Merge pull request #12681 from vespa-engine/jonmv/cleanup-after-user-tenants

Remove more user tenant leftovers
author: Jon Marius Venstad <jonmv@users.noreply.github.com> 2020-03-30 11:16:12 +0200
committer: GitHub <noreply@github.com> 2020-03-30 11:16:12 +0200
commit: 27148ddb441e25a7a9ed5dadf7b54edd6f5ac353 (patch)
tree: 5e29f3a1e2d2a8d4a02817db7b50f7da356cb44b
parent: 4609c89fca91eeaeff67e147cc845ac75b3856e5 (diff)
parent: 53b5efffada6ccd0a02800e13bf388270c0901c1 (diff)
9 files changed, 2 insertions, 103 deletions
diff --git a/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/identifiers/TenantId.java b/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/identifiers/TenantId.java
index 4974192e213..3ac24bac7ca 100644
--- a/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/identifiers/TenantId.java
+++ b/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/identifiers/TenantId.java
@@ -10,10 +10,6 @@ public class TenantId extends NonDefaultIdentifier {
         super(id);
     }
 
-    public boolean isUser() {
-        return id().startsWith("by-");
-    }
-
     @Override
     public void validate() {
         super.validate();
diff --git a/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/identifiers/UserId.java b/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/identifiers/UserId.java
index d2effc76827..f1a8e57ab03 100644
--- a/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/identifiers/UserId.java
+++ b/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/identifiers/UserId.java
@@ -10,8 +10,4 @@ public class UserId extends NonDefaultIdentifier {
         super(id);
     }
 
-    public TenantId toTenantId() {
-        return new TenantId("by-" + id().replace('_', '-'));
-    }
-
 }
diff --git a/controller-api/src/test/java/com/yahoo/vespa/hosted/controller/api/identifiers/IdentifierTest.java b/controller-api/src/test/java/com/yahoo/vespa/hosted/controller/api/identifiers/IdentifierTest.java
index 8e278240a02..fdba1ab2680 100644
--- a/controller-api/src/test/java/com/yahoo/vespa/hosted/controller/api/identifiers/IdentifierTest.java
+++ b/controller-api/src/test/java/com/yahoo/vespa/hosted/controller/api/identifiers/IdentifierTest.java
@@ -107,11 +107,6 @@ public class IdentifierTest {
     }
 
     @Test
-    public void user_tenant_id_does_not_contain_underscore() {
-        assertEquals("by-under-score-user", new UserId("under_score_user").toTenantId().id());
-    }
-
-    @Test
     public void dns_names_has_no_underscore() {
         assertEquals("a-b-c", new ApplicationId("a_b_c").toDns());
     }
diff --git a/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/restapi/application/ApplicationApiHandler.java b/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/restapi/application/ApplicationApiHandler.java
index be3f4e50dc7..08f22ac778e 100644
--- a/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/restapi/application/ApplicationApiHandler.java
+++ b/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/restapi/application/ApplicationApiHandler.java
@@ -205,7 +205,6 @@ public class ApplicationApiHandler extends LoggingRequestHandler {
 
     private HttpResponse handleGET(Path path, HttpRequest request) {
         if (path.matches("/application/v4/")) return root(request);
-        if (path.matches("/application/v4/user")) return authenticatedUser(request);
         if (path.matches("/application/v4/tenant")) return tenants(request);
         if (path.matches("/application/v4/tenant/{tenant}")) return tenant(path.get("tenant"), request);
         if (path.matches("/application/v4/tenant/{tenant}/cost")) return tenantCost(path.get("tenant"), request);
@@ -248,7 +247,6 @@ public class ApplicationApiHandler extends LoggingRequestHandler {
     }
 
