Don't pre-emptively check role membership

Role creation is now done by maintainer
author: Ola Aunrønning <olaa@verizonmedia.com> 2022-03-16 14:07:35 +0100
committer: Ola Aunrønning <olaa@verizonmedia.com> 2022-03-16 14:07:35 +0100
commit: e8130b022253d16ba4f0c3bda227d3db1a0e184b (patch)
tree: 262b42ce38efc63d80495d4d9d50c4f8c3f96be5 /controller-api
parent: 138061c2d1e18b69fc7f869ef876a69cd8845727 (diff)
1 files changed, 0 insertions, 11 deletions
diff --git a/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/athenz/AthenzAccessControlService.java b/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/athenz/AthenzAccessControlService.java
index 317229f9e9a..9a6a661d7e0 100644
--- a/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/athenz/AthenzAccessControlService.java
+++ b/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/athenz/AthenzAccessControlService.java
@@ -71,9 +71,6 @@ public class AthenzAccessControlService implements AccessControlService {
         return vespaZmsClient.map(
                 zms -> {
                     var role = sshRole(tenantName);
-                    if (!zms.listRoles(role.domain()).contains(role))
-                        zms.createRole(role, Map.of());
-
                     return zms.getFullRoleInformation(role);
                 }
         ).orElseThrow(() -> new UnsupportedOperationException("Only allowed in systems running Vespa Athenz instance"));
@@ -88,11 +85,6 @@ public class AthenzAccessControlService implements AccessControlService {
         return vespaZmsClient.map(
                 zms -> {
                     var role = sshRole(tenantName);
-                    if (!zms.listRoles(role.domain()).contains(role))
-                        zms.createRole(role, Map.of());
-
-                    if (zms.getMembership(role, vespaTeam))
-                        return false;
 
                     var roleInformation = zms.getFullRoleInformation(role);
                     if (roleInformation.getPendingRequest().isEmpty())
@@ -115,9 +107,6 @@ public class AthenzAccessControlService implements AccessControlService {
                 zms -> {
                     var role = sshRole(tenantName);
 
-                    if (!zms.listRoles(role.domain()).contains(role))
-                        zms.createRole(role, Map.of());
-
                     if (zms.getMembership(role, vespaTeam))
                         return false;
author	Ola Aunrønning <olaa@verizonmedia.com>	2022-03-16 14:07:35 +0100
committer	Ola Aunrønning <olaa@verizonmedia.com>	2022-03-16 14:07:35 +0100
commit	e8130b022253d16ba4f0c3bda227d3db1a0e184b (patch)
tree	262b42ce38efc63d80495d4d9d50c4f8c3f96be5 /controller-api
parent	138061c2d1e18b69fc7f869ef876a69cd8845727 (diff)