diff options
author | Ola Aunrønning <olaa@verizonmedia.com> | 2022-02-10 11:52:05 +0100 |
---|---|---|
committer | Ola Aunrønning <olaa@verizonmedia.com> | 2022-02-10 11:52:05 +0100 |
commit | 83058612bf2156407f35d56ddf3618ed3c70ce72 (patch) | |
tree | 193b682eb5388b6a04f73748b001b29a040725ab /controller-api | |
parent | 113a8fa5998d9b5be5c4e4feb96ebda1aebf4f14 (diff) |
Pending role approvals contains all athenz identity types
Diffstat (limited to 'controller-api')
2 files changed, 4 insertions, 3 deletions
diff --git a/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/athenz/AthenzAccessControlService.java b/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/athenz/AthenzAccessControlService.java index 3f0418b1a9e..906eaa9f506 100644 --- a/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/athenz/AthenzAccessControlService.java +++ b/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/athenz/AthenzAccessControlService.java @@ -5,6 +5,7 @@ package com.yahoo.vespa.hosted.controller.api.integration.athenz; import com.yahoo.config.provision.TenantName; import com.yahoo.vespa.athenz.api.AthenzDomain; import com.yahoo.vespa.athenz.api.AthenzGroup; +import com.yahoo.vespa.athenz.api.AthenzIdentity; import com.yahoo.vespa.athenz.api.AthenzRole; import com.yahoo.vespa.athenz.api.AthenzUser; import com.yahoo.vespa.athenz.client.zms.ZmsClient; @@ -39,7 +40,7 @@ public class AthenzAccessControlService implements AccessControlService { if(!isVespaTeamMember(user)) { throw new IllegalArgumentException(String.format("User %s requires manual approval, please contact Vespa team", user.getName())); } - Map<AthenzUser, String> users = zmsClient.listPendingRoleApprovals(dataPlaneAccessRole); + Map<AthenzIdentity, String> users = zmsClient.listPendingRoleApprovals(dataPlaneAccessRole); if (users.containsKey(user)) { zmsClient.approvePendingRoleMembership(dataPlaneAccessRole, user, expiry, Optional.empty()); return true; @@ -62,7 +63,7 @@ public class AthenzAccessControlService implements AccessControlService { public boolean hasPendingAccessRequests(TenantName tenantName) { var role = sshRole(tenantName); var pendingApprovals = vespaZmsClient.listPendingRoleApprovals(role); - return !pendingApprovals.isEmpty(); + return pendingApprovals.containsKey(vespaTeam); } /** diff --git a/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/athenz/ZmsClientMock.java b/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/athenz/ZmsClientMock.java index d960c46cacd..5a3f0825704 100644 --- a/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/athenz/ZmsClientMock.java +++ b/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/athenz/ZmsClientMock.java @@ -200,7 +200,7 @@ public class ZmsClientMock implements ZmsClient { } @Override - public Map<AthenzUser,String> listPendingRoleApprovals(AthenzRole athenzRole) { + public Map<AthenzIdentity,String> listPendingRoleApprovals(AthenzRole athenzRole) { return Map.of(); } |