diff options
Diffstat (limited to 'controller-api/src/test/java/com/yahoo/vespa/hosted/controller/api/role')
2 files changed, 2 insertions, 136 deletions
diff --git a/controller-api/src/test/java/com/yahoo/vespa/hosted/controller/api/role/PathGroupTest.java b/controller-api/src/test/java/com/yahoo/vespa/hosted/controller/api/role/PathGroupTest.java index 4a8e9785c88..87e76b7ce09 100644 --- a/controller-api/src/test/java/com/yahoo/vespa/hosted/controller/api/role/PathGroupTest.java +++ b/controller-api/src/test/java/com/yahoo/vespa/hosted/controller/api/role/PathGroupTest.java @@ -1,4 +1,4 @@ -// Copyright Yahoo. Licensed under the terms of the Apache 2.0 license. See LICENSE in the project root. +// Copyright Vespa.ai. Licensed under the terms of the Apache 2.0 license. See LICENSE in the project root. package com.yahoo.vespa.hosted.controller.api.role; import org.junit.jupiter.api.Test; diff --git a/controller-api/src/test/java/com/yahoo/vespa/hosted/controller/api/role/RoleTest.java b/controller-api/src/test/java/com/yahoo/vespa/hosted/controller/api/role/RoleTest.java index a4ce45f44ea..c8020666906 100644 --- a/controller-api/src/test/java/com/yahoo/vespa/hosted/controller/api/role/RoleTest.java +++ b/controller-api/src/test/java/com/yahoo/vespa/hosted/controller/api/role/RoleTest.java @@ -1,4 +1,4 @@ -// Copyright Yahoo. Licensed under the terms of the Apache 2.0 license. See LICENSE in the project root. +// Copyright Vespa.ai. Licensed under the terms of the Apache 2.0 license. See LICENSE in the project root. package com.yahoo.vespa.hosted.controller.api.role; import com.yahoo.config.provision.ApplicationName; @@ -8,7 +8,6 @@ import org.junit.jupiter.api.Test; import java.net.URI; import java.util.List; -import java.util.stream.Stream; import static org.junit.jupiter.api.Assertions.assertFalse; import static org.junit.jupiter.api.Assertions.assertTrue; @@ -146,139 +145,6 @@ public class RoleTest { } } - @Test - void payment_instrument() { - URI paymentInstrumentUri = URI.create("/billing/v1/tenant/t1/instrument/foobar"); - URI tenantPaymentInstrumentUri = URI.create("/billing/v1/tenant/t1/instrument"); - URI tokenUri = URI.create("/billing/v1/tenant/t1/token"); - - Role user = Role.reader(TenantName.from("t1")); - assertTrue(publicCdEnforcer.allows(user, Action.read, paymentInstrumentUri)); - assertTrue(publicCdEnforcer.allows(user, Action.delete, paymentInstrumentUri)); - assertFalse(publicCdEnforcer.allows(user, Action.update, tenantPaymentInstrumentUri)); - assertFalse(publicCdEnforcer.allows(user, Action.read, tokenUri)); - - Role developer = Role.developer(TenantName.from("t1")); - assertTrue(publicCdEnforcer.allows(developer, Action.read, paymentInstrumentUri)); - assertTrue(publicCdEnforcer.allows(developer, Action.delete, paymentInstrumentUri)); - assertFalse(publicCdEnforcer.allows(developer, Action.update, tenantPaymentInstrumentUri)); - assertFalse(publicCdEnforcer.allows(developer, Action.read, tokenUri)); - - Role admin = Role.administrator(TenantName.from("t1")); - assertTrue(publicCdEnforcer.allows(admin, Action.read, paymentInstrumentUri)); - assertFalse(publicCdEnforcer.allows(admin, Action.delete, paymentInstrumentUri)); - assertFalse(publicCdEnforcer.allows(admin, Action.update, tenantPaymentInstrumentUri)); - assertFalse(publicCdEnforcer.allows(admin, Action.read, tokenUri)); - } - - @Test - void billing_tenant() { - URI billing = URI.create("/billing/v1/tenant/t1/billing"); - - Role user = Role.reader(TenantName.from("t1")); - Role