summaryrefslogtreecommitdiffstats
path: root/controller-api
diff options
context:
space:
mode:
authorValerij Fredriksen <valerij92@gmail.com>2021-03-18 16:56:04 +0100
committerValerij Fredriksen <valerij92@gmail.com>2021-03-18 17:03:39 +0100
commite95bda2b0fc568c33a6ed18bb88c2d4cf80ff288 (patch)
treeae7da6f9c54ed99d70b09ed44e006031c594b024 /controller-api
parent1e37f667e3329cc5b4bc6d3b6574cd240991fa32 (diff)
Allow tenant administrator setting archive access role
Diffstat (limited to 'controller-api')
-rw-r--r--controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/role/PathGroup.java3
-rw-r--r--controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/role/Policy.java5
-rw-r--r--controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/role/RoleDefinition.java1
3 files changed, 9 insertions, 0 deletions
diff --git a/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/role/PathGroup.java b/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/role/PathGroup.java
index 72210ec26ed..d03df9523bd 100644
--- a/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/role/PathGroup.java
+++ b/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/role/PathGroup.java
@@ -67,6 +67,9 @@ enum PathGroup {
PathPrefix.api,
"/application/v4/tenant/{tenant}/key/"),
+ tenantArchiveAccess(Matcher.tenant,
+ PathPrefix.api,
+ "/application/v4/tenant/{tenant}/archive-access"),
billingToken(Matcher.tenant,
PathPrefix.api,
diff --git a/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/role/Policy.java b/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/role/Policy.java
index ad739d16ff8..b48e786c178 100644
--- a/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/role/Policy.java
+++ b/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/role/Policy.java
@@ -72,6 +72,11 @@ enum Policy {
.on(PathGroup.tenant, PathGroup.tenantInfo, PathGroup.tenantUsers, PathGroup.applicationUsers)
.in(SystemName.all())),
+ /** Access to set and unset archive access role under a tenant. */
+ tenantArchiveAccessManagement(Privilege.grant(Action.update, Action.delete)
+ .on(PathGroup.tenantArchiveAccess)
+ .in(SystemName.all())),
+
/** Access to create application under a certain tenant. */
applicationCreate(Privilege.grant(Action.create)
.on(PathGroup.application)
diff --git a/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/role/RoleDefinition.java b/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/role/RoleDefinition.java
index aeb5419b682..a0ee0fe3548 100644
--- a/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/role/RoleDefinition.java
+++ b/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/role/RoleDefinition.java
@@ -63,6 +63,7 @@ public enum RoleDefinition {
administrator(Policy.tenantUpdate,
Policy.tenantManager,
Policy.tenantDelete,
+ Policy.tenantArchiveAccessManagement,
Policy.applicationManager,
Policy.keyRevokal,
Policy.paymentInstrumentRead,