Disallow Screwdriver from submitting to the sandbox tenant

author: Jon Marius Venstad <venstad@gmail.com> 2020-04-27 15:50:08 +0200
committer: Jon Marius Venstad <venstad@gmail.com> 2020-04-27 15:50:08 +0200
commit: edb279bdfc1db05afda93bd206cded216cc8c3d3 (patch)
tree: 428a16b79a6923924001f5e5dbeaf31d088319b8 /controller-server
parent: 3cf7d545bb9cf9532747f835fbf49ab859d9e281 (diff)
1 files changed, 4 insertions, 1 deletions
diff --git a/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/restapi/filter/AthenzRoleFilter.java b/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/restapi/filter/AthenzRoleFilter.java
index 48118087a54..25ee95e6d80 100644
--- a/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/restapi/filter/AthenzRoleFilter.java
+++ b/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/restapi/filter/AthenzRoleFilter.java
@@ -105,7 +105,10 @@ public class AthenzRoleFilter extends JsonSecurityRequestFilterBase {
                   .forEach(accessibleTenant -> roleMemberships.add(Role.athenzTenantAdmin(accessibleTenant.name())));
         }));
 
-        if (identity.getDomain().equals(SCREWDRIVER_DOMAIN) && application.isPresent() && tenant.isPresent())
+        if (     identity.getDomain().equals(SCREWDRIVER_DOMAIN)
+            &&   application.isPresent()
+            &&   tenant.isPresent()
+            && ! tenant.get().name().value().equals("sandbox"))
             futures.add(executor.submit(() -> {
                 if (   tenant.get().type() == Tenant.Type.athenz
                     && hasDeployerAccess(identity, ((AthenzTenant) tenant.get()).domain(), application.get()))
author	Jon Marius Venstad <venstad@gmail.com>	2020-04-27 15:50:08 +0200
committer	Jon Marius Venstad <venstad@gmail.com>	2020-04-27 15:50:08 +0200
commit	edb279bdfc1db05afda93bd206cded216cc8c3d3 (patch)
tree	428a16b79a6923924001f5e5dbeaf31d088319b8 /controller-server
parent	3cf7d545bb9cf9532747f835fbf49ab859d9e281 (diff)