summaryrefslogtreecommitdiffstats
path: root/controller-api
diff options
context:
space:
mode:
authorOla Aunronning <olaa@yahooinc.com>2022-08-30 15:15:41 +0200
committerOla Aunronning <olaa@yahooinc.com>2022-08-30 15:15:41 +0200
commit5639ddf097cc91acac09dd2c2e17ab4f5ea5ee6d (patch)
tree9afd8848dec87fe31bf9a51ad1916e2bdfb3dbc5 /controller-api
parentf3fb675b2aa0669e771a1481a662dd32af96f9f0 (diff)
Restrict instrument/plan change
Diffstat (limited to 'controller-api')
-rw-r--r--controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/role/RoleDefinition.java4
-rw-r--r--controller-api/src/test/java/com/yahoo/vespa/hosted/controller/api/role/RoleTest.java13
2 files changed, 6 insertions, 11 deletions
diff --git a/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/role/RoleDefinition.java b/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/role/RoleDefinition.java
index 32d84d9791d..a9d67c2d78a 100644
--- a/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/role/RoleDefinition.java
+++ b/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/role/RoleDefinition.java
@@ -71,10 +71,6 @@ public enum RoleDefinition {
Policy.applicationManager,
Policy.keyRevokal,
Policy.paymentInstrumentRead,
- Policy.paymentInstrumentUpdate,
- Policy.paymentInstrumentDelete,
- Policy.paymentInstrumentCreate,
- Policy.planUpdate,
Policy.billingInformationRead,
Policy.accessRequests
),
diff --git a/controller-api/src/test/java/com/yahoo/vespa/hosted/controller/api/role/RoleTest.java b/controller-api/src/test/java/com/yahoo/vespa/hosted/controller/api/role/RoleTest.java
index 9dac13482e0..a4ce45f44ea 100644
--- a/controller-api/src/test/java/com/yahoo/vespa/hosted/controller/api/role/RoleTest.java
+++ b/controller-api/src/test/java/com/yahoo/vespa/hosted/controller/api/role/RoleTest.java
@@ -166,9 +166,9 @@ public class RoleTest {
Role admin = Role.administrator(TenantName.from("t1"));
assertTrue(publicCdEnforcer.allows(admin, Action.read, paymentInstrumentUri));
- assertTrue(publicCdEnforcer.allows(admin, Action.delete, paymentInstrumentUri));
- assertTrue(publicCdEnforcer.allows(admin, Action.update, tenantPaymentInstrumentUri));
- assertTrue(publicCdEnforcer.allows(admin, Action.read, tokenUri));
+ assertFalse(publicCdEnforcer.allows(admin, Action.delete, paymentInstrumentUri));
+ assertFalse(publicCdEnforcer.allows(admin, Action.update, tenantPaymentInstrumentUri));
+ assertFalse(publicCdEnforcer.allows(admin, Action.read, tokenUri));
}
@Test
@@ -204,7 +204,6 @@ public class RoleTest {
.assertAction(operator)
.assertAction(reader)
.assertAction(developer)
- .assertAction(admin, Action.read)
.assertAction(otherAdmin);
tester.on("/billing/v1/tenant/t1/instrument")
@@ -212,7 +211,7 @@ public class RoleTest {
.assertAction(operator, Action.read)
.assertAction(reader, Action.read, Action.delete)
.assertAction(developer, Action.read, Action.delete)
- .assertAction(admin, Action.read, Action.update, Action.delete)
+ .assertAction(admin, Action.read)
.assertAction(otherAdmin);
tester.on("/billing/v1/tenant/t1/instrument/i1")
@@ -220,7 +219,7 @@ public class RoleTest {
.assertAction(operator, Action.read)
.assertAction(reader, Action.read, Action.delete)
.assertAction(developer, Action.read, Action.delete)
- .assertAction(admin, Action.read, Action.update, Action.delete)
+ .assertAction(admin, Action.read)
.assertAction(otherAdmin);
tester.on("/billing/v1/tenant/t1/billing")
@@ -236,7 +235,7 @@ public class RoleTest {
.assertAction(operator, Action.read)
.assertAction(reader)
.assertAction(developer)
- .assertAction(admin, Action.update)
+ .assertAction(admin)
.assertAction(otherAdmin);
tester.on("/billing/v1/tenant/t1/collection")