diff options
author | Morten Tokle <morten.tokle@gmail.com> | 2018-03-06 12:14:00 +0100 |
---|---|---|
committer | GitHub <noreply@github.com> | 2018-03-06 12:14:00 +0100 |
commit | 9258dde254882c6e21ea93b282098729cc68c6cf (patch) | |
tree | 859c63e1ceebd6ac1d0faa75b90ab78b254090db | |
parent | 58852c6044a85a74e8a94f0886e26181058b0d7b (diff) | |
parent | 81550a7ae8c9c2f724a85b899852ee63ae0a859d (diff) |
Merge pull request #5219 from vespa-engine/mpolden/add-type-to-acl-api
Include node type in node ACL
5 files changed, 457 insertions, 51 deletions
diff --git a/node-repository/src/main/java/com/yahoo/vespa/hosted/provision/restapi/v2/NodeAclResponse.java b/node-repository/src/main/java/com/yahoo/vespa/hosted/provision/restapi/v2/NodeAclResponse.java index 2a4f37151de..65b727ad0dd 100644 --- a/node-repository/src/main/java/com/yahoo/vespa/hosted/provision/restapi/v2/NodeAclResponse.java +++ b/node-repository/src/main/java/com/yahoo/vespa/hosted/provision/restapi/v2/NodeAclResponse.java @@ -7,12 +7,13 @@ import com.yahoo.slime.Cursor; import com.yahoo.slime.Slime; import com.yahoo.vespa.config.SlimeUtils; import com.yahoo.vespa.hosted.provision.Node; -import com.yahoo.vespa.hosted.provision.node.NodeAcl; import com.yahoo.vespa.hosted.provision.NodeRepository; +import com.yahoo.vespa.hosted.provision.node.NodeAcl; import java.io.File; import java.io.IOException; import java.io.OutputStream; +import java.util.Set; /** * @author mpolden @@ -36,36 +37,35 @@ public class NodeAclResponse extends HttpResponse { toSlime(hostname, root); } - private static String baseName(String path) { - return new File(path).getName(); - } - private void toSlime(String hostname, Cursor object) { Node node = nodeRepository.getNode(hostname) .orElseGet(() -> nodeRepository.getConfigNode(hostname) .orElseThrow(() -> new NotFoundException("No node with hostname '" + hostname + "'"))); Cursor trustedNodesArray = object.setArray("trustedNodes"); - nodeRepository.getNodeAcls(node, aclsForChildren).forEach(nodeAcl -> toTrustedNodeSlime(nodeAcl, trustedNodesArray)); + nodeRepository.getNodeAcls(node, aclsForChildren).forEach(nodeAcl -> toSlime(nodeAcl, trustedNodesArray)); Cursor trustedNetworksArray = object.setArray("trustedNetworks"); - nodeRepository.getNodeAcls(node, aclsForChildren).forEach(nodeAcl -> toTrustedNetworkSlime(nodeAcl, trustedNetworksArray)); + nodeRepository.getNodeAcls(node, aclsForChildren).forEach(nodeAcl -> toSlime(nodeAcl.trustedNetworks(), + nodeAcl.node(), + trustedNetworksArray)); } - private void toTrustedNodeSlime(NodeAcl nodeAcl, Cursor array) { + private void toSlime(NodeAcl nodeAcl, Cursor array) { nodeAcl.trustedNodes().forEach(node -> node.ipAddresses().forEach(ipAddress -> { Cursor object = array.addObject(); object.setString("hostname", node.hostname()); + object.setString("type", node.type().name()); object.setString("ipAddress", ipAddress); object.setString("trustedBy", nodeAcl.node().hostname()); })); } - private void toTrustedNetworkSlime(NodeAcl nodeAcl, Cursor