summaryrefslogtreecommitdiffstats
path: root/controller-server/src/test
diff options
context:
space:
mode:
Diffstat (limited to 'controller-server/src/test')
-rw-r--r--controller-server/src/test/java/com/yahoo/vespa/hosted/controller/restapi/user/UserApiTest.java88
-rw-r--r--controller-server/src/test/java/com/yahoo/vespa/hosted/controller/restapi/user/responses/application-roles.json65
-rw-r--r--controller-server/src/test/java/com/yahoo/vespa/hosted/controller/restapi/user/responses/both-developer-keys.json2
-rw-r--r--controller-server/src/test/java/com/yahoo/vespa/hosted/controller/restapi/user/responses/second-developer-key.json2
-rw-r--r--controller-server/src/test/java/com/yahoo/vespa/hosted/controller/restapi/user/responses/tenant-roles.json40
-rw-r--r--controller-server/src/test/java/com/yahoo/vespa/hosted/controller/restapi/user/responses/tenant-with-keys.json2
6 files changed, 69 insertions, 130 deletions
diff --git a/controller-server/src/test/java/com/yahoo/vespa/hosted/controller/restapi/user/UserApiTest.java b/controller-server/src/test/java/com/yahoo/vespa/hosted/controller/restapi/user/UserApiTest.java
index b1f5f33b960..d98558d53dc 100644
--- a/controller-server/src/test/java/com/yahoo/vespa/hosted/controller/restapi/user/UserApiTest.java
+++ b/controller-server/src/test/java/com/yahoo/vespa/hosted/controller/restapi/user/UserApiTest.java
@@ -64,7 +64,7 @@ public class UserApiTest extends ControllerContainerCloudTest {
// POST a tenant is available to operators.
tester.assertResponse(request("/application/v4/tenant/my-tenant", POST)
.roles(operator)
- .user("owner@tenant")
+ .user("administrator@tenant")
.data("{\"token\":\"hello\"}"),
new File("tenant-without-applications.json"));
@@ -79,128 +79,116 @@ public class UserApiTest extends ControllerContainerCloudTest {
// POST a hosted operator role is not allowed.
tester.assertResponse(request("/user/v1/tenant/my-tenant", POST)
- .roles(Set.of(Role.tenantOwner(id.tenant())))
+ .roles(Set.of(Role.administrator(id.tenant())))
.data("{\"user\":\"evil@evil\",\"roleName\":\"hostedOperator\"}"),
"{\"error-code\":\"BAD_REQUEST\",\"message\":\"Malformed or illegal role name 'hostedOperator'.\"}", 400);
- // POST a tenant operator is available to the tenant owner.
+ // POST a tenant developer is available to the tenant owner.
tester.assertResponse(request("/user/v1/tenant/my-tenant", POST)
- .roles(Set.of(Role.tenantOwner(id.tenant())))
- .data("{\"user\":\"operator@tenant\",\"roleName\":\"tenantOperator\"}"),
- "{\"message\":\"user 'operator@tenant' is now a member of role 'tenantOperator' of 'my-tenant'\"}");
+ .roles(Set.of(Role.administrator(id.tenant())))
+ .data("{\"user\":\"developer@tenant\",\"roleName\":\"developer\"}"),
+ "{\"message\":\"user 'developer@tenant' is now a member of role 'developer' of 'my-tenant'\"}");
- // POST a tenant admin is not available to a tenant operator.
+ // POST a tenant admin is not available to a tenant developer.
tester.assertResponse(request("/user/v1/tenant/my-tenant", POST)
- .roles(Set.of(Role.tenantOperator(id.tenant())))
- .data("{\"user\":\"admin@tenant\",\"roleName\":\"tenantAdmin\"}"),
+ .roles(Set.of(Role.developer(id.tenant())))
+ .data("{\"user\":\"developer@tenant\",\"roleName\":\"administrator\"}"),
accessDenied, 403);
- // POST an application admin for a non-existent application fails.
