diff options
author | Jon Marius Venstad <venstad@gmail.com> | 2019-10-01 15:02:43 +0200 |
---|---|---|
committer | Jon Marius Venstad <venstad@gmail.com> | 2019-10-01 15:02:43 +0200 |
commit | d426ec174d9c57a62b68017fe4121f1d7ad7bc79 (patch) | |
tree | d0a2f4910e2f8dba5e9dcec16a4b233fc0ffbfbb /controller-api | |
parent | 6b2569ff15587d53037820089b9f90c31422dac4 (diff) |
Store developer keys <-> developers, and modify through application/v4
Diffstat (limited to 'controller-api')
5 files changed, 19 insertions, 2 deletions
diff --git a/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/stubs/MockUserManagement.java b/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/stubs/MockUserManagement.java index 5ebea6c8d87..03eda33233d 100644 --- a/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/stubs/MockUserManagement.java +++ b/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/stubs/MockUserManagement.java @@ -43,7 +43,7 @@ public class MockUserManagement implements UserManagement { @Override public void removeUsers(Role role, Collection<UserId> users) { - memberships.get(role).removeAll(users); + memberships.get(role).removeIf(user -> users.contains(new UserId(user.email()))); } @Override diff --git a/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/role/PathGroup.java b/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/role/PathGroup.java index 08702027264..958ded06c78 100644 --- a/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/role/PathGroup.java +++ b/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/role/PathGroup.java @@ -46,6 +46,15 @@ enum PathGroup { Optional.of("/api"), "/application/v4/tenant/{tenant}/application/"), + tenantKeys(Matcher.tenant, + Optional.of("/api"), + "/application/v4/tenant/{tenant}/key/"), + + applicationKeys(Matcher.tenant, + Matcher.application, + Optional.of("/api"), + "/application/v4/tenant/{tenant}/application/{application}/key/"), + /** Path for the base application resource. */ application(Matcher.tenant, Matcher.application, diff --git a/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/role/Policy.java b/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/role/Policy.java index 290382c6e6c..db7dd5909b3 100644 --- a/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/role/Policy.java +++ b/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/role/Policy.java @@ -83,6 +83,11 @@ enum Policy { .on(PathGroup.applicationInfo, PathGroup.productionRestart) .in(SystemName.all())), + /** Access to create and delete developer and deploy keys under a tenant. */ + keyManagement(Privilege.grant(Action.write()) + .on(PathGroup.tenantKeys, PathGroup.applicationKeys) + .in(SystemName.all())), + /** Full access to application development deployments. */ developmentDeployment(Privilege.grant(Action.all()) .on(PathGroup.developmentDeployment, PathGroup.developmentRestart) diff --git a/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/role/RoleDefinition.java b/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/role/RoleDefinition.java index 980b8bd316f..7bbd89404c7 100644 --- a/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/role/RoleDefinition.java +++ b/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/role/RoleDefinition.java @@ -56,7 +56,8 @@ public enum RoleDefinition { /** Tenant operator with access to create application under a tenant, and to read the tenant's and public data. */ tenantOperator(everyone, Policy.tenantRead, - Policy.applicationCreate), + Policy.applicationCreate, + Policy.keyManagement), /** Tenant admin with full access to all tenant resources, except deleting the tenant. */ tenantAdmin(tenantOperator, @@ -84,6 +85,7 @@ public enum RoleDefinition { Policy.applicationUpdate, Policy.applicationDelete, Policy.applicationOperations, + Policy.keyManagement, Policy.developmentDeployment); private final Set<RoleDefinition> parents; diff --git a/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/role/SecurityContext.java b/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/role/SecurityContext.java index 3378f9e0061..92f902dc0f7 100644 --- a/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/role/SecurityContext.java +++ b/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/role/SecurityContext.java @@ -49,4 +49,5 @@ public class SecurityContext { ", roles=" + roles + '}'; } + } |