     private HttpResponse handlePUT(Path path, HttpRequest request) {
-        if (path.matches("/application/v4/user")) return new EmptyResponse();
         if (path.matches("/application/v4/tenant/{tenant}")) return updateTenant(path.get("tenant"), request);
         if (path.matches("/application/v4/tenant/{tenant}/application/{application}/instance/{instance}/environment/{environment}/region/{region}/global-rotation/override")) return setGlobalRotationOverride(path.get("tenant"), path.get("application"), path.get("instance"), path.get("environment"), path.get("region"), false, request);
         if (path.matches("/application/v4/tenant/{tenant}/application/{application}/environment/{environment}/region/{region}/instance/{instance}/global-rotation/override")) return setGlobalRotationOverride(path.get("tenant"), path.get("application"), path.get("instance"), path.get("environment"), path.get("region"), false, request);
@@ -325,24 +323,7 @@ public class ApplicationApiHandler extends LoggingRequestHandler {
     private HttpResponse root(HttpRequest request) {
         return recurseOverTenants(request)
                 ? recursiveRoot(request)
-                : new ResourceResponse(request, "user", "tenant");
-    }
-
-    // TODO jonmv: Move to Athenz API.
-    private HttpResponse authenticatedUser(HttpRequest request) {
-        Principal user = requireUserPrincipal(request);
-
-        String userName = user instanceof AthenzPrincipal ? ((AthenzPrincipal) user).getIdentity().getName() : user.getName();
-        List<Tenant> tenants = controller.tenants().asList(new Credentials(user));
-
-        Slime slime = new Slime();
-        Cursor response = slime.setObject();
-        response.setString("user", userName);
-        Cursor tenantsArray = response.setArray("tenants");
-        for (Tenant tenant : tenants)
-            tenantInTenantsListToSlime(tenant, request.getUri(), tenantsArray.addObject());
-        response.setBool("tenantExists", true);
-        return new SlimeJsonResponse(slime);
+                : new ResourceResponse(request, "tenant");
     }
 
     private HttpResponse tenants(HttpRequest request) {
diff --git a/controller-server/src/test/java/com/yahoo/vespa/hosted/controller/restapi/application/ApplicationApiTest.java b/controller-server/src/test/java/com/yahoo/vespa/hosted/controller/restapi/application/ApplicationApiTest.java
index fd0981e8427..2752ba64b61 100644
--- a/controller-server/src/test/java/com/yahoo/vespa/hosted/controller/restapi/application/ApplicationApiTest.java
+++ b/controller-server/src/test/java/com/yahoo/vespa/hosted/controller/restapi/application/ApplicationApiTest.java
@@ -176,24 +176,6 @@ public class ApplicationApiTest extends ControllerContainerTest {
                                       .oktaAccessToken(OKTA_AT).oktaIdentityToken(OKTA_IT)
                                       .data("{\"athensDomain\":\"domain1\", \"property\":\"property1\"}"),
                               new File("tenant-without-applications.json"));
-        // GET the authenticated user (with associated tenants)
-        tester.assertResponse(request("/application/v4/user", GET).userIdentity(USER_ID),
-                              new File("user.json"));
-        // TODO jonmv: Remove when dashboard is gone.
-        // PUT a user tenant — does nothing
-        tester.assertResponse(request("/application/v4/user", PUT).userIdentity(USER_ID),
-                              "");
-
-        // GET the authenticated user which now exists (with associated tenants)
-        tester.assertResponse(request("/application/v4/user", GET).userIdentity(USER_ID),
-                              new File("user.json"));
-
-        // DELETE the user — it doesn't exist, so access control fails
-        tester.assertResponse(request("/application/v4/tenant/by-myuser", DELETE).userIdentity(USER_ID),
-                              "{\n  \"code\" : 403,\n  \"message\" : \"Access denied\"\n}", 403);
-        // GET all tenants
-        tester.assertResponse(request("/application/v4/tenant/", GET).userIdentity(USER_ID),
-                              new File("tenant-list.json"));
 
         // GET list of months for a tenant
         tester.assertResponse(request("/application/v4/tenant/tenant1/cost", GET).userIdentity(USER_ID).oktaAccessToken(OKTA_AT).oktaIdentityToken(OKTA_IT),
@@ -783,11 +765,6 @@ public class ApplicationApiTest extends ControllerContainerTest {
                                       .userIdentity(USER_ID),
                               "{\"message\":\"Aborting run 2 of staging-test for tenant1.application1.instance1\"}");
 
