Add supporter role

author: toby <smorgrav@yahoo-inc.com> 2020-02-12 11:14:15 +0100
committer: toby <smorgrav@yahoo-inc.com> 2020-02-12 11:14:15 +0100
commit: d5bb58ac36d629e208b5234c56053f970bdcc384 (patch)
tree: 5ef3a4d99a4cb9b037808d06f6913214f81aa26b /controller-api/src/test
parent: bd386dd1642ffe2ef4cdb108f9f7c1a2c27b7ff9 (diff)
2 files changed, 25 insertions, 0 deletions
diff --git a/controller-api/src/test/java/com/yahoo/vespa/hosted/controller/api/integration/user/RolesTest.java b/controller-api/src/test/java/com/yahoo/vespa/hosted/controller/api/integration/user/RolesTest.java
index cfb5462e50a..22baedd16b4 100644
--- a/controller-api/src/test/java/com/yahoo/vespa/hosted/controller/api/integration/user/RolesTest.java
+++ b/controller-api/src/test/java/com/yahoo/vespa/hosted/controller/api/integration/user/RolesTest.java
@@ -27,6 +27,8 @@ public class RolesTest {
 
         assertEquals(Role.hostedOperator(),
                      Roles.toRole("hostedOperator"));
+        assertEquals(Role.hostedSupporter(),
+                     Roles.toRole("hostedSupporter"));
         assertEquals(Role.tenantOperator(tenant),
                      Roles.toRole("my-tenant.tenantOperator"));
         assertEquals(Role.applicationReader(tenant, application),
diff --git a/controller-api/src/test/java/com/yahoo/vespa/hosted/controller/api/role/RoleTest.java b/controller-api/src/test/java/com/yahoo/vespa/hosted/controller/api/role/RoleTest.java
index d153e218640..da2f64f2893 100644
--- a/controller-api/src/test/java/com/yahoo/vespa/hosted/controller/api/role/RoleTest.java
+++ b/controller-api/src/test/java/com/yahoo/vespa/hosted/controller/api/role/RoleTest.java
@@ -33,6 +33,27 @@ public class RoleTest {
     }
 
     @Test
+    public void supporter_membership() {
+        Role role = Role.hostedSupporter();
+
+        // No create update or delete
+        assertFalse(mainEnforcer.allows(role, Action.create, URI.create("/not/explicitly/defined")));
+        assertFalse(mainEnforcer.allows(role, Action.create, URI.create("/controller/v1/foo")));
+        assertFalse(mainEnforcer.allows(role, Action.update, URI.create("/os/v1/bar")));
+        assertFalse(mainEnforcer.allows(role, Action.update, URI.create("/application/v4/tenant/t1/application/a1")));
+        assertFalse(mainEnforcer.allows(role, Action.update, URI.create("/application/v4/tenant/t2/application/a2")));
+        assertFalse(mainEnforcer.allows(role, Action.delete, URI.create("/application/v4/tenant/t8/application/a6/instance/i1/environment/dev/region/r1")));
+
+        // But reads is ok (but still only for valid paths)
+        assertFalse(mainEnforcer.allows(role, Action.read, URI.create("/not/explicitly/defined")));
+        assertTrue(mainEnforcer.allows(role, Action.read, URI.create("/controller/v1/foo")));
+        assertTrue(mainEnforcer.allows(role, Action.read, URI.create("/os/v1/bar")));
+        assertTrue(mainEnforcer.allows(role, Action.read, URI.create("/application/v4/tenant/t1/application/a1")));
+        assertTrue(mainEnforcer.allows(role, Action.read, URI.create("/application/v4/tenant/t2/application/a2")));
+        assertFalse(mainEnforcer.allows(role, Action.delete, URI.create("/application/v4/tenant/t8/application/a6/instance/i1/environment/dev/region/r1")));
+    }
+
+    @Test
     public void tenant_membership() {
         Role role = Role.athenzTenantAdmin(TenantName.from("t1"));
         assertFalse(mainEnforcer.allows(role, Action.create, URI.create("/not/explicitly/defined")));
@@ -133,12 +154,14 @@ public class RoleTest {
         Action action = Action.update;
         assertTrue(mainEnforcer.allows(Role.systemFlagsDeployer(), action, deployUri));
         assertTrue(mainEnforcer.allows(Role.hostedOperator(), action, deployUri));
+        assertFalse(mainEnforcer.allows(Role.hostedSupporter(), action, deployUri));
         assertFalse(mainEnforcer.allows(Role.systemFlagsDryrunner(), action, deployUri));
         assertFalse(mainEnforcer.allows(Role.everyone(), action, deployUri));
 
         URI dryrunUri = URI.create("/system-flags/v1/dryrun");
         assertTrue(mainEnforcer.allows(Role.systemFlagsDeployer(), action, dryrunUri));
         assertTrue(mainEnforcer.allows(Role.hostedOperator(), action, dryrunUri));
+        assertFalse(mainEnforcer.allows(Role.hostedSupporter(), action, dryrunUri));
         assertTrue(mainEnforcer.allows(Role.systemFlagsDryrunner(), action, dryrunUri));
         assertFalse(mainEnforcer.allows(Role.everyone(), action, dryrunUri));
     }
author	toby <smorgrav@yahoo-inc.com>	2020-02-12 11:14:15 +0100
committer	toby <smorgrav@yahoo-inc.com>	2020-02-12 11:14:15 +0100
commit	d5bb58ac36d629e208b5234c56053f970bdcc384 (patch)
tree	5ef3a4d99a4cb9b037808d06f6913214f81aa26b /controller-api/src/test
parent	bd386dd1642ffe2ef4cdb108f9f7c1a2c27b7ff9 (diff)