diff options
4 files changed, 10 insertions, 3 deletions
diff --git a/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/stubs/MockUserManagement.java b/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/stubs/MockUserManagement.java index 295f8e8fd98..dfdd273b6f5 100644 --- a/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/stubs/MockUserManagement.java +++ b/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/stubs/MockUserManagement.java @@ -75,4 +75,8 @@ public class MockUserManagement implements UserManagement { return List.copyOf(get(role)); } + @Override + public List<Role> listRoles(UserId userId) { + return List.of(); + } } diff --git a/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/user/UserManagement.java b/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/user/UserManagement.java index 8a549b505c7..bfb617a75b6 100644 --- a/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/user/UserManagement.java +++ b/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/user/UserManagement.java @@ -34,4 +34,6 @@ public interface UserManagement { /** Returns all users in the given role, or throws if the role does not exist. */ List<User> listUsers(Role role); + /** Returns all roles of which the given user is part, or throws if the user does not exist */ + List<Role> listRoles(UserId user); } diff --git a/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/security/Auth0Credentials.java b/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/security/Auth0Credentials.java index 787f0f27d40..a908b341039 100644 --- a/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/security/Auth0Credentials.java +++ b/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/security/Auth0Credentials.java @@ -23,7 +23,7 @@ public class Auth0Credentials extends Credentials { } /** The set of roles set in the auth0 cookie, extracted by CloudAccessControlRequests. */ - public Set<Role> getRoles() { + public Set<Role> getRolesFromCookie() { return roles; } diff --git a/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/security/CloudAccessControl.java b/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/security/CloudAccessControl.java index af55da630c7..dc3dbabcc07 100644 --- a/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/security/CloudAccessControl.java +++ b/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/security/CloudAccessControl.java @@ -73,7 +73,7 @@ public class CloudAccessControl implements AccessControl { } private boolean allowedByPrivilegedRole(Auth0Credentials auth0Credentials) { - return auth0Credentials.getRoles().stream() + return auth0Credentials.getRolesFromCookie().stream() .map(Role::definition) .anyMatch(rd -> rd == hostedOperator || rd == hostedSupporter); } @@ -83,7 +83,8 @@ public class CloudAccessControl implements AccessControl { } private long administeredTenants(Auth0Credentials auth0Credentials) { - return auth0Credentials.getRoles().stream() + // We have to verify the roles with auth0 to ensure the user is not using an "old" cookie to make too many tenants. + return userManagement.listRoles(new UserId(auth0Credentials.user().getName())).stream() .map(Role::definition) .filter(rd -> rd == administrator) .count(); |