diff options
author | Valerij Fredriksen <valerij92@gmail.com> | 2021-01-20 17:28:20 +0100 |
---|---|---|
committer | Valerij Fredriksen <valerij92@gmail.com> | 2021-01-20 17:28:20 +0100 |
commit | 34d8f6b20233ec6203148690a5a099976481a6c3 (patch) | |
tree | 4d644da94c7c893c37e9ba20f882c1ed0ff38f9b /controller-server | |
parent | f7e5150d00915cdd8042c6439edc80415872a60c (diff) |
Set instant in SecurityContext in SignatureFilter
Diffstat (limited to 'controller-server')
2 files changed, 10 insertions, 7 deletions
diff --git a/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/restapi/filter/SignatureFilter.java b/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/restapi/filter/SignatureFilter.java index 3be8d0cfe66..1c6511514a0 100644 --- a/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/restapi/filter/SignatureFilter.java +++ b/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/restapi/filter/SignatureFilter.java @@ -86,14 +86,14 @@ public class SignatureFilter extends JsonSecurityRequestFilterBase { .map(CloudTenant.class::cast); if (tenant.isPresent() && tenant.get().developerKeys().containsKey(key)) return Optional.of(new SecurityContext(tenant.get().developerKeys().get(key), - Set.of(Role.reader(id.tenant()), - Role.developer(id.tenant())))); + Set.of(Role.reader(id.tenant()), Role.developer(id.tenant())), + controller.clock().instant())); Optional <Application> application = controller.applications().getApplication(TenantAndApplicationId.from(id)); if (application.isPresent() && application.get().deployKeys().contains(key)) return Optional.of(new SecurityContext(new SimplePrincipal("headless@" + id.tenant() + "." + id.application()), - Set.of(Role.reader(id.tenant()), - Role.headless(id.tenant(), id.application())))); + Set.of(Role.reader(id.tenant()), Role.headless(id.tenant(), id.application())), + controller.clock().instant())); } return Optional.empty(); } diff --git a/controller-server/src/test/java/com/yahoo/vespa/hosted/controller/restapi/filter/SignatureFilterTest.java b/controller-server/src/test/java/com/yahoo/vespa/hosted/controller/restapi/filter/SignatureFilterTest.java index 2183563cb61..390823271b4 100644 --- a/controller-server/src/test/java/com/yahoo/vespa/hosted/controller/restapi/filter/SignatureFilterTest.java +++ b/controller-server/src/test/java/com/yahoo/vespa/hosted/controller/restapi/filter/SignatureFilterTest.java @@ -100,14 +100,16 @@ public class SignatureFilterTest { verifySecurityContext(requestOf(signer.signed(request.copy(), Method.GET, InputStream::nullInputStream), emptyBody), new SecurityContext(new SimplePrincipal("headless@my-tenant.my-app"), Set.of(Role.reader(id.tenant()), - Role.headless(id.tenant(), id.application())))); + Role.headless(id.tenant(), id.application())), + tester.clock().instant())); // Signed POST request with X-Key header gets a headless role. byte[] hiBytes = new byte[]{0x48, 0x69}; verifySecurityContext(requestOf(signer.signed(request.copy(), Method.POST, () -> new ByteArrayInputStream(hiBytes)), hiBytes), new SecurityContext(new SimplePrincipal("headless@my-tenant.my-app"), Set.of(Role.reader(id.tenant()), - Role.headless(id.tenant(), id.application())))); + Role.headless(id.tenant(), id.application())), + tester.clock().instant())); // Signed request gets a developer role when a matching developer key is stored for the tenant. tester.curator().writeTenant(new CloudTenant(appId.tenant(), @@ -119,7 +121,8 @@ public class SignatureFilterTest { verifySecurityContext(requestOf(signer.signed(request.copy(), Method.POST, () -> new ByteArrayInputStream(hiBytes)), hiBytes), new SecurityContext(new SimplePrincipal("user"), Set.of(Role.reader(id.tenant()), - Role.developer(id.tenant())))); + Role.developer(id.tenant())), + tester.clock().instant())); // Unsigned requests still get no roles. verifySecurityContext(requestOf(request.copy().method("GET", HttpRequest.BodyPublishers.ofByteArray(emptyBody)).build(), emptyBody), |