diff options
author | Jon Marius Venstad <jvenstad@yahoo-inc.com> | 2019-04-12 15:32:25 +0200 |
---|---|---|
committer | Jon Marius Venstad <jvenstad@yahoo-inc.com> | 2019-04-12 15:32:25 +0200 |
commit | 7a06c6d1e16105bea33718b02157518e3926ed4b (patch) | |
tree | 558def393d1adf8a6ce12b09d607638be0fc9151 /controller-server | |
parent | d4312b5909760f4024f036af2dcd58d4a71d5b46 (diff) |
List implied roles in Controller
Diffstat (limited to 'controller-server')
-rw-r--r-- | controller-server/src/main/java/com/yahoo/vespa/hosted/controller/Controller.java | 24 |
1 files changed, 24 insertions, 0 deletions
diff --git a/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/Controller.java b/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/Controller.java index a7596ce808f..9886e5c1329 100644 --- a/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/Controller.java +++ b/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/Controller.java @@ -23,7 +23,12 @@ import com.yahoo.vespa.hosted.controller.api.integration.github.GitHub; import com.yahoo.vespa.hosted.controller.api.integration.organization.Mailer; import com.yahoo.vespa.hosted.controller.api.integration.routing.RoutingGenerator; import com.yahoo.config.provision.zone.ZoneId; +import com.yahoo.vespa.hosted.controller.api.integration.user.UserRoles; import com.yahoo.vespa.hosted.controller.api.integration.zone.ZoneRegistry; +import com.yahoo.vespa.hosted.controller.api.role.ApplicationRole; +import com.yahoo.vespa.hosted.controller.api.role.Role; +import com.yahoo.vespa.hosted.controller.api.role.Roles; +import com.yahoo.vespa.hosted.controller.api.role.TenantRole; import com.yahoo.vespa.hosted.controller.auditlog.AuditLogger; import com.yahoo.vespa.hosted.controller.deployment.JobController; import com.yahoo.vespa.hosted.controller.persistence.CuratorDb; @@ -46,6 +51,7 @@ import java.util.function.Predicate; import java.util.function.Supplier; import java.util.logging.Logger; import java.util.stream.Collectors; +import java.util.stream.Stream; /** * API to the controller. This contains the object model of everything the controller cares about, mainly tenants and @@ -76,6 +82,7 @@ public class Controller extends AbstractComponent { private final Mailer mailer; private final AuditLogger auditLogger; private final FlagSource flagSource; + private final UserRoles roles; /** * Creates a controller @@ -128,6 +135,7 @@ public class Controller extends AbstractComponent { ); tenantController = new TenantController(this, curator, accessControl); auditLogger = new AuditLogger(curator, clock); + roles = new UserRoles(new Roles(zoneRegistry.system())); // Record the version of this controller curator().writeControllerVersion(this.hostname(), Vtag.currentVersion); @@ -288,6 +296,22 @@ public class Controller extends AbstractComponent { return auditLogger; } + /** Returns all other roles the given tenant role implies. */ + public Set<Role> impliedRoles(TenantRole role) { + return Stream.concat(roles.tenantRoles(role.tenant()).stream(), + applications().asList(role.tenant()).stream() + .flatMap(application -> roles.applicationRoles(application.id().tenant(), application.id().application()).stream())) + .filter(role::implies) + .collect(Collectors.toUnmodifiableSet()); + } + + /** Returns all other roles the given application role implies. */ + public Set<Role> impliedRoles(ApplicationRole role) { + return roles.applicationRoles(role.tenant(), role.application()).stream() + .filter(role::implies) + .collect(Collectors.toUnmodifiableSet()); + } + private Set<CloudName> clouds() { return zoneRegistry.zones().all().ids().stream() .map(ZoneId::cloud) |