diff options
| author | Jon Marius Venstad <jvenstad@yahoo-inc.com> | 2019-03-21 12:03:42 +0100 |
|---|---|---|
| committer | Jon Marius Venstad <jvenstad@yahoo-inc.com> | 2019-03-21 12:08:59 +0100 |
| commit | 4ee18dcae886e06bcb471c48ce4a667c0ba651e4 (patch) | |
| tree | e0e4c3278f092effaebf28f10acfe0e7cbd1e0c3 | |
| parent | 28f88d339d58aa00ded654c19693364d940e44c5 (diff) | |
Rename Claim to Spec, and update some doc
13 files changed, 88 insertions, 100 deletions
diff --git a/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/TenantController.java b/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/TenantController.java index 9fb36f44959..d6ccd47e35d 100644 --- a/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/TenantController.java +++ b/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/TenantController.java @@ -6,13 +6,12 @@ import com.yahoo.vespa.curator.Lock; import com.yahoo.vespa.hosted.controller.concurrent.Once; import com.yahoo.vespa.hosted.controller.security.AccessControl; import com.yahoo.vespa.hosted.controller.security.Credentials; -import com.yahoo.vespa.hosted.controller.security.TenantClaim; +import com.yahoo.vespa.hosted.controller.security.TenantSpec; import com.yahoo.vespa.hosted.controller.persistence.CuratorDb; import com.yahoo.vespa.hosted.controller.tenant.AthenzTenant; import com.yahoo.vespa.hosted.controller.tenant.Tenant; import com.yahoo.vespa.hosted.controller.tenant.UserTenant; -import java.security.Principal; import java.time.Duration; import java.time.Instant; import java.util.Comparator; @@ -102,11 +101,11 @@ public class TenantController { } } - /** Create a tenant, provided the given permit is valid. */ - public void create(TenantClaim claim, Credentials credentials) { - try (Lock lock = lock(claim.tenant())) { - requireNonExistent(claim.tenant()); - curator.writeTenant(accessControl.createTenant(claim, credentials, asList())); + /** Create a tenant, provided the given credentials are valid. */ + public void create(TenantSpec tenantSpec, Credentials credentials) { + try (Lock lock = lock(tenantSpec.tenant())) { + requireNonExistent(tenantSpec.tenant()); + curator.writeTenant(accessControl.createTenant(tenantSpec, credentials, asList())); } } @@ -132,14 +131,14 @@ public class TenantController { return athenzTenant(name).orElseThrow(() -> new IllegalArgumentException("Tenant '" + name + "' not found")); } - /** Updates the tenant contained in the given claim with new data. */ - public void update(TenantClaim claim, Credentials credentials) { - try (Lock lock = lock(claim.tenant())) { - curator.writeTenant(accessControl.updateTenant(claim, credentials, asList(), controller.applications().asList(claim.tenant()))); + /** Updates the tenant contained in the given tenant spec with new data. */ + public void update(TenantSpec tenantSpec, Credentials credentials) { + try (Lock lock = lock(tenantSpec.tenant())) { + curator.writeTenant(accessControl.updateTenant(tenantSpec, credentials, asList(), controller.applications().asList(tenantSpec.tenant()))); } } - /** Deletes the tenant in the given claim. */ + /** Deletes the given tenant. */ public void delete(TenantName tenant, Credentials credentials) { try (Lock lock = lock(tenant)) { require(tenant); diff --git a/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/athenz/impl/AthenzFacade.java b/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/athenz/impl/AthenzFacade.java index 458ae70e384..68b8535ff10 100644 --- a/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/athenz/impl/AthenzFacade.java +++ b/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/athenz/impl/AthenzFacade.java @@ -20,16 +20,15 @@ import com.yahoo.vespa.hosted.controller.Application; import com.yahoo.vespa.hosted.controller.api.integration.athenz.AthenzClientFactory; import com.yahoo.vespa.hosted.controller.athenz.ApplicationAction; import com.yahoo.vespa.hosted.controller.security.AthenzCredentials; -import com.yahoo.vespa.hosted.controller.security.AthenzTenantClaim; +import com.yahoo.vespa.hosted.controller.security.AthenzTenantSpec; import com.yahoo.vespa.hosted.controller.security.AccessControl; import com.yahoo.vespa.hosted.controller.security.Credentials; -import com.yahoo.vespa.hosted.controller.security.TenantClaim; +import com.yahoo.vespa.hosted.controller.security.TenantSpec; import