From 224afe3b367cba9b978115e969e714c14c71caa6 Mon Sep 17 00:00:00 2001
From: Lars Wirzenius <liw@liw.fi>
Date: Tue, 24 Apr 2018 17:03:17 +0300
Subject: Change: GET /work, POST /worker use access token to identify worker

---
 yarns/300-workers.yarn | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

(limited to 'yarns/300-workers.yarn')

diff --git a/yarns/300-workers.yarn b/yarns/300-workers.yarn
index 4e975ea..89444f9 100644
--- a/yarns/300-workers.yarn
+++ b/yarns/300-workers.yarn
@@ -55,10 +55,11 @@ controller API. It doesn't actually talk to the worker itself.
     GIVEN an RSA key pair for token signing
     AND an access token for user with scopes
     ... uapi_workers_get
-    ... uapi_workers_post
     ... uapi_workers_id_get
     ... uapi_workers_id_put
     ... uapi_workers_id_delete
+    AND an access token for obelix with scopes
+    ... uapi_workers_post
     AND controller config uses statedir at the state directory
     AND controller config uses https://blobs.example.com as artifact store
     AND controller config uses https://auth.example.com as authentication
@@ -68,7 +69,7 @@ controller API. It doesn't actually talk to the worker itself.
     THEN result has status code 200
     AND body matches { "workers": [] }
 
-    WHEN user makes request POST /workers with a valid token and body
+    WHEN obelix makes request POST /workers with a valid token and body
     ... {
     ...     "worker": "obelix",
     ...     "protocol": "ssh",
-- 
cgit v1.2.1