Use ApplicationName instead of ApplicationId

author: Bjørn Christian Seime <bjorncs@oath.com> 2018-02-06 18:15:55 +0100
committer: Bjørn Christian Seime <bjorncs@oath.com> 2018-02-07 11:44:56 +0100
commit: 7be250b7109634cc289402c10c5f4cd10c40ce69 (patch)
tree: f8a0aa466e5a3e04e4a6fbeda3cb73c64979faac /controller-server
parent: a3d37d934b5dba841d04d283ff66cb57f4eb33fe (diff)
2 files changed, 7 insertions, 7 deletions
diff --git a/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/restapi/application/ApplicationApiHandler.java b/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/restapi/application/ApplicationApiHandler.java
index 0d03bb27e4d..3e303dfd0cd 100644
--- a/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/restapi/application/ApplicationApiHandler.java
+++ b/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/restapi/application/ApplicationApiHandler.java
@@ -780,7 +780,7 @@ public class ApplicationApiHandler extends LoggingRequestHandler {
         ApplicationInstanceAuthorizer applicationInstanceAuthorizer = new ApplicationInstanceAuthorizer(controller.zoneRegistry(), athenzClientFactory);
         Tenant tenant = controller.tenants().tenant(new TenantId(tenantName)).orElseThrow(() -> new NotExistsException(new TenantId(tenantName)));
         AthenzPrincipal principal = authorizer.getPrincipal(request);
-        applicationInstanceAuthorizer.throwIfUnauthorizedForDeploy(principal, Environment.from(environment), tenant, applicationId, applicationPackage);
+        applicationInstanceAuthorizer.throwIfUnauthorizedForDeploy(principal, Environment.from(environment), tenant, ApplicationName.from(applicationName), applicationPackage);
 
         // TODO: get rid of the json object
         DeployOptions deployOptionsJsonClass = new DeployOptions(screwdriverBuildJobFromSlime(deployOptions.field("screwdriverBuildJob")),
diff --git a/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/restapi/application/ApplicationInstanceAuthorizer.java b/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/restapi/application/ApplicationInstanceAuthorizer.java
index e9a6afd0da8..1b40dacd858 100644
--- a/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/restapi/application/ApplicationInstanceAuthorizer.java
+++ b/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/restapi/application/ApplicationInstanceAuthorizer.java
@@ -2,7 +2,7 @@
 package com.yahoo.vespa.hosted.controller.restapi.application;
 
 import com.yahoo.config.application.api.DeploymentSpec;
-import com.yahoo.config.provision.ApplicationId;
+import com.yahoo.config.provision.ApplicationName;
 import com.yahoo.config.provision.Environment;
 import com.yahoo.vespa.athenz.api.AthenzDomain;
 import com.yahoo.vespa.athenz.api.AthenzPrincipal;
@@ -44,7 +44,7 @@ public class ApplicationInstanceAuthorizer {
     public void throwIfUnauthorizedForDeploy(AthenzPrincipal principal,
                                              Environment environment,
                                              Tenant tenant,
-                                             ApplicationId applicationId,
+                                             ApplicationName application,
                                              Optional<ApplicationPackage> applicationPackage) {
         // Validate that domain in identity configuration (deployment.xml) is same as tenant domain
         applicationPackage.map(ApplicationPackage::deploymentSpec).flatMap(DeploymentSpec::athenzDomain)
@@ -79,12 +79,12 @@ public class ApplicationInstanceAuthorizer {
         // NOTE: no fine-grained deploy authorization for non-Athenz tenants
         if (tenant.isAthensTenant()) {
             AthenzDomain tenantDomain = tenant.getAthensDomain().get();
-            if (!hasDeployAccessToAthenzApplication(principal, tenantDomain, applicationId)) {
+            if (!hasDeployAccessToAthenzApplication(principal, tenantDomain, application)) {
                 throw loggedForbiddenException(
                         "Screwdriver principal '%1$s' does not have deploy access to '%2$s'. " +
                         "Either the application has not been created at " + zoneRegistry.getDashboardUri() + " or " +
                         "'%1$s' is not added to the application's deployer role in Athenz domain '%3$s'.",
-                        principal.getIdentity().getFullName(), applicationId, tenantDomain.getName());
+                        principal.getIdentity().getFullName(), application.value(), tenantDomain.getName());
             }
         }
     }
@@ -101,14 +101,14 @@ public class ApplicationInstanceAuthorizer {
         return new NotAuthorizedException(formattedMessage);
     }
 
-    private boolean hasDeployAccessToAthenzApplication(AthenzPrincipal principal, AthenzDomain domain, ApplicationId applicationId) {
+    private boolean hasDeployAccessToAthenzApplication(AthenzPrincipal principal, AthenzDomain domain, ApplicationName application) {
         try {
             return athenzClientFactory.createZmsClientWithServicePrincipal()
                     .hasApplicationAccess(
                             principal.getIdentity(),
                             ApplicationAction.deploy,
                             domain,
-                            new com.yahoo.vespa.hosted.controller.api.identifiers.ApplicationId(applicationId.application().value()));
+                            new com.yahoo.vespa.hosted.controller.api.identifiers.ApplicationId(application.value()));
         } catch (ZmsException e) {
             throw loggedForbiddenException(
                     "Failed to authorize deployment through Athenz. If this problem persists, " +
author	Bjørn Christian Seime <bjorncs@oath.com>	2018-02-06 18:15:55 +0100
committer	Bjørn Christian Seime <bjorncs@oath.com>	2018-02-07 11:44:56 +0100
commit	7be250b7109634cc289402c10c5f4cd10c40ce69 (patch)
tree	f8a0aa466e5a3e04e4a6fbeda3cb73c64979faac /controller-server
parent	a3d37d934b5dba841d04d283ff66cb57f4eb33fe (diff)