diff options
Diffstat (limited to 'controller-api/src')
3 files changed, 8 insertions, 14 deletions
diff --git a/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/role/Context.java b/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/role/Context.java index 3ba0367a00c..14d8d06d0c6 100644 --- a/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/role/Context.java +++ b/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/role/Context.java @@ -9,7 +9,7 @@ import java.util.Objects; import java.util.Optional; /** - * The context in which a role is valid. + * The context in which a role is valid. This is immutable. * * @author mpolden */ @@ -40,11 +40,6 @@ public class Context { return system; } - /** Returns whether this context is considered limited */ - public boolean limited() { - return tenant.isPresent() || application.isPresent(); - } - /** Returns a context that has no restrictions on tenant or application in given system */ public static Context unlimitedIn(SystemName system) { return new Context(Optional.empty(), Optional.empty(), system); diff --git a/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/role/Role.java b/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/role/Role.java index ff535e92033..c28fa7a3fc3 100644 --- a/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/role/Role.java +++ b/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/role/Role.java @@ -4,8 +4,6 @@ package com.yahoo.vespa.hosted.controller.api.role; import java.net.URI; import java.util.Objects; -import static java.util.Objects.requireNonNull; - /** * A role is a combination of a {@link RoleDefinition} and a {@link Context}, which allows evaluation * of access control for a given action on a resource. Create using {@link Roles}. @@ -18,15 +16,15 @@ public abstract class Role { final Context context; Role(RoleDefinition roleDefinition, Context context) { - this.roleDefinition = requireNonNull(roleDefinition); - this.context = requireNonNull(context); + this.roleDefinition = Objects.requireNonNull(roleDefinition); + this.context = Objects.requireNonNull(context); } /** Returns the role definition of this bound role. */ public RoleDefinition definition() { return roleDefinition; } /** Returns whether this role is allowed to perform the given action on the given resource. */ - public boolean allows(Action action, URI uri) { + public final boolean allows(Action action, URI uri) { return roleDefinition.policies().stream().anyMatch(policy -> policy.evaluate(action, uri, context)); } diff --git a/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/role/SecurityContext.java b/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/role/SecurityContext.java index 41444258a68..3378f9e0061 100644 --- a/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/role/SecurityContext.java +++ b/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/role/SecurityContext.java @@ -5,8 +5,9 @@ import java.security.Principal; import java.util.Objects; import java.util.Set; -import static java.util.Objects.requireNonNull; - +/** + * @author tokle + */ public class SecurityContext { public static final String ATTRIBUTE_NAME = SecurityContext.class.getName(); @@ -15,7 +16,7 @@ public class SecurityContext { private final Set<Role> roles; public SecurityContext(Principal principal, Set<Role> roles) { - this.principal = requireNonNull(principal); + this.principal = Objects.requireNonNull(principal); this.roles = Set.copyOf(roles); } |