Allow read access to dashboard, and avoid out of bounds in Path

2 files changed, 7 insertions, 1 deletions

diff --git a/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/role/PathGroup.java b/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/role/PathGroup.java
index 653c1d40684..0c804d07205 100644
--- a/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/role/PathGroup.java
+++ b/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/role/PathGroup.java
@@ -62,7 +62,11 @@ public enum PathGroup {
     /** Read-only paths providing information related to deployments */
     deploymentStatus("/badge/v1/{*}",
                      "/deployment/v1/{*}",
-                     "/zone/v1/{*}");
+                     "/zone/v1/{*}"),
+
+    /** Paths used by some dashboard */
+    dashboard("/",
+              "/d/{*}");
 
     final Set<String> pathSpecs;
 
diff --git a/controller-server/src/test/java/com/yahoo/vespa/hosted/controller/role/RoleMembershipTest.java b/controller-server/src/test/java/com/yahoo/vespa/hosted/controller/role/RoleMembershipTest.java
index bc810fdb5c5..e0bd4b18549 100644
--- a/controller-server/src/test/java/com/yahoo/vespa/hosted/controller/role/RoleMembershipTest.java
+++ b/controller-server/src/test/java/com/yahoo/vespa/hosted/controller/role/RoleMembershipTest.java
@@ -82,6 +82,8 @@ public class RoleMembershipTest {
         assertTrue(roles.allows(Action.create, "/application/v4/tenant/t1/application/a1/jobreport"));
         assertTrue(roles.allows(Action.update, "/application/v4/tenant/t1/application/a1"));
         assertTrue("Global read access", roles.allows(Action.read, "/controller/v1/foo"));
+        assertTrue("Dashboard read access", roles.allows(Action.read, "/"));
+        assertTrue("Dashboard read access", roles.allows(Action.read, "/d/nodes"));
     }
 
 }