developer = Role.developer(TenantName.from("t1")); - Role admin = Role.administrator(TenantName.from("t1")); - - Stream.of(user, developer, admin).forEach(role -> { - assertTrue(publicCdEnforcer.allows(role, Action.read, billing)); - assertFalse(publicCdEnforcer.allows(role, Action.update, billing)); - assertFalse(publicCdEnforcer.allows(role, Action.delete, billing)); - assertFalse(publicCdEnforcer.allows(role, Action.create, billing)); - }); - - } - - @Test - void billing_test() { - var tester = new EnforcerTester(publicEnforcer); - - var accountant = Role.hostedAccountant(); - var operator = Role.hostedOperator(); - var reader = Role.reader(TenantName.from("t1")); - var developer = Role.developer(TenantName.from("t1")); - var admin = Role.administrator(TenantName.from("t1")); - var otherAdmin = Role.administrator(TenantName.from("t2")); - - tester.on("/billing/v1/tenant/t1/token") - .assertAction(accountant) - .assertAction(operator) - .assertAction(reader) - .assertAction(developer) - .assertAction(otherAdmin); - - tester.on("/billing/v1/tenant/t1/instrument") - .assertAction(accountant) - .assertAction(operator, Action.read) - .assertAction(reader, Action.read, Action.delete) - .assertAction(developer, Action.read, Action.delete) - .assertAction(admin, Action.read) - .assertAction(otherAdmin); - - tester.on("/billing/v1/tenant/t1/instrument/i1") - .assertAction(accountant) - .assertAction(operator, Action.read) - .assertAction(reader, Action.read, Action.delete) - .assertAction(developer, Action.read, Action.delete) - .assertAction(admin, Action.read) - .assertAction(otherAdmin); - - tester.on("/billing/v1/tenant/t1/billing") - .assertAction(accountant) - .assertAction(operator, Action.read) - .assertAction(reader, Action.read) - .assertAction(developer, Action.read) - .assertAction(admin, Action.read) - .assertAction(otherAdmin); - - tester.on("/billing/v1/tenant/t1/plan") - .assertAction(accountant, Action.update) - .assertAction(operator, Action.read) - .assertAction(reader) - .assertAction(developer) - .assertAction(admin) - .assertAction(otherAdmin); - - tester.on("/billing/v1/tenant/t1/collection") - .assertAction(accountant, Action.update) - .assertAction(operator, Action.read) - .assertAction(reader) - .assertAction(developer) - .assertAction(admin) - .assertAction(otherAdmin); - - tester.on("/billing/v1/billing") - .assertAction(accountant, Action.create, Action.read, Action.update, Action.delete) - .assertAction(operator, Action.read) - .assertAction(reader) - .assertAction(developer) - .assertAction(admin) - .assertAction(otherAdmin); - - tester.on("/billing/v1/invoice/tenant/t1/line-item") - .assertAction(accountant, Action.create, Action.read, Action.update, Action.delete) - .assertAction(operator, Action.read) - .assertAction(reader) - .assertAction(developer) - .assertAction(admin) - .assertAction(otherAdmin); - - tester.on("/billing/v1/invoice") - .assertAction(accountant, Action.create, Action.read, Action.update, Action.delete) - .assertAction(operator, Action.read) - .assertAction(reader) - .assertAction(developer) - .assertAction(admin) - .assertAction(otherAdmin); - - tester.on("/billing/v1/invoice/i1/status") - .assertAction(accountant, Action.create, Action.read, Action.update, Action.delete) - .assertAction(operator, Action.read) - .assertAction(reader) - .assertAction(developer) - .assertAction(admin) - .assertAction(otherAdmin); - } - private static class EnforcerTester { private final Enforcer enforcer; private final URI resource; |