com.yahoo.vespa.hosted.controller.tenant.AthenzTenant; import com.yahoo.vespa.hosted.controller.tenant.Tenant; import com.yahoo.vespa.hosted.controller.tenant.UserTenant; import javax.ws.rs.ForbiddenException; -import java.security.Principal; import java.util.Arrays; import java.util.List; import java.util.Optional; @@ -60,8 +59,8 @@ public class AthenzFacade implements AccessControl { } @Override - public Tenant createTenant(TenantClaim claim, Credentials credentials, List<Tenant> existing) { - AthenzTenantClaim athenzClaim = (AthenzTenantClaim) claim; + public Tenant createTenant(TenantSpec tenantSpec, Credentials credentials, List<Tenant> existing) { + AthenzTenantSpec spec = (AthenzTenantSpec) tenantSpec; AthenzCredentials athenzCredentials = (AthenzCredentials) credentials; AthenzDomain domain = athenzCredentials.domain(); @@ -72,13 +71,13 @@ public class AthenzFacade implements AccessControl { && domain.equals(((AthenzTenant) tenant).domain())) .findAny(); - AthenzTenant tenant = AthenzTenant.create(athenzClaim.tenant(), + AthenzTenant tenant = AthenzTenant.create(spec.tenant(), domain, - athenzClaim.property().orElseThrow(() -> new IllegalArgumentException("Must provide property.")), - athenzClaim.propertyId()); + spec.property().orElseThrow(() -> new IllegalArgumentException("Must provide property.")), + spec.propertyId()); if (existingWithSameDomain.isPresent()) { // Throw if domain is already taken. - throw new IllegalArgumentException("Could not create tenant '" + athenzClaim.tenant().value() + + throw new IllegalArgumentException("Could not create tenant '" + spec.tenant().value() + "': The Athens domain '" + domain.getName() + "' is already connected to tenant '" + existingWithSameDomain.get().name().value() + "'"); @@ -92,8 +91,8 @@ public class AthenzFacade implements AccessControl { } @Override - public Tenant updateTenant(TenantClaim claim, Credentials credentials, List<Tenant> existing, List<Application> applications) { - AthenzTenantClaim athenzClaim = (AthenzTenantClaim) claim; + public Tenant updateTenant(TenantSpec tenantSpec, Credentials credentials, List<Tenant> existing, List<Application> applications) { + AthenzTenantSpec spec = (AthenzTenantSpec) tenantSpec; AthenzCredentials athenzCredentials = (AthenzCredentials) credentials; AthenzDomain domain = athenzCredentials.domain(); @@ -104,11 +103,10 @@ public class AthenzFacade implements AccessControl { && domain.equals(((AthenzTenant) tenant).domain())) .findAny(); - Tenant tenant = AthenzTenant.create(athenzClaim.tenant(), + Tenant tenant = AthenzTenant.create(spec.tenant(), domain, - athenzClaim.property() - .orElseThrow(() -> new IllegalArgumentException("Must provide property.")), - athenzClaim.propertyId()); + spec.property().orElseThrow(() -> new IllegalArgumentException("Must provide property.")), + spec.propertyId()); int index = existing.indexOf(tenant); if (index == -1) throw new IllegalArgumentException("Cannot update a non-existent tenant."); @@ -116,7 +114,7 @@ public class AthenzFacade implements AccessControl { if (existingWithSameDomain.isPresent()) { // Throw if domain taken by someone else, or do nothing if taken by this tenant. if ( ! existingWithSameDomain.get().equals(oldTenant)) - throw new IllegalArgumentException("Could not create tenant '" + athenzClaim.tenant().value() + + throw new IllegalArgumentException("Could not create tenant '" + spec.tenant().value() + "': The Athens domain '" + domain.getName() + "' is already connected to tenant '" + existingWithSameDomain.get().name().value() + "'"); diff --git a/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/restapi/application/ApplicationApiHandler.java b/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/restapi/application/ApplicationApiHandler.java index 8cdd20e788d..99678367a77 100644 --- a/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/restapi/application/ApplicationApiHandler.java +++ b/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/restapi/application/ApplicationApiHandler.java @@ -740,16 +740,16 @@ public class ApplicationApiHandler extends LoggingRequestHandler { getTenantOrThrow(tenantName); TenantName tenant = TenantName.from(tenantName); Inspector requestObject = toSlime(request.getData()).get(); - controller.tenants().update(accessControlRequests.getTenantClaim(tenant, requestObject), - accessControlRequests.getCredentials(tenant, requestObject, request.getJDiscRequest())); + controller.tenants().update(accessControlRequests.specification(tenant, requestObject), + accessControlRequests.credentials(tenant, requestObject, request.getJDiscRequest())); return tenant(controller.tenants().require(TenantName.from(tenantName)), request); } private HttpResponse createTenant(String tenantName, HttpRequest request) { TenantName tenant = TenantName.from(tenantName); Inspector requestObject = toSlime(request.getData()).get(); - controller.tenants().create(accessControlRequests.getTenantClaim(tenant, requestObject), - accessControlRequests.getCredentials(tenant, requestObject, request.getJDiscRequest())); + controller.tenants().create(accessControlRequests.specification(tenant, requestObject), + accessControlRequests.credentials(tenant, requestObject, request.getJDiscRequest())); return tenant(controller.tenants().require(TenantName.from(tenantName)), request); } @@ -759,7 +759,7 @@ public class ApplicationApiHandler extends LoggingRequestHandler { try { Optional<Credentials> credentials = controller.tenants().require(id.tenant()).type() == Tenant.Type.user ? Optional.empty() - : Optional.of(accessControlRequests.getCredentials(id.tenant(), requestObject, request.getJDiscRequest())); + : Optional.of(accessControlRequests.credentials(id.tenant(), requestObject, request.getJDiscRequest())); Application application = controller.applications().createApplication(id, credentials); Slime slime = new Slime(); @@ -962,9 +962,9 @@ public class ApplicationApiHandler extends LoggingRequestHandler { controller.tenants().deleteUser((UserTenant) tenant.get()); else controller.tenants().delete(tenant.get().name(), - accessControlRequests.getCredentials(tenant.get().name(), - toSlime(request.getData()).get(), - request.getJDiscRequest())); + accessControlRequests.credentials(tenant.get().name(), + toSlime(request.getData()).get(), + request.getJDiscRequest())); // TODO: Change to a message response saying the tenant was deleted return tenant(tenant.get(), request); @@ -974,7 +974,7 @@ public class ApplicationApiHandler extends LoggingRequestHandler { ApplicationId id = ApplicationId.from(tenantName, applicationName, "default"); Optional<Credentials> credentials = controller.tenants().require(id.tenant()).type() == Tenant.Type.user ? Optional.empty() - : Optional.of(accessControlRequests.getCredentials(id.tenant(), toSlime(request.getData()).get(), request.getJDiscRequest())); + : Optional.of(accessControlRequests.credentials(id.tenant(), toSlime(request.getData()).get(), request.getJDiscRequest())); controller.applications().deleteApplication(id, credentials); return new EmptyJsonResponse(); // TODO: Replicates current behavior but should return a message response instead } diff --git a/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/security/AccessControl.java b/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/security/AccessControl.java index 5398f16e032..4ce797fddb2 100644 --- a/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/security/AccessControl.java +++ b/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/security/AccessControl.java @@ -5,40 +5,41 @@ import com.yahoo.config.provision.TenantName; import com.yahoo.vespa.hosted.controller.Application; import com.yahoo.vespa.hosted.controller.tenant.Tenant; -import java.security.Principal; import java.util.List; -import java.util.Optional; /** * Stores permissions for tenant and application resources. * + * The signatures use vague types, and the exact types is a contract between this and the + * {@link AccessControlRequests} generating data consumed by this. + * * @author jonmv */ public interface AccessControl { /** - * Sets up permissions for a tenant, based on the given claim, or throws. + * Sets up access control based on the given credentials, and returns a tenant, based on the given specification. * - * @param tenantClaim claim for the tenant to create + * @param tenantSpec specification for the tenant to create * @param credentials the credentials for the entity requesting the creation * @param existing list of existing tenants, to check for conflicts * @return the created tenant, for keeping */ - Tenant createTenant(TenantClaim