diff options
author | Morten Tokle <mortent@verizonmedia.com> | 2021-09-02 10:56:18 +0200 |
---|---|---|
committer | Morten Tokle <mortent@verizonmedia.com> | 2021-09-02 10:56:18 +0200 |
commit | 7b68804f441684637b47b1c972f05626ea068638 (patch) | |
tree | 4f98ddc3a79e16c2f50d444de86eefc19087ba0d /controller-server | |
parent | 4f6642f01d0cb3c66110d48b4885e3d369975faf (diff) |
Maintain all tenant roles
Diffstat (limited to 'controller-server')
-rw-r--r-- | controller-server/src/main/java/com/yahoo/vespa/hosted/controller/maintenance/TenantRoleMaintainer.java | 8 |
1 files changed, 8 insertions, 0 deletions
diff --git a/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/maintenance/TenantRoleMaintainer.java b/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/maintenance/TenantRoleMaintainer.java index ba110951f6d..ce6f9c802d6 100644 --- a/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/maintenance/TenantRoleMaintainer.java +++ b/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/maintenance/TenantRoleMaintainer.java @@ -25,6 +25,14 @@ public class TenantRoleMaintainer extends ControllerMaintainer { protected double maintain() { var roleService = controller().serviceRegistry().roleService(); var tenants = controller().tenants().asList(); + + // Create separate athenz service for all tenants + tenants.stream() + .map(Tenant::name) + .forEach(roleService::createTenantRole); + + // Until we have moved to separate athenz service per tenant, make sure we update the shared policy + // to allow ssh logins for hosts in prod/perf with a separate tenant iam role. var tenantsWithRoles = tenants.stream() .map(Tenant::name) .filter(tenant -> hasProductionDeployment(tenant) || hasPerfDeployment(tenant)) |