diff options
author | Valerij Fredriksen <valerij92@gmail.com> | 2021-03-18 16:56:04 +0100 |
---|---|---|
committer | Valerij Fredriksen <valerij92@gmail.com> | 2021-03-18 17:03:39 +0100 |
commit | e95bda2b0fc568c33a6ed18bb88c2d4cf80ff288 (patch) | |
tree | ae7da6f9c54ed99d70b09ed44e006031c594b024 /controller-api | |
parent | 1e37f667e3329cc5b4bc6d3b6574cd240991fa32 (diff) |
Allow tenant administrator setting archive access role
Diffstat (limited to 'controller-api')
3 files changed, 9 insertions, 0 deletions
diff --git a/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/role/PathGroup.java b/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/role/PathGroup.java index 72210ec26ed..d03df9523bd 100644 --- a/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/role/PathGroup.java +++ b/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/role/PathGroup.java @@ -67,6 +67,9 @@ enum PathGroup { PathPrefix.api, "/application/v4/tenant/{tenant}/key/"), + tenantArchiveAccess(Matcher.tenant, + PathPrefix.api, + "/application/v4/tenant/{tenant}/archive-access"), billingToken(Matcher.tenant, PathPrefix.api, diff --git a/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/role/Policy.java b/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/role/Policy.java index ad739d16ff8..b48e786c178 100644 --- a/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/role/Policy.java +++ b/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/role/Policy.java @@ -72,6 +72,11 @@ enum Policy { .on(PathGroup.tenant, PathGroup.tenantInfo, PathGroup.tenantUsers, PathGroup.applicationUsers) .in(SystemName.all())), + /** Access to set and unset archive access role under a tenant. */ + tenantArchiveAccessManagement(Privilege.grant(Action.update, Action.delete) + .on(PathGroup.tenantArchiveAccess) + .in(SystemName.all())), + /** Access to create application under a certain tenant. */ applicationCreate(Privilege.grant(Action.create) .on(PathGroup.application) diff --git a/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/role/RoleDefinition.java b/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/role/RoleDefinition.java index aeb5419b682..a0ee0fe3548 100644 --- a/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/role/RoleDefinition.java +++ b/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/role/RoleDefinition.java @@ -63,6 +63,7 @@ public enum RoleDefinition { administrator(Policy.tenantUpdate, Policy.tenantManager, Policy.tenantDelete, + Policy.tenantArchiveAccessManagement, Policy.applicationManager, Policy.keyRevokal, Policy.paymentInstrumentRead, |