-        // GET user lists only tenants for the authenticated user
-        tester.assertResponse(request("/application/v4/user", GET)
-                                      .userIdentity(new UserId("other_user")),
-                              "{\"user\":\"other_user\",\"tenants\":[],\"tenantExists\":true}");
-
         // OPTIONS return 200 OK
         tester.assertResponse(request("/application/v4/", Request.Method.OPTIONS)
                                       .userIdentity(USER_ID),
@@ -1108,14 +1085,6 @@ public class ApplicationApiTest extends ControllerContainerTest {
                               "{\"error-code\":\"BAD_REQUEST\",\"message\":\"New tenant or application names must start with a letter, may contain no more than 20 characters, and may only contain lowercase letters, digits or dashes, but no double-dashes.\"}",
                               400);
 
-        // POST (add) an Athenz tenant with by- prefix
-        tester.assertResponse(request("/application/v4/tenant/by-tenant2", POST)
-                                      .userIdentity(USER_ID)
-                                      .data("{\"athensDomain\":\"domain1\", \"property\":\"property1\"}")
-                                      .oktaAccessToken(OKTA_AT).oktaIdentityToken(OKTA_IT),
-                              "{\"error-code\":\"BAD_REQUEST\",\"message\":\"Athenz tenant name cannot have prefix 'by-'\"}",
-                              400);
-
         // POST (add) an Athenz tenant with a reserved name
         tester.assertResponse(request("/application/v4/tenant/hosted-vespa", POST)
                                       .userIdentity(USER_ID)
@@ -1395,25 +1364,12 @@ public class ApplicationApiTest extends ControllerContainerTest {
         createAthenzDomainWithAdmin(ATHENZ_TENANT_DOMAIN, tenantAdmin);
         allowLaunchOfService(new com.yahoo.vespa.athenz.api.AthenzService(ATHENZ_TENANT_DOMAIN, "service"));
 
-        // Create tenant
-        // PUT (create) the authenticated user
-        tester.assertResponse(request("/application/v4/user?user=new_user&domain=by", PUT)
-                                      .userIdentity(userId), // Normalized to by-new-user by API
-                              "");
-
         ApplicationPackage applicationPackage = new ApplicationPackageBuilder()
                 .athenzIdentity(com.yahoo.config.provision.AthenzDomain.from("domain1"), com.yahoo.config.provision.AthenzService.from("service"))
                 .build();
 
-        // POST (deploy) an application to a dev zone fails because user tenant is used — these do not exist.
-        MultiPartStreamer entity = createApplicationDeployData(applicationPackage, true);
-        tester.assertResponse(request("/application/v4/tenant/by-new-user/application/application1/environment/dev/region/us-west-1/instance/default", POST)
-                                      .data(entity)
-                                      .userIdentity(userId),
-                              "{\n  \"code\" : 403,\n  \"message\" : \"Access denied\"\n}",
-                              403);
-
         createTenantAndApplication();
+        MultiPartStreamer entity = createApplicationDeployData(applicationPackage, true);
         // POST (deploy) an application to dev through a deployment job, with user instance and a proper tenant
         tester.assertResponse(request("/application/v4/tenant/tenant1/application/application1/instance/new-user/deploy/dev-us-east-1", POST)
                                       .data(entity)
@@ -1426,13 +1382,6 @@ public class ApplicationApiTest extends ControllerContainerTest {
                 .domains.get(ATHENZ_TENANT_DOMAIN)
                         .admin(HostedAthenzIdentities.from(userId));
 
