diff options
author | Ola Aunrønning <olaa@verizonmedia.com> | 2022-03-16 14:07:35 +0100 |
---|---|---|
committer | Ola Aunrønning <olaa@verizonmedia.com> | 2022-03-16 14:07:35 +0100 |
commit | e8130b022253d16ba4f0c3bda227d3db1a0e184b (patch) | |
tree | 262b42ce38efc63d80495d4d9d50c4f8c3f96be5 /controller-api | |
parent | 138061c2d1e18b69fc7f869ef876a69cd8845727 (diff) |
Don't pre-emptively check role membership
Role creation is now done by maintainer
Diffstat (limited to 'controller-api')
-rw-r--r-- | controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/athenz/AthenzAccessControlService.java | 11 |
1 files changed, 0 insertions, 11 deletions
diff --git a/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/athenz/AthenzAccessControlService.java b/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/athenz/AthenzAccessControlService.java index 317229f9e9a..9a6a661d7e0 100644 --- a/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/athenz/AthenzAccessControlService.java +++ b/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/athenz/AthenzAccessControlService.java @@ -71,9 +71,6 @@ public class AthenzAccessControlService implements AccessControlService { return vespaZmsClient.map( zms -> { var role = sshRole(tenantName); - if (!zms.listRoles(role.domain()).contains(role)) - zms.createRole(role, Map.of()); - return zms.getFullRoleInformation(role); } ).orElseThrow(() -> new UnsupportedOperationException("Only allowed in systems running Vespa Athenz instance")); @@ -88,11 +85,6 @@ public class AthenzAccessControlService implements AccessControlService { return vespaZmsClient.map( zms -> { var role = sshRole(tenantName); - if (!zms.listRoles(role.domain()).contains(role)) - zms.createRole(role, Map.of()); - - if (zms.getMembership(role, vespaTeam)) - return false; var roleInformation = zms.getFullRoleInformation(role); if (roleInformation.getPendingRequest().isEmpty()) @@ -115,9 +107,6 @@ public class AthenzAccessControlService implements AccessControlService { zms -> { var role = sshRole(tenantName); - if (!zms.listRoles(role.domain()).contains(role)) - zms.createRole(role, Map.of()); - if (zms.getMembership(role, vespaTeam)) return false; |