Verify athenz tenant before evaluating developer role privileges

author: Morten Tokle <mortent@verizonmedia.com> 2022-02-28 14:16:27 +0100
committer: Morten Tokle <mortent@verizonmedia.com> 2022-02-28 14:16:27 +0100
commit: 3cc0676626394e398fa0064287c92c96dc191aa1 (patch)
tree: 3ab2677b8babc509b1bdb0305c6f0b13f2b89ac8 /controller-server
parent: f77539dc41418af0305ba863bef3299de6f8f18d (diff)
1 files changed, 2 insertions, 1 deletions
diff --git a/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/restapi/filter/AthenzRoleFilter.java b/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/restapi/filter/AthenzRoleFilter.java
index da048e6b569..766a51e3e8d 100644
--- a/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/restapi/filter/AthenzRoleFilter.java
+++ b/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/restapi/filter/AthenzRoleFilter.java
@@ -152,7 +152,8 @@ public class AthenzRoleFilter extends JsonSecurityRequestFilterBase {
             && application.isPresent()) {
             ZoneId z = zone.get();
             futures.add(executor.submit(() -> {
-                if (canDeployToManualZones(identity, ((AthenzTenant) tenant.get()).domain(), application.get(), z))
+                if (tenant.get().type() == Tenant.Type.athenz
+                    && canDeployToManualZones(identity, ((AthenzTenant) tenant.get()).domain(), application.get(), z))
                     roleMemberships.add(Role.hostedDeveloper(tenant.get().name()));
             }));
         }
author	Morten Tokle <mortent@verizonmedia.com>	2022-02-28 14:16:27 +0100
committer	Morten Tokle <mortent@verizonmedia.com>	2022-02-28 14:16:27 +0100
commit	3cc0676626394e398fa0064287c92c96dc191aa1 (patch)
tree	3ab2677b8babc509b1bdb0305c6f0b13f2b89ac8 /controller-server
parent	f77539dc41418af0305ba863bef3299de6f8f18d (diff)