diff options
author | toby <smorgrav@yahoo-inc.com> | 2020-02-12 11:14:15 +0100 |
---|---|---|
committer | toby <smorgrav@yahoo-inc.com> | 2020-02-12 11:14:15 +0100 |
commit | d5bb58ac36d629e208b5234c56053f970bdcc384 (patch) | |
tree | 5ef3a4d99a4cb9b037808d06f6913214f81aa26b /controller-api/src/test | |
parent | bd386dd1642ffe2ef4cdb108f9f7c1a2c27b7ff9 (diff) |
Add supporter role
Diffstat (limited to 'controller-api/src/test')
2 files changed, 25 insertions, 0 deletions
diff --git a/controller-api/src/test/java/com/yahoo/vespa/hosted/controller/api/integration/user/RolesTest.java b/controller-api/src/test/java/com/yahoo/vespa/hosted/controller/api/integration/user/RolesTest.java index cfb5462e50a..22baedd16b4 100644 --- a/controller-api/src/test/java/com/yahoo/vespa/hosted/controller/api/integration/user/RolesTest.java +++ b/controller-api/src/test/java/com/yahoo/vespa/hosted/controller/api/integration/user/RolesTest.java @@ -27,6 +27,8 @@ public class RolesTest { assertEquals(Role.hostedOperator(), Roles.toRole("hostedOperator")); + assertEquals(Role.hostedSupporter(), + Roles.toRole("hostedSupporter")); assertEquals(Role.tenantOperator(tenant), Roles.toRole("my-tenant.tenantOperator")); assertEquals(Role.applicationReader(tenant, application), diff --git a/controller-api/src/test/java/com/yahoo/vespa/hosted/controller/api/role/RoleTest.java b/controller-api/src/test/java/com/yahoo/vespa/hosted/controller/api/role/RoleTest.java index d153e218640..da2f64f2893 100644 --- a/controller-api/src/test/java/com/yahoo/vespa/hosted/controller/api/role/RoleTest.java +++ b/controller-api/src/test/java/com/yahoo/vespa/hosted/controller/api/role/RoleTest.java @@ -33,6 +33,27 @@ public class RoleTest { } @Test + public void supporter_membership() { + Role role = Role.hostedSupporter(); + + // No create update or delete + assertFalse(mainEnforcer.allows(role, Action.create, URI.create("/not/explicitly/defined"))); + assertFalse(mainEnforcer.allows(role, Action.create, URI.create("/controller/v1/foo"))); + assertFalse(mainEnforcer.allows(role, Action.update, URI.create("/os/v1/bar"))); + assertFalse(mainEnforcer.allows(role, Action.update, URI.create("/application/v4/tenant/t1/application/a1"))); + assertFalse(mainEnforcer.allows(role, Action.update, URI.create("/application/v4/tenant/t2/application/a2"))); + assertFalse(mainEnforcer.allows(role, Action.delete, URI.create("/application/v4/tenant/t8/application/a6/instance/i1/environment/dev/region/r1"))); + + // But reads is ok (but still only for valid paths) + assertFalse(mainEnforcer.allows(role, Action.read, URI.create("/not/explicitly/defined"))); + assertTrue(mainEnforcer.allows(role, Action.read, URI.create("/controller/v1/foo"))); + assertTrue(mainEnforcer.allows(role, Action.read, URI.create("/os/v1/bar"))); + assertTrue(mainEnforcer.allows(role, Action.read, URI.create("/application/v4/tenant/t1/application/a1"))); + assertTrue(mainEnforcer.allows(role, Action.read, URI.create("/application/v4/tenant/t2/application/a2"))); + assertFalse(mainEnforcer.allows(role, Action.delete, URI.create("/application/v4/tenant/t8/application/a6/instance/i1/environment/dev/region/r1"))); + } + + @Test public void tenant_membership() { Role role = Role.athenzTenantAdmin(TenantName.from("t1")); assertFalse(mainEnforcer.allows(role, Action.create, URI.create("/not/explicitly/defined"))); @@ -133,12 +154,14 @@ public class RoleTest { Action action = Action.update; assertTrue(mainEnforcer.allows(Role.systemFlagsDeployer(), action, deployUri)); assertTrue(mainEnforcer.allows(Role.hostedOperator(), action, deployUri)); + assertFalse(mainEnforcer.allows(Role.hostedSupporter(), action, deployUri)); assertFalse(mainEnforcer.allows(Role.systemFlagsDryrunner(), action, deployUri)); assertFalse(mainEnforcer.allows(Role.everyone(), action, deployUri)); URI dryrunUri = URI.create("/system-flags/v1/dryrun"); assertTrue(mainEnforcer.allows(Role.systemFlagsDeployer(), action, dryrunUri)); assertTrue(mainEnforcer.allows(Role.hostedOperator(), action, dryrunUri)); + assertFalse(mainEnforcer.allows(Role.hostedSupporter(), action, dryrunUri)); assertTrue(mainEnforcer.allows(Role.systemFlagsDryrunner(), action, dryrunUri)); assertFalse(mainEnforcer.allows(Role.everyone(), action, dryrunUri)); } |