Merge pull request #10921 from vespa-engine/ogronnesby/simplified-roles

Introduce simplified roles without removing old ones

3 files changed, 32 insertions, 7 deletions

diff --git a/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/user/Roles.java b/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/user/Roles.java
index 0eff7de3f9f..2147b4f98d3 100644
--- a/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/user/Roles.java
+++ b/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/user/Roles.java
@@ -20,17 +20,14 @@ public class Roles {
 
     /** Returns the list of {@link TenantRole}s a {@link UserId} may be a member of. */
     public static List<TenantRole> tenantRoles(TenantName tenant) {
-        return List.of(Role.tenantOwner(tenant),
-                       Role.tenantAdmin(tenant),
-                       Role.tenantOperator(tenant));
+        return List.of(Role.administrator(tenant),
+                       Role.developer(tenant),
+                       Role.reader(tenant));
     }
 
     /** Returns the list of {@link ApplicationRole}s a {@link UserId} may be a member of. */
     public static List<ApplicationRole> applicationRoles(TenantName tenant, ApplicationName application) {
-        return List.of(Role.applicationAdmin(tenant, application),
-                       Role.applicationOperator(tenant, application),
-                       Role.applicationDeveloper(tenant, application),
-                       Role.applicationReader(tenant, application));
+        return List.of(Role.headless(tenant, application));
     }
 
     /** Returns the {@link Role} the given value represents. */
@@ -48,6 +45,9 @@ public class Roles {
             case "tenantOwner": return Role.tenantOwner(tenant);
             case "tenantAdmin": return Role.tenantAdmin(tenant);
             case "tenantOperator": return Role.tenantOperator(tenant);
+            case "administrator": return Role.administrator(tenant);
+            case "developer": return Role.developer(tenant);
+            case "reader": return Role.reader(tenant);
             default: throw new IllegalArgumentException("Malformed or illegal role name '" + roleName + "'.");
         }
     }
@@ -59,6 +59,7 @@ public class Roles {
             case "applicationOperator": return Role.applicationOperator(tenant, application);
             case "applicationDeveloper": return Role.applicationDeveloper(tenant, application);
             case "applicationReader": return Role.applicationReader(tenant, application);
+            case "headless": return Role.headless(tenant, application);
             default: throw new IllegalArgumentException("Malformed or illegal role name '" + roleName + "'.");
         }
     }
@@ -101,6 +102,10 @@ public class Roles {
             case applicationOperator:  return "applicationOperator";
             case applicationDeveloper: return "applicationDeveloper";
             case applicationReader:    return "applicationReader";
+            case administrator:        return "administrator";
+            case developer:            return "developer";
+            case reader:               return "reader";
+            case headless:             return "headless";
             default: throw new IllegalArgumentException("No value defined for role '" + role + "'.");
         }
     }
diff --git a/controller-api/src/test/java/com/yahoo/vespa/hosted/controller/api/integration/user/RolesTest.java b/controller-api/src/test/java/com/yahoo/vespa/hosted/controller/api/integration/user/RolesTest.java
index 4c7fe57a6d8..19d2d1a6c49 100644
--- a/controller-api/src/test/java/com/yahoo/vespa/hosted/controller/api/integration/user/RolesTest.java
+++ b/controller-api/src/test/java/com/yahoo/vespa/hosted/controller/api/integration/user/RolesTest.java
@@ -30,6 +30,11 @@ public class RolesTest {
                      Roles.toRole("my-tenant.tenantOperator"));
         assertEquals(Role.applicationReader(tenant, application),
                      Roles.toRole("my-tenant.my-application.applicationReader"));
+
+        assertEquals(Role.administrator(tenant), Roles.toRole("my-tenant.administrator"));
+        assertEquals(Role.developer(tenant), Roles.toRole("my-tenant.developer"));
+        assertEquals(Role.reader(tenant), Roles.toRole("my-tenant.reader"));
+        assertEquals(Role.headless(tenant, application), Roles.toRole("my-tenant.my-application.headless"));
     }
 
     @Test(expected = IllegalArgumentException.class)
diff --git a/controller-api/src/test/java/com/yahoo/vespa/hosted/controller/api/role/RoleTest.java b/controller-api/src/test/java/com/yahoo/vespa/hosted/controller/api/role/RoleTest.java
index d141ef6c73e..e1248ab857f 100644
--- a/controller-api/src/test/java/com/yahoo/vespa/hosted/controller/api/role/RoleTest.java
+++ b/controller-api/src/test/java/com/yahoo/vespa/hosted/controller/api/role/RoleTest.java
@@ -102,4 +102,19 @@ public class RoleTest {
         assertTrue(applicationDeveloper11.implies(applicationReader11));
     }
 
+    @Test
+    public void new_implications() {
+        TenantName tenant1 = TenantName.from("t1");
+        ApplicationName application1 = ApplicationName.from("a1");
+        ApplicationName application2 = ApplicationName.from("a2");
+
+        Role tenantAdmin1 = Role.administrator(tenant1);
+        Role tenantDeveloper1 = Role.developer(tenant1);
+        Role applicationHeadless11 = Role.headless(tenant1, application1);
+        Role applicationHeadless12 = Role.headless(tenant1, application2);
+
+        assertFalse(tenantAdmin1.implies(tenantDeveloper1));
+        assertFalse(tenantAdmin1.implies(applicationHeadless11));
+        assertFalse(applicationHeadless11.implies(applicationHeadless12));
+    }
 }