diff options
author | Øyvind Grønnesby <oyving@verizonmedia.com> | 2019-10-09 09:18:37 +0200 |
---|---|---|
committer | GitHub <noreply@github.com> | 2019-10-09 09:18:37 +0200 |
commit | f5a5dca146d8161462c144f31bfb4a91b8a5167a (patch) | |
tree | cffa686fd83ddb9ebf73f59fcc252fba52d8c268 /controller-api | |
parent | 3311d0878eaa98062a805d910f226f263661df87 (diff) | |
parent | 8ce9c7a0b9d90dfb1e8a64f5c623167f0062c3ca (diff) |
Merge pull request #10921 from vespa-engine/ogronnesby/simplified-roles
Introduce simplified roles without removing old ones
Diffstat (limited to 'controller-api')
3 files changed, 32 insertions, 7 deletions
diff --git a/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/user/Roles.java b/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/user/Roles.java index 0eff7de3f9f..2147b4f98d3 100644 --- a/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/user/Roles.java +++ b/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/user/Roles.java @@ -20,17 +20,14 @@ public class Roles { /** Returns the list of {@link TenantRole}s a {@link UserId} may be a member of. */ public static List<TenantRole> tenantRoles(TenantName tenant) { - return List.of(Role.tenantOwner(tenant), - Role.tenantAdmin(tenant), - Role.tenantOperator(tenant)); + return List.of(Role.administrator(tenant), + Role.developer(tenant), + Role.reader(tenant)); } /** Returns the list of {@link ApplicationRole}s a {@link UserId} may be a member of. */ public static List<ApplicationRole> applicationRoles(TenantName tenant, ApplicationName application) { - return List.of(Role.applicationAdmin(tenant, application), - Role.applicationOperator(tenant, application), - Role.applicationDeveloper(tenant, application), - Role.applicationReader(tenant, application)); + return List.of(Role.headless(tenant, application)); } /** Returns the {@link Role} the given value represents. */ @@ -48,6 +45,9 @@ public class Roles { case "tenantOwner": return Role.tenantOwner(tenant); case "tenantAdmin": return Role.tenantAdmin(tenant); case "tenantOperator": return Role.tenantOperator(tenant); + case "administrator": return Role.administrator(tenant); + case "developer": return Role.developer(tenant); + case "reader": return Role.reader(tenant); default: throw new IllegalArgumentException("Malformed or illegal role name '" + roleName + "'."); } } @@ -59,6 +59,7 @@ public class Roles { case "applicationOperator": return Role.applicationOperator(tenant, application); case "applicationDeveloper": return Role.applicationDeveloper(tenant, application); case "applicationReader": return Role.applicationReader(tenant, application); + case "headless": return Role.headless(tenant, application); default: throw new IllegalArgumentException("Malformed or illegal role name '" + roleName + "'."); } } @@ -101,6 +102,10 @@ public class Roles { case applicationOperator: return "applicationOperator"; case applicationDeveloper: return "applicationDeveloper"; case applicationReader: return "applicationReader"; + case administrator: return "administrator"; + case developer: return "developer"; + case reader: return "reader"; + case headless: return "headless"; default: throw new IllegalArgumentException("No value defined for role '" + role + "'."); } } diff --git a/controller-api/src/test/java/com/yahoo/vespa/hosted/controller/api/integration/user/RolesTest.java b/controller-api/src/test/java/com/yahoo/vespa/hosted/controller/api/integration/user/RolesTest.java index 4c7fe57a6d8..19d2d1a6c49 100644 --- a/controller-api/src/test/java/com/yahoo/vespa/hosted/controller/api/integration/user/RolesTest.java +++ b/controller-api/src/test/java/com/yahoo/vespa/hosted/controller/api/integration/user/RolesTest.java @@ -30,6 +30,11 @@ public class RolesTest { Roles.toRole("my-tenant.tenantOperator")); assertEquals(Role.applicationReader(tenant, application), Roles.toRole("my-tenant.my-application.applicationReader")); + + assertEquals(Role.administrator(tenant), Roles.toRole("my-tenant.administrator")); + assertEquals(Role.developer(tenant), Roles.toRole("my-tenant.developer")); + assertEquals(Role.reader(tenant), Roles.toRole("my-tenant.reader")); + assertEquals(Role.headless(tenant, application), Roles.toRole("my-tenant.my-application.headless")); } @Test(expected = IllegalArgumentException.class) diff --git a/controller-api/src/test/java/com/yahoo/vespa/hosted/controller/api/role/RoleTest.java b/controller-api/src/test/java/com/yahoo/vespa/hosted/controller/api/role/RoleTest.java index d141ef6c73e..e1248ab857f 100644 --- a/controller-api/src/test/java/com/yahoo/vespa/hosted/controller/api/role/RoleTest.java +++ b/controller-api/src/test/java/com/yahoo/vespa/hosted/controller/api/role/RoleTest.java @@ -102,4 +102,19 @@ public class RoleTest { assertTrue(applicationDeveloper11.implies(applicationReader11)); } + @Test + public void new_implications() { + TenantName tenant1 = TenantName.from("t1"); + ApplicationName application1 = ApplicationName.from("a1"); + ApplicationName application2 = ApplicationName.from("a2"); + + Role tenantAdmin1 = Role.administrator(tenant1); + Role tenantDeveloper1 = Role.developer(tenant1); + Role applicationHeadless11 = Role.headless(tenant1, application1); + Role applicationHeadless12 = Role.headless(tenant1, application2); + + assertFalse(tenantAdmin1.implies(tenantDeveloper1)); + assertFalse(tenantAdmin1.implies(applicationHeadless11)); + assertFalse(applicationHeadless11.implies(applicationHeadless12)); + } } |