tenantClaim, Credentials credentials, List<Tenant> existing); + Tenant createTenant(TenantSpec tenantSpec, Credentials credentials, List<Tenant> existing); /** - * Modifies up permissions for a tenant, based on the given claim, or throws. + * Modifies access control based on the given credentials, and returns a modified tenant, based on the given specification. * - * @param tenantClaim claim for the tenant to update + * @param tenantSpec specification for the tenant to update * @param credentials the credentials for the entity requesting the update * @param existing list of existing tenants, to check for conflicts * @param applications list of applications this tenant already owns * @return the updated tenant, for keeping */ - Tenant updateTenant(TenantClaim tenantClaim, Credentials credentials, List<Tenant> existing, List<Application> applications); + Tenant updateTenant(TenantSpec tenantSpec, Credentials credentials, List<Tenant> existing, List<Application> applications); /** - * Removes all permissions for tenant in the given claim, and for any applications it owns, or throws. + * Deletes access control for the given tenant. * * @param tenant the tenant to delete * @param credentials the credentials for the entity requesting the deletion @@ -46,7 +47,7 @@ public interface AccessControl { void deleteTenant(TenantName tenant, Credentials credentials); /** - * Sets up permissions for an application, based on the given claim, or throws. + * Sets up access control for the given application, based on the given credentials. * * @param application the ID of the application to create * @param credentials the credentials for the entity requesting the creation @@ -54,7 +55,7 @@ public interface AccessControl { void createApplication(ApplicationId application, Credentials credentials); /** - * Removes access control for the given application. + * Deletes access control for the given tenant. * * @param id the ID of the application to delete * @param credentials the credentials for the entity requesting the deletion diff --git a/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/security/AccessControlRequests.java b/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/security/AccessControlRequests.java index 7a4fe18546e..bff750db7c3 100644 --- a/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/security/AccessControlRequests.java +++ b/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/security/AccessControlRequests.java @@ -1,23 +1,20 @@ package com.yahoo.vespa.hosted.controller.security; -import com.yahoo.config.provision.ApplicationId; import com.yahoo.config.provision.TenantName; import com.yahoo.jdisc.http.HttpRequest; import com.yahoo.slime.Inspector; -import java.security.Principal; - /** - * Extracts {@link TenantClaim}s and {@link Credentials}s from HTTP requests, to be stored in an {@link AccessControl}. + * Extracts {@link TenantSpec}s and {@link Credentials}s from HTTP requests, to be stored in an {@link AccessControl}. * * @author jonmv */ public interface AccessControlRequests { /** Extracts claim data for a tenant, from the given request. */ - TenantClaim getTenantClaim(TenantName tenant, Inspector requestObject); + TenantSpec specification(TenantName tenant, Inspector requestObject); /** Extracts credentials required for an access control modification for the given tenant, from the given request. */ - Credentials getCredentials(TenantName tenant, Inspector requestObject, HttpRequest jDiscRequest); + Credentials credentials(TenantName tenant, Inspector requestObject, HttpRequest jDiscRequest); } diff --git a/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/security/AthenzAccessControlRequests.java b/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/security/AthenzAccessControlRequests.java index aceb3615f90..e8bcc2d9db1 100644 --- a/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/security/AthenzAccessControlRequests.java +++ b/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/security/AthenzAccessControlRequests.java @@ -6,7 +6,6 @@ import com.yahoo.jdisc.http.HttpRequest; import com.yahoo.slime.Inspector; import com.yahoo.vespa.athenz.api.AthenzDomain; import com.yahoo.vespa.athenz.api.AthenzPrincipal; -import com.yahoo.vespa.athenz.api.AthenzUser; import com.yahoo.vespa.athenz.api.OktaAccessToken; import