array) { - nodeAcl.trustedNetworks().forEach(network -> { + private void toSlime(Set<String> trustedNetworks, Node trustedBy, Cursor array) { + trustedNetworks.forEach(network -> { Cursor object = array.addObject(); object.setString("network", network); - object.setString("trustedBy", nodeAcl.node().hostname()); + object.setString("trustedBy", trustedBy.hostname()); }); } @@ -78,4 +78,8 @@ public class NodeAclResponse extends HttpResponse { public String getContentType() { return "application/json"; } + + private static String baseName(String path) { + return new File(path).getName(); + } } diff --git a/node-repository/src/test/java/com/yahoo/vespa/hosted/provision/restapi/v2/RestApiTest.java b/node-repository/src/test/java/com/yahoo/vespa/hosted/provision/restapi/v2/RestApiTest.java index bdea767eb0d..0e9e3464c02 100644 --- a/node-repository/src/test/java/com/yahoo/vespa/hosted/provision/restapi/v2/RestApiTest.java +++ b/node-repository/src/test/java/com/yahoo/vespa/hosted/provision/restapi/v2/RestApiTest.java @@ -13,6 +13,7 @@ import com.yahoo.vespa.config.SlimeUtils; import com.yahoo.vespa.hosted.provision.testutils.ContainerConfig; import org.junit.After; import org.junit.Before; +import org.junit.ComparisonFailure; import org.junit.Test; import java.io.File; @@ -330,47 +331,17 @@ public class RestApiTest { assertResponse(new Request("http://localhost:8080/nodes/v2/state/ready/" + hostname, new byte[0], Request.Method.PUT), "{\"message\":\"Moved foo.yahoo.com to ready\"}"); - Pattern responsePattern = Pattern.compile("\\{\"trustedNodes\":\\[.*" + - "\\{\"hostname\":\"cfg1\",\"ipAddress\":\".+?\",\"trustedBy\":\"foo.yahoo.com\"}," + - "\\{\"hostname\":\"cfg2\",\"ipAddress\":\".+?\",\"trustedBy\":\"foo.yahoo.com\"}," + - "\\{\"hostname\":\"cfg3\",\"ipAddress\":\".+?\",\"trustedBy\":\"foo.yahoo.com\"}" + - ".*],\"trustedNetworks\":\\[\\]}"); - assertResponseMatches(new Request("http://localhost:8080/nodes/v2/acl/" + hostname), responsePattern); + assertFile(new Request("http://localhost:8080/nodes/v2/acl/" + hostname), "acl-tenant-node.json"); } @Test public void acl_request_by_config_server() throws Exception { - Pattern responsePattern = Pattern.compile("\\{\"trustedNodes\":\\[.*" + - "\\{\"hostname\":\"cfg1\",\"ipAddress\":\".+?\",\"trustedBy\":\"cfg1\"}," + - "\\{\"hostname\":\"cfg2\",\"ipAddress\":\".+?\",\"trustedBy\":\"cfg1\"}," + - "\\{\"hostname\":\"cfg3\",\"ipAddress\":\".+?\",\"trustedBy\":\"cfg1\"}" + - ".*],\"trustedNetworks\":\\[\\]}"); - assertResponseMatches(new Request("http://localhost:8080/nodes/v2/acl/cfg1"), responsePattern); + assertFile(new Request("http://localhost:8080/nodes/v2/acl/cfg1"), "acl-config-server.json"); } @Test public void acl_request_by_docker_host() throws Exception { - Pattern responsePattern = Pattern.compile("\\{\"trustedNodes\":\\[" + - "\\{\"hostname\":\"cfg1\",\"ipAddress\":\".+?\",\"trustedBy\":\"dockerhost1.yahoo.com\"}," + - "\\{\"hostname\":\"cfg2\",\"ipAddress\":\".+?\",\"trustedBy\":\"dockerhost1.yahoo.com\"}," + - "\\{\"hostname\":\"cfg3\",\"ipAddress\":\".