diff options
author | Martin Polden <mpolden@mpolden.no> | 2022-09-05 11:41:07 +0200 |
---|---|---|
committer | GitHub <noreply@github.com> | 2022-09-05 11:41:07 +0200 |
commit | 8702571fbdd28c75bb96ce3d388dff3d4917bd91 (patch) | |
tree | 0194bb25e08c06d88c74868698fe2b097c89291d | |
parent | a811c1aac1f31e367932975c747305d00cc573be (diff) | |
parent | 03e1df4c936fd34490294834885a5d5f78787bad (diff) |
Merge pull request #23892 from vespa-engine/hakonhall/disallow-gcp-endpoints-in-global-routing
Disallow GCP endpoints in global routing
17 files changed, 62 insertions, 30 deletions
diff --git a/config-provisioning/src/main/java/com/yahoo/config/provision/Cloud.java b/config-provisioning/src/main/java/com/yahoo/config/provision/Cloud.java index 2e62a0decbe..80e33fee874 100644 --- a/config-provisioning/src/main/java/com/yahoo/config/provision/Cloud.java +++ b/config-provisioning/src/main/java/com/yahoo/config/provision/Cloud.java @@ -45,7 +45,7 @@ public class Cloud { /** For testing purposes only */ public static Cloud defaultCloud() { - return new Builder().name(CloudName.defaultName()).build(); + return new Builder().name(CloudName.DEFAULT).build(); } public static Builder builder() { @@ -54,7 +54,7 @@ public class Cloud { public static class Builder { - private CloudName name = CloudName.defaultName(); + private CloudName name = CloudName.DEFAULT; private boolean dynamicProvisioning = false; private boolean reprovisionToUpgradeOs = false; private boolean requireAccessControl = false; diff --git a/config-provisioning/src/main/java/com/yahoo/config/provision/CloudName.java b/config-provisioning/src/main/java/com/yahoo/config/provision/CloudName.java index 417e381587e..f7edce03525 100644 --- a/config-provisioning/src/main/java/com/yahoo/config/provision/CloudName.java +++ b/config-provisioning/src/main/java/com/yahoo/config/provision/CloudName.java @@ -14,20 +14,14 @@ import java.util.regex.Pattern; public class CloudName extends PatternedStringWrapper<CloudName> { private static final Pattern pattern = Pattern.compile("[a-z]([a-z0-9-]*[a-z0-9])*"); - private static final CloudName defaultCloud = from("default"); + public static final CloudName AWS = from("aws"); + public static final CloudName GCP = from("gcp"); + public static final CloudName DEFAULT = from("default"); private CloudName(String cloud) { super(cloud, pattern, "cloud name"); } - public boolean isDefault() { - return equals(defaultCloud); - } - - public static CloudName defaultName() { - return defaultCloud; - } - public static CloudName from(String cloud) { return new CloudName(cloud); } diff --git a/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/application/pkg/ApplicationPackageValidator.java b/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/application/pkg/ApplicationPackageValidator.java index b3df417bd80..5a131ba4a29 100644 --- a/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/application/pkg/ApplicationPackageValidator.java +++ b/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/application/pkg/ApplicationPackageValidator.java @@ -116,13 +116,18 @@ public class ApplicationPackageValidator { var clouds = new HashSet<CloudName>(); for (var region : endpoint.regions()) { for (ZoneApi zone : controller.zoneRegistry().zones().all().in(Environment.prod).in(region).zones()) { + if (zone.getCloudName().equals(CloudName.GCP)) { + throw new IllegalArgumentException("Endpoint '" + endpoint.endpointId() + "' in " + instance + + " contains a Google Cloud region (" + region + + "), which is not yet supported"); + } clouds.add(zone.getCloudName()); } } if (clouds.size() != 1) { throw new IllegalArgumentException("Endpoint '" + endpoint.endpointId() + "' in " + instance + " cannot contain regions in different clouds: " + - endpoint.regions().stream().sorted().collect(Collectors.toList())); + endpoint.regions().stream().sorted().toList()); } } } diff --git a/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/certificate/EndpointCertificates.java b/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/certificate/EndpointCertificates.java index 0df70cd9c53..4c869a5aabe 100644 --- a/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/certificate/EndpointCertificates.java +++ b/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/certificate/EndpointCertificates.java @@ -63,7 +63,7 @@ public class EndpointCertificates { if (duration.toSeconds() > 30) log.log(Level.INFO, Text.format("Getting endpoint certificate metadata for %s took %d seconds!", instance.id().serializedForm(), duration.toSeconds())); - if (controller.zoneRegistry().zones().all().in(CloudName.from("gcp")).ids().contains(zone)) { // Until CKMS is available from GCP + if (controller.zoneRegistry().zones().all().in(CloudName.GCP).ids().contains(zone)) { // Until CKMS is available from GCP if(metadata.isPresent()) { // Validate metadata before copying cert to GCP. This will ensure we don't bug out on the first deployment, but will take more time certificateValidator.validate(metadata.get(), instance.id().serializedForm(), zone, controller.routing().certificateDnsNames(new DeploymentId(instance.id(), zone), deploymentSpec)); diff --git a/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/maintenance/ResourceTagMaintainer.java b/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/maintenance/ResourceTagMaintainer.java index 3588ae53a74..705abd9ed56 100644 --- a/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/maintenance/ResourceTagMaintainer.java +++ b/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/maintenance/ResourceTagMaintainer.java @@ -35,7 +35,7 @@ public class ResourceTagMaintainer extends ControllerMaintainer { public double maintain() { controller().zoneRegistry().zones() .reachable() - .in(CloudName.from("aws")) + .in(CloudName.AWS) .zones().forEach(zone -> { Map<HostName, ApplicationId> applicationOfHosts = getTenantOfParentHosts(zone.getId()); int taggedResources = resourceTagger.tagResources(zone, applicationOfHosts); diff --git a/controller-server/src/test/java/com/yahoo/vespa/hosted/controller/ControllerTest.java b/controller-server/src/test/java/com/yahoo/vespa/hosted/controller/ControllerTest.java index 6c193e9b539..10940e631f3 100644 --- a/controller-server/src/test/java/com/yahoo/vespa/hosted/controller/ControllerTest.java +++ b/controller-server/src/test/java/com/yahoo/vespa/hosted/controller/ControllerTest.java @@ -874,7 +874,7 @@ public class ControllerTest { ZoneApiMock.fromId("test.us-west-1"), ZoneApiMock.fromId("staging.us-west-1"), ZoneApiMock.fromId("prod.us-west-1"), - ZoneApiMock.newBuilder().with(CloudName.from("aws")).withId("prod.aws-us-east-1").build() + ZoneApiMock.newBuilder().with(CloudName.AWS).withId("prod.aws-us-east-1").build() ); var context = tester.newDeploymentContext(); var applicationPackage = new ApplicationPackageBuilder() @@ -905,6 +905,38 @@ public class ControllerTest { } @Test + void testDeployWithGlobalEndpointsInGcp() { + tester.controllerTester().zoneRegistry().setZones( + ZoneApiMock.fromId("test.us-west-1"), + ZoneApiMock.fromId("staging.us-west-1"), + ZoneApiMock.newBuilder().with(CloudName.GCP).withId("prod.gcp-us-east1-b").build() + ); + var context = tester.newDeploymentContext(); + var applicationPackage = new ApplicationPackageBuilder() + .region("gcp-us-east1-b") + .endpoint("default", "default") // Contains all regions by default + .build(); + + try { + context.submit(applicationPackage); + fail("Expected exception"); + } catch (IllegalArgumentException e) { + assertEquals("Endpoint 'default' in instance 'default' contains a Google Cloud region (gcp-us-east1-b), which is not yet supported", e.getMessage()); + } + + var applicationPackage2 = new ApplicationPackageBuilder() + .region("gcp-us-east1-b") + .endpoint("gcp", "default", "gcp-us-east1-b") + .build(); + try { + context.submit(applicationPackage2); + fail("Expected exception"); + } catch (IllegalArgumentException e) { + assertEquals("Endpoint 'gcp' in instance 'default' contains a Google Cloud region (gcp-us-east1-b), which is not yet supported", e.getMessage()); + } + } + + @Test void testDeployWithoutSourceRevision() { var context = tester.newDeploymentContext(); var applicationPackage = new ApplicationPackageBuilder() diff --git a/controller-server/src/test/java/com/yahoo/vespa/hosted/controller/deployment/DeploymentTriggerTest.java b/controller-server/src/test/java/com/yahoo/vespa/hosted/controller/deployment/DeploymentTriggerTest.java index fda1f5f0b77..ffb787e9699 100644 --- a/controller-server/src/test/java/com/yahoo/vespa/hosted/controller/deployment/DeploymentTriggerTest.java +++ b/controller-server/src/test/java/com/yahoo/vespa/hosted/controller/deployment/DeploymentTriggerTest.java @@ -2417,7 +2417,7 @@ public class DeploymentTriggerTest { existing.add(ZoneApiMock.newBuilder().withCloud("pink-clouds").withId("test.zone").build()); zones.setZones(existing); - JobType defaultSystemTest = JobType.systemTest(zones, CloudName.defaultName()); + JobType defaultSystemTest = JobType.systemTest(zones, CloudName.DEFAULT); JobType pinkSystemTest = JobType.systemTest(zones, CloudName.from("pink-clouds")); // Job