Add splunk role config

author: Ola Aunronning <olaa@yahooinc.com> 2023-04-21 11:39:56 +0200
committer: Ola Aunronning <olaa@yahooinc.com> 2023-04-21 11:48:07 +0200
commit: 5c09a92e7e3846d11640a910fec5a4f92ce875aa (patch)
tree: 19f25ec5672eea6b565b022d55d313c0d950432e
parent: ee11975355ecbe2d0ba250e2a86cf2774013609c (diff)
7 files changed, 51 insertions, 12 deletions
diff --git a/config-model/src/main/java/com/yahoo/vespa/model/admin/LogForwarder.java b/config-model/src/main/java/com/yahoo/vespa/model/admin/LogForwarder.java
index 6284c0bc625..beb96ab8cc8 100644
--- a/config-model/src/main/java/com/yahoo/vespa/model/admin/LogForwarder.java
+++ b/config-model/src/main/java/com/yahoo/vespa/model/admin/LogForwarder.java
@@ -14,24 +14,30 @@ public class LogForwarder extends AbstractService implements LogforwarderConfig.
         public final String clientName;
         public final String splunkHome;
         public final Integer phoneHomeInterval;
+        public final String role;
 
-        private Config(String ds, String cn, String sh, Integer phi) {
+        private Config(String ds, String cn, String sh, Integer phi, String role) {
             this.deploymentServer = ds;
             this.clientName = cn;
             this.splunkHome = sh;
             this.phoneHomeInterval = phi;
+            this.role = role;
         }
         public Config withDeploymentServer(String ds) {
-            return new Config(ds, clientName, splunkHome, phoneHomeInterval);
+            return new Config(ds, clientName, splunkHome, phoneHomeInterval, role);
         }
         public Config withClientName(String cn) {
-            return new Config(deploymentServer, cn, splunkHome, phoneHomeInterval);
+            return new Config(deploymentServer, cn, splunkHome, phoneHomeInterval, role);
         }
         public Config withSplunkHome(String sh) {
-            return new Config(deploymentServer, clientName, sh, phoneHomeInterval);
+            return new Config(deploymentServer, clientName, sh, phoneHomeInterval, role);
         }
         public Config withPhoneHomeInterval(Integer phi) {
-            return new Config(deploymentServer, clientName, splunkHome, phi);
+            return new Config(deploymentServer, clientName, splunkHome, phi, role);
+        }
+
+        public Config withRole(String role) {
+            return new Config(deploymentServer, clientName, splunkHome, phoneHomeInterval, role);
         }
     }
 
@@ -49,7 +55,7 @@ public class LogForwarder extends AbstractService implements LogforwarderConfig.
     }
 
     public static Config cfg() {
-        return new Config(null, null, null, null);
+        return new Config(null, null, null, null, null);
     }
 
     // LogForwarder does not need any ports.
@@ -79,6 +85,9 @@ public class LogForwarder extends AbstractService implements LogforwarderConfig.
         if (config.phoneHomeInterval != null) {
             builder.phoneHomeInterval(config.phoneHomeInterval);
         }
+        if (config.role != null) {
+            builder.role(config.role);
+        }
     }
 
     @Override
diff --git a/config-model/src/main/java/com/yahoo/vespa/model/builder/xml/dom/DomAdminBuilderBase.java b/config-model/src/main/java/com/yahoo/vespa/model/builder/xml/dom/DomAdminBuilderBase.java
index 9280f0ceb9a..7d7c89b51cb 100644
--- a/config-model/src/main/java/com/yahoo/vespa/model/builder/xml/dom/DomAdminBuilderBase.java
+++ b/config-model/src/main/java/com/yahoo/vespa/model/builder/xml/dom/DomAdminBuilderBase.java
@@ -21,6 +21,9 @@ import com.yahoo.vespa.model.admin.monitoring.builder.Metrics;
 import com.yahoo.vespa.model.admin.monitoring.builder.PredefinedMetricSets;
 import com.yahoo.vespa.model.admin.monitoring.builder.xml.MetricsBuilder;
 import org.w3c.dom.Element;
+
+import java.net.URI;
+import java.net.URISyntaxException;
 import java.util.ArrayList;
 import java.util.List;
 import java.util.Optional;
@@ -98,7 +101,7 @@ public abstract class DomAdminBuilderBase extends VespaDomBuilder.DomConfigProdu
         return Optional.empty();
     }
 
