Define access control for '/system-flags/v1' on controller

author: Bjørn Christian Seime <bjorncs@verizonmedia.com> 2019-11-07 13:59:11 +0100
committer: Bjørn Christian Seime <bjorncs@verizonmedia.com> 2019-11-07 13:59:11 +0100
commit: 2754ea14075833be7500882e87b810350b2412ff (patch)
tree: eb63547efbf369a73eba2ac71db370389b118f74 /controller-api
parent: ec23c4e592ce76fd676b1d28e51800ed7a875a49 (diff)
5 files changed, 25 insertions, 4 deletions
diff --git a/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/role/PathGroup.java b/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/role/PathGroup.java
index f8b4d4171a4..9db896bbb88 100644
--- a/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/role/PathGroup.java
+++ b/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/role/PathGroup.java
@@ -178,7 +178,10 @@ enum PathGroup {
     /** Paths providing public information. */
     publicInfo(Optional.of("/api"),
                "/badge/v1/{*}",
-               "/zone/v1/{*}");
+               "/zone/v1/{*}"),
+
+    /** Paths used for deploying system-wide feature flags. */
+    systemFlags("/system-flags/v1/{*}");
 
     final List<String> pathSpecs;
     final String prefix;
diff --git a/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/role/Policy.java b/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/role/Policy.java
index e0341d76950..51f29626acf 100644
--- a/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/role/Policy.java
+++ b/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/role/Policy.java
@@ -121,7 +121,12 @@ enum Policy {
     /** Read access to public info. */
     publicRead(Privilege.grant(Action.read)
                         .on(PathGroup.publicInfo)
-                        .in(SystemName.all()));
+                        .in(SystemName.all())),
+
+    /** Access to /system-flags/v1. */
+    systemFlagsDeployment(Privilege.grant(Action.all())
+                                  .on(PathGroup.systemFlags)
+                                  .in(SystemName.all()));
 
     private final Set<Privilege> privileges;
 
diff --git a/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/role/Role.java b/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/role/Role.java
index 03f5a949c99..e1497bd686e 100644
--- a/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/role/Role.java
+++ b/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/role/Role.java
@@ -5,7 +5,6 @@ import com.yahoo.config.provision.ApplicationName;
 import com.yahoo.config.provision.InstanceName;
 import com.yahoo.config.provision.TenantName;
 
-import java.net.URI;
 import java.util.Objects;
 
 /**
@@ -109,6 +108,9 @@ public abstract class Role {
         return new ApplicationRole(RoleDefinition.buildService, tenant, application);
     }
 
+    /** Returns the role for system flag deployer */
+    public static UnboundRole systemFlagsDeployer() { return new UnboundRole(RoleDefinition.systemFlagsDeployer); }
+
     /** Returns the role definition of this bound role. */
     public RoleDefinition definition() { return roleDefinition; }
 
diff --git a/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/role/RoleDefinition.java b/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/role/RoleDefinition.java
index 9797a3813ed..a261f5c7e8f 100644
--- a/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/role/RoleDefinition.java
+++ b/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/role/RoleDefinition.java
@@ -113,7 +113,9 @@ public enum RoleDefinition {
                       Policy.applicationDelete,
                       Policy.applicationOperations,
                       Policy.keyManagement,
-                      Policy.developmentDeployment);
+                      Policy.developmentDeployment),
+
+    systemFlagsDeployer(hostedOperator, Policy.systemFlagsDeployment);
 
     private final Set<RoleDefinition> parents;
     private final Set<Policy> policies;
diff --git a/controller-api/src/test/java/com/yahoo/vespa/hosted/controller/api/role/RoleTest.java b/controller-api/src/test/java/com/yahoo/vespa/hosted/controller/api/role/RoleTest.java
index fcac8c1efd2..6dd815f4f51 100644
--- a/controller-api/src/test/java/com/yahoo/vespa/hosted/controller/api/role/RoleTest.java
+++ b/controller-api/src/test/java/com/yahoo/vespa/hosted/controller/api/role/RoleTest.java
@@ -126,4 +126,13 @@ public class RoleTest {
         assertFalse(tenantAdmin1.implies(applicationHeadless11));
         assertFalse(applicationHeadless11.implies(applicationHeadless12));
     }
+
+    @Test
+    public void system_flags() {
+        URI uri = URI.create("/system-flags/v1/deploy");
+        Action action = Action.update;
+        assertTrue(mainEnforcer.allows(Role.systemFlagsDeployer(), action, uri));
+        assertTrue(mainEnforcer.allows(Role.hostedOperator(), action, uri));
+        assertFalse(mainEnforcer.allows(Role.everyone(), action, uri));
+    }
 }
author	Bjørn Christian Seime <bjorncs@verizonmedia.com>	2019-11-07 13:59:11 +0100
committer	Bjørn Christian Seime <bjorncs@verizonmedia.com>	2019-11-07 13:59:11 +0100
commit	2754ea14075833be7500882e87b810350b2412ff (patch)
tree	eb63547efbf369a73eba2ac71db370389b118f74 /controller-api
parent	ec23c4e592ce76fd676b1d28e51800ed7a875a49 (diff)