aboutsummaryrefslogtreecommitdiffstats
path: root/controller-server
diff options
context:
space:
mode:
authorBjørn Christian Seime <bjorncs@oath.com>2018-02-16 15:53:00 +0100
committerBjørn Christian Seime <bjorncs@oath.com>2018-02-16 15:53:00 +0100
commit6431a200146a0e86c7c043264f562946b291df4f (patch)
tree3614057115575825ea45376398a866da43be59c2 /controller-server
parent079285a0ccb45085d83a12f4e302e3714236ea91 (diff)
Allow tenant pipelines to use application v4 promote
Diffstat (limited to 'controller-server')
-rw-r--r--controller-server/src/main/java/com/yahoo/vespa/hosted/controller/restapi/filter/ControllerAuthorizationFilter.java1
-rw-r--r--controller-server/src/test/java/com/yahoo/vespa/hosted/controller/restapi/filter/ControllerAuthorizationFilterTest.java16
2 files changed, 17 insertions, 0 deletions
diff --git a/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/restapi/filter/ControllerAuthorizationFilter.java b/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/restapi/filter/ControllerAuthorizationFilter.java
index 3d0a50d71dc..13707772244 100644
--- a/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/restapi/filter/ControllerAuthorizationFilter.java
+++ b/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/restapi/filter/ControllerAuthorizationFilter.java
@@ -135,6 +135,7 @@ public class ControllerAuthorizationFilter implements SecurityRequestFilter {
private static boolean isTenantPipelineOperation(Path path, Method method) {
if (isTenantAdminOperation(path, method)) return false;
return path.matches("/application/v4/tenant/{tenant}/application/{application}/jobreport") ||
+ path.matches("/application/v4/tenant/{tenant}/application/{application}/promote") ||
path.matches("/application/v4/tenant/{tenant}/application/{application}/environment/prod/{*}") ||
path.matches("/application/v4/tenant/{tenant}/application/{application}/environment/test/{*}") ||
path.matches("/application/v4/tenant/{tenant}/application/{application}/environment/staging/{*}");
diff --git a/controller-server/src/test/java/com/yahoo/vespa/hosted/controller/restapi/filter/ControllerAuthorizationFilterTest.java b/controller-server/src/test/java/com/yahoo/vespa/hosted/controller/restapi/filter/ControllerAuthorizationFilterTest.java
index 87215a595a6..823f2cf1024 100644
--- a/controller-server/src/test/java/com/yahoo/vespa/hosted/controller/restapi/filter/ControllerAuthorizationFilterTest.java
+++ b/controller-server/src/test/java/com/yahoo/vespa/hosted/controller/restapi/filter/ControllerAuthorizationFilterTest.java
@@ -134,6 +134,22 @@ public class ControllerAuthorizationFilterTest {
assertIsForbidden(invokeFilter(filter, createRequest(method, path, TENANT_ADMIN)));
assertIsForbidden(invokeFilter(filter, createRequest(method, path, USER)));
}
+ {
+ String path = "/application/v4/tenant/mytenant/application/myapp/jobreport";
+ Method method = POST;
+ assertIsAllowed(invokeFilter(filter, createRequest(method, path, HOSTED_OPERATOR)));
+ assertIsAllowed(invokeFilter(filter, createRequest(method, path, TENANT_PIPELINE)));
+ assertIsForbidden(invokeFilter(filter, createRequest(method, path, TENANT_ADMIN)));
+ assertIsForbidden(invokeFilter(filter, createRequest(method, path, USER)));
+ }
+ {
+ String path = "/application/v4/tenant/mytenant/application/myapp/promote";
+ Method method = POST;
+ assertIsAllowed(invokeFilter(filter, createRequest(method, path, HOSTED_OPERATOR)));
+ assertIsAllowed(invokeFilter(filter, createRequest(method, path, TENANT_PIPELINE)));
+ assertIsForbidden(invokeFilter(filter, createRequest(method, path, TENANT_ADMIN)));
+ assertIsForbidden(invokeFilter(filter, createRequest(method, path, USER)));
+ }
}
private static void assertIsAllowed(Optional<AuthorizationResponse> response) {