diff options
author | Martin Polden <mpolden@mpolden.no> | 2020-03-05 14:06:37 +0100 |
---|---|---|
committer | Martin Polden <mpolden@mpolden.no> | 2020-03-05 14:06:37 +0100 |
commit | d06aa3e0bfa0eedde1b8b937d9ca4953add6159f (patch) | |
tree | bf62d2664ba3c261042b5e655763138e9eb36f8d /controller-server | |
parent | 55dd5a7e8db0cbb79802fdf8b059e8c75b6280f9 (diff) |
Remove unused tenantPipeline role
Diffstat (limited to 'controller-server')
3 files changed, 9 insertions, 9 deletions
diff --git a/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/restapi/filter/AthenzRoleFilter.java b/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/restapi/filter/AthenzRoleFilter.java index 30f0d545ffe..4ae3c38bdf2 100644 --- a/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/restapi/filter/AthenzRoleFilter.java +++ b/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/restapi/filter/AthenzRoleFilter.java @@ -110,7 +110,7 @@ public class AthenzRoleFilter extends JsonSecurityRequestFilterBase { futures.add(executor.submit(() -> { if ( tenant.get().type() != Tenant.Type.athenz || hasDeployerAccess(identity, ((AthenzTenant) tenant.get()).domain(), application.get())) - roleMemberships.add(Role.tenantPipeline(tenant.get().name(), application.get())); + roleMemberships.add(Role.buildService(tenant.get().name(), application.get())); })); futures.add(executor.submit(() -> { diff --git a/controller-server/src/test/java/com/yahoo/vespa/hosted/controller/restapi/application/ApplicationApiTest.java b/controller-server/src/test/java/com/yahoo/vespa/hosted/controller/restapi/application/ApplicationApiTest.java index b488c0f9d0a..ac0d188fe37 100644 --- a/controller-server/src/test/java/com/yahoo/vespa/hosted/controller/restapi/application/ApplicationApiTest.java +++ b/controller-server/src/test/java/com/yahoo/vespa/hosted/controller/restapi/application/ApplicationApiTest.java @@ -576,9 +576,11 @@ public class ApplicationApiTest extends ControllerContainerTest { // POST a 'restart application' command tester.assertResponse(request("/application/v4/tenant/tenant1/application/application1/environment/prod/region/us-central-1/instance/instance1/restart", POST) - .screwdriverIdentity(SCREWDRIVER_ID), + .userIdentity(HOSTED_VESPA_OPERATOR), "{\"message\":\"Requested restart of tenant1.application1.instance1 in prod.us-central-1\"}"); + addUserToHostedOperatorRole(HostedAthenzIdentities.from(SCREWDRIVER_ID)); + // POST a 'restart application' in staging environment command tester.assertResponse(request("/application/v4/tenant/tenant1/application/application1/environment/staging/region/us-central-1/instance/instance1/restart", POST) .screwdriverIdentity(SCREWDRIVER_ID), @@ -929,10 +931,8 @@ public class ApplicationApiTest extends ControllerContainerTest { .oktaAccessToken(OKTA_AT).oktaIdentityToken(OKTA_IT), new File("instance-reference.json")); - // Grant deploy access - addScrewdriverUserToDeployRole(SCREWDRIVER_ID, - ATHENZ_TENANT_DOMAIN, - ApplicationName.from("application1")); + // Add build service to operator role + addUserToHostedOperatorRole(HostedAthenzIdentities.from(SCREWDRIVER_ID)); // POST (deploy) an application to a prod zone - allowed when project ID is not specified MultiPartStreamer entity = createApplicationDeployData(applicationPackageInstance1, true); diff --git a/controller-server/src/test/java/com/yahoo/vespa/hosted/controller/restapi/filter/AthenzRoleFilterTest.java b/controller-server/src/test/java/com/yahoo/vespa/hosted/controller/restapi/filter/AthenzRoleFilterTest.java index 4e06afea50d..c49f7a90194 100644 --- a/controller-server/src/test/java/com/yahoo/vespa/hosted/controller/restapi/filter/AthenzRoleFilterTest.java +++ b/controller-server/src/test/java/com/yahoo/vespa/hosted/controller/restapi/filter/AthenzRoleFilterTest.java @@ -95,14 +95,14 @@ public class AthenzRoleFilterTest { assertEquals(Set.of(Role.athenzTenantAdmin(TENANT)), filter.roles(TENANT_ADMIN, APPLICATION2_CONTEXT_PATH)); - // Build services are members of the tenantPipeline role within their application subtree. + // Build services are members of the buildService role within their application subtree. assertEquals(Set.of(Role.everyone()), filter.roles(TENANT_PIPELINE, NO_CONTEXT_PATH)); assertEquals(Set.of(Role.everyone()), filter.roles(TENANT_PIPELINE, TENANT_CONTEXT_PATH)); - assertEquals(Set.of(Role.tenantPipeline(TENANT, APPLICATION)), + assertEquals(Set.of(Role.buildService(TENANT, APPLICATION)), filter.roles(TENANT_PIPELINE, APPLICATION_CONTEXT_PATH)); assertEquals(Set.of(Role.everyone()), @@ -112,7 +112,7 @@ public class AthenzRoleFilterTest { assertEquals(Set.of(Role.athenzTenantAdmin(TENANT)), filter.roles(TENANT_ADMIN_AND_PIPELINE, TENANT_CONTEXT_PATH)); - assertEquals(Set.of(Role.athenzTenantAdmin(TENANT), Role.tenantPipeline(TENANT, APPLICATION)), + assertEquals(Set.of(Role.athenzTenantAdmin(TENANT), Role.buildService(TENANT, APPLICATION)), filter.roles(TENANT_ADMIN_AND_PIPELINE, APPLICATION_CONTEXT_PATH)); // Users have nothing special under their instance |