com.yahoo.vespa.hosted.controller.Controller; import com.yahoo.vespa.hosted.controller.TenantController; @@ -36,15 +35,15 @@ public class AthenzAccessControlRequests implements AccessControlRequests { } @Override - public TenantClaim getTenantClaim(TenantName tenant, Inspector requestObject) { - return new AthenzTenantClaim(tenant, - optional("athensDomain", requestObject).map(AthenzDomain::new), - optional("property", requestObject).map(Property::new), - optional("propertyId", requestObject).map(PropertyId::new)); + public TenantSpec specification(TenantName tenant, Inspector requestObject) { + return new AthenzTenantSpec(tenant, + optional("athensDomain", requestObject).map(AthenzDomain::new), + optional("property", requestObject).map(Property::new), + optional("propertyId", requestObject).map(PropertyId::new)); } @Override - public Credentials getCredentials(TenantName tenant, Inspector requestObject, HttpRequest request) { + public Credentials credentials(TenantName tenant, Inspector requestObject, HttpRequest request) { // Get domain from request if present, which it should be for create and update requests. Optional<AthenzDomain> requestDomain = optional("athensDomain", requestObject).map(AthenzDomain::new); // Otherwise the tenant should already exist, and we use the domain stored under the tenant. diff --git a/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/security/AthenzTenantClaim.java b/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/security/AthenzTenantSpec.java index fc216edc78b..56fbd0a2b2a 100644 --- a/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/security/AthenzTenantClaim.java +++ b/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/security/AthenzTenantSpec.java @@ -2,36 +2,34 @@ package com.yahoo.vespa.hosted.controller.security; import com.yahoo.config.provision.TenantName; import com.yahoo.vespa.athenz.api.AthenzDomain; -import com.yahoo.vespa.athenz.api.OktaAccessToken; import com.yahoo.vespa.hosted.controller.api.identifiers.Property; import com.yahoo.vespa.hosted.controller.api.identifiers.PropertyId; -import java.security.Principal; import java.util.Optional; import static java.util.Objects.requireNonNull; /** - * Wraps the claim data for creating an Athenz tenant. + * Extends the specification for creating an Athenz tenant. * * @author jonmv */ -public class AthenzTenantClaim extends TenantClaim { +public class AthenzTenantSpec extends TenantSpec { private final Optional<Property> property; private final Optional<PropertyId> propertyId; - public AthenzTenantClaim(TenantName tenant, Optional<AthenzDomain> domain, - Optional<Property> property, Optional<PropertyId> propertyId) { + public AthenzTenantSpec(TenantName tenant, Optional<AthenzDomain> domain, + Optional<Property> property, Optional<PropertyId> propertyId) { super(tenant); this.property = requireNonNull(property); this.propertyId = requireNonNull(propertyId); } - /** The property name of the tenant to create. */ + /** The property name of the tenant. */ public Optional<Property> property() { return property; } - /** The ID of the property of the tenant to create. */ + /** The ID of the property of the tenant. */ public Optional<PropertyId> propertyId() { return propertyId; } } diff --git a/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/security/CloudAccessControl.java b/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/security/CloudAccessControl.java index 80eee84b532..67d7a02a915 100644 --- a/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/security/CloudAccessControl.java +++ b/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/security/CloudAccessControl.java @@ -9,7 +9,6 @@ import com.yahoo.vespa.hosted.controller.api.integration.organization.Marketplac import com.yahoo.vespa.hosted.controller.tenant.CloudTenant; import com.yahoo.vespa.hosted.controller.tenant.Tenant; -import java.security.Principal; import java.util.Collections; import java.util.List; @@ -27,18 +26,18 @@ public class CloudAccessControl implements AccessControl { } @Override - public CloudTenant createTenant(TenantClaim claim, Credentials credentials, List<Tenant> existing) { - CloudTenantClaim cloudPermit = (CloudTenantClaim) claim; + public CloudTenant createTenant(TenantSpec tenantSpec, Credentials credentials, List<Tenant> existing) { + CloudTenantSpec