+ // POST a headless for a non-existent application fails.
tester.assertResponse(request("/user/v1/tenant/my-tenant/application/my-app", POST)
- .roles(Set.of(Role.tenantOwner(TenantName.from("my-tenant"))))
- .data("{\"user\":\"admin@app\",\"roleName\":\"applicationAdmin\"}"),
+ .roles(Set.of(Role.administrator(TenantName.from("my-tenant"))))
+ .data("{\"user\":\"headless@app\",\"roleName\":\"headless\"}"),
"{\"error-code\":\"INTERNAL_SERVER_ERROR\",\"message\":\"NullPointerException\"}", 500);
- // POST an application is allowed for a tenant operator.
+ // POST an application is allowed for a tenant developer.
tester.assertResponse(request("/application/v4/tenant/my-tenant/application/my-app", POST)
- .user("operator@tenant")
- .roles(Set.of(Role.tenantOperator(id.tenant()))),
+ .user("developer@tenant")
+ .roles(Set.of(Role.developer(id.tenant()))),
new File("application-created.json"));
// POST an application is not allowed under a different tenant.
tester.assertResponse(request("/application/v4/tenant/other-tenant/application/my-app", POST)
- .roles(Set.of(Role.tenantOperator(id.tenant()))),
+ .roles(Set.of(Role.administrator(id.tenant()))),
accessDenied, 403);
- // POST an application role is allowed for a tenant admin.
- tester.assertResponse(request("/user/v1/tenant/my-tenant/application/my-app", POST)
- .roles(Set.of(Role.tenantAdmin(id.tenant())))
- .data("{\"user\":\"reader@app\",\"roleName\":\"applicationReader\"}"),
- "{\"message\":\"user 'reader@app' is now a member of role 'applicationReader' of 'my-app' owned by 'my-tenant'\"}");
-
// POST a tenant role is not allowed to an application.
tester.assertResponse(request("/user/v1/tenant/my-tenant/application/my-app", POST)
.roles(Set.of(Role.hostedOperator()))
- .data("{\"user\":\"reader@app\",\"roleName\":\"tenantOperator\"}"),
- "{\"error-code\":\"BAD_REQUEST\",\"message\":\"Malformed or illegal role name 'tenantOperator'.\"}", 400);
+ .data("{\"user\":\"developer@app\",\"roleName\":\"developer\"}"),
+ "{\"error-code\":\"BAD_REQUEST\",\"message\":\"Malformed or illegal role name 'developer'.\"}", 400);
- // GET tenant role information is available to application readers.
+ // GET tenant role information is available to readers.
tester.assertResponse(request("/user/v1/tenant/my-tenant")
- .roles(Set.of(Role.applicationReader(id.tenant(), id.application()))),
+ .roles(Set.of(Role.reader(id.tenant()))),
new File("tenant-roles.json"));
- // GET application role information is available to tenant operators.
+ // GET application role information is available to tenant administrators.
tester.assertResponse(request("/user/v1/tenant/my-tenant/application/my-app")
- .roles(Set.of(Role.tenantOperator(id.tenant()))),
+ .roles(Set.of(Role.administrator(id.tenant()))),
new File("application-roles.json"));
// GET application role information is available also under the /api prefix.
