diff options
author | Bjørn Christian Seime <bjorncs@oath.com> | 2017-10-18 13:47:15 +0200 |
---|---|---|
committer | Bjørn Christian Seime <bjorncs@oath.com> | 2017-10-18 13:47:15 +0200 |
commit | 0b7b360e32fc3444d657c7db1ade6de79a2eb76c (patch) | |
tree | e046854f5b6294a47accedaf0087aa6ee9ec8392 /controller-server | |
parent | c4f63f1db4137d71fa4405a7dcbc68701e789875 (diff) |
Warn when using deprecated authorization validation
Diffstat (limited to 'controller-server')
2 files changed, 3 insertions, 1 deletions
diff --git a/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/restapi/application/ApplicationApiHandler.java b/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/restapi/application/ApplicationApiHandler.java index 55a435abe41..c50f1464be7 100644 --- a/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/restapi/application/ApplicationApiHandler.java +++ b/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/restapi/application/ApplicationApiHandler.java @@ -769,6 +769,9 @@ public class ApplicationApiHandler extends LoggingRequestHandler { tenant, applicationId); } else { // In case of host-based principal + // TODO What about other user type principals like Bouncer? + log.log(LogLevel.WARNING, + "Using deprecated DeployAuthorizer.throwIfUnauthorizedForDeploy. Principal=" + principal); UserId userId = new UserId(principal.getName()); deployAuthorizer.throwIfUnauthorizedForDeploy( Environment.from(environment), diff --git a/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/restapi/application/DeployAuthorizer.java b/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/restapi/application/DeployAuthorizer.java index e3bce56778c..7cf19629774 100644 --- a/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/restapi/application/DeployAuthorizer.java +++ b/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/restapi/application/DeployAuthorizer.java @@ -90,7 +90,6 @@ public class DeployAuthorizer { Tenant tenant, ApplicationId applicationId, Optional<ScrewdriverId> optionalScrewdriverId) { - Principal principal = new UnauthenticatedUserPrincipal(userId.id()); if (athenzCredentialsRequired(environment, tenant, applicationId, principal)) { |