spec = (CloudTenantSpec) tenantSpec; // Do things ... - // return new CloudTenant(cloudPermit.tenant(), marketplace.resolveCustomer(cloudPermit.getRegistrationToken())); + // return new CloudTenant(spec.tenant(), marketplace.resolveCustomer(spec.getRegistrationToken())); // TODO Enable the above when things work. - return new CloudTenant(cloudPermit.tenant(), new BillingInfo("customer", "Vespa")); + return new CloudTenant(spec.tenant(), new BillingInfo("customer", "Vespa")); } @Override - public Tenant updateTenant(TenantClaim tenantClaim, Credentials credentials, List<Tenant> existing, List<Application> applications) { + public Tenant updateTenant(TenantSpec tenantSpec, Credentials credentials, List<Tenant> existing, List<Application> applications) { throw new UnsupportedOperationException("Update is not supported here, as it would entail changing the tenant name."); } diff --git a/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/security/CloudAccessControlRequests.java b/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/security/CloudAccessControlRequests.java index c4cb5c5dc59..631d4debe88 100644 --- a/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/security/CloudAccessControlRequests.java +++ b/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/security/CloudAccessControlRequests.java @@ -13,13 +13,13 @@ import com.yahoo.vespa.hosted.controller.tenant.CloudTenant; public class CloudAccessControlRequests implements AccessControlRequests { @Override - public CloudTenantClaim getTenantClaim(TenantName tenant, Inspector requestObject) { + public CloudTenantSpec specification(TenantName tenant, Inspector requestObject) { // TODO extract marketplace token. - return new CloudTenantClaim(tenant, "token"); + return new CloudTenantSpec(tenant, "token"); } @Override - public Credentials getCredentials(TenantName tenant, Inspector requestObject, HttpRequest request) { + public Credentials credentials(TenantName tenant, Inspector requestObject, HttpRequest request) { // TODO Pick out JWT data and return a specialised credentials thing. return new Credentials(request.getUserPrincipal()); } diff --git a/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/security/CloudTenantClaim.java b/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/security/CloudTenantSpec.java index acd26291c47..eed3fee2c04 100644 --- a/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/security/CloudTenantClaim.java +++ b/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/security/CloudTenantSpec.java @@ -2,20 +2,18 @@ package com.yahoo.vespa.hosted.controller.security; import com.yahoo.config.provision.TenantName; -import java.security.Principal; - import static java.util.Objects.requireNonNull; /** - * Wraps the permit data of an Okta tenancy modification. + * Extends the specification for creating a cloud tenant. * * @author jonmv */ -public class CloudTenantClaim extends TenantClaim { +public class CloudTenantSpec extends TenantSpec { private final String registrationToken; - public CloudTenantClaim(TenantName tenant, String registrationToken) { + public CloudTenantSpec(TenantName tenant, String registrationToken) { super(tenant); this.registrationToken = requireNonNull(registrationToken); } diff --git a/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/security/TenantClaim.java b/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/security/TenantSpec.java index fb44dc5f4af..20a330bc378 100644 --- a/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/security/TenantClaim.java +++ b/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/security/TenantSpec.java @@ -7,19 +7,19 @@ import java.security.Principal; import static java.util.Objects.requireNonNull; /** - * A claim for ownership of some tenant by some identity. + * A specification of a tenant, typically to create or modify one. * * @author jonmv */ -public abstract class TenantClaim { +public abstract class TenantSpec { private final TenantName tenant; - protected TenantClaim(TenantName tenant) { + protected TenantSpec(TenantName tenant) { this.tenant = requireNonNull(tenant); } - /** The tenant this claim concerns. */ + /** The name of the tenant. */ public TenantName tenant() { return tenant; } } diff --git a/controller-server/src/test/java/com/yahoo/vespa/hosted/controller/ControllerTester.java