+?\",\"trustedBy\":\"dockerhost1.yahoo.com\"}]," + - "\"trustedNetworks\":\\[" + - "\\{\"network\":\"172.17.0.0/16\",\"trustedBy\":\"dockerhost1.yahoo.com\"}]}"); - assertResponseMatches(new Request("http://localhost:8080/nodes/v2/acl/dockerhost1.yahoo.com"), responsePattern); - } - - @Test - public void acl_response_with_dual_stack_node() throws Exception { - Pattern responsePattern = Pattern.compile("\\{\"trustedNodes\":\\[" + - "\\{\"hostname\":\"cfg1\",\"ipAddress\":\".+?\",\"trustedBy\":\"host1.yahoo.com\"}," + - "\\{\"hostname\":\"cfg2\",\"ipAddress\":\".+?\",\"trustedBy\":\"host1.yahoo.com\"}," + - "\\{\"hostname\":\"cfg3\",\"ipAddress\":\".+?\",\"trustedBy\":\"host1.yahoo.com\"}," + - "\\{\"hostname\":\"host1.yahoo.com\",\"ipAddress\":\"::1\",\"trustedBy\":\"host1.yahoo.com\"}," + - "\\{\"hostname\":\"host1.yahoo.com\",\"ipAddress\":\"127.0.0.1\",\"trustedBy\":\"host1.yahoo.com\"}," + - "\\{\"hostname\":\"host10.yahoo.com\",\"ipAddress\":\"::1\",\"trustedBy\":\"host1.yahoo.com\"}," + - "\\{\"hostname\":\"host10.yahoo.com\",\"ipAddress\":\"127.0.0.1\",\"trustedBy\":\"host1.yahoo.com\"}" + - "],\"trustedNetworks\":\\[\\]}"); - assertResponseMatches(new Request("http://localhost:8080/nodes/v2/acl/host1.yahoo.com"), responsePattern); + assertFile(new Request("http://localhost:8080/nodes/v2/acl/dockerhost1.yahoo.com"), "acl-docker-host.json"); } @Test @@ -609,18 +580,21 @@ public class RestApiTest { response.contains(responseSnippet)); } - private void assertResponseMatches(Request request, Pattern pattern) throws IOException { - String response = container.handleRequest(request).getBodyAsString(); - assertTrue(String.format("Expected response to match pattern: %s\nResponse: %s", pattern.toString(), response), - pattern.matcher(response).matches()); - } - private void assertFile(Request request, String responseFile) throws IOException { String expectedResponse = IOUtils.readFile(new File(responsesPath + responseFile)); expectedResponse = include(expectedResponse); expectedResponse = expectedResponse.replaceAll("\\s", ""); String responseString = container.handleRequest(request).getBodyAsString(); - assertEquals(responseFile, expectedResponse, responseString); + if (expectedResponse.contains("(ignore)")) { + String expectedResponsePattern = Pattern.quote(expectedResponse) + .replaceAll("\\(ignore\\)", "\\\\E.*\\\\Q"); + if (!Pattern.matches(expectedResponsePattern, responseString)) { + throw new ComparisonFailure(responseFile + " (with ignored fields)", expectedResponsePattern, + responseString); + } + } else { + assertEquals(responseFile, expectedResponse, responseString); + } } private void assertRestart(int restartCount, Request request) throws IOException { diff --git a/node-repository/src/test/java/com/yahoo/vespa/hosted/provision/restapi/v2/responses/acl-config-server.json b/node-repository/src/test/java/com/yahoo/vespa/hosted/provision/restapi/v2/responses/acl-config-server.json new file mode 100644 index 00000000000..775d33a3a19 --- /dev/null +++ b/node-repository/src/test/java/com/yahoo/vespa/hosted/provision/restapi/v2/responses/acl-config-server.json @@ -0,0 +1,197 @@ +{ + "trustedNodes": [ + { + "hostname": "cfg1", + "type": "config", + "ipAddress": "(ignore)", + "trustedBy": "cfg1" + }, + { + "hostname": "cfg2", + "type": "config", + "ipAddress": "(ignore)", + "trustedBy": "cfg1" + }, + { + "hostname": "cfg3", + "type": "config", + "ipAddress": "(ignore)", + "trustedBy": "cfg1" + }, + { + "hostname": "dockerhost1.yahoo.com", + "type": "host", + "ipAddress": "::1", + "trustedBy": "cfg1" + }, + { + "hostname": "dockerhost1.yahoo.com", + "type": "host", + "ipAddress": "127.0.0.1", + "trustedBy": "cfg1" + }, + { + "hostname": "dockerhost2.yahoo.com", + "type": "host", + "ipAddress": "::1", + "trustedBy": "cfg1" + }, + { + "hostname": "dockerhost2.yahoo.com", + "type": "host", + "ipAddress": "127.0.0.1", + "trustedBy": "cfg1" + }, + { + "hostname": "dockerhost3.yahoo.com", + "type": "host", + "ipAddress": "::1", + "trustedBy": "cfg1" + }, + { + "hostname": "dockerhost3.yahoo.com", + "type": "host", + "ipAddress": "127.0.0.1", + "trustedBy": "cfg1" + }, + { + "hostname": "dockerhost4.yahoo.com", + "type": "host", + "ipAddress": "::1", + "trustedBy": "cfg1" + }, + { + "hostname": "dockerhost4.yahoo.com", + "type": "host", + "ipAddress": "127.0.0.1", + "trustedBy": "cfg1" + }, + { + "hostname": "dockerhost5.yahoo.com", + "type": "host", + "ipAddress": "::1", + "trustedBy": "cfg1" + }, + { + "hostname": "dockerhost5.yahoo.com", + "type": "host", + "ipAddress": "127.0.0.1", + "trustedBy": "cfg1" + }, + { + "hostname": "host1.yahoo.com", + "type": "tenant", + "ipAddress": "::1", + "trustedBy": "cfg1" + }, + { + "hostname": "host1.yahoo.com", + "type": "tenant", + "ipAddress": "127.0.0.1", + "trustedBy": "cfg1" + }, + { + "hostname": "host10.yahoo.com", + "type": "tenant", + "ipAddress": "::1", + "trustedBy": "cfg1" + }, + { + "hostname": "host10.yahoo.com", + "type": "tenant", + "ipAddress": "127.0.0.1", + "trustedBy": "cfg1" + }, + { + "hostname": "host2.yahoo.com", + "type": "tenant", + "ipAddress": "::1", + "trustedBy": "cfg1" + }, + { + "hostname": "host2.yahoo.com", + "type": "tenant", + "ipAddress": "127.0.0.1", + "trustedBy": "cfg1" + }, + { + "hostname": "host3.yahoo.com", + "type": "tenant", + "ipAddress": "::1", + "trustedBy": "cfg1" + }, + { + "hostname": "host3.yahoo.com", + "type": "tenant", + "ipAddress": "127.0.0.1", + "trustedBy": "cfg1" + }, + { + "hostname": "host4.yahoo.com", + "type": "tenant", + "ipAddress": "::1", + "trustedBy": "cfg1" + }, + { + "hostname": "host4.yahoo.com", + "type": "tenant", + "ipAddress": "127.0.0.1", + "trustedBy": "cfg1" + }, + { + "hostname": "host5.yahoo.com", + "type": "tenant", + "ipAddress": "::1", + "trustedBy": "cfg1" + }, + { + "hostname": "host5.yahoo.com", + "type": "tenant", + "ipAddress": "127.0.0.1", + "trustedBy": "cfg1" + }, + { + "hostname": "host55.yahoo.com", + "type": "tenant", + "ipAddress": "::1", + "trustedBy": "cfg1" + }, + { + "hostname": "host55.yahoo.com", + "type": "tenant", + "ipAddress": "127.0.0.1", + "trustedBy": "cfg1" + }, + { + "hostname": "host6.yahoo.com", + "type": "tenant", + "ipAddress": "::1", + "trustedBy": "cfg1" + }, + { + "hostname": "host6.yahoo.com", + "type": "tenant", + "ipAddress": "127.0.0.1", + "trustedBy": "cfg1" + }, + { + "hostname": "host7.yahoo.com", + "type": "tenant", + "ipAddress": "::1", + "trustedBy": "cfg1" + }, + { + "hostname": "host7.yahoo.com", + "type": "tenant", + "ipAddress": "127.0.0.1", + "trustedBy": "cfg1" + }, + { + "hostname": "test-container-1", + "type": "tenant", + "ipAddress": "::2", + "trustedBy": "cfg1" + } + ], + "trustedNetworks": [] +} diff --git a/node-repository/src/test/java/com/yahoo/vespa/hosted/provision/restapi/v2/responses/acl-docker-host.json b/node-repository/src/test/java/com/yahoo/vespa/hosted/provision/restapi/v2/responses/acl-docker-host.json new file mode 100644 index 00000000000..f13730ba066 --- /dev/null +++ b/node-repository/src/test/java/com/yahoo/vespa/hosted/provision/restapi/v2/responses/acl-docker-host.json @@ -0,0 +1,88 @@ +{ + "trustedNodes": [ + { + "hostname": "cfg1", + "type": "config", + "ipAddress": "(ignore)", + "trustedBy": "dockerhost1.yahoo.com" + }, + { + "hostname": "cfg2", + "type": "config", + "ipAddress": "(ignore)", + "trustedBy": "dockerhost1.yahoo.com" + }, + { + "hostname": "cfg3", + "type": "config", + "ipAddress": "(ignore)", + "trustedBy": "dockerhost1.yahoo.com" + }, + { + "hostname": "dockerhost1.yahoo.com", + "type": "host", + "ipAddress": "::1", + "trustedBy": "dockerhost1.yahoo.com" + }, + { + "hostname": "dockerhost1.yahoo.com", + "type": "host", + "ipAddress": "127.0.0.1", + "trustedBy": "dockerhost1.yahoo.com" + }, + { + "hostname": "dockerhost2.yahoo.com", + "type": "host", + "ipAddress": "::1", + "trustedBy": "dockerhost1.yahoo.com" + }, + { + "hostname": "dockerhost2.yahoo.com", + "type": "host", + "ipAddress": "127.0.0.1", + "trustedBy": "dockerhost1.yahoo.com" + }, + { + "hostname": "dockerhost3.yahoo.com", + "type": "host", + "ipAddress": "::1", + "trustedBy": "dockerhost1.yahoo.com" + }, + { + "hostname": "dockerhost3.yahoo.com", + "type": "host", + "ipAddress": "127.0.0.1", + "trustedBy": "dockerhost1.yahoo.com" + }, + { + "hostname": "dockerhost4.yahoo.com", + "type": "host", + "ipAddress": "::1", + "trustedBy": "dockerhost1.yahoo.com" + }, + { + "hostname": "dockerhost4.yahoo.com", + "type": "host", + "ipAddress": "127.0.0.1", + "trustedBy": "dockerhost1.yahoo.com" + }, + { + "hostname": "dockerhost5.yahoo.com", + "type": "host", + "ipAddress": "::1", + "trustedBy": "dockerhost1.yahoo.com" + }, + { + "hostname": "dockerhost5.yahoo.com", + "type": "host", + "ipAddress": "127.0.0.1", + "trustedBy": "dockerhost1.yahoo.com" + } + ], + "trustedNetworks": [ + { + "network": "172.17.0.0/16", + "trustedBy": "dockerhost1.yahoo.com" + } + ] +} diff --git a/node-repository/src/test/java/com/yahoo/vespa/hosted/provision/restapi/v2/responses/acl-tenant-node.json