tester.assertResponse(request("/api/user/v1/tenant/my-tenant/application/my-app")
- .roles(Set.of(Role.tenantOperator(id.tenant()))),
+ .roles(Set.of(Role.administrator(id.tenant()))),
new File("application-roles.json"));
// POST a pem deploy key
tester.assertResponse(request("/application/v4/tenant/my-tenant/application/my-app/key", POST)
- .roles(Set.of(Role.tenantOperator(id.tenant())))
+ .roles(Set.of(Role.developer(id.tenant())))
.data("{\"key\":\"" + pemPublicKey + "\"}"),
new File("first-deploy-key.json"));
// POST a pem developer key
tester.assertResponse(request("/application/v4/tenant/my-tenant/key", POST)
.user("joe@dev")
- .roles(Set.of(Role.tenantOperator(id.tenant())))
+ .roles(Set.of(Role.developer(id.tenant())))
.data("{\"key\":\"" + pemPublicKey + "\"}"),
new File("first-developer-key.json"));
// POST the same pem developer key for a different user is forbidden
tester.assertResponse(request("/application/v4/tenant/my-tenant/key", POST)
.user("operator@tenant")
- .roles(Set.of(Role.tenantOperator(id.tenant())))
+ .roles(Set.of(Role.developer(id.tenant())))
.data("{\"key\":\"" + pemPublicKey + "\"}"),
"{\"error-code\":\"BAD_REQUEST\",\"message\":\"Key "+ quotedPemPublicKey + " is already owned by joe@dev\"}",
400);
- // PATCH in a different pem developer key
+ // POST in a different pem developer key
tester.assertResponse(request("/application/v4/tenant/my-tenant/key", POST)
- .user("operator@tenant")
- .roles(Set.of(Role.tenantOperator(id.tenant())))
+ .user("developer@tenant")
+ .roles(Set.of(Role.developer(id.tenant())))
.data("{\"key\":\"" + otherPemPublicKey + "\"}"),
new File("both-developer-keys.json"));
// GET tenant information with keys
tester.assertResponse(request("/application/v4/tenant/my-tenant/")
- .roles(Set.of(Role.applicationReader(id.tenant(), id.application()))),
+ .roles(Set.of(Role.reader(id.tenant()))),
new File("tenant-with-keys.json"));
// DELETE a pem developer key
tester.assertResponse(request("/application/v4/tenant/my-tenant/key", DELETE)
- .roles(Set.of(Role.tenantOperator(id.tenant())))
+ .roles(Set.of(Role.developer(id.tenant())))
.data("{\"key\":\"" + pemPublicKey + "\"}"),
new File("second-developer-key.json"));
- // DELETE an application role is allowed for an application admin.
- tester.assertResponse(request("/user/v1/tenant/my-tenant/application/my-app", DELETE)
- .roles(Set.of(Role.applicationAdmin(id.tenant(), id.application())))
- .data("{\"user\":\"operator@tenant\",\"roleName\":\"applicationAdmin\"}"),
- "{\"message\":\"user 'operator@tenant' is no longer a member of role 'applicationAdmin' of 'my-app' owned by 'my-tenant'\"}");
-
- // DELETE an application is available to application admins.
+ // DELETE an application is available to developers.
tester.assertResponse(request("/application/v4/tenant/my-tenant/application/my-app", DELETE)
- .roles(Set.of(Role.applicationAdmin(id.tenant(), id.application()))),
+ .roles(Set.of(Role.developer(id.tenant()))),
"{\"message\":\"Deleted application my-tenant.my-app\"}");
// DELETE a tenant role is available to tenant admins.
// DELETE the developer role clears any developer key.
tester.assertResponse(request("/user/v1/tenant/my-tenant", DELETE)
- .roles(Set.of(Role.tenantAdmin(id.tenant())))
- .data("{\"user\":\"operator@tenant\",\"roleName\":\"tenantOperator\"}"),
- "{\"message\":\"user 'operator@tenant' is no longer a member of role 'tenantOperator' of 'my-tenant'\"}");
+ .roles(Set.of(Role.administrator(id.tenant())))
+ .data("{\"user\":\"developer@tenant\",\"roleName\":\"developer\"}"),
+ "{\"message\":\"user 'developer@tenant' is no longer a member of role 'developer' of 'my-tenant'\"}");
// DELETE the last tenant owner is not allowed.