b/controller-server/src/test/java/com/yahoo/vespa/hosted/controller/ControllerTester.java index 5bcd363feac..191c7cf56d3 100644 --- a/controller-server/src/test/java/com/yahoo/vespa/hosted/controller/ControllerTester.java +++ b/controller-server/src/test/java/com/yahoo/vespa/hosted/controller/ControllerTester.java @@ -45,7 +45,7 @@ import com.yahoo.vespa.hosted.controller.integration.MetricsServiceMock; import com.yahoo.vespa.hosted.controller.integration.RoutingGeneratorMock; import com.yahoo.vespa.hosted.controller.integration.ZoneRegistryMock; import com.yahoo.vespa.hosted.controller.security.AthenzCredentials; -import com.yahoo.vespa.hosted.controller.security.AthenzTenantClaim; +import com.yahoo.vespa.hosted.controller.security.AthenzTenantSpec; import com.yahoo.vespa.hosted.controller.persistence.ApplicationSerializer; import com.yahoo.vespa.hosted.controller.persistence.CuratorDb; import com.yahoo.vespa.hosted.controller.persistence.MockCuratorDb; @@ -55,7 +55,6 @@ import com.yahoo.vespa.hosted.controller.tenant.Tenant; import com.yahoo.vespa.hosted.controller.versions.VersionStatus; import com.yahoo.vespa.hosted.rotation.config.RotationsConfig; -import java.security.Principal; import java.util.Arrays; import java.util.Optional; import java.util.OptionalLong; @@ -266,12 +265,12 @@ public final class ControllerTester { if (existing.isPresent()) return name; AthenzUser user = new AthenzUser("user"); AthenzDomain domain = createDomainWithAdmin(domainName, user); - AthenzTenantClaim claim = new AthenzTenantClaim(name, - Optional.of(domain), - Optional.of(new Property("Property" + propertyId)), - Optional.ofNullable(propertyId).map(Object::toString).map(PropertyId::new)); + AthenzTenantSpec tenantSpec = new AthenzTenantSpec(name, + Optional.of(domain), + Optional.of(new Property("Property" + propertyId)), + Optional.ofNullable(propertyId).map(Object::toString).map(PropertyId::new)); AthenzCredentials credentials = new AthenzCredentials(new AthenzPrincipal(user), domain, new OktaAccessToken("okta-token")); - controller().tenants().create(claim, credentials); + controller().tenants().create(tenantSpec, credentials); if (contact.isPresent()) controller().tenants().lockOrThrow(name, LockedTenant.Athenz.class, tenant -> controller().tenants().store(tenant.with(contact.get()))); diff --git a/controller-server/src/test/java/com/yahoo/vespa/hosted/controller/restapi/ContainerControllerTester.java b/controller-server/src/test/java/com/yahoo/vespa/hosted/controller/restapi/ContainerControllerTester.java index c19d6f66bed..3b25daebfd0 100644 --- a/controller-server/src/test/java/com/yahoo/vespa/hosted/controller/restapi/ContainerControllerTester.java +++ b/controller-server/src/test/java/com/yahoo/vespa/hosted/controller/restapi/ContainerControllerTester.java @@ -29,7 +29,7 @@ import com.yahoo.vespa.hosted.controller.integration.ArtifactRepositoryMock; import com.yahoo.vespa.hosted.controller.maintenance.JobControl; import com.yahoo.vespa.hosted.controller.maintenance.Upgrader; import com.yahoo.vespa.hosted.controller.security.AthenzCredentials; -import com.yahoo.vespa.hosted.controller.security.AthenzTenantClaim; +import com.yahoo.vespa.hosted.controller.security.AthenzTenantSpec; import com.yahoo.vespa.hosted.controller.persistence.CuratorDb; import com.yahoo.vespa.hosted.controller.persistence.MockCuratorDb; @@ -78,11 +78,11 @@ public class ContainerControllerTester { AthenzDomain domain1 = addTenantAthenzDomain(athensDomain, "user"); AthenzPrincipal user = new AthenzPrincipal(new AthenzUser("user")); AthenzCredentials credentials = new AthenzCredentials(user, domain1, new OktaAccessToken("okta-token")); - AthenzTenantClaim tenantClaim = new AthenzTenantClaim(TenantName.from(tenant), - Optional.of(domain1), - Optional.of(new Property("property1")), - Optional.of(new PropertyId("1234"))); - controller().tenants().create(tenantClaim, credentials); + AthenzTenantSpec tenantSpec = new AthenzTenantSpec(TenantName.from(tenant), + Optional.of(domain1), + Optional.of(new Property("property1")), + Optional.of(new PropertyId("1234"))); + controller().tenants().create(tenantSpec, credentials); ApplicationId app = ApplicationId.from(tenant, application, "default"); return controller().applications().createApplication(app, Optional.of(credentials)); |