diff options
author | Bjørn Christian Seime <bjorncs@oath.com> | 2018-02-06 18:15:55 +0100 |
---|---|---|
committer | Bjørn Christian Seime <bjorncs@oath.com> | 2018-02-07 11:44:56 +0100 |
commit | 7be250b7109634cc289402c10c5f4cd10c40ce69 (patch) | |
tree | f8a0aa466e5a3e04e4a6fbeda3cb73c64979faac /controller-server | |
parent | a3d37d934b5dba841d04d283ff66cb57f4eb33fe (diff) |
Use ApplicationName instead of ApplicationId
Diffstat (limited to 'controller-server')
2 files changed, 7 insertions, 7 deletions
diff --git a/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/restapi/application/ApplicationApiHandler.java b/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/restapi/application/ApplicationApiHandler.java index 0d03bb27e4d..3e303dfd0cd 100644 --- a/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/restapi/application/ApplicationApiHandler.java +++ b/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/restapi/application/ApplicationApiHandler.java @@ -780,7 +780,7 @@ public class ApplicationApiHandler extends LoggingRequestHandler { ApplicationInstanceAuthorizer applicationInstanceAuthorizer = new ApplicationInstanceAuthorizer(controller.zoneRegistry(), athenzClientFactory); Tenant tenant = controller.tenants().tenant(new TenantId(tenantName)).orElseThrow(() -> new NotExistsException(new TenantId(tenantName))); AthenzPrincipal principal = authorizer.getPrincipal(request); - applicationInstanceAuthorizer.throwIfUnauthorizedForDeploy(principal, Environment.from(environment), tenant, applicationId, applicationPackage); + applicationInstanceAuthorizer.throwIfUnauthorizedForDeploy(principal, Environment.from(environment), tenant, ApplicationName.from(applicationName), applicationPackage); // TODO: get rid of the json object DeployOptions deployOptionsJsonClass = new DeployOptions(screwdriverBuildJobFromSlime(deployOptions.field("screwdriverBuildJob")), diff --git a/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/restapi/application/ApplicationInstanceAuthorizer.java b/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/restapi/application/ApplicationInstanceAuthorizer.java index e9a6afd0da8..1b40dacd858 100644 --- a/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/restapi/application/ApplicationInstanceAuthorizer.java +++ b/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/restapi/application/ApplicationInstanceAuthorizer.java @@ -2,7 +2,7 @@ package com.yahoo.vespa.hosted.controller.restapi.application; import com.yahoo.config.application.api.DeploymentSpec; -import com.yahoo.config.provision.ApplicationId; +import com.yahoo.config.provision.ApplicationName; import com.yahoo.config.provision.Environment; import com.yahoo.vespa.athenz.api.AthenzDomain; import com.yahoo.vespa.athenz.api.AthenzPrincipal; @@ -44,7 +44,7 @@ public class ApplicationInstanceAuthorizer { public void throwIfUnauthorizedForDeploy(AthenzPrincipal principal, Environment environment, Tenant tenant, - ApplicationId applicationId, + ApplicationName application, Optional<ApplicationPackage> applicationPackage) { // Validate that domain in identity configuration (deployment.xml) is same as tenant domain applicationPackage.map(ApplicationPackage::deploymentSpec).flatMap(DeploymentSpec::athenzDomain) @@ -79,12 +79,12 @@ public class ApplicationInstanceAuthorizer { // NOTE: no fine-grained deploy authorization for non-Athenz tenants if (tenant.isAthensTenant()) { AthenzDomain tenantDomain = tenant.getAthensDomain().get(); - if (!hasDeployAccessToAthenzApplication(principal, tenantDomain, applicationId)) { + if (!hasDeployAccessToAthenzApplication(principal, tenantDomain, application)) { throw loggedForbiddenException( "Screwdriver principal '%1$s' does not have deploy access to '%2$s'. " + "Either the application has not been created at " + zoneRegistry.getDashboardUri() + " or " + "'%1$s' is not added to the application's deployer role in Athenz domain '%3$s'.", - principal.getIdentity().getFullName(), applicationId, tenantDomain.getName()); + principal.getIdentity().getFullName(), application.value(), tenantDomain.getName()); } } } @@ -101,14 +101,14 @@ public class ApplicationInstanceAuthorizer { return new NotAuthorizedException(formattedMessage); } - private boolean hasDeployAccessToAthenzApplication(AthenzPrincipal principal, AthenzDomain domain, ApplicationId applicationId) { + private boolean hasDeployAccessToAthenzApplication(AthenzPrincipal principal, AthenzDomain domain, ApplicationName application) { try { return athenzClientFactory.createZmsClientWithServicePrincipal() .hasApplicationAccess( principal.getIdentity(), ApplicationAction.deploy, domain, - new com.yahoo.vespa.hosted.controller.api.identifiers.ApplicationId(applicationId.application().value())); + new com.yahoo.vespa.hosted.controller.api.identifiers.ApplicationId(application.value())); } catch (ZmsException e) { throw loggedForbiddenException( "Failed to authorize deployment through Athenz. If this problem persists, " + |