diff options
author | Morten Tokle <mortent@verizonmedia.com> | 2021-06-04 16:42:08 +0200 |
---|---|---|
committer | Morten Tokle <mortent@verizonmedia.com> | 2021-06-04 16:42:08 +0200 |
commit | 379bb34fb6943583f50905cd86e1913f2898298b (patch) | |
tree | d79808b808ae045b4c069c8d7aa0b074f35aac61 /controller-server | |
parent | 30fde50db70ee02af21c1d2f92096a76a475da1c (diff) |
Fix activeGrants
Diffstat (limited to 'controller-server')
2 files changed, 11 insertions, 2 deletions
diff --git a/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/support/access/SupportAccessControl.java b/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/support/access/SupportAccessControl.java index ccee1b4af43..6bbec918ba9 100644 --- a/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/support/access/SupportAccessControl.java +++ b/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/support/access/SupportAccessControl.java @@ -87,8 +87,8 @@ public class SupportAccessControl { if (supportAccess.currentStatus(now).state() == NOT_ALLOWED) return List.of(); return supportAccess.grantHistory().stream() - .filter(grant -> !grant.certificate().getNotBefore().toInstant().isBefore(now)) - .filter(grant -> !grant.certificate().getNotAfter().toInstant().isAfter(now)) + .filter(grant -> now.isAfter(grant.certificate().getNotBefore().toInstant())) + .filter(grant -> now.isBefore(grant.certificate().getNotAfter().toInstant())) .collect(Collectors.toUnmodifiableList()); } diff --git a/controller-server/src/test/java/com/yahoo/vespa/hosted/controller/restapi/application/ApplicationApiTest.java b/controller-server/src/test/java/com/yahoo/vespa/hosted/controller/restapi/application/ApplicationApiTest.java index ce7b4a6123b..f4b8a643e28 100644 --- a/controller-server/src/test/java/com/yahoo/vespa/hosted/controller/restapi/application/ApplicationApiTest.java +++ b/controller-server/src/test/java/com/yahoo/vespa/hosted/controller/restapi/application/ApplicationApiTest.java @@ -71,6 +71,7 @@ import com.yahoo.vespa.hosted.controller.restapi.ControllerContainerTest; import com.yahoo.vespa.hosted.controller.routing.GlobalRouting; import com.yahoo.vespa.hosted.controller.security.AthenzCredentials; import com.yahoo.vespa.hosted.controller.security.AthenzTenantSpec; +import com.yahoo.vespa.hosted.controller.support.access.SupportAccessGrant; import com.yahoo.vespa.hosted.controller.tenant.AthenzTenant; import com.yahoo.vespa.hosted.controller.tenant.LastLoginInfo; import com.yahoo.vespa.hosted.controller.versions.VespaVersion; @@ -1549,6 +1550,10 @@ public class ApplicationApiTest extends ControllerContainerTest { grantResponse, 200 ); + // Should be 1 available grant + List<SupportAccessGrant> activeGrants = tester.controller().supportAccess().activeGrantsFor(new DeploymentId(ApplicationId.fromSerializedForm("tenant1:application1:instance1"), zone)); + assertEquals(1, activeGrants.size()); + // DELETE removes access String disallowedResponse = grantResponse .replaceAll("ALLOWED\".*?}", "NOT_ALLOWED\"}") @@ -1557,6 +1562,10 @@ public class ApplicationApiTest extends ControllerContainerTest { .userIdentity(USER_ID), disallowedResponse, 200 ); + + // Should be no available grant + activeGrants = tester.controller().supportAccess().activeGrantsFor(new DeploymentId(ApplicationId.fromSerializedForm("tenant1:application1:instance1"), zone)); + assertEquals(0, activeGrants.size()); } private static String serializeInstant(Instant i) { |