diff options
author | Martin Polden <mpolden@mpolden.no> | 2019-04-11 14:54:53 +0100 |
---|---|---|
committer | GitHub <noreply@github.com> | 2019-04-11 14:54:53 +0100 |
commit | 1a4b3a45b124d5bab34180f2b3d1411c07f6d638 (patch) | |
tree | 34b07305a792b595710a5f5b53e093acada291b0 /controller-api | |
parent | 51e83a1d32b42a2f10355e8f331c9838dd1ee663 (diff) | |
parent | b829818f488c6843a78618f2857acc8f5c9c65b6 (diff) |
Merge pull request #9066 from vespa-engine/mpolden/public-endpoint-names
Add support for global endpoint names in public system
Diffstat (limited to 'controller-api')
3 files changed, 8 insertions, 14 deletions
diff --git a/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/role/Context.java b/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/role/Context.java index 3ba0367a00c..14d8d06d0c6 100644 --- a/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/role/Context.java +++ b/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/role/Context.java @@ -9,7 +9,7 @@ import java.util.Objects; import java.util.Optional; /** - * The context in which a role is valid. + * The context in which a role is valid. This is immutable. * * @author mpolden */ @@ -40,11 +40,6 @@ public class Context { return system; } - /** Returns whether this context is considered limited */ - public boolean limited() { - return tenant.isPresent() || application.isPresent(); - } - /** Returns a context that has no restrictions on tenant or application in given system */ public static Context unlimitedIn(SystemName system) { return new Context(Optional.empty(), Optional.empty(), system); diff --git a/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/role/Role.java b/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/role/Role.java index ff535e92033..c28fa7a3fc3 100644 --- a/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/role/Role.java +++ b/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/role/Role.java @@ -4,8 +4,6 @@ package com.yahoo.vespa.hosted.controller.api.role; import java.net.URI; import java.util.Objects; -import static java.util.Objects.requireNonNull; - /** * A role is a combination of a {@link RoleDefinition} and a {@link Context}, which allows evaluation * of access control for a given action on a resource. Create using {@link Roles}. @@ -18,15 +16,15 @@ public abstract class Role { final Context context; Role(RoleDefinition roleDefinition, Context context) { - this.roleDefinition = requireNonNull(roleDefinition); - this.context = requireNonNull(context); + this.roleDefinition = Objects.requireNonNull(roleDefinition); + this.context = Objects.requireNonNull(context); } /** Returns the role definition of this bound role. */ public RoleDefinition definition() { return roleDefinition; } /** Returns whether this role is allowed to perform the given action on the given resource. */ - public boolean allows(Action action, URI uri) { + public final boolean allows(Action action, URI uri) { return roleDefinition.policies().stream().anyMatch(policy -> policy.evaluate(action, uri, context)); } diff --git a/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/role/SecurityContext.java b/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/role/SecurityContext.java index 41444258a68..3378f9e0061 100644 --- a/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/role/SecurityContext.java +++ b/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/role/SecurityContext.java @@ -5,8 +5,9 @@ import java.security.Principal; import java.util.Objects; import java.util.Set; -import static java.util.Objects.requireNonNull; - +/** + * @author tokle + */ public class SecurityContext { public static final String ATTRIBUTE_NAME = SecurityContext.class.getName(); @@ -15,7 +16,7 @@ public class SecurityContext { private final Set<Role> roles; public SecurityContext(Principal principal, Set<Role> roles) { - this.principal = requireNonNull(principal); + this.principal = Objects.requireNonNull(principal); this.roles = Set.copyOf(roles); } |