diff options
author | Valerij Fredriksen <valerij92@gmail.com> | 2021-03-18 16:56:04 +0100 |
---|---|---|
committer | Valerij Fredriksen <valerij92@gmail.com> | 2021-03-18 17:03:39 +0100 |
commit | e95bda2b0fc568c33a6ed18bb88c2d4cf80ff288 (patch) | |
tree | ae7da6f9c54ed99d70b09ed44e006031c594b024 /controller-server | |
parent | 1e37f667e3329cc5b4bc6d3b6574cd240991fa32 (diff) |
Allow tenant administrator setting archive access role
Diffstat (limited to 'controller-server')
3 files changed, 26 insertions, 2 deletions
diff --git a/controller-server/src/test/java/com/yahoo/vespa/hosted/controller/restapi/ContainerTester.java b/controller-server/src/test/java/com/yahoo/vespa/hosted/controller/restapi/ContainerTester.java index 2bf6eb39089..10f143a8e96 100644 --- a/controller-server/src/test/java/com/yahoo/vespa/hosted/controller/restapi/ContainerTester.java +++ b/controller-server/src/test/java/com/yahoo/vespa/hosted/controller/restapi/ContainerTester.java @@ -142,12 +142,16 @@ public class ContainerTester { expectedStatusCode); } - public void assertResponse(Supplier<Request> requestSupplier, Consumer<Response> responseAssertion, int expectedStatusCode) { + public void assertResponse(Supplier<Request> requestSupplier, ConsumerThrowingException<Response> responseAssertion, int expectedStatusCode) { var request = requestSupplier.get(); FilterResult filterResult = invokeSecurityFilters(request); request = filterResult.request; Response response = filterResult.response != null ? filterResult.response : container.handleRequest(request); - responseAssertion.accept(response); + try { + responseAssertion.accept(response); + } catch (Exception e) { + throw new RuntimeException(e); + } assertEquals("Status code", expectedStatusCode, response.getStatus()); } @@ -203,5 +207,9 @@ public class ContainerTester { } } + @FunctionalInterface + public interface ConsumerThrowingException<T> { + void accept(T t) throws Exception; + } } diff --git a/controller-server/src/test/java/com/yahoo/vespa/hosted/controller/restapi/ControllerContainerCloudTest.java b/controller-server/src/test/java/com/yahoo/vespa/hosted/controller/restapi/ControllerContainerCloudTest.java index b935f8cbbe4..23573f86cc3 100644 --- a/controller-server/src/test/java/com/yahoo/vespa/hosted/controller/restapi/ControllerContainerCloudTest.java +++ b/controller-server/src/test/java/com/yahoo/vespa/hosted/controller/restapi/ControllerContainerCloudTest.java @@ -88,6 +88,7 @@ public class ControllerContainerCloudTest extends ControllerContainerTest { public RequestBuilder principal(String principal) { this.principal = new SimplePrincipal(principal); return this; } public RequestBuilder user(User user) { this.user = user; return this; } public RequestBuilder roles(Set<Role> roles) { this.roles = roles; return this; } + public RequestBuilder roles(Role... roles) { return roles(Set.of(roles)); } @Override public Request get() { diff --git a/controller-server/src/test/java/com/yahoo/vespa/hosted/controller/restapi/application/ApplicationApiCloudTest.java b/controller-server/src/test/java/com/yahoo/vespa/hosted/controller/restapi/application/ApplicationApiCloudTest.java index 62865ea9be2..a048c19e1ca 100644 --- a/controller-server/src/test/java/com/yahoo/vespa/hosted/controller/restapi/application/ApplicationApiCloudTest.java +++ b/controller-server/src/test/java/com/yahoo/vespa/hosted/controller/restapi/application/ApplicationApiCloudTest.java @@ -32,6 +32,7 @@ import java.util.Set; import static com.yahoo.application.container.handler.Request.Method.*; import static com.yahoo.vespa.hosted.controller.restapi.application.ApplicationApiTest.createApplicationSubmissionData; import static org.junit.Assert.assertEquals; +import static org.junit.Assert.assertFalse; import static org.junit.Assert.fail; /** @@ -193,6 +194,20 @@ public class ApplicationApiCloudTest extends ControllerContainerCloudTest { assertEquals(0, tenant.tenantSecretStores().size()); } + @Test + public void archive_uri_test() { + tester.assertResponse(request("/application/v4/tenant/scoober/archive-access", PUT) + .data("{\"role\":\"dummy\"}").roles(Role.administrator(tenantName)), + "{\"error-code\":\"BAD_REQUEST\",\"message\":\"Invalid archive access role name: dummy\"}", 400); + + tester.assertResponse(request("/application/v4/tenant/scoober/archive-access", PUT) + .data("{\"role\":\"arn:aws:iam::123456789012:role/my-role\"}").roles(Role.administrator(tenantName)), + "{\"message\":\"Archive access role set to 'arn:aws:iam::123456789012:role/my-role' for tenant scoober.\"}", 200); + + tester.assertResponse(request("/application/v4/tenant/scoober/archive-access", DELETE).roles(Role.administrator(tenantName)), + "{\"message\":\"Archive access role removed for tenant scoober.\"}", 200); + } + private ApplicationPackageBuilder prodBuilder() { return new ApplicationPackageBuilder() .instances("default") |