Fix activeGrants

2 files changed, 11 insertions, 2 deletions

diff --git a/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/support/access/SupportAccessControl.java b/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/support/access/SupportAccessControl.java
index ccee1b4af43..6bbec918ba9 100644
--- a/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/support/access/SupportAccessControl.java
+++ b/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/support/access/SupportAccessControl.java
@@ -87,8 +87,8 @@ public class SupportAccessControl {
         if (supportAccess.currentStatus(now).state() == NOT_ALLOWED) return List.of();
 
         return supportAccess.grantHistory().stream()
-                .filter(grant -> !grant.certificate().getNotBefore().toInstant().isBefore(now))
-                .filter(grant -> !grant.certificate().getNotAfter().toInstant().isAfter(now))
+                .filter(grant -> now.isAfter(grant.certificate().getNotBefore().toInstant()))
+                .filter(grant -> now.isBefore(grant.certificate().getNotAfter().toInstant()))
                 .collect(Collectors.toUnmodifiableList());
     }
 
diff --git a/controller-server/src/test/java/com/yahoo/vespa/hosted/controller/restapi/application/ApplicationApiTest.java b/controller-server/src/test/java/com/yahoo/vespa/hosted/controller/restapi/application/ApplicationApiTest.java
index ce7b4a6123b..f4b8a643e28 100644
--- a/controller-server/src/test/java/com/yahoo/vespa/hosted/controller/restapi/application/ApplicationApiTest.java
+++ b/controller-server/src/test/java/com/yahoo/vespa/hosted/controller/restapi/application/ApplicationApiTest.java
@@ -71,6 +71,7 @@ import com.yahoo.vespa.hosted.controller.restapi.ControllerContainerTest;
 import com.yahoo.vespa.hosted.controller.routing.GlobalRouting;
 import com.yahoo.vespa.hosted.controller.security.AthenzCredentials;
 import com.yahoo.vespa.hosted.controller.security.AthenzTenantSpec;
+import com.yahoo.vespa.hosted.controller.support.access.SupportAccessGrant;
 import com.yahoo.vespa.hosted.controller.tenant.AthenzTenant;
 import com.yahoo.vespa.hosted.controller.tenant.LastLoginInfo;
 import com.yahoo.vespa.hosted.controller.versions.VespaVersion;
@@ -1549,6 +1550,10 @@ public class ApplicationApiTest extends ControllerContainerTest {
                 grantResponse, 200
         );
 
+        // Should be 1 available grant
+        List<SupportAccessGrant> activeGrants = tester.controller().supportAccess().activeGrantsFor(new DeploymentId(ApplicationId.fromSerializedForm("tenant1:application1:instance1"), zone));
+        assertEquals(1, activeGrants.size());
+
         // DELETE removes access
         String disallowedResponse = grantResponse
                 .replaceAll("ALLOWED\".*?}", "NOT_ALLOWED\"}")
@@ -1557,6 +1562,10 @@ public class ApplicationApiTest extends ControllerContainerTest {
                         .userIdentity(USER_ID),
                 disallowedResponse, 200
         );
+
+        // Should be no available grant
+        activeGrants = tester.controller().supportAccess().activeGrantsFor(new DeploymentId(ApplicationId.fromSerializedForm("tenant1:application1:instance1"), zone));
+        assertEquals(0, activeGrants.size());
     }
 
     private static String serializeInstant(Instant i) {