diff options
author | Martin Polden <mpolden@mpolden.no> | 2019-03-25 10:18:12 +0200 |
---|---|---|
committer | Martin Polden <mpolden@mpolden.no> | 2019-03-25 10:18:12 +0200 |
commit | e6bebce22015b8e9955ad4f755104dd999c32365 (patch) | |
tree | a1e3d92dcf19c44580aa34f30dc4b1ff88697862 /controller-server | |
parent | 402ab8a739bf30f4ea26ed37e82587516649344a (diff) |
Define seperate group for /athenz/v1/
Diffstat (limited to 'controller-server')
-rw-r--r-- | controller-server/src/main/java/com/yahoo/vespa/hosted/controller/role/PathGroup.java | 9 | ||||
-rw-r--r-- | controller-server/src/main/java/com/yahoo/vespa/hosted/controller/role/Policy.java | 3 |
2 files changed, 9 insertions, 3 deletions
diff --git a/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/role/PathGroup.java b/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/role/PathGroup.java index 86d56801f8c..fd96d394ccc 100644 --- a/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/role/PathGroup.java +++ b/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/role/PathGroup.java @@ -30,13 +30,16 @@ public enum PathGroup { /** Paths used when onboarding and creating a new tenants */ onboardingUser("/application/v4/user"), + // Tenant parameter is ignored here as context for the role is not defined until after a tenant has been created onboardingTenant("/application/v4/tenant/{ignored}"), + /** Read-only paths used when onboarding tenants */ + onboardingTenantInformation("/athenz/v1/", + "/athenz/v1/domains"), + /** Paths used by tenant/application administrators */ - tenant("/athenz/v1/", - "/athenz/v1/domains", - "/application/v4/", + tenant("/application/v4/", "/application/v4/athensDomain/", "/application/v4/property/", "/application/v4/tenant/", diff --git a/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/role/Policy.java b/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/role/Policy.java index 03d53eeb57d..86765a7a4f1 100644 --- a/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/role/Policy.java +++ b/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/role/Policy.java @@ -41,6 +41,9 @@ public enum Policy { .on(PathGroup.onboardingTenant) .in(SystemName.main, SystemName.cd, SystemName.dev), Privilege.grant(Action.read) + .on(PathGroup.onboardingTenantInformation) + .in(SystemName.main, SystemName.cd, SystemName.dev), + Privilege.grant(Action.read) .on(PathGroup.all()) .in(SystemName.main, SystemName.cd, SystemName.dev), Privilege.grant(Action.read) |