aboutsummaryrefslogtreecommitdiffstats
path: root/controller-server
Commit message (Collapse)AuthorAgeFilesLines
* Merge pull request #5113 from vespa-engine/mpolden/remove-unused-upgrade-fieldMartin Polden2018-02-226-47/+21
|\ | | | | Remove unused upgrade field
| * Remove unused upgrade fieldMartin Polden2018-02-226-47/+21
| | | | | | | | | | This field was previously used to determine if a job was triggered because of an upgrade, but it's now unused.
* | SimplifyMartin Polden2018-02-222-12/+3
| |
* | Merge pull request #5111 from ↵Morten Tokle2018-02-223-2/+59
|\ \ | | | | | | | | | | | | vespa-engine/mpolden/remember-application-change-during-failing-upgrade Allow application change during failing upgrade
| * | Allow application change during failing upgradeMartin Polden2018-02-223-2/+59
| |/ | | | | | | | | Due to the change in how we handle application version, we could end up ignoring application changes that arrive while upgrade is failing.
* / Use CKMS instead of KeyService to retrieve service private keyBjørn Christian Seime2018-02-221-5/+6
|/
* Merge pull request #5110 from vespa-engine/bjorncs/remove-security-contextMartin Polden2018-02-224-104/+0
|\ | | | | Remove unused SecurityContext wiring
| * Remove unused SecurityContext wiringBjørn Christian Seime2018-02-214-104/+0
| |
| * Improve error message when principal is of wrong typeBjørn Christian Seime2018-02-211-3/+8
| |
| * Make wrapper types accessible from other packagesBjørn Christian Seime2018-02-212-3/+3
| |
| * Include ControllerAuthorizationFilter in all container api testsBjørn Christian Seime2018-02-2111-110/+561
| | | | | | | | Test access control logic as part of all ContainerTester based unit tests.
| * Only verify tenant admin membership if tenant existBjørn Christian Seime2018-02-211-6/+6
| |
| * Remove Authorizer and ApplicationInstanceAuthorizerBjørn Christian Seime2018-02-216-453/+54
| |
| * Use default AuthorizationResponseHandler in unit testBjørn Christian Seime2018-02-212-4/+2
| |
| * Remove dependency on Authorizer and ApplicationInstanceAuthorizerBjørn Christian Seime2018-02-212-22/+78
| | | | | | | | | | Copy required authorization checks from Authorizer and ApplicationInstanceAuthorizer.
* | Improve error message when principal is of wrong typeBjørn Christian Seime2018-02-221-3/+8
| |
* | Make wrapper types accessible from other packagesBjørn Christian Seime2018-02-222-3/+3
| |
* | Include ControllerAuthorizationFilter in all container api testsBjørn Christian Seime2018-02-2211-108/+558
| | | | | | | | Test access control logic as part of all ContainerTester based unit tests.
* | Only verify tenant admin membership if tenant existBjørn Christian Seime2018-02-221-6/+6
| |
* | Remove Authorizer and ApplicationInstanceAuthorizerBjørn Christian Seime2018-02-226-453/+54
| |
* | Use default AuthorizationResponseHandler in unit testBjørn Christian Seime2018-02-222-4/+2
| |
* | Remove dependency on Authorizer and ApplicationInstanceAuthorizerBjørn Christian Seime2018-02-222-22/+78
| | | | | | | | | | Copy required authorization checks from Authorizer and ApplicationInstanceAuthorizer.
* | Fix testMartin Polden2018-02-202-4/+10
| |
* | Remove applicationPackageHashMartin Polden2018-02-201-39/+11
| |
* | Simplify deployMartin Polden2018-02-209-152/+180
| |
* | Require application versionMartin Polden2018-02-2026-389/+520
|/
* Rename to DefaultAuthorizationResponseHandlerBjørn Christian Seime2018-02-202-5/+8
|
* Enforce authorization rules in ControllerAuthorizationFilterBjørn Christian Seime2018-02-201-22/+1
|
* De-duplicate code in ControllerAuthorizationFilterTestBjørn Christian Seime2018-02-161-63/+46
|
* Allow tenant pipelines to use application v4 promoteBjørn Christian Seime2018-02-162-0/+17
|
* Replace all use of deprecated jobreport API with application api equivalentBjørn Christian Seime2018-02-161-2/+3
|
* Log path and identity for all authz failuresBjørn Christian Seime2018-02-161-10/+21
|
* Add jobreport method to application v4 apiBjørn Christian Seime2018-02-154-2/+43
|
* Fix typo in Athenz resource nameBjørn Christian Seime2018-02-151-1/+1
|
* Fix typoBjørn Christian Seime2018-02-151-1/+1
|
* Rename Path.getPath -> Path.asStringBjørn Christian Seime2018-02-152-3/+3
|
* Allow tenant operators to access tenant pipeline operationsBjørn Christian Seime2018-02-142-1/+7
|
* Hosted operators assume tenant admin role through Athenz policyBjørn Christian Seime2018-02-141-1/+1
|
* Add global access control filter for hosted controller APIsBjørn Christian Seime2018-02-144-12/+429
|
* Add getter for original path string to PathBjørn Christian Seime2018-02-141-0/+4
|
* Remove ugly cleanup attempt that was done before initiating Athenz tenancyBjørn Christian Seime2018-02-131-8/+6
|
* Introduce ZmsClient.hasHostedOperatorAccess()Bjørn Christian Seime2018-02-133-4/+27
|
* Move SecurityFilterUtils to generic filter packageBjørn Christian Seime2018-02-133-5/+5
|
* Add authorization to all tenant pipeline operationsBjørn Christian Seime2018-02-073-49/+108
|
* Use ApplicationName instead of ApplicationIdBjørn Christian Seime2018-02-072-7/+7
|
* Deprecate use of SecurityContextBjørn Christian Seime2018-02-074-10/+18
|
* Move getUserId to AuthorizerBjørn Christian Seime2018-02-072-12/+12
|
* Principal is always present and an Athenz principalBjørn Christian Seime2018-02-074-36/+18
|
* Rename 'DeployAuthorizer' -> 'ApplicationInstanceAuthorizer'Bjørn Christian Seime2018-02-072-5/+7
|
* Merge pull request #4867 from vespa-engine/bjorncs/deny-user-tenants-prod-deployBjørn Christian Seime2018-02-071-0/+5
|\ | | | | Only allow user tenants deploy to dev and perf env