-    void addLogForwarders(ModelElement logForwardingElement, Admin admin) {
+    void addLogForwarders(ModelElement logForwardingElement, Admin admin, DeployState deployState) {
         if (logForwardingElement == null) return;
         boolean alsoForAdminCluster = logForwardingElement.booleanAttribute("include-admin");
         for (ModelElement e : logForwardingElement.children("splunk")) {
@@ -106,7 +109,8 @@ public abstract class DomAdminBuilderBase extends VespaDomBuilder.DomConfigProdu
 		    .withSplunkHome(e.stringAttribute("splunk-home"))
 		    .withDeploymentServer(e.stringAttribute("deployment-server"))
 		    .withClientName(e.stringAttribute("client-name"))
-            .withPhoneHomeInterval(e.integerAttribute("phone-home-interval"));
+            .withPhoneHomeInterval(e.integerAttribute("phone-home-interval"))
+            .withRole(parseLogforwarderRole(e.stringAttribute("role"), deployState));
             admin.setLogForwarderConfig(cfg, alsoForAdminCluster);
         }
     }
@@ -130,4 +134,26 @@ public abstract class DomAdminBuilderBase extends VespaDomBuilder.DomConfigProdu
         }
     }
 
+    private String parseLogforwarderRole(String role, DeployState deployState) {
+        if (role == null)
+            return null;
+        if (deployState.zone().system().isPublic())
+            throw new IllegalArgumentException("Logforwarder role not supported in public systems");
+
+        try {
+            // Currently only support athenz roles on format athenz://<domain>/role/<role>
+            var roleUri = new URI(role);
+            if (!"athenz".equals(roleUri.getScheme()))
+                throw new IllegalArgumentException("Unsupported role type: " + roleUri.getScheme());
+            var domain = roleUri.getAuthority();
+            var path = roleUri.getPath().split("/");
+            if (path.length != 3)
+                throw new IllegalArgumentException("Invalid role path: " + roleUri.getPath());
+            var roleName = path[2];
+            return domain + ":role." + roleName;
+        } catch (URISyntaxException e) {
+            throw new IllegalArgumentException("Invalid logforwarder role format: " + role);
+        }
+    }
+
 }
diff --git a/config-model/src/main/java/com/yahoo/vespa/model/builder/xml/dom/DomAdminV2Builder.java b/config-model/src/main/java/com/yahoo/vespa/model/builder/xml/dom/DomAdminV2Builder.java
index 7a7092b04dd..152f7e03a4c 100644
--- a/config-model/src/main/java/com/yahoo/vespa/model/builder/xml/dom/DomAdminV2Builder.java
+++ b/config-model/src/main/java/com/yahoo/vespa/model/builder/xml/dom/DomAdminV2Builder.java
@@ -47,7 +47,7 @@ public class DomAdminV2Builder extends DomAdminBuilderBase {
         if ( ! admin.multitenant())
             admin.setClusterControllers(addConfiguredClusterControllers(deployState, admin, adminE), deployState);
 
-        addLogForwarders(new ModelElement(adminE).child("logforwarding"), admin);
+        addLogForwarders(new ModelElement(adminE).child("logforwarding"), admin, deployState);
         addLoggingSpecs(new ModelElement(adminE).child("logging"), admin);
     }
 
diff --git a/config-model/src/main/java/com/yahoo/vespa/model/builder/xml/dom/DomAdminV4Builder.java b/config-model/src/main/java/com/yahoo/vespa/model/builder/xml/dom/DomAdminV4Builder.java
index 80000e54b1b..4990ddc9a53 100644
--- a/config-model/src/main/java/com/yahoo/vespa/model/builder/xml/dom/DomAdminV4Builder.java
+++ b/config-model/src/main/java/com/yahoo/vespa/model/builder/xml/dom/DomAdminV4Builder.java
@@ -55,7 +55,7 @@ public class DomAdminV4Builder extends DomAdminBuilderBase {
         assignSlobroks(deployState, requestedSlobroks.orElse(NodesSpecification.nonDedicated(3, context)), admin);
         assignLogserver(deployState, requestedLogservers.orElse(createNodesSpecificationForLogserver()), admin);
 
