diff options
author | Jon Marius Venstad <jonmv@users.noreply.github.com> | 2021-03-03 14:28:14 +0100 |
---|---|---|
committer | GitHub <noreply@github.com> | 2021-03-03 14:28:14 +0100 |
commit | e9478a84149e989d506a702955d824cc3aa985e0 (patch) | |
tree | 3b7bd110032f35e824161ff1249c412db86fcfd6 /controller-api | |
parent | 2d5116489de2695acfe7bd7928e65f369ce068f5 (diff) | |
parent | f5199a595b99623ccd2ec9c7c04a969640279381 (diff) |
Merge pull request #16759 from vespa-engine/ogronnesby/admin-can-revoke-keys
Give tenant admin the right to revoke keys
Diffstat (limited to 'controller-api')
-rw-r--r-- | controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/role/Policy.java | 5 | ||||
-rw-r--r-- | controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/role/RoleDefinition.java | 1 |
2 files changed, 6 insertions, 0 deletions
diff --git a/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/role/Policy.java b/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/role/Policy.java index ecf3d29bc1a..ad739d16ff8 100644 --- a/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/role/Policy.java +++ b/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/role/Policy.java @@ -102,6 +102,11 @@ enum Policy { .on(PathGroup.tenantKeys, PathGroup.applicationKeys) .in(SystemName.all())), + /** Access to revoke keys from the tenant */ + keyRevokal(Privilege.grant(Action.delete) + .on(PathGroup.tenantKeys, PathGroup.applicationKeys) + .in(SystemName.all())), + /** Full access to application development deployments. */ developmentDeployment(Privilege.grant(Action.all()) .on(PathGroup.developmentDeployment, PathGroup.developmentRestart) diff --git a/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/role/RoleDefinition.java b/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/role/RoleDefinition.java index 3b861c607b1..40903b02465 100644 --- a/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/role/RoleDefinition.java +++ b/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/role/RoleDefinition.java @@ -63,6 +63,7 @@ public enum RoleDefinition { Policy.tenantManager, Policy.tenantDelete, Policy.applicationManager, + Policy.keyRevokal, Policy.paymentInstrumentRead, Policy.paymentInstrumentUpdate, Policy.paymentInstrumentDelete, |