-        // POST (deploy) an application to a dev zone fails because user tenant is used — these do not exist.
-        tester.assertResponse(request("/application/v4/tenant/by-new-user/application/application1/environment/dev/region/us-west-1/instance/default", POST)
-                                      .data(entity)
-                                      .userIdentity(userId),
-                              "{\n  \"code\" : 403,\n  \"message\" : \"Access denied\"\n}",
-                              403);
-
         // POST (deploy) an application to dev through a deployment job
         tester.assertResponse(request("/application/v4/tenant/tenant1/application/application1/instance/new-user/deploy/dev-us-east-1", POST)
                                       .data(entity)
diff --git a/controller-server/src/test/java/com/yahoo/vespa/hosted/controller/restapi/application/responses/root.json b/controller-server/src/test/java/com/yahoo/vespa/hosted/controller/restapi/application/responses/root.json
index 986245decca..d63a7ba7d56 100644
--- a/controller-server/src/test/java/com/yahoo/vespa/hosted/controller/restapi/application/responses/root.json
+++ b/controller-server/src/test/java/com/yahoo/vespa/hosted/controller/restapi/application/responses/root.json
@@ -1,9 +1,6 @@
 {
   "resources":[
     {
-      "url":"http://localhost:8080/application/v4/user/"
-    },
-    {
       "url":"http://localhost:8080/application/v4/tenant/"
     }
   ]
diff --git a/controller-server/src/test/java/com/yahoo/vespa/hosted/controller/restapi/application/responses/user-which-exists.json b/controller-server/src/test/java/com/yahoo/vespa/hosted/controller/restapi/application/responses/user-which-exists.json
deleted file mode 100644
index f2703677738..00000000000
--- a/controller-server/src/test/java/com/yahoo/vespa/hosted/controller/restapi/application/responses/user-which-exists.json
+++ /dev/null
@@ -1,5 +0,0 @@
-{
-  "user": "myuser",
-  "tenants": @include(tenant-list-with-user.json),
-  "tenantExists": true
-}
-\ No newline at end of file
diff --git a/controller-server/src/test/java/com/yahoo/vespa/hosted/controller/restapi/application/responses/user.json b/controller-server/src/test/java/com/yahoo/vespa/hosted/controller/restapi/application/responses/user.json
deleted file mode 100644
index 9902267dbb5..00000000000
--- a/controller-server/src/test/java/com/yahoo/vespa/hosted/controller/restapi/application/responses/user.json
+++ /dev/null
@@ -1,5 +0,0 @@
-{
-  "user": "myuser",
-  "tenants": @include(tenant-list.json),
-  "tenantExists": true
-}
-\ No newline at end of file
diff --git a/controller-server/src/test/java/com/yahoo/vespa/hosted/controller/restapi/user/UserApiTest.java b/controller-server/src/test/java/com/yahoo/vespa/hosted/controller/restapi/user/UserApiTest.java
index 6db5bc9f523..51466e5b1e2 100644
--- a/controller-server/src/test/java/com/yahoo/vespa/hosted/controller/restapi/user/UserApiTest.java
+++ b/controller-server/src/test/java/com/yahoo/vespa/hosted/controller/restapi/user/UserApiTest.java
@@ -71,11 +71,6 @@ public class UserApiTest extends ControllerContainerCloudTest {
                                       .data("{\"token\":\"hello\"}"),
                               new File("tenant-without-applications.json"));
 
-        // PUT a tenant is ignored.
-        tester.assertResponse(request("/application/v4/user/", PUT)
-                                      .roles(operator),
-                              "", 200);
-
         // GET at user/v1 root fails as no access control is defined there.
         tester.assertResponse(request("/user/v1/"),
                               accessDenied, 403);
author	Jon Marius Venstad <jonmv@users.noreply.github.com>	2020-03-30 11:16:12 +0200
committer	GitHub <noreply@github.com>	2020-03-30 11:16:12 +0200
commit	27148ddb441e25a7a9ed5dadf7b54edd6f5ac353 (patch)
tree	5e29f3a1e2d2a8d4a02817db7b50f7da356cb44b
parent	4609c89fca91eeaeff67e147cc845ac75b3856e5 (diff)
parent	53b5efffada6ccd0a02800e13bf388270c0901c1 (diff)