diff options
author | jonmv <venstad@gmail.com> | 2023-01-17 16:30:36 +0100 |
---|---|---|
committer | jonmv <venstad@gmail.com> | 2023-01-17 16:30:36 +0100 |
commit | f76a2f86a3dc8417eef6bdfa0a24f6ba24364e13 (patch) | |
tree | 66247e153fa2450426695551ae829dd9df5c59fe /controller-server | |
parent | 8d59490a9ac398b75719a8c4736e2c27729b2671 (diff) |
Validate disabled regions are not targets
Diffstat (limited to 'controller-server')
-rw-r--r-- | controller-server/src/main/java/com/yahoo/vespa/hosted/controller/ApplicationController.java | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/ApplicationController.java b/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/ApplicationController.java index db188ea3e7e..a092a133807 100644 --- a/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/ApplicationController.java +++ b/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/ApplicationController.java @@ -947,7 +947,7 @@ public class ApplicationController { // Either the user is member of the domain admin role, or is given the "launch" privilege on the service. Optional<AthenzUser> athenzUser = getUser(deployer); if (athenzUser.isPresent()) { - // We only need to validate the root and instance in deployment.xml. Not possible to add dev or perf tags to deployment.xml + // We only need to validate the root and instance in deployment.xml. Dev/perf entries are found at the instance level as well. var zone = zoneId.orElseThrow(() -> new IllegalArgumentException("Unable to evaluate access, no zone provided in deployment")); var serviceToLaunch = instanceName .flatMap(instance -> applicationPackage.deploymentSpec().instance(instance)) @@ -955,7 +955,7 @@ public class ApplicationController { .or(() -> applicationPackage.deploymentSpec().athenzService()) .map(service -> new AthenzService(identityDomain.get(), service.value())); - if(serviceToLaunch.isPresent()) { + if (serviceToLaunch.isPresent()) { if ( ! ((AthenzFacade) accessControl).canLaunch(athenzUser.get(), serviceToLaunch.get()) && // launch privilege ! ((AthenzFacade) accessControl).hasTenantAdminAccess(athenzUser.get(), identityDomain.get()) // tenant admin |