aboutsummaryrefslogtreecommitdiffstats
path: root/controller-api/src/test/java/com/yahoo/vespa/hosted/controller/api/role/RoleTest.java
diff options
context:
space:
mode:
Diffstat (limited to 'controller-api/src/test/java/com/yahoo/vespa/hosted/controller/api/role/RoleTest.java')
-rw-r--r--controller-api/src/test/java/com/yahoo/vespa/hosted/controller/api/role/RoleTest.java136
1 files changed, 1 insertions, 135 deletions
diff --git a/controller-api/src/test/java/com/yahoo/vespa/hosted/controller/api/role/RoleTest.java b/controller-api/src/test/java/com/yahoo/vespa/hosted/controller/api/role/RoleTest.java
index a4ce45f44ea..c8020666906 100644
--- a/controller-api/src/test/java/com/yahoo/vespa/hosted/controller/api/role/RoleTest.java
+++ b/controller-api/src/test/java/com/yahoo/vespa/hosted/controller/api/role/RoleTest.java
@@ -1,4 +1,4 @@
-// Copyright Yahoo. Licensed under the terms of the Apache 2.0 license. See LICENSE in the project root.
+// Copyright Vespa.ai. Licensed under the terms of the Apache 2.0 license. See LICENSE in the project root.
package com.yahoo.vespa.hosted.controller.api.role;
import com.yahoo.config.provision.ApplicationName;
@@ -8,7 +8,6 @@ import org.junit.jupiter.api.Test;
import java.net.URI;
import java.util.List;
-import java.util.stream.Stream;
import static org.junit.jupiter.api.Assertions.assertFalse;
import static org.junit.jupiter.api.Assertions.assertTrue;
@@ -146,139 +145,6 @@ public class RoleTest {
}
}
- @Test
- void payment_instrument() {
- URI paymentInstrumentUri = URI.create("/billing/v1/tenant/t1/instrument/foobar");
- URI tenantPaymentInstrumentUri = URI.create("/billing/v1/tenant/t1/instrument");
- URI tokenUri = URI.create("/billing/v1/tenant/t1/token");
-
- Role user = Role.reader(TenantName.from("t1"));
- assertTrue(publicCdEnforcer.allows(user, Action.read, paymentInstrumentUri));
- assertTrue(publicCdEnforcer.allows(user, Action.delete, paymentInstrumentUri));
- assertFalse(publicCdEnforcer.allows(user, Action.update, tenantPaymentInstrumentUri));
- assertFalse(publicCdEnforcer.allows(user, Action.read, tokenUri));
-
- Role developer = Role.developer(TenantName.from("t1"));
- assertTrue(publicCdEnforcer.allows(developer, Action.read, paymentInstrumentUri));
- assertTrue(publicCdEnforcer.allows(developer, Action.delete, paymentInstrumentUri));
- assertFalse(publicCdEnforcer.allows(developer, Action.update, tenantPaymentInstrumentUri));
- assertFalse(publicCdEnforcer.allows(developer, Action.read, tokenUri));
-
- Role admin = Role.administrator(TenantName.from("t1"));
- assertTrue(publicCdEnforcer.allows(admin, Action.read, paymentInstrumentUri));
- assertFalse(publicCdEnforcer.allows(admin, Action.delete, paymentInstrumentUri));
- assertFalse(publicCdEnforcer.allows(admin, Action.update, tenantPaymentInstrumentUri));
- assertFalse(publicCdEnforcer.allows(admin, Action.read, tokenUri));
- }
-
- @Test
- void billing_tenant() {
- URI billing = URI.create("/billing/v1/tenant/t1/billing");
-
- Role user = Role.reader(TenantName.from("t1"));
- Role developer = Role.developer(TenantName.from("t1"));
- Role admin = Role.administrator(TenantName.from("t1"));
-
- Stream.of(user, developer, admin).forEach(role -> {
- assertTrue(publicCdEnforcer.allows(role, Action.read, billing));
- assertFalse(publicCdEnforcer.allows(role, Action.update, billing));
- assertFalse(publicCdEnforcer.allows(role, Action.delete, billing));
- assertFalse(publicCdEnforcer.allows(role, Action.create, billing));
- });
-
- }
-
- @Test
- void billing_test() {
- var tester = new EnforcerTester(publicEnforcer);
-
- var accountant = Role.hostedAccountant();
- var operator = Role.hostedOperator();
- var reader = Role.reader(TenantName.from("t1"));
- var developer = Role.developer(TenantName.from("t1"));
- var admin = Role.administrator(TenantName.from("t1"));
- var otherAdmin = Role.administrator(TenantName.from("t2"));
-
- tester.on("/billing/v1/tenant/t1/token")
- .assertAction(accountant)
- .assertAction(operator)
- .assertAction(reader)
- .assertAction(developer)
- .assertAction(otherAdmin);
-
- tester.on("/billing/v1/tenant/t1/instrument")
- .assertAction(accountant)
- .assertAction(operator, Action.read)
- .assertAction(reader, Action.read, Action.delete)
- .assertAction(developer, Action.read, Action.delete)
- .assertAction(admin, Action.read)
- .assertAction(otherAdmin);
-
- tester.on("/billing/v1/tenant/t1/instrument/i1")
- .assertAction(accountant)
- .assertAction(operator, Action.read)
- .assertAction(reader, Action.read, Action.delete)
- .assertAction(developer, Action.read, Action.delete)
- .assertAction(admin, Action.read)
- .assertAction(otherAdmin);
-
- tester.on("/billing/v1/tenant/t1/billing")
- .assertAction(accountant)
- .assertAction(operator, Action.read)
- .assertAction(reader, Action.read)
- .assertAction(developer, Action.read)
- .assertAction(admin, Action.read)
- .assertAction(otherAdmin);
-
- tester.on("/billing/v1/tenant/t1/plan")
- .assertAction(accountant, Action.update)
- .assertAction(operator, Action.read)
- .assertAction(reader)
- .assertAction(developer)
- .assertAction(admin)
- .assertAction(otherAdmin);
-
- tester.on("/billing/v1/tenant/t1/collection")
- .assertAction(accountant, Action.update)
- .assertAction(operator, Action.read)
- .assertAction(reader)
- .assertAction(developer)
- .assertAction(admin)
- .assertAction(otherAdmin);
-
- tester.on("/billing/v1/billing")
- .assertAction(accountant, Action.create, Action.read, Action.update, Action.delete)
- .assertAction(operator, Action.read)
- .assertAction(reader)
- .assertAction(developer)
- .assertAction(admin)
- .assertAction(otherAdmin);
-
- tester.on("/billing/v1/invoice/tenant/t1/line-item")
- .assertAction(accountant, Action.create, Action.read, Action.update, Action.delete)
- .assertAction(operator, Action.read)
- .assertAction(reader)
- .assertAction(developer)
- .assertAction(admin)
- .assertAction(otherAdmin);
-
- tester.on("/billing/v1/invoice")
- .assertAction(accountant, Action.create, Action.read, Action.update, Action.delete)
- .assertAction(operator, Action.read)
- .assertAction(reader)
- .assertAction(developer)
- .assertAction(admin)
- .assertAction(otherAdmin);
-
- tester.on("/billing/v1/invoice/i1/status")
- .assertAction(accountant, Action.create, Action.read, Action.update, Action.delete)
- .assertAction(operator, Action.read)
- .assertAction(reader)
- .assertAction(developer)
- .assertAction(admin)
- .assertAction(otherAdmin);
- }
-
private static class EnforcerTester {
private final Enforcer enforcer;
private final URI resource;