diff options
author | Morten Tokle <mortent@oath.com> | 2019-04-09 14:15:40 +0200 |
---|---|---|
committer | Morten Tokle <mortent@oath.com> | 2019-04-09 14:30:04 +0200 |
commit | 969a464f99def726170a4bcd1fce1a35234eed76 (patch) | |
tree | 1fcfd21a7972c52e463f2cb78241bed756504838 /controller-api | |
parent | 543dd57a6fac386ba4f62f77c33d545ed0d29e97 (diff) |
Allow reading operator roles from external authz system
Diffstat (limited to 'controller-api')
2 files changed, 19 insertions, 1 deletions
diff --git a/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/user/UserRoles.java b/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/user/UserRoles.java index df68cf807cc..7419466cffc 100644 --- a/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/user/UserRoles.java +++ b/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/user/UserRoles.java @@ -7,6 +7,7 @@ import com.yahoo.vespa.hosted.controller.api.role.Role; import com.yahoo.vespa.hosted.controller.api.role.RoleDefinition; import com.yahoo.vespa.hosted.controller.api.role.Roles; import com.yahoo.vespa.hosted.controller.api.role.TenantRole; +import com.yahoo.vespa.hosted.controller.api.role.UnboundRole; import java.util.List; @@ -41,14 +42,26 @@ public class UserRoles { roles.applicationAdmin(tenant, application)); } + public List<UnboundRole> hostedOperator() { + return List.of(roles.hostedOperator()); + } + /** Returns the {@link Role} the given value represents. */ public Role toRole(String value) { String[] parts = value.split("\\."); + if (parts.length == 1) return toOperatorRole(parts[0]); if (parts.length == 2) return toRole(TenantName.from(parts[0]), parts[1]); if (parts.length == 3) return toRole(TenantName.from(parts[0]), ApplicationName.from(parts[1]), parts[2]); throw new IllegalArgumentException("Malformed or illegal role value '" + value + "'."); } + public Role toOperatorRole(String roleName) { + switch (roleName) { + case "hostedOperator": return roles.hostedOperator(); + default: throw new IllegalArgumentException("Malformed or illegal role name '" + roleName + "'."); + } + } + /** Returns the {@link Role} the given tenant, application and role names correspond to. */ public Role toRole(TenantName tenant, String roleName) { switch (roleName) { diff --git a/controller-api/src/test/java/com/yahoo/vespa/hosted/controller/api/integration/user/UserRolesTest.java b/controller-api/src/test/java/com/yahoo/vespa/hosted/controller/api/integration/user/UserRolesTest.java index 262245a3366..89df7a24559 100644 --- a/controller-api/src/test/java/com/yahoo/vespa/hosted/controller/api/integration/user/UserRolesTest.java +++ b/controller-api/src/test/java/com/yahoo/vespa/hosted/controller/api/integration/user/UserRolesTest.java @@ -61,7 +61,12 @@ public class UserRolesTest { @Test(expected = IllegalArgumentException.class) public void illegalValue() { - userRoles.toRole("hostedOperator"); + userRoles.toRole("everyone"); + } + + @Test + public void allowHostedOperator() { + assertEquals(roles.hostedOperator(), userRoles.toRole("hostedOperator")); } } |