diff options
author | Ola Aunronning <olaa@yahooinc.com> | 2022-08-30 15:15:41 +0200 |
---|---|---|
committer | Ola Aunronning <olaa@yahooinc.com> | 2022-08-30 15:15:41 +0200 |
commit | 5639ddf097cc91acac09dd2c2e17ab4f5ea5ee6d (patch) | |
tree | 9afd8848dec87fe31bf9a51ad1916e2bdfb3dbc5 /controller-api | |
parent | f3fb675b2aa0669e771a1481a662dd32af96f9f0 (diff) |
Restrict instrument/plan change
Diffstat (limited to 'controller-api')
2 files changed, 6 insertions, 11 deletions
diff --git a/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/role/RoleDefinition.java b/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/role/RoleDefinition.java index 32d84d9791d..a9d67c2d78a 100644 --- a/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/role/RoleDefinition.java +++ b/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/role/RoleDefinition.java @@ -71,10 +71,6 @@ public enum RoleDefinition { Policy.applicationManager, Policy.keyRevokal, Policy.paymentInstrumentRead, - Policy.paymentInstrumentUpdate, - Policy.paymentInstrumentDelete, - Policy.paymentInstrumentCreate, - Policy.planUpdate, Policy.billingInformationRead, Policy.accessRequests ), diff --git a/controller-api/src/test/java/com/yahoo/vespa/hosted/controller/api/role/RoleTest.java b/controller-api/src/test/java/com/yahoo/vespa/hosted/controller/api/role/RoleTest.java index 9dac13482e0..a4ce45f44ea 100644 --- a/controller-api/src/test/java/com/yahoo/vespa/hosted/controller/api/role/RoleTest.java +++ b/controller-api/src/test/java/com/yahoo/vespa/hosted/controller/api/role/RoleTest.java @@ -166,9 +166,9 @@ public class RoleTest { Role admin = Role.administrator(TenantName.from("t1")); assertTrue(publicCdEnforcer.allows(admin, Action.read, paymentInstrumentUri)); - assertTrue(publicCdEnforcer.allows(admin, Action.delete, paymentInstrumentUri)); - assertTrue(publicCdEnforcer.allows(admin, Action.update, tenantPaymentInstrumentUri)); - assertTrue(publicCdEnforcer.allows(admin, Action.read, tokenUri)); + assertFalse(publicCdEnforcer.allows(admin, Action.delete, paymentInstrumentUri)); + assertFalse(publicCdEnforcer.allows(admin, Action.update, tenantPaymentInstrumentUri)); + assertFalse(publicCdEnforcer.allows(admin, Action.read, tokenUri)); } @Test @@ -204,7 +204,6 @@ public class RoleTest { .assertAction(operator) .assertAction(reader) .assertAction(developer) - .assertAction(admin, Action.read) .assertAction(otherAdmin); tester.on("/billing/v1/tenant/t1/instrument") @@ -212,7 +211,7 @@ public class RoleTest { .assertAction(operator, Action.read) .assertAction(reader, Action.read, Action.delete) .assertAction(developer, Action.read, Action.delete) - .assertAction(admin, Action.read, Action.update, Action.delete) + .assertAction(admin, Action.read) .assertAction(otherAdmin); tester.on("/billing/v1/tenant/t1/instrument/i1") @@ -220,7 +219,7 @@ public class RoleTest { .assertAction(operator, Action.read) .assertAction(reader, Action.read, Action.delete) .assertAction(developer, Action.read, Action.delete) - .assertAction(admin, Action.read, Action.update, Action.delete) + .assertAction(admin, Action.read) .assertAction(otherAdmin); tester.on("/billing/v1/tenant/t1/billing") @@ -236,7 +235,7 @@ public class RoleTest { .assertAction(operator, Action.read) .assertAction(reader) .assertAction(developer) - .assertAction(admin, Action.update) + .assertAction(admin) .assertAction(otherAdmin); tester.on("/billing/v1/tenant/t1/collection") |