diff options
author | Morten Tokle <mortent@verizonmedia.com> | 2022-02-28 14:16:27 +0100 |
---|---|---|
committer | Morten Tokle <mortent@verizonmedia.com> | 2022-02-28 14:16:27 +0100 |
commit | 3cc0676626394e398fa0064287c92c96dc191aa1 (patch) | |
tree | 3ab2677b8babc509b1bdb0305c6f0b13f2b89ac8 /controller-server | |
parent | f77539dc41418af0305ba863bef3299de6f8f18d (diff) |
Verify athenz tenant before evaluating developer role privileges
Diffstat (limited to 'controller-server')
-rw-r--r-- | controller-server/src/main/java/com/yahoo/vespa/hosted/controller/restapi/filter/AthenzRoleFilter.java | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/restapi/filter/AthenzRoleFilter.java b/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/restapi/filter/AthenzRoleFilter.java index da048e6b569..766a51e3e8d 100644 --- a/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/restapi/filter/AthenzRoleFilter.java +++ b/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/restapi/filter/AthenzRoleFilter.java @@ -152,7 +152,8 @@ public class AthenzRoleFilter extends JsonSecurityRequestFilterBase { && application.isPresent()) { ZoneId z = zone.get(); futures.add(executor.submit(() -> { - if (canDeployToManualZones(identity, ((AthenzTenant) tenant.get()).domain(), application.get(), z)) + if (tenant.get().type() == Tenant.Type.athenz + && canDeployToManualZones(identity, ((AthenzTenant) tenant.get()).domain(), application.get(), z)) roleMemberships.add(Role.hostedDeveloper(tenant.get().name())); })); } |