diff options
author | Ola Aunrønning <olaa@verizonmedia.com> | 2022-08-10 11:40:39 +0200 |
---|---|---|
committer | Ola Aunrønning <olaa@verizonmedia.com> | 2022-08-10 11:42:50 +0200 |
commit | 18d53a9e3b97bd034ab3ea9d82262a7dd46e6e94 (patch) | |
tree | cbfe4277bd4695e14880ab6bb797b44c430ec8a8 | |
parent | 2e39740349f23b96307c504fd90312ff607517b1 (diff) |
Clean up roles of deleted tenants
7 files changed, 35 insertions, 13 deletions
diff --git a/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/athenz/ZmsClientMock.java b/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/athenz/ZmsClientMock.java index 53e2592e0a6..7539f7b4cf2 100644 --- a/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/athenz/ZmsClientMock.java +++ b/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/athenz/ZmsClientMock.java @@ -274,6 +274,11 @@ public class ZmsClientMock implements ZmsClient { } @Override + public void deleteSubdomain(AthenzDomain parent, String name) { + athenz.domains.remove(new AthenzDomain(parent.getName() + "." + name)); + } + + @Override public void close() {} private static AthenzDomain getTenantDomain(AthenzResourceName resource) { diff --git a/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/aws/NoopRoleService.java b/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/aws/NoopRoleService.java index 541eb3dbe90..1ef1bc5106c 100644 --- a/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/aws/NoopRoleService.java +++ b/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/aws/NoopRoleService.java @@ -35,4 +35,9 @@ public class NoopRoleService implements RoleService { @Override public void maintainRoles(List<TenantName> tenants) { } + + @Override + public void cleanupRoles(List<TenantName> tenants) { + + } } diff --git a/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/aws/RoleService.java b/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/aws/RoleService.java index bc661077537..0a35893a7c4 100644 --- a/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/aws/RoleService.java +++ b/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/aws/RoleService.java @@ -27,4 +27,6 @@ public interface RoleService { * Maintain roles for the tenants in the system. Create missing roles, update trust. */ void maintainRoles(List<TenantName> tenants); + + void cleanupRoles(List<TenantName> deletedTenants); } diff --git a/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/maintenance/TenantRoleMaintainer.java b/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/maintenance/TenantRoleMaintainer.java index dad836ca2de..820c67f2d44 100644 --- a/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/maintenance/TenantRoleMaintainer.java +++ b/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/maintenance/TenantRoleMaintainer.java @@ -33,21 +33,15 @@ public class TenantRoleMaintainer extends ControllerMaintainer { .map(Tenant::name) .collect(Collectors.toList()); roleService.maintainRoles(tenantsWithRoles); + + var deletedTenants = controller().tenants().asList(true).stream() + .filter(tenant -> tenant.type() == Tenant.Type.deleted) + .map(Tenant::name) + .toList(); + roleService.cleanupRoles(deletedTenants); + return 1.0; } - private boolean hasProductionDeployment(TenantName tenant) { - return controller().applications().asList(tenant).stream() - .map(Application::productionInstances) - .anyMatch(Predicate.not(Map::isEmpty)); - } - private boolean hasPerfDeployment(TenantName tenant) { - List<ZoneId> perfZones = controller().zoneRegistry().zones().controllerUpgraded().in(Environment.perf).ids(); - return controller().applications().asList(tenant).stream() - .map(Application::instances) - .flatMap(instances -> instances.values().stream()) - .flatMap(instance -> instance.deployments().values().stream()) - .anyMatch(x -> perfZones.contains(x.zone())); - } } diff --git a/flags/src/main/java/com/yahoo/vespa/flags/Flags.java b/flags/src/main/java/com/yahoo/vespa/flags/Flags.java index 51c4c893401..8e06cde420e 100644 --- a/flags/src/main/java/com/yahoo/vespa/flags/Flags.java +++ b/flags/src/main/java/com/yahoo/vespa/flags/Flags.java @@ -472,6 +472,13 @@ public class Flags { APPLICATION_ID,HOSTNAME,NODE_TYPE,TENANT_ID,VESPA_VERSION ); + public static final UnboundBooleanFlag CLEANUP_TENANT_ROLES = defineFeatureFlag( + "cleanup-tenant-roles", false, + List.of("olaa"), "2022-08-10", "2022-10-01", + "Determines whether old tenant roles should be deleted", + "Takes effect next maintenance run" + ); + /** WARNING: public for testing: All flags should be defined in {@link Flags}. */ public static UnboundBooleanFlag defineFeatureFlag(String flagId, boolean defaultValue, List<String> owners, String createdAt, String expiresAt, String description, diff --git a/vespa-athenz/src/main/java/com/yahoo/vespa/athenz/client/zms/DefaultZmsClient.java b/vespa-athenz/src/main/java/com/yahoo/vespa/athenz/client/zms/DefaultZmsClient.java index d7ef20c31c8..fb0e79b6695 100644 --- a/vespa-athenz/src/main/java/com/yahoo/vespa/athenz/client/zms/DefaultZmsClient.java +++ b/vespa-athenz/src/main/java/com/yahoo/vespa/athenz/client/zms/DefaultZmsClient.java @@ -436,6 +436,13 @@ public class DefaultZmsClient extends ClientBase implements ZmsClient { return QuotaUsage.calculateUsage(usageEntity, quotaEntity); } + @Override + public void deleteSubdomain(AthenzDomain parent, String name) { + URI uri = zmsUrl.resolve(String.format("subdomain/%s/%s", parent.getName(), name)); + HttpUriRequest request = RequestBuilder.delete(uri).build(); + execute(request, response -> readEntity(response, Void.class)); + } + public AthenzRoleInformation getFullRoleInformation(AthenzRole role) { var uri = zmsUrl.resolve(String.format("domain/%s/role/%s?pending=true&auditLog=true", role.domain().getName(), role.roleName())); var request = RequestBuilder.get(uri).build(); diff --git a/vespa-athenz/src/main/java/com/yahoo/vespa/athenz/client/zms/ZmsClient.java b/vespa-athenz/src/main/java/com/yahoo/vespa/athenz/client/zms/ZmsClient.java index e15af58cb76..983924eca6b 100644 --- a/vespa-athenz/src/main/java/com/yahoo/vespa/athenz/client/zms/ZmsClient.java +++ b/vespa-athenz/src/main/java/com/yahoo/vespa/athenz/client/zms/ZmsClient.java @@ -89,5 +89,7 @@ public interface ZmsClient extends Closeable { QuotaUsage getQuotaUsage(); + void deleteSubdomain(AthenzDomain parent, String name); + void close(); } |