Merge pull request #26806 from vespa-engine/olaa/splunk-role

Add splunk role config
author: Morten Tokle <mortent@yahooinc.com> 2023-04-24 09:23:44 +0100
committer: GitHub <noreply@github.com> 2023-04-24 09:23:44 +0100
commit: e03b1e5d5a779e1f0be30db2ab73f0b600adcf3f (patch)
tree: 6d8875c303bb653472d197871630b3ab73524cff
parent: 29f4d37d8044fac4180ceb681971ea862aca1d28 (diff)
parent: 605c834b91bc65627fc9f7b76cef1095c44bb7bc (diff)
7 files changed, 46 insertions, 12 deletions
diff --git a/config-model/src/main/java/com/yahoo/vespa/model/admin/LogForwarder.java b/config-model/src/main/java/com/yahoo/vespa/model/admin/LogForwarder.java
index 6284c0bc625..beb96ab8cc8 100644
--- a/config-model/src/main/java/com/yahoo/vespa/model/admin/LogForwarder.java
+++ b/config-model/src/main/java/com/yahoo/vespa/model/admin/LogForwarder.java
@@ -14,24 +14,30 @@ public class LogForwarder extends AbstractService implements LogforwarderConfig.
         public final String clientName;
         public final String splunkHome;
         public final Integer phoneHomeInterval;
+        public final String role;
 
-        private Config(String ds, String cn, String sh, Integer phi) {
+        private Config(String ds, String cn, String sh, Integer phi, String role) {
             this.deploymentServer = ds;
             this.clientName = cn;
             this.splunkHome = sh;
             this.phoneHomeInterval = phi;
+            this.role = role;
         }
         public Config withDeploymentServer(String ds) {
-            return new Config(ds, clientName, splunkHome, phoneHomeInterval);
+            return new Config(ds, clientName, splunkHome, phoneHomeInterval, role);
         }
         public Config withClientName(String cn) {
-            return new Config(deploymentServer, cn, splunkHome, phoneHomeInterval);
+            return new Config(deploymentServer, cn, splunkHome, phoneHomeInterval, role);
         }
         public Config withSplunkHome(String sh) {
-            return new Config(deploymentServer, clientName, sh, phoneHomeInterval);
+            return new Config(deploymentServer, clientName, sh, phoneHomeInterval, role);
         }
         public Config withPhoneHomeInterval(Integer phi) {
-            return new Config(deploymentServer, clientName, splunkHome, phi);
+            return new Config(deploymentServer, clientName, splunkHome, phi, role);
+        }
+
+        public Config withRole(String role) {
+            return new Config(deploymentServer, clientName, splunkHome, phoneHomeInterval, role);
         }
     }
 
@@ -49,7 +55,7 @@ public class LogForwarder extends AbstractService implements LogforwarderConfig.
     }
 
     public static Config cfg() {
-        return new Config(null, null, null, null);
+        return new Config(null, null, null, null, null);
     }
 
     // LogForwarder does not need any ports.
@@ -79,6 +85,9 @@ public class LogForwarder extends AbstractService implements LogforwarderConfig.
         if (config.phoneHomeInterval != null) {
             builder.phoneHomeInterval(config.phoneHomeInterval);
         }
+        if (config.role != null) {
+            builder.role(config.role);
+        }
     }
 
     @Override
diff --git a/config-model/src/main/java/com/yahoo/vespa/model/builder/xml/dom/DomAdminBuilderBase.java b/config-model/src/main/java/com/yahoo/vespa/model/builder/xml/dom/DomAdminBuilderBase.java
index 9280f0ceb9a..df998e75268 100644
--- a/config-model/src/main/java/com/yahoo/vespa/model/builder/xml/dom/DomAdminBuilderBase.java
+++ b/config-model/src/main/java/com/yahoo/vespa/model/builder/xml/dom/DomAdminBuilderBase.java
@@ -21,9 +21,11 @@ import com.yahoo.vespa.model.admin.monitoring.builder.Metrics;
 import com.yahoo.vespa.model.admin.monitoring.builder.PredefinedMetricSets;
 import com.yahoo.vespa.model.admin.monitoring.builder.xml.MetricsBuilder;
 import org.w3c.dom.Element;
+
 import java.util.ArrayList;
 import java.util.List;
 import java.util.Optional;
+import java.util.regex.Pattern;
 
