diff options
Diffstat (limited to 'controller-server')
2 files changed, 17 insertions, 0 deletions
diff --git a/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/restapi/filter/ControllerAuthorizationFilter.java b/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/restapi/filter/ControllerAuthorizationFilter.java index 3d0a50d71dc..13707772244 100644 --- a/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/restapi/filter/ControllerAuthorizationFilter.java +++ b/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/restapi/filter/ControllerAuthorizationFilter.java @@ -135,6 +135,7 @@ public class ControllerAuthorizationFilter implements SecurityRequestFilter { private static boolean isTenantPipelineOperation(Path path, Method method) { if (isTenantAdminOperation(path, method)) return false; return path.matches("/application/v4/tenant/{tenant}/application/{application}/jobreport") || + path.matches("/application/v4/tenant/{tenant}/application/{application}/promote") || path.matches("/application/v4/tenant/{tenant}/application/{application}/environment/prod/{*}") || path.matches("/application/v4/tenant/{tenant}/application/{application}/environment/test/{*}") || path.matches("/application/v4/tenant/{tenant}/application/{application}/environment/staging/{*}"); diff --git a/controller-server/src/test/java/com/yahoo/vespa/hosted/controller/restapi/filter/ControllerAuthorizationFilterTest.java b/controller-server/src/test/java/com/yahoo/vespa/hosted/controller/restapi/filter/ControllerAuthorizationFilterTest.java index 87215a595a6..823f2cf1024 100644 --- a/controller-server/src/test/java/com/yahoo/vespa/hosted/controller/restapi/filter/ControllerAuthorizationFilterTest.java +++ b/controller-server/src/test/java/com/yahoo/vespa/hosted/controller/restapi/filter/ControllerAuthorizationFilterTest.java @@ -134,6 +134,22 @@ public class ControllerAuthorizationFilterTest { assertIsForbidden(invokeFilter(filter, createRequest(method, path, TENANT_ADMIN))); assertIsForbidden(invokeFilter(filter, createRequest(method, path, USER))); } + { + String path = "/application/v4/tenant/mytenant/application/myapp/jobreport"; + Method method = POST; + assertIsAllowed(invokeFilter(filter, createRequest(method, path, HOSTED_OPERATOR))); + assertIsAllowed(invokeFilter(filter, createRequest(method, path, TENANT_PIPELINE))); + assertIsForbidden(invokeFilter(filter, createRequest(method, path, TENANT_ADMIN))); + assertIsForbidden(invokeFilter(filter, createRequest(method, path, USER))); + } + { + String path = "/application/v4/tenant/mytenant/application/myapp/promote"; + Method method = POST; + assertIsAllowed(invokeFilter(filter, createRequest(method, path, HOSTED_OPERATOR))); + assertIsAllowed(invokeFilter(filter, createRequest(method, path, TENANT_PIPELINE))); + assertIsForbidden(invokeFilter(filter, createRequest(method, path, TENANT_ADMIN))); + assertIsForbidden(invokeFilter(filter, createRequest(method, path, USER))); + } } private static void assertIsAllowed(Optional<AuthorizationResponse> response) { |