From e8130b022253d16ba4f0c3bda227d3db1a0e184b Mon Sep 17 00:00:00 2001 From: Ola Aunrønning Date: Wed, 16 Mar 2022 14:07:35 +0100 Subject: Don't pre-emptively check role membership Role creation is now done by maintainer --- .../api/integration/athenz/AthenzAccessControlService.java | 11 ----------- 1 file changed, 11 deletions(-) (limited to 'controller-api') diff --git a/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/athenz/AthenzAccessControlService.java b/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/athenz/AthenzAccessControlService.java index 317229f9e9a..9a6a661d7e0 100644 --- a/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/athenz/AthenzAccessControlService.java +++ b/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/athenz/AthenzAccessControlService.java @@ -71,9 +71,6 @@ public class AthenzAccessControlService implements AccessControlService { return vespaZmsClient.map( zms -> { var role = sshRole(tenantName); - if (!zms.listRoles(role.domain()).contains(role)) - zms.createRole(role, Map.of()); - return zms.getFullRoleInformation(role); } ).orElseThrow(() -> new UnsupportedOperationException("Only allowed in systems running Vespa Athenz instance")); @@ -88,11 +85,6 @@ public class AthenzAccessControlService implements AccessControlService { return vespaZmsClient.map( zms -> { var role = sshRole(tenantName); - if (!zms.listRoles(role.domain()).contains(role)) - zms.createRole(role, Map.of()); - - if (zms.getMembership(role, vespaTeam)) - return false; var roleInformation = zms.getFullRoleInformation(role); if (roleInformation.getPendingRequest().isEmpty()) @@ -115,9 +107,6 @@ public class AthenzAccessControlService implements AccessControlService { zms -> { var role = sshRole(tenantName); - if (!zms.listRoles(role.domain()).contains(role)) - zms.createRole(role, Map.of()); - if (zms.getMembership(role, vespaTeam)) return false; -- cgit v1.2.3