Merge pull request #9066 from vespa-engine/mpolden/public-endpoint-names

Add support for global endpoint names in public system

3 files changed, 8 insertions, 14 deletions

diff --git a/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/role/Context.java b/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/role/Context.java
index 3ba0367a00c..14d8d06d0c6 100644
--- a/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/role/Context.java
+++ b/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/role/Context.java
@@ -9,7 +9,7 @@ import java.util.Objects;
 import java.util.Optional;
 
 /**
- * The context in which a role is valid.
+ * The context in which a role is valid. This is immutable.
  *
  * @author mpolden
  */
@@ -40,11 +40,6 @@ public class Context {
         return system;
     }
 
-    /** Returns whether this context is considered limited */
-    public boolean limited() {
-        return tenant.isPresent() || application.isPresent();
-    }
-
     /** Returns a context that has no restrictions on tenant or application in given system */
     public static Context unlimitedIn(SystemName system) {
         return new Context(Optional.empty(), Optional.empty(), system);
diff --git a/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/role/Role.java b/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/role/Role.java
index ff535e92033..c28fa7a3fc3 100644
--- a/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/role/Role.java
+++ b/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/role/Role.java
@@ -4,8 +4,6 @@ package com.yahoo.vespa.hosted.controller.api.role;
 import java.net.URI;
 import java.util.Objects;
 
-import static java.util.Objects.requireNonNull;
-
 /**
  * A role is a combination of a {@link RoleDefinition} and a {@link Context}, which allows evaluation
  * of access control for a given action on a resource. Create using {@link Roles}.
@@ -18,15 +16,15 @@ public abstract class Role {
     final Context context;
 
     Role(RoleDefinition roleDefinition, Context context) {
-        this.roleDefinition = requireNonNull(roleDefinition);
-        this.context = requireNonNull(context);
+        this.roleDefinition = Objects.requireNonNull(roleDefinition);
+        this.context = Objects.requireNonNull(context);
     }
 
     /** Returns the role definition of this bound role. */
     public RoleDefinition definition() { return roleDefinition; }
 
     /** Returns whether this role is allowed to perform the given action on the given resource. */
-    public boolean allows(Action action, URI uri) {
+    public final boolean allows(Action action, URI uri) {
         return roleDefinition.policies().stream().anyMatch(policy -> policy.evaluate(action, uri, context));
     }
 
diff --git a/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/role/SecurityContext.java b/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/role/SecurityContext.java
index 41444258a68..3378f9e0061 100644
--- a/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/role/SecurityContext.java
+++ b/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/role/SecurityContext.java
@@ -5,8 +5,9 @@ import java.security.Principal;
 import java.util.Objects;
 import java.util.Set;
 
-import static java.util.Objects.requireNonNull;
-
+/**
+ * @author tokle
+ */
 public class SecurityContext {
 
     public static final String ATTRIBUTE_NAME = SecurityContext.class.getName();
@@ -15,7 +16,7 @@ public class SecurityContext {
     private final Set<Role> roles;
 
     public SecurityContext(Principal principal, Set<Role> roles) {
-        this.principal = requireNonNull(principal);
+        this.principal = Objects.requireNonNull(principal);
         this.roles = Set.copyOf(roles);
     }