Allow reading operator roles from external authz system

2 files changed, 19 insertions, 1 deletions

diff --git a/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/user/UserRoles.java b/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/user/UserRoles.java
index df68cf807cc..7419466cffc 100644
--- a/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/user/UserRoles.java
+++ b/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/user/UserRoles.java
@@ -7,6 +7,7 @@ import com.yahoo.vespa.hosted.controller.api.role.Role;
 import com.yahoo.vespa.hosted.controller.api.role.RoleDefinition;
 import com.yahoo.vespa.hosted.controller.api.role.Roles;
 import com.yahoo.vespa.hosted.controller.api.role.TenantRole;
+import com.yahoo.vespa.hosted.controller.api.role.UnboundRole;
 
 import java.util.List;
 
@@ -41,14 +42,26 @@ public class UserRoles {
                        roles.applicationAdmin(tenant, application));
     }
 
+    public List<UnboundRole> hostedOperator() {
+        return List.of(roles.hostedOperator());
+    }
+
     /** Returns the {@link Role} the given value represents. */
     public Role toRole(String value) {
         String[] parts = value.split("\\.");
+        if (parts.length == 1) return toOperatorRole(parts[0]);
         if (parts.length == 2) return toRole(TenantName.from(parts[0]), parts[1]);
         if (parts.length == 3) return toRole(TenantName.from(parts[0]), ApplicationName.from(parts[1]), parts[2]);
         throw new IllegalArgumentException("Malformed or illegal role value '" + value + "'.");
     }
 
+    public Role toOperatorRole(String roleName) {
+        switch (roleName) {
+            case "hostedOperator": return roles.hostedOperator();
+            default: throw new IllegalArgumentException("Malformed or illegal role name '" + roleName + "'.");
+        }
+    }
+
     /** Returns the {@link Role} the given tenant, application and role names correspond to. */
     public Role toRole(TenantName tenant, String roleName) {
         switch (roleName) {
diff --git a/controller-api/src/test/java/com/yahoo/vespa/hosted/controller/api/integration/user/UserRolesTest.java b/controller-api/src/test/java/com/yahoo/vespa/hosted/controller/api/integration/user/UserRolesTest.java
index 262245a3366..89df7a24559 100644
--- a/controller-api/src/test/java/com/yahoo/vespa/hosted/controller/api/integration/user/UserRolesTest.java
+++ b/controller-api/src/test/java/com/yahoo/vespa/hosted/controller/api/integration/user/UserRolesTest.java
@@ -61,7 +61,12 @@ public class UserRolesTest {
 
     @Test(expected = IllegalArgumentException.class)
     public void illegalValue() {
-        userRoles.toRole("hostedOperator");
+        userRoles.toRole("everyone");
+    }
+
+    @Test
+    public void allowHostedOperator() {
+        assertEquals(roles.hostedOperator(), userRoles.toRole("hostedOperator"));
     }
 
 }