diff options
author | Morten Tokle <mortent@verizonmedia.com> | 2021-06-02 12:01:13 +0200 |
---|---|---|
committer | Morten Tokle <mortent@verizonmedia.com> | 2021-06-02 12:01:13 +0200 |
commit | 1c3c58567c71251c37206cc1a4ac1fab67ebae14 (patch) | |
tree | bd6d23dbd4926bbfda2fb59d15c7a2397ed1b2a6 /controller-api | |
parent | 23314e77219262b263c42f1dd037591e22001d85 (diff) |
Register operator grants
Diffstat (limited to 'controller-api')
4 files changed, 10 insertions, 7 deletions
diff --git a/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/athenz/AccessControlService.java b/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/athenz/AccessControlService.java index 765312b40a3..14adc29468e 100644 --- a/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/athenz/AccessControlService.java +++ b/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/athenz/AccessControlService.java @@ -4,9 +4,10 @@ package com.yahoo.vespa.hosted.controller.api.integration.athenz; import com.yahoo.vespa.athenz.api.AthenzUser; +import java.time.Instant; import java.util.Collection; public interface AccessControlService { - public boolean approveDataPlaneAccess(AthenzUser user); - public Collection<AthenzUser> listMembers(); + boolean approveDataPlaneAccess(AthenzUser user, Instant expiry); + Collection<AthenzUser> listMembers(); } diff --git a/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/athenz/AthenzAccessControlService.java b/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/athenz/AthenzAccessControlService.java index 2882fb1483c..f6d2b333cc3 100644 --- a/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/athenz/AthenzAccessControlService.java +++ b/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/athenz/AthenzAccessControlService.java @@ -7,6 +7,7 @@ import com.yahoo.vespa.athenz.api.AthenzRole; import com.yahoo.vespa.athenz.api.AthenzUser; import com.yahoo.vespa.athenz.client.zms.ZmsClient; +import java.time.Instant; import java.util.Collection; import java.util.List; @@ -23,11 +24,10 @@ public class AthenzAccessControlService implements AccessControlService { } @Override - public boolean approveDataPlaneAccess(AthenzUser user) { + public boolean approveDataPlaneAccess(AthenzUser user, Instant expiry) { List<AthenzUser> users = zmsClient.listPendingRoleApprovals(dataPlaneAccessRole); if (users.contains(user)) { - // TODO (mortent): Handle expiry - zmsClient.approvePendingRoleMembership(dataPlaneAccessRole, user, null); + zmsClient.approvePendingRoleMembership(dataPlaneAccessRole, user, expiry); return true; } return false; diff --git a/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/athenz/MockAccessControlService.java b/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/athenz/MockAccessControlService.java index 9a6027317c5..81bc7725c7a 100644 --- a/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/athenz/MockAccessControlService.java +++ b/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/athenz/MockAccessControlService.java @@ -4,6 +4,7 @@ package com.yahoo.vespa.hosted.controller.api.integration.athenz; import com.yahoo.vespa.athenz.api.AthenzUser; +import java.time.Instant; import java.util.Collection; import java.util.HashSet; import java.util.Set; @@ -14,7 +15,7 @@ public class MockAccessControlService implements AccessControlService { private final Set<AthenzUser> members = new HashSet<>(); @Override - public boolean approveDataPlaneAccess(AthenzUser user) { + public boolean approveDataPlaneAccess(AthenzUser user, Instant expiry) { if (pendingMembers.remove(user)) { return members.add(user); } else { diff --git a/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/role/PathGroup.java b/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/role/PathGroup.java index 5e5dfcd6aed..5a1fcb32113 100644 --- a/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/role/PathGroup.java +++ b/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/role/PathGroup.java @@ -36,7 +36,8 @@ enum PathGroup { "/routing/v1/status/environment/{*}", "/routing/v1/inactive/environment/{*}", "/state/v1/{*}", - "/changemanagement/v1/{*}"), + "/changemanagement/v1/{*}", + "/application/v4/tenant/{*}/application/{*}/instance/{*}/environment/{*}/region/{*}/access/support/grant"), /** Paths used for creating and reading user resources. */ user("/application/v4/user", |