Maintain all tenant roles

author: Morten Tokle <mortent@verizonmedia.com> 2021-09-02 10:56:18 +0200
committer: Morten Tokle <mortent@verizonmedia.com> 2021-09-02 10:56:18 +0200
commit: 7b68804f441684637b47b1c972f05626ea068638 (patch)
tree: 4f98ddc3a79e16c2f50d444de86eefc19087ba0d /controller-server
parent: 4f6642f01d0cb3c66110d48b4885e3d369975faf (diff)
1 files changed, 8 insertions, 0 deletions
diff --git a/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/maintenance/TenantRoleMaintainer.java b/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/maintenance/TenantRoleMaintainer.java
index ba110951f6d..ce6f9c802d6 100644
--- a/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/maintenance/TenantRoleMaintainer.java
+++ b/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/maintenance/TenantRoleMaintainer.java
@@ -25,6 +25,14 @@ public class TenantRoleMaintainer extends ControllerMaintainer {
     protected double maintain() {
         var roleService = controller().serviceRegistry().roleService();
         var tenants = controller().tenants().asList();
+
+        // Create separate athenz service for all tenants
+        tenants.stream()
+                .map(Tenant::name)
+                .forEach(roleService::createTenantRole);
+
+        // Until we have moved to separate athenz service per tenant, make sure we update the shared policy
+        // to allow ssh logins for hosts in prod/perf with a separate tenant iam role.
         var tenantsWithRoles = tenants.stream()
                 .map(Tenant::name)
                 .filter(tenant -> hasProductionDeployment(tenant) || hasPerfDeployment(tenant))
author	Morten Tokle <mortent@verizonmedia.com>	2021-09-02 10:56:18 +0200
committer	Morten Tokle <mortent@verizonmedia.com>	2021-09-02 10:56:18 +0200
commit	7b68804f441684637b47b1c972f05626ea068638 (patch)
tree	4f98ddc3a79e16c2f50d444de86eefc19087ba0d /controller-server
parent	4f6642f01d0cb3c66110d48b4885e3d369975faf (diff)