tester.assertResponse(request("/user/v1/tenant/my-tenant", DELETE)
.roles(operator)
- .data("{\"user\":\"owner@tenant\",\"roleName\":\"tenantOwner\"}"),
- "{\"error-code\":\"BAD_REQUEST\",\"message\":\"Can't remove the last owner of a tenant.\"}", 400);
+ .data("{\"user\":\"administrator@tenant\",\"roleName\":\"administrator\"}"),
+ "{\"error-code\":\"BAD_REQUEST\",\"message\":\"Can't remove the last administrator of a tenant.\"}", 400);
// DELETE the tenant is available to the tenant owner.
tester.assertResponse(request("/application/v4/tenant/my-tenant", DELETE)
diff --git a/controller-server/src/test/java/com/yahoo/vespa/hosted/controller/restapi/user/responses/application-roles.json b/controller-server/src/test/java/com/yahoo/vespa/hosted/controller/restapi/user/responses/application-roles.json
index e23ab918135..e05156e3eef 100644
--- a/controller-server/src/test/java/com/yahoo/vespa/hosted/controller/restapi/user/responses/application-roles.json
+++ b/controller-server/src/test/java/com/yahoo/vespa/hosted/controller/restapi/user/responses/application-roles.json
@@ -2,77 +2,28 @@
"tenant": "my-tenant",
"application": "my-app",
"roleNames": [
- "applicationAdmin",
- "applicationOperator",
- "applicationDeveloper",
- "applicationReader"
+ "headless"
],
"users": [
{
- "name": "owner@tenant",
- "email":"owner@tenant",
+ "name": "administrator@tenant",
+ "email": "administrator@tenant",
"roles": {
- "applicationAdmin": {
+ "headless": {
"explicit": false,
- "implied": true
- },
- "applicationOperator": {
- "explicit": false,
- "implied": true
- },
- "applicationDeveloper": {
- "explicit": false,
- "implied": true
- },
- "applicationReader": {
- "explicit": false,
- "implied": true
- }
- }
- },
- {
- "name": "operator@tenant",
- "email":"operator@tenant",
- "roles": {
- "applicationAdmin": {
- "explicit": true,
"implied": false
- },
- "applicationOperator": {
- "explicit": false,
- "implied": true
- },
- "applicationDeveloper": {
- "explicit": false,
- "implied": true
- },
- "applicationReader": {
- "explicit": false,
- "implied": true
}
}
},
{
- "name": "reader@app",
- "email":"reader@app",
+ "name": "developer@tenant",
+ "email": "developer@tenant",
"roles": {
- "applicationAdmin": {
- "explicit": false,
- "implied": false
- },
- "applicationOperator": {
- "explicit": false,
- "implied": false
- },
- "applicationDeveloper": {
+ "headless": {
"explicit": false,
"implied": false
- },
- "applicationReader": {
- "explicit": true,
- "implied": false
}
}
}
]
-}
+} \ No newline at end of file
diff --git a/controller-server/src/test/java/com/yahoo/vespa/hosted/controller/restapi/user/responses/both-developer-keys.json b/controller-server/src/test/java/com/yahoo/vespa/hosted/controller/restapi/user/responses/both-developer-keys.json
index 2ff1c29fe29..bc49135a1db 100644
--- a/controller-server/src/test/java/com/yahoo/vespa/hosted/controller/restapi/user/responses/both-developer-keys.json
+++ b/controller-server/src/test/java/com/yahoo/vespa/hosted/controller/restapi/user/responses/both-developer-keys.json
@@ -6,7 +6,7 @@
},
{
"key": "-----BEGIN PUBLIC KEY-----\nMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEFELzPyinTfQ/sZnTmRp5E4Ve/sbE\npDhJeqczkyFcT2PysJ5sZwm7rKPEeXDOhzTPCyRvbUqc2SGdWbKUGGa/Yw==\n-----END PUBLIC KEY-----\n",
