Merge pull request #17045 from vespa-engine/freva/archive-uri-api

Set & expose archive access role in /application/v4
author: Valerij Fredriksen <freva@users.noreply.github.com> 2021-03-19 09:37:51 +0100
committer: GitHub <noreply@github.com> 2021-03-19 09:37:51 +0100
commit: eb345d955d47577f300170cbf5d4850f9b75893d (patch)
tree: b586904d2e78ab71d7e7c864ebc31dedb8a4cecf /controller-api/src
parent: 2dbcab338e1289d45eca0007f43c4324f028b25f (diff)
parent: 2be302bcbc88ca995b001cec4b13cd9bb6416a83 (diff)
3 files changed, 9 insertions, 0 deletions
diff --git a/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/role/PathGroup.java b/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/role/PathGroup.java
index 72210ec26ed..d03df9523bd 100644
--- a/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/role/PathGroup.java
+++ b/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/role/PathGroup.java
@@ -67,6 +67,9 @@ enum PathGroup {
                PathPrefix.api,
                "/application/v4/tenant/{tenant}/key/"),
 
+    tenantArchiveAccess(Matcher.tenant,
+                       PathPrefix.api,
+                       "/application/v4/tenant/{tenant}/archive-access"),
 
     billingToken(Matcher.tenant,
                  PathPrefix.api,
diff --git a/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/role/Policy.java b/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/role/Policy.java
index ad739d16ff8..b48e786c178 100644
--- a/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/role/Policy.java
+++ b/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/role/Policy.java
@@ -72,6 +72,11 @@ enum Policy {
                         .on(PathGroup.tenant, PathGroup.tenantInfo, PathGroup.tenantUsers, PathGroup.applicationUsers)
                         .in(SystemName.all())),
 
+    /** Access to set and unset archive access role under a tenant. */
+    tenantArchiveAccessManagement(Privilege.grant(Action.update, Action.delete)
+                                           .on(PathGroup.tenantArchiveAccess)
+                                           .in(SystemName.all())),
+
     /** Access to create application under a certain tenant. */
     applicationCreate(Privilege.grant(Action.create)
                                .on(PathGroup.application)
diff --git a/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/role/RoleDefinition.java b/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/role/RoleDefinition.java
index aeb5419b682..a0ee0fe3548 100644
--- a/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/role/RoleDefinition.java
+++ b/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/role/RoleDefinition.java
@@ -63,6 +63,7 @@ public enum RoleDefinition {
     administrator(Policy.tenantUpdate,
                   Policy.tenantManager,
                   Policy.tenantDelete,
+                  Policy.tenantArchiveAccessManagement,
                   Policy.applicationManager,
                   Policy.keyRevokal,
                   Policy.paymentInstrumentRead,
author	Valerij Fredriksen <freva@users.noreply.github.com>	2021-03-19 09:37:51 +0100
committer	GitHub <noreply@github.com>	2021-03-19 09:37:51 +0100
commit	eb345d955d47577f300170cbf5d4850f9b75893d (patch)
tree	b586904d2e78ab71d7e7c864ebc31dedb8a4cecf /controller-api/src
parent	2dbcab338e1289d45eca0007f43c4324f028b25f (diff)
parent	2be302bcbc88ca995b001cec4b13cd9bb6416a83 (diff)