diff options
author | Valerij Fredriksen <freva@users.noreply.github.com> | 2021-03-19 09:37:51 +0100 |
---|---|---|
committer | GitHub <noreply@github.com> | 2021-03-19 09:37:51 +0100 |
commit | eb345d955d47577f300170cbf5d4850f9b75893d (patch) | |
tree | b586904d2e78ab71d7e7c864ebc31dedb8a4cecf /controller-api/src | |
parent | 2dbcab338e1289d45eca0007f43c4324f028b25f (diff) | |
parent | 2be302bcbc88ca995b001cec4b13cd9bb6416a83 (diff) |
Merge pull request #17045 from vespa-engine/freva/archive-uri-api
Set & expose archive access role in /application/v4
Diffstat (limited to 'controller-api/src')
3 files changed, 9 insertions, 0 deletions
diff --git a/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/role/PathGroup.java b/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/role/PathGroup.java index 72210ec26ed..d03df9523bd 100644 --- a/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/role/PathGroup.java +++ b/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/role/PathGroup.java @@ -67,6 +67,9 @@ enum PathGroup { PathPrefix.api, "/application/v4/tenant/{tenant}/key/"), + tenantArchiveAccess(Matcher.tenant, + PathPrefix.api, + "/application/v4/tenant/{tenant}/archive-access"), billingToken(Matcher.tenant, PathPrefix.api, diff --git a/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/role/Policy.java b/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/role/Policy.java index ad739d16ff8..b48e786c178 100644 --- a/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/role/Policy.java +++ b/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/role/Policy.java @@ -72,6 +72,11 @@ enum Policy { .on(PathGroup.tenant, PathGroup.tenantInfo, PathGroup.tenantUsers, PathGroup.applicationUsers) .in(SystemName.all())), + /** Access to set and unset archive access role under a tenant. */ + tenantArchiveAccessManagement(Privilege.grant(Action.update, Action.delete) + .on(PathGroup.tenantArchiveAccess) + .in(SystemName.all())), + /** Access to create application under a certain tenant. */ applicationCreate(Privilege.grant(Action.create) .on(PathGroup.application) diff --git a/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/role/RoleDefinition.java b/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/role/RoleDefinition.java index aeb5419b682..a0ee0fe3548 100644 --- a/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/role/RoleDefinition.java +++ b/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/role/RoleDefinition.java @@ -63,6 +63,7 @@ public enum RoleDefinition { administrator(Policy.tenantUpdate, Policy.tenantManager, Policy.tenantDelete, + Policy.tenantArchiveAccessManagement, Policy.applicationManager, Policy.keyRevokal, Policy.paymentInstrumentRead, |