 (patch) | |
tree | 7d68a5aad170faecf7170ac75770bc3a3ba09cf4 | |
parent | ea47d0aae35332b0257b99bf41612c5742fd2960 (diff) |
Give tenant admin the right to revoke keys
-rw-r--r-- | controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/role/Policy.java | 5 | ||||
-rw-r--r-- | controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/role/RoleDefinition.java | 1 |
2 files changed, 6 insertions, 0 deletions
diff --git a/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/role/Policy.java b/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/role/Policy.java index ecf3d29bc1a..ad739d16ff8 100644 --- a/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/role/Policy.java +++ b/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/role/Policy.java @@ -102,6 +102,11 @@ enum Policy { .on(PathGroup.tenantKeys, PathGroup.applicationKeys) .in(SystemName.all())), + /** Access to revoke keys from the tenant */ + keyRevokal(Privilege.grant(Action.delete) + .on(PathGroup.tenantKeys, PathGroup.applicationKeys) + .in(SystemName.all())), + /** Full access to application development deployments. */ developmentDeployment(Privilege.grant(Action.all()) .on(PathGroup.developmentDeployment, PathGroup.developmentRestart) diff --git a/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/role/RoleDefinition.java b/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/role/RoleDefinition.java index 3b861c607b1..40903b02465 100644 --- a/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/role/RoleDefinition.java +++ b/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/role/RoleDefinition.java @@ -63,6 +63,7 @@ public enum RoleDefinition { Policy.tenantManager, Policy.tenantDelete, Policy.applicationManager, + Policy.keyRevokal, Policy.paymentInstrumentRead, Policy.paymentInstrumentUpdate, Policy.paymentInstrumentDelete, |