 /**
  * A base class for admin model builders, to support common functionality across versions.
@@ -98,7 +100,7 @@ public abstract class DomAdminBuilderBase extends VespaDomBuilder.DomConfigProdu
         return Optional.empty();
     }
 
-    void addLogForwarders(ModelElement logForwardingElement, Admin admin) {
+    void addLogForwarders(ModelElement logForwardingElement, Admin admin, DeployState deployState) {
         if (logForwardingElement == null) return;
         boolean alsoForAdminCluster = logForwardingElement.booleanAttribute("include-admin");
         for (ModelElement e : logForwardingElement.children("splunk")) {
@@ -106,7 +108,8 @@ public abstract class DomAdminBuilderBase extends VespaDomBuilder.DomConfigProdu
 		    .withSplunkHome(e.stringAttribute("splunk-home"))
 		    .withDeploymentServer(e.stringAttribute("deployment-server"))
 		    .withClientName(e.stringAttribute("client-name"))
-            .withPhoneHomeInterval(e.integerAttribute("phone-home-interval"));
+            .withPhoneHomeInterval(e.integerAttribute("phone-home-interval"))
+            .withRole(parseLogforwarderRole(e.stringAttribute("role"), deployState));
             admin.setLogForwarderConfig(cfg, alsoForAdminCluster);
         }
     }
@@ -130,4 +133,22 @@ public abstract class DomAdminBuilderBase extends VespaDomBuilder.DomConfigProdu
         }
     }
 
+    private String parseLogforwarderRole(String role, DeployState deployState) {
+        if (role == null)
+            return null;
+        if (deployState.zone().system().isPublic())
+            throw new IllegalArgumentException("Logforwarder role not supported in public systems");
+
+        // Currently only support athenz roles on format athenz://<domain>/role/<role>
+        var rolePattern = Pattern.compile("(?<scheme>athenz)://" +
+                "(?<domain>[a-zA-Z0-9_][a-zA-Z0-9_.-]*[a-zA-Z0-9_])" +
+                "/role/" +
+                "(?<role>[a-zA-Z0-9_][a-zA-Z0-9_.-]*[a-zA-Z0-9_])");
+        var matcher = rolePattern.matcher(role);
+        if (!matcher.matches()) {
+            throw new IllegalArgumentException("Invalid role path " + role);
+        }
+        return matcher.group("domain") + ":role." + matcher.group("role");
+    }
+
 }
diff --git a/config-model/src/main/java/com/yahoo/vespa/model/builder/xml/dom/DomAdminV2Builder.java b/config-model/src/main/java/com/yahoo/vespa/model/builder/xml/dom/DomAdminV2Builder.java
index 7a7092b04dd..152f7e03a4c 100644
--- a/config-model/src/main/java/com/yahoo/vespa/model/builder/xml/dom/DomAdminV2Builder.java
+++ b/config-model/src/main/java/com/yahoo/vespa/model/builder/xml/dom/DomAdminV2Builder.java
@@ -47,7 +47,7 @@ public class DomAdminV2Builder extends DomAdminBuilderBase {
         if ( ! admin.multitenant())
             admin.setClusterControllers(addConfiguredClusterControllers(deployState, admin, adminE), deployState);
 
-        addLogForwarders(new ModelElement(adminE).child("logforwarding"), admin);
+        addLogForwarders(new ModelElement(adminE).child("logforwarding"), admin, deployState);
         addLoggingSpecs(new ModelElement(adminE).child("logging"), admin);
     }
 
diff --git a/config-model/src/main/java/com/yahoo/vespa/model/builder/xml/dom/DomAdminV4Builder.java b/config-model/src/main/java/com/yahoo/vespa/model/builder/xml/dom/DomAdminV4Builder.java
index 80000e54b1b..4990ddc9a53 100644
--- a/config-model/src/main/java/com/yahoo/vespa/model/builder/xml/dom/DomAdminV4Builder.java
+++ b/config-model/src/main/java/com/yahoo/vespa/model/builder/xml/dom/DomAdminV4Builder.java
@@ -55,7 +55,7 @@ public class DomAdminV4Builder extends DomAdminBuilderBase {
         assignSlobroks(deployState, requestedSlobroks.orElse(NodesSpecification.nonDedicated(3, context)), admin);
         assignLogserver(deployState, requestedLogservers.orElse(createNodesSpecificationForLogserver()), admin);
 