-        addLogForwarders(adminElement.child("logforwarding"), admin);
+        addLogForwarders(adminElement.child("logforwarding"), admin, deployState);
         addLoggingSpecs(adminElement.child("logging"), admin);
     }
 
diff --git a/config-model/src/main/resources/schema/admin.rnc b/config-model/src/main/resources/schema/admin.rnc
index 392572e1f12..98ab2e61783 100644
--- a/config-model/src/main/resources/schema/admin.rnc
+++ b/config-model/src/main/resources/schema/admin.rnc
@@ -112,7 +112,8 @@ LogForwarding = element logforwarding {
         attribute splunk-home { xsd:string }? &
         attribute deployment-server { xsd:string } &
         attribute client-name { xsd:string } &
-        attribute phone-home-interval { xsd:positiveInteger }?
+        attribute phone-home-interval { xsd:positiveInteger }? &
+        attribute role { xsd:string }?
     }
 }
 
diff --git a/config-model/src/test/java/com/yahoo/vespa/model/admin/DedicatedAdminV4Test.java b/config-model/src/test/java/com/yahoo/vespa/model/admin/DedicatedAdminV4Test.java
index a8ffc625ee6..b809f25ced2 100644
--- a/config-model/src/test/java/com/yahoo/vespa/model/admin/DedicatedAdminV4Test.java
+++ b/config-model/src/test/java/com/yahoo/vespa/model/admin/DedicatedAdminV4Test.java
@@ -146,7 +146,7 @@ public class DedicatedAdminV4Test {
                 "    <slobroks><nodes count='2' dedicated='true'/></slobroks>" +
                 "    <logservers><nodes count='1' dedicated='true'/></logservers>" +
                 "    <logforwarding include-admin='true'>" +
-                "      <splunk deployment-server='foo:123' client-name='foocli' phone-home-interval='900'/>" +
+                "      <splunk deployment-server='foo:123' client-name='foocli' phone-home-interval='900' role='athenz://some-domain/role/role-name'/>" +
                 "    </logforwarding>" +
                 "  </admin>" +
                 "</services>";
@@ -176,6 +176,7 @@ public class DedicatedAdminV4Test {
             assertEquals("foocli", config.clientName());
             assertEquals("/opt/splunkforwarder", config.splunkHome());
             assertEquals(900, config.phoneHomeInterval());
+            assertEquals("some-domain:role.role-name", config.role());
         }
 
         // Other host's forwarder
@@ -188,6 +189,7 @@ public class DedicatedAdminV4Test {
             assertEquals("foocli", config.clientName());
             assertEquals("/opt/splunkforwarder", config.splunkHome());
             assertEquals(900, config.phoneHomeInterval());
+            assertEquals("some-domain:role.role-name", config.role());
         }
     }
 
diff --git a/configdefinitions/src/vespa/logforwarder.def b/configdefinitions/src/vespa/logforwarder.def
index 60a607098e0..4f6b3fc61a7 100644
--- a/configdefinitions/src/vespa/logforwarder.def
+++ b/configdefinitions/src/vespa/logforwarder.def
@@ -7,3 +7,4 @@ deploymentServer string default=""
 clientName string default=""
 splunkHome string default="/opt/splunkforwarder"
 phoneHomeInterval int default=60
+role string default=""
author	Ola Aunronning <olaa@yahooinc.com>	2023-04-21 11:39:56 +0200
committer	Ola Aunronning <olaa@yahooinc.com>	2023-04-21 11:48:07 +0200
commit	5c09a92e7e3846d11640a910fec5a4f92ce875aa (patch)
tree	19f25ec5672eea6b565b022d55d313c0d950432e
parent	ee11975355ecbe2d0ba250e2a86cf2774013609c (diff)