- "user": "operator@tenant"
+ "user": "developer@tenant"
}
]
}
diff --git a/controller-server/src/test/java/com/yahoo/vespa/hosted/controller/restapi/user/responses/second-developer-key.json b/controller-server/src/test/java/com/yahoo/vespa/hosted/controller/restapi/user/responses/second-developer-key.json
index f7d90f31116..64098a775a1 100644
--- a/controller-server/src/test/java/com/yahoo/vespa/hosted/controller/restapi/user/responses/second-developer-key.json
+++ b/controller-server/src/test/java/com/yahoo/vespa/hosted/controller/restapi/user/responses/second-developer-key.json
@@ -2,7 +2,7 @@
"keys": [
{
"key": "-----BEGIN PUBLIC KEY-----\nMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEFELzPyinTfQ/sZnTmRp5E4Ve/sbE\npDhJeqczkyFcT2PysJ5sZwm7rKPEeXDOhzTPCyRvbUqc2SGdWbKUGGa/Yw==\n-----END PUBLIC KEY-----\n",
- "user": "operator@tenant"
+ "user": "developer@tenant"
}
]
}
diff --git a/controller-server/src/test/java/com/yahoo/vespa/hosted/controller/restapi/user/responses/tenant-roles.json b/controller-server/src/test/java/com/yahoo/vespa/hosted/controller/restapi/user/responses/tenant-roles.json
index fa528fe2ab7..61c1c94d4ca 100644
--- a/controller-server/src/test/java/com/yahoo/vespa/hosted/controller/restapi/user/responses/tenant-roles.json
+++ b/controller-server/src/test/java/com/yahoo/vespa/hosted/controller/restapi/user/responses/tenant-roles.json
@@ -1,46 +1,46 @@
{
"tenant": "my-tenant",
"roleNames": [
- "tenantOwner",
- "tenantAdmin",
- "tenantOperator"
+ "administrator",
+ "developer",
+ "reader"
],
"users": [
{
- "name": "owner@tenant",
- "email":"owner@tenant",
+ "name": "administrator@tenant",
+ "email": "administrator@tenant",
"roles": {
- "tenantOwner": {
+ "administrator": {
"explicit": true,
"implied": false
},
- "tenantAdmin": {
- "explicit": false,
- "implied": true
+ "developer": {
+ "explicit": true,
+ "implied": false
},
- "tenantOperator": {
- "explicit": false,
- "implied": true
+ "reader": {
+ "explicit": true,
+ "implied": false
}
}
},
{
- "name": "operator@tenant",
- "email":"operator@tenant",
+ "name": "developer@tenant",
+ "email": "developer@tenant",
"roles": {
- "tenantOwner": {
+ "administrator": {
"explicit": false,
"implied": false
},
- "tenantAdmin": {
- "explicit": false,
+ "developer": {
+ "explicit": true,
"implied": false
},
- "tenantOperator": {
- "explicit": true,
+ "reader": {
+ "explicit": false,
"implied": false
}
}
}
]
-}
+} \ No newline at end of file
diff --git a/controller-server/src/test/java/com/yahoo/vespa/hosted/controller/restapi/user/responses/tenant-with-keys.json b/controller-server/src/test/java/com/yahoo/vespa/hosted/controller/restapi/user/responses/tenant-with-keys.json
index b7970a48963..24ac6633f6c 100644
--- a/controller-server/src/test/java/com/yahoo/vespa/hosted/controller/restapi/user/responses/tenant-with-keys.json
+++ b/controller-server/src/test/java/com/yahoo/vespa/hosted/controller/restapi/user/responses/tenant-with-keys.json
@@ -8,7 +8,7 @@
},
{
"key": "-----BEGIN PUBLIC KEY-----\nMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEFELzPyinTfQ/sZnTmRp5E4Ve/sbE\npDhJeqczkyFcT2PysJ5sZwm7rKPEeXDOhzTPCyRvbUqc2SGdWbKUGGa/Yw==\n-----END PUBLIC KEY-----\n",
- "user": "operator@tenant"
+ "user": "developer@tenant"
}],
"applications": []
}