diff options
Diffstat (limited to 'controller-api/src/main/java/com/yahoo/vespa')
2 files changed, 22 insertions, 2 deletions
diff --git a/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/user/UserSessionManager.java b/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/user/UserSessionManager.java new file mode 100644 index 00000000000..eae62c66b35 --- /dev/null +++ b/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/user/UserSessionManager.java @@ -0,0 +1,13 @@ +// Copyright Yahoo. Licensed under the terms of the Apache 2.0 license. See LICENSE in the project root. +package com.yahoo.vespa.hosted.controller.api.integration.user; + +import com.yahoo.vespa.hosted.controller.api.role.SecurityContext; + +/** + * @author freva + */ +public interface UserSessionManager { + + /** Returns whether the existing session for the given SecurityContext should be expired */ + boolean shouldExpireSessionFor(SecurityContext context); +} diff --git a/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/tenant/CloudTenant.java b/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/tenant/CloudTenant.java index 54924b9c456..44f9c0ea3b8 100644 --- a/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/tenant/CloudTenant.java +++ b/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/tenant/CloudTenant.java @@ -25,17 +25,19 @@ public class CloudTenant extends Tenant { private final TenantInfo info; private final List<TenantSecretStore> tenantSecretStores; private final ArchiveAccess archiveAccess; + private final Optional<Instant> invalidateUserSessionsBefore; /** Public for the serialization layer — do not use! */ public CloudTenant(TenantName name, Instant createdAt, LastLoginInfo lastLoginInfo, Optional<Principal> creator, BiMap<PublicKey, Principal> developerKeys, TenantInfo info, - List<TenantSecretStore> tenantSecretStores, ArchiveAccess archiveAccess) { + List<TenantSecretStore> tenantSecretStores, ArchiveAccess archiveAccess, Optional<Instant> invalidateUserSessionsBefore) { super(name, createdAt, lastLoginInfo, Optional.empty()); this.creator = creator; this.developerKeys = developerKeys; this.info = Objects.requireNonNull(info); this.tenantSecretStores = tenantSecretStores; this.archiveAccess = Objects.requireNonNull(archiveAccess); + this.invalidateUserSessionsBefore = invalidateUserSessionsBefore; } /** Creates a tenant with the given name, provided it passes validation. */ @@ -44,7 +46,7 @@ public class CloudTenant extends Tenant { createdAt, LastLoginInfo.EMPTY, Optional.ofNullable(creator), - ImmutableBiMap.of(), TenantInfo.empty(), List.of(), new ArchiveAccess()); + ImmutableBiMap.of(), TenantInfo.empty(), List.of(), new ArchiveAccess(), Optional.empty()); } /** The user that created the tenant */ @@ -75,6 +77,11 @@ public class CloudTenant extends Tenant { return archiveAccess; } + /** Returns instant before which all user sessions that have access to this tenant must be refreshed */ + public Optional<Instant> invalidateUserSessionsBefore() { + return invalidateUserSessionsBefore; + } + @Override public Type type() { return Type.cloud; |