diff options
| author | Valerij Fredriksen <freva@users.noreply.github.com> | 2019-11-01 16:55:02 +0100 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2019-11-01 16:55:02 +0100 |
| commit | 69719912deb821dbf8c6eb1be3e23a3f05ee2a99 (patch) | |
| tree | 3909bfe11d703a53c9d8ae8ac09a0ed65b0e3185 /controller-api | |
| parent | 197628b906de4fec5e341fe57041259823e3d05d (diff) | |
| parent | 70731418933393c915d64df49c19d43aa9fd25ee (diff) | |
Merge pull request #11183 from vespa-engine/freva/configserver-v1
Create /configserver/v1
Diffstat (limited to 'controller-api')
| -rw-r--r-- | controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/role/PathGroup.java | 8 | ||||
| -rw-r--r-- | controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/role/Policy.java | 2 |
2 files changed, 9 insertions, 1 deletions
diff --git a/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/role/PathGroup.java b/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/role/PathGroup.java index 89f0a3c3382..f8b4d4171a4 100644 --- a/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/role/PathGroup.java +++ b/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/role/PathGroup.java @@ -19,6 +19,10 @@ import java.util.Set; */ enum PathGroup { + /** Paths exclusive to operators (including read), used for system management. */ + classifiedOperator(Optional.of("/api"), + "/configserver/v1/{*}"), + /** Paths used for system management by operators. */ operator("/controller/v1/{*}", "/flags/v1/{*}", @@ -228,6 +232,10 @@ enum PathGroup { return EnumSet.allOf(PathGroup.class); } + static Set<PathGroup> allExcept(PathGroup... pathGroups) { + return EnumSet.complementOf(EnumSet.copyOf(List.of(pathGroups))); + } + /** Returns whether this group matches path in given context */ boolean matches(URI uri, Context context) { return get(uri).map(p -> { diff --git a/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/role/Policy.java b/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/role/Policy.java index db7dd5909b3..e0341d76950 100644 --- a/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/role/Policy.java +++ b/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/role/Policy.java @@ -115,7 +115,7 @@ enum Policy { /** Read access to all information in select systems. */ classifiedRead(Privilege.grant(Action.read) - .on(PathGroup.all()) + .on(PathGroup.allExcept(PathGroup.classifiedOperator)) .in(SystemName.main, SystemName.cd, SystemName.dev)), /** Read access to public info. */ |