b/node-repository/src/test/java/com/yahoo/vespa/hosted/provision/restapi/v2/responses/acl-tenant-node.json new file mode 100644 index 00000000000..b2184c9d825 --- /dev/null +++ b/node-repository/src/test/java/com/yahoo/vespa/hosted/provision/restapi/v2/responses/acl-tenant-node.json @@ -0,0 +1,143 @@ +{ + "trustedNodes": [ + { + "hostname": "cfg1", + "type": "config", + "ipAddress": "(ignore)", + "trustedBy": "foo.yahoo.com" + }, + { + "hostname": "cfg2", + "type": "config", + "ipAddress": "(ignore)", + "trustedBy": "foo.yahoo.com" + }, + { + "hostname": "cfg3", + "type": "config", + "ipAddress": "(ignore)", + "trustedBy": "foo.yahoo.com" + }, + { + "hostname": "foo.yahoo.com", + "type": "tenant", + "ipAddress": "(ignore)", + "trustedBy": "foo.yahoo.com" + }, + { + "hostname": "host1.yahoo.com", + "type": "tenant", + "ipAddress": "::1", + "trustedBy": "foo.yahoo.com" + }, + { + "hostname": "host1.yahoo.com", + "type": "tenant", + "ipAddress": "127.0.0.1", + "trustedBy": "foo.yahoo.com" + }, + { + "hostname": "host10.yahoo.com", + "type": "tenant", + "ipAddress": "::1", + "trustedBy": "foo.yahoo.com" + }, + { + "hostname": "host10.yahoo.com", + "type": "tenant", + "ipAddress": "127.0.0.1", + "trustedBy": "foo.yahoo.com" + }, + { + "hostname": "host2.yahoo.com", + "type": "tenant", + "ipAddress": "::1", + "trustedBy": "foo.yahoo.com" + }, + { + "hostname": "host2.yahoo.com", + "type": "tenant", + "ipAddress": "127.0.0.1", + "trustedBy": "foo.yahoo.com" + }, + { + "hostname": "host3.yahoo.com", + "type": "tenant", + "ipAddress": "::1", + "trustedBy": "foo.yahoo.com" + }, + { + "hostname": "host3.yahoo.com", + "type": "tenant", + "ipAddress": "127.0.0.1", + "trustedBy": "foo.yahoo.com" + }, + { + "hostname": "host4.yahoo.com", + "type": "tenant", + "ipAddress": "::1", + "trustedBy": "foo.yahoo.com" + }, + { + "hostname": "host4.yahoo.com", + "type": "tenant", + "ipAddress": "127.0.0.1", + "trustedBy": "foo.yahoo.com" + }, + { + "hostname": "host5.yahoo.com", + "type": "tenant", + "ipAddress": "::1", + "trustedBy": "foo.yahoo.com" + }, + { + "hostname": "host5.yahoo.com", + "type": "tenant", + "ipAddress": "127.0.0.1", + "trustedBy": "foo.yahoo.com" + }, + { + "hostname": "host55.yahoo.com", + "type": "tenant", + "ipAddress": "::1", + "trustedBy": "foo.yahoo.com" + }, + { + "hostname": "host55.yahoo.com", + "type": "tenant", + "ipAddress": "127.0.0.1", + "trustedBy": "foo.yahoo.com" + }, + { + "hostname": "host6.yahoo.com", + "type": "tenant", + "ipAddress": "::1", + "trustedBy": "foo.yahoo.com" + }, + { + "hostname": "host6.yahoo.com", + "type": "tenant", + "ipAddress": "127.0.0.1", + "trustedBy": "foo.yahoo.com" + }, + { + "hostname": "host7.yahoo.com", + "type": "tenant", + "ipAddress": "::1", + "trustedBy": "foo.yahoo.com" + }, + { + "hostname": "host7.yahoo.com", + "type": "tenant", + "ipAddress": "127.0.0.1", + "trustedBy": "foo.yahoo.com" + }, + { + "hostname": "test-container-1", + "type": "tenant", + "ipAddress": "::2", + "trustedBy": "foo.yahoo.com" + } + ], + "trustedNetworks": [] +} |