Consider effect equality

author: Ola Aunrønning <olaa@verizonmedia.com> 2022-03-14 11:57:23 +0100
committer: Ola Aunrønning <olaa@verizonmedia.com> 2022-03-14 11:58:04 +0100
commit: def6d57968bad732ba7f9445bb83f8f1883d9de7 (patch)
tree: f672bba3826e2c8dc8dbd2c5ad36da84455706af /controller-api
parent: 065053e8efaa6941521e1ec79b7948d34d73d18e (diff)
1 files changed, 3 insertions, 1 deletions
diff --git a/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/athenz/AthenzAccessControlService.java b/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/athenz/AthenzAccessControlService.java
index 3a42c0c6535..317229f9e9a 100644
--- a/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/athenz/AthenzAccessControlService.java
+++ b/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/athenz/AthenzAccessControlService.java
@@ -165,6 +165,8 @@ public class AthenzAccessControlService implements AccessControlService {
 
     private AthenzAssertion getApprovalAssertion(AthenzRole accessRole) {
         var approverRole = new AthenzRole(accessRole.domain(), "vespa-access-approver");
-        return AthenzAssertion.newBuilder(approverRole, accessRole.toResourceName(), "update_members").build();
+        return AthenzAssertion.newBuilder(approverRole, accessRole.toResourceName(), "update_members")
+                .effect(AthenzAssertion.Effect.ALLOW)
+                .build();
     }
 }
author	Ola Aunrønning <olaa@verizonmedia.com>	2022-03-14 11:57:23 +0100
committer	Ola Aunrønning <olaa@verizonmedia.com>	2022-03-14 11:58:04 +0100
commit	def6d57968bad732ba7f9445bb83f8f1883d9de7 (patch)
tree	f672bba3826e2c8dc8dbd2c5ad36da84455706af /controller-api
parent	065053e8efaa6941521e1ec79b7948d34d73d18e (diff)