aboutsummaryrefslogtreecommitdiffstats
path: root/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/restapi/user/UserApiHandler.java
diff options
context:
space:
mode:
Diffstat (limited to 'controller-server/src/main/java/com/yahoo/vespa/hosted/controller/restapi/user/UserApiHandler.java')
-rw-r--r--controller-server/src/main/java/com/yahoo/vespa/hosted/controller/restapi/user/UserApiHandler.java60
1 files changed, 5 insertions, 55 deletions
diff --git a/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/restapi/user/UserApiHandler.java b/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/restapi/user/UserApiHandler.java
index e10defb4416..a407e5aa211 100644
--- a/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/restapi/user/UserApiHandler.java
+++ b/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/restapi/user/UserApiHandler.java
@@ -111,7 +111,6 @@ public class UserApiHandler extends ThreadedHttpRequestHandler {
private HttpResponse handlePOST(Path path, HttpRequest request) {
if (path.matches("/user/v1/tenant/{tenant}")) return addTenantRoleMember(path.get("tenant"), request);
- if (path.matches("/user/v1/tenant/{tenant}/application/{application}")) return addApplicationRoleMember(path.get("tenant"), path.get("application"), request);
return ErrorResponse.notFoundError(Text.format("No '%s' handler at '%s'", request.getMethod(),
request.getUri().getPath()));
@@ -119,7 +118,6 @@ public class UserApiHandler extends ThreadedHttpRequestHandler {
private HttpResponse handleDELETE(Path path, HttpRequest request) {
if (path.matches("/user/v1/tenant/{tenant}")) return removeTenantRoleMember(path.get("tenant"), request);
- if (path.matches("/user/v1/tenant/{tenant}/application/{application}")) return removeApplicationRoleMember(path.get("tenant"), path.get("application"), request);
return ErrorResponse.notFoundError(Text.format("No '%s' handler at '%s'", request.getMethod(),
request.getUri().getPath()));
@@ -255,21 +253,6 @@ public class UserApiHandler extends ThreadedHttpRequestHandler {
private HttpResponse addTenantRoleMember(String tenantName, HttpRequest request) {
Inspector requestObject = bodyInspector(request);
- if (requestObject.field("roles").valid()) {
- return addMultipleTenantRoleMembers(tenantName, requestObject);
- }
- return addTenantRoleMember(tenantName, requestObject);
- }
-
- private HttpResponse addTenantRoleMember(String tenantName, Inspector requestObject) {
- String roleName = require("roleName", Inspector::asString, requestObject);
- UserId user = new UserId(require("user", Inspector::asString, requestObject));
- Role role = Roles.toRole(TenantName.from(tenantName), roleName);
- users.addUsers(role, List.of(user));
- return new MessageResponse(user + " is now a member of " + role);
- }
-
- private HttpResponse addMultipleTenantRoleMembers(String tenantName, Inspector requestObject) {
var tenant = TenantName.from(tenantName);
var user = new UserId(require("user", Inspector::asString, requestObject));
var roles = SlimeStream.fromArray(requestObject.field("roles"), Inspector::asString)
@@ -280,37 +263,8 @@ public class UserApiHandler extends ThreadedHttpRequestHandler {
return new MessageResponse(user + " is now a member of " + roles.stream().map(Role::toString).collect(Collectors.joining(", ")));
}
- private HttpResponse addApplicationRoleMember(String tenantName, String applicationName, HttpRequest request) {
- Inspector requestObject = bodyInspector(request);
- String roleName = require("roleName", Inspector::asString, requestObject);
- UserId user = new UserId(require("user", Inspector::asString, requestObject));
- Role role = Roles.toRole(TenantName.from(tenantName), ApplicationName.from(applicationName), roleName);
- users.addUsers(role, List.of(user));
- return new MessageResponse(user + " is now a member of " + role);
- }
-
private HttpResponse removeTenantRoleMember(String tenantName, HttpRequest request) {
Inspector requestObject = bodyInspector(request);
- if (requestObject.field("roles").valid()) {
- return removeMultipleTenantRoleMembers(tenantName, requestObject);
- }
- return removeTenantRoleMember(tenantName, requestObject);
- }
-
- private HttpResponse removeTenantRoleMember(String tenantName, Inspector requestObject) {
- TenantName tenant = TenantName.from(tenantName);
- String roleName = require("roleName", Inspector::asString, requestObject);
- UserId user = new UserId(require("user", Inspector::asString, requestObject));
- List<Role> roles = Collections.singletonList(Roles.toRole(tenant, roleName));
-
- enforceLastAdminOfTenant(tenant, user, roles);
- removeDeveloperKey(tenant, user, roles);
- users.removeFromRoles(user, roles);
-
- return new MessageResponse(user + " is no longer a member of " + roles.stream().map(Role::toString).collect(Collectors.joining(", ")));
- }
-
- private HttpResponse removeMultipleTenantRoleMembers(String tenantName, Inspector requestObject) {
var tenant = TenantName.from(tenantName);
var user = new UserId(require("user", Inspector::asString, requestObject));
var roles = SlimeStream.fromArray(requestObject.field("roles"), Inspector::asString)
@@ -321,6 +275,11 @@ public class UserApiHandler extends ThreadedHttpRequestHandler {
removeDeveloperKey(tenant, user, roles);
users.removeFromRoles(user, roles);
+ controller.tenants().lockIfPresent(tenant, LockedTenant.class, lockedTenant -> {
+ if (lockedTenant instanceof LockedTenant.Cloud cloudTenant)
+ controller.tenants().store(cloudTenant.withInvalidateUserSessionsBefore(controller.clock().instant()));
+ });
+
return new MessageResponse(user + " is no longer a member of " + roles.stream().map(Role::toString).collect(Collectors.joining(", ")));
}
@@ -348,15 +307,6 @@ public class UserApiHandler extends ThreadedHttpRequestHandler {
}
}
- private HttpResponse removeApplicationRoleMember(String tenantName, String applicationName, HttpRequest request) {
- Inspector requestObject = bodyInspector(request);
- String roleName = require("roleName", Inspector::asString, requestObject);
- UserId user = new UserId(require("user", Inspector::asString, requestObject));
- Role role = Roles.toRole(TenantName.from(tenantName), ApplicationName.from(applicationName), roleName);
- users.removeUsers(role, List.of(user));
- return new MessageResponse(user + " is no longer a member of " + role);
- }
-
private boolean hasTrialCapacity() {
if (! controller.system().isPublic()) return true;
var existing = controller.tenants().asList().stream().map(Tenant::name).collect(Collectors.toList());