aboutsummaryrefslogtreecommitdiffstats
path: root/controller-api
diff options
context:
space:
mode:
authorOla Aunrønning <olaa@verizonmedia.com>2022-02-10 11:52:05 +0100
committerOla Aunrønning <olaa@verizonmedia.com>2022-02-10 11:52:05 +0100
commit83058612bf2156407f35d56ddf3618ed3c70ce72 (patch)
tree193b682eb5388b6a04f73748b001b29a040725ab /controller-api
parent113a8fa5998d9b5be5c4e4feb96ebda1aebf4f14 (diff)
Pending role approvals contains all athenz identity types
Diffstat (limited to 'controller-api')
-rw-r--r--controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/athenz/AthenzAccessControlService.java5
-rw-r--r--controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/athenz/ZmsClientMock.java2
2 files changed, 4 insertions, 3 deletions
diff --git a/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/athenz/AthenzAccessControlService.java b/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/athenz/AthenzAccessControlService.java
index 3f0418b1a9e..906eaa9f506 100644
--- a/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/athenz/AthenzAccessControlService.java
+++ b/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/athenz/AthenzAccessControlService.java
@@ -5,6 +5,7 @@ package com.yahoo.vespa.hosted.controller.api.integration.athenz;
import com.yahoo.config.provision.TenantName;
import com.yahoo.vespa.athenz.api.AthenzDomain;
import com.yahoo.vespa.athenz.api.AthenzGroup;
+import com.yahoo.vespa.athenz.api.AthenzIdentity;
import com.yahoo.vespa.athenz.api.AthenzRole;
import com.yahoo.vespa.athenz.api.AthenzUser;
import com.yahoo.vespa.athenz.client.zms.ZmsClient;
@@ -39,7 +40,7 @@ public class AthenzAccessControlService implements AccessControlService {
if(!isVespaTeamMember(user)) {
throw new IllegalArgumentException(String.format("User %s requires manual approval, please contact Vespa team", user.getName()));
}
- Map<AthenzUser, String> users = zmsClient.listPendingRoleApprovals(dataPlaneAccessRole);
+ Map<AthenzIdentity, String> users = zmsClient.listPendingRoleApprovals(dataPlaneAccessRole);
if (users.containsKey(user)) {
zmsClient.approvePendingRoleMembership(dataPlaneAccessRole, user, expiry, Optional.empty());
return true;
@@ -62,7 +63,7 @@ public class AthenzAccessControlService implements AccessControlService {
public boolean hasPendingAccessRequests(TenantName tenantName) {
var role = sshRole(tenantName);
var pendingApprovals = vespaZmsClient.listPendingRoleApprovals(role);
- return !pendingApprovals.isEmpty();
+ return pendingApprovals.containsKey(vespaTeam);
}
/**
diff --git a/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/athenz/ZmsClientMock.java b/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/athenz/ZmsClientMock.java
index d960c46cacd..5a3f0825704 100644
--- a/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/athenz/ZmsClientMock.java
+++ b/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/athenz/ZmsClientMock.java
@@ -200,7 +200,7 @@ public class ZmsClientMock implements ZmsClient {
}
@Override
- public Map<AthenzUser,String> listPendingRoleApprovals(AthenzRole athenzRole) {
+ public Map<AthenzIdentity,String> listPendingRoleApprovals(AthenzRole athenzRole) {
return Map.of();
}