-        addLogForwarders(adminElement.child("logforwarding"), admin);
+        addLogForwarders(adminElement.child("logforwarding"), admin, deployState);
         addLoggingSpecs(adminElement.child("logging"), admin);
     }
 
diff --git a/config-model/src/main/resources/schema/admin.rnc b/config-model/src/main/resources/schema/admin.rnc
index 392572e1f12..98ab2e61783 100644
--- a/config-model/src/main/resources/schema/admin.rnc
+++ b/config-model/src/main/resources/schema/admin.rnc
@@ -112,7 +112,8 @@ LogForwarding = element logforwarding {
         attribute splunk-home { xsd:string }? &
         attribute deployment-server { xsd:string } &
         attribute client-name { xsd:string } &
-        attribute phone-home-interval { xsd:positiveInteger }?
+        attribute phone-home-interval { xsd:positiveInteger }? &
+        attribute role { xsd:string }?
     }
 }
 
diff --git a/config-model/src/test/java/com/yahoo/vespa/model/admin/DedicatedAdminV4Test.java b/config-model/src/test/java/com/yahoo/vespa/model/admin/DedicatedAdminV4Test.java
index a8ffc625ee6..b809f25ced2 100644
--- a/config-model/src/test/java/com/yahoo/vespa/model/admin/DedicatedAdminV4Test.java
+++ b/config-model/src/test/java/com/yahoo/vespa/model/admin/DedicatedAdminV4Test.java
@@ -146,7 +146,7 @@ public class DedicatedAdminV4Test {
                 "    <slobroks><nodes count='2' dedicated='true'/></slobroks>" +
                 "    <logservers><nodes count='1' dedicated='true'/></logservers>" +
                 "    <logforwarding include-admin='true'>" +
-                "      <splunk deployment-server='foo:123' client-name='foocli' phone-home-interval='900'/>" +
+                "      <splunk deployment-server='foo:123' client-name='foocli' phone-home-interval='900' role='athenz://some-domain/role/role-name'/>" +
                 "    </logforwarding>" +
                 "  </admin>" +
                 "</services>";
@@ -176,6 +176,7 @@ public class DedicatedAdminV4Test {
             assertEquals("foocli", config.clientName());
             assertEquals("/opt/splunkforwarder", config.splunkHome());
             assertEquals(900, config.phoneHomeInterval());
+            assertEquals("some-domain:role.role-name", config.role());
         }
 
         // Other host's forwarder
@@ -188,6 +189,7 @@ public class DedicatedAdminV4Test {
             assertEquals("foocli", config.clientName());
             assertEquals("/opt/splunkforwarder", config.splunkHome());
             assertEquals(900, config.phoneHomeInterval());
+            assertEquals("some-domain:role.role-name", config.role());
         }
     }
 
diff --git a/configdefinitions/src/vespa/logforwarder.def b/configdefinitions/src/vespa/logforwarder.def
index 60a607098e0..4f6b3fc61a7 100644
--- a/configdefinitions/src/vespa/logforwarder.def
+++ b/configdefinitions/src/vespa/logforwarder.def
@@ -7,3 +7,4 @@ deploymentServer string default=""
 clientName string default=""
 splunkHome string default="/opt/splunkforwarder"
 phoneHomeInterval int default=60
+role string default=""
author	Morten Tokle <mortent@yahooinc.com>	2023-04-24 09:23:44 +0100
committer	GitHub <noreply@github.com>	2023-04-24 09:23:44 +0100
commit	e03b1e5d5a779e1f0be30db2ab73f0b600adcf3f (patch)
tree	6d8875c303bb653472d197871630b3ab73524cff
parent	29f4d37d8044fac4180ceb681971ea862aca1d28 (diff)
parent	605c834b91bc65627fc9f7b76cef1095c44bb7bc (diff)