Register operator grants

author: Morten Tokle <mortent@verizonmedia.com> 2021-06-02 12:01:13 +0200
committer: Morten Tokle <mortent@verizonmedia.com> 2021-06-02 12:01:13 +0200
commit: 1c3c58567c71251c37206cc1a4ac1fab67ebae14 (patch)
tree: bd6d23dbd4926bbfda2fb59d15c7a2397ed1b2a6 /controller-api
parent: 23314e77219262b263c42f1dd037591e22001d85 (diff)
4 files changed, 10 insertions, 7 deletions
diff --git a/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/athenz/AccessControlService.java b/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/athenz/AccessControlService.java
index 765312b40a3..14adc29468e 100644
--- a/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/athenz/AccessControlService.java
+++ b/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/athenz/AccessControlService.java
@@ -4,9 +4,10 @@ package com.yahoo.vespa.hosted.controller.api.integration.athenz;
 
 import com.yahoo.vespa.athenz.api.AthenzUser;
 
+import java.time.Instant;
 import java.util.Collection;
 
 public interface AccessControlService {
-    public boolean approveDataPlaneAccess(AthenzUser user);
-    public Collection<AthenzUser> listMembers();
+    boolean approveDataPlaneAccess(AthenzUser user, Instant expiry);
+    Collection<AthenzUser> listMembers();
 }
diff --git a/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/athenz/AthenzAccessControlService.java b/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/athenz/AthenzAccessControlService.java
index 2882fb1483c..f6d2b333cc3 100644
--- a/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/athenz/AthenzAccessControlService.java
+++ b/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/athenz/AthenzAccessControlService.java
@@ -7,6 +7,7 @@ import com.yahoo.vespa.athenz.api.AthenzRole;
 import com.yahoo.vespa.athenz.api.AthenzUser;
 import com.yahoo.vespa.athenz.client.zms.ZmsClient;
 
+import java.time.Instant;
 import java.util.Collection;
 import java.util.List;
 
@@ -23,11 +24,10 @@ public class AthenzAccessControlService implements AccessControlService {
     }
 
     @Override
-    public boolean approveDataPlaneAccess(AthenzUser user) {
+    public boolean approveDataPlaneAccess(AthenzUser user, Instant expiry) {
         List<AthenzUser> users = zmsClient.listPendingRoleApprovals(dataPlaneAccessRole);
         if (users.contains(user)) {
-            // TODO (mortent): Handle expiry
-            zmsClient.approvePendingRoleMembership(dataPlaneAccessRole, user, null);
+            zmsClient.approvePendingRoleMembership(dataPlaneAccessRole, user, expiry);
             return true;
         }
         return false;
diff --git a/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/athenz/MockAccessControlService.java b/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/athenz/MockAccessControlService.java
index 9a6027317c5..81bc7725c7a 100644
--- a/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/athenz/MockAccessControlService.java
+++ b/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/athenz/MockAccessControlService.java
@@ -4,6 +4,7 @@ package com.yahoo.vespa.hosted.controller.api.integration.athenz;
 
 import com.yahoo.vespa.athenz.api.AthenzUser;
 
+import java.time.Instant;
 import java.util.Collection;
 import java.util.HashSet;
 import java.util.Set;
@@ -14,7 +15,7 @@ public class MockAccessControlService implements AccessControlService {
     private final Set<AthenzUser> members = new HashSet<>();
 
     @Override
-    public boolean approveDataPlaneAccess(AthenzUser user) {
+    public boolean approveDataPlaneAccess(AthenzUser user, Instant expiry) {
         if (pendingMembers.remove(user)) {
             return members.add(user);
         } else {
diff --git a/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/role/PathGroup.java b/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/role/PathGroup.java
index 5e5dfcd6aed..5a1fcb32113 100644
--- a/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/role/PathGroup.java
+++ b/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/role/PathGroup.java
@@ -36,7 +36,8 @@ enum PathGroup {
              "/routing/v1/status/environment/{*}",
              "/routing/v1/inactive/environment/{*}",
              "/state/v1/{*}",
-             "/changemanagement/v1/{*}"),
+             "/changemanagement/v1/{*}",
+             "/application/v4/tenant/{*}/application/{*}/instance/{*}/environment/{*}/region/{*}/access/support/grant"),
 
     /** Paths used for creating and reading user resources. */
     user("/application/v4/user",
author	Morten Tokle <mortent@verizonmedia.com>	2021-06-02 12:01:13 +0200
committer	Morten Tokle <mortent@verizonmedia.com>	2021-06-02 12:01:13 +0200
commit	1c3c58567c71251c37206cc1a4ac1fab67ebae14 (patch)
tree	bd6d23dbd4926bbfda2fb59d15c7a2397ed1b2a6 /controller-api
parent	23314e77219262b263c42f1dd037591e22001d85 (diff)