name is identity, used for looking up run history, etc.. diff --git a/controller-server/src/test/java/com/yahoo/vespa/hosted/controller/integration/ZoneApiMock.java b/controller-server/src/test/java/com/yahoo/vespa/hosted/controller/integration/ZoneApiMock.java index 4bb35d748db..528ef6d6192 100644 --- a/controller-server/src/test/java/com/yahoo/vespa/hosted/controller/integration/ZoneApiMock.java +++ b/controller-server/src/test/java/com/yahoo/vespa/hosted/controller/integration/ZoneApiMock.java @@ -86,7 +86,7 @@ public class ZoneApiMock implements ZoneApi { private SystemName systemName = SystemName.defaultSystem(); private ZoneId id = ZoneId.defaultId(); private ZoneId virtualId = null; - private CloudName cloudName = CloudName.defaultName(); + private CloudName cloudName = CloudName.DEFAULT; private String cloudNativeRegionName = id.region().value(); public Builder with(ZoneId id) { diff --git a/controller-server/src/test/java/com/yahoo/vespa/hosted/controller/maintenance/ArtifactExpirerTest.java b/controller-server/src/test/java/com/yahoo/vespa/hosted/controller/maintenance/ArtifactExpirerTest.java index 6280725794c..e79793bab61 100644 --- a/controller-server/src/test/java/com/yahoo/vespa/hosted/controller/maintenance/ArtifactExpirerTest.java +++ b/controller-server/src/test/java/com/yahoo/vespa/hosted/controller/maintenance/ArtifactExpirerTest.java @@ -23,7 +23,7 @@ public class ArtifactExpirerTest { void maintain() { DeploymentTester tester = new DeploymentTester(); ArtifactExpirer expirer = new ArtifactExpirer(tester.controller(), Duration.ofDays(1)); - ArtifactRegistryMock registry = tester.controllerTester().serviceRegistry().artifactRegistry(CloudName.defaultName()).orElseThrow(); + ArtifactRegistryMock registry = tester.controllerTester().serviceRegistry().artifactRegistry(CloudName.DEFAULT).orElseThrow(); Instant instant = tester.clock().instant(); Artifact image0 = new Artifact("image0", "registry.example.com", "vespa/vespa", "7.1", instant, Version.fromString("7.1")); diff --git a/controller-server/src/test/java/com/yahoo/vespa/hosted/controller/maintenance/MetricsReporterTest.java b/controller-server/src/test/java/com/yahoo/vespa/hosted/controller/maintenance/MetricsReporterTest.java index b41c17fcd33..4a8956e196b 100644 --- a/controller-server/src/test/java/com/yahoo/vespa/hosted/controller/maintenance/MetricsReporterTest.java +++ b/controller-server/src/test/java/com/yahoo/vespa/hosted/controller/maintenance/MetricsReporterTest.java @@ -356,9 +356,9 @@ public class MetricsReporterTest { var tester = new ControllerTester(); var reporter = createReporter(tester.controller()); var zone = ZoneId.from("prod.eu-west-1"); - var cloud = CloudName.defaultName(); + var cloud = CloudName.DEFAULT; tester.zoneRegistry().setOsUpgradePolicy(cloud, UpgradePolicy.builder().upgrade(ZoneApiMock.from(zone)).build()); - var osUpgrader = new OsUpgrader(tester.controller(), Duration.ofDays(1), CloudName.defaultName()); + var osUpgrader = new OsUpgrader(tester.controller(), Duration.ofDays(1), CloudName.DEFAULT); var statusUpdater = new OsVersionStatusUpdater(tester.controller(), Duration.ofDays(1) ); tester.configServer().bootstrap(List.of(zone), SystemApplication.configServerHost, SystemApplication.tenantHost); diff --git a/controller-server/src/test/java/com/yahoo/vespa/hosted/controller/maintenance/OsVersionStatusUpdaterTest.java b/controller-server/src/test/java/com/yahoo/vespa/hosted/controller/maintenance/OsVersionStatusUpdaterTest.java index 0bd3810e9a4..2608a722e49 100644 --- a/controller-server/src/test/java/com/yahoo/vespa/hosted/controller/maintenance/OsVersionStatusUpdaterTest.java +++ b/controller-server/src/test/java/com/yahoo/vespa/hosted/controller/maintenance/OsVersionStatusUpdaterTest.java @@ -32,14 +32,14 @@ public class OsVersionStatusUpdaterTest { for (ZoneApi zone : tester.zoneRegistry().zones().controllerUpgraded().zones()) { upgradePolicy = upgradePolicy.upgrade(zone); } - tester.zoneRegistry().setOsUpgradePolicy(CloudName.defaultName(), upgradePolicy.build()); + tester.zoneRegistry().setOsUpgradePolicy(CloudName.DEFAULT, upgradePolicy.build()); // Initially empty assertSame(OsVersionStatus.empty, tester.controller().osVersionStatus()); // Setting a new target adds it to current status Version version1 = Version.fromString("7.1"); - CloudName cloud = CloudName.defaultName(); + CloudName cloud = CloudName.DEFAULT; tester.controller().upgradeOsIn(cloud, version1, Duration.ZERO, false); statusUpdater.maintain(); diff --git a/controller-server/src/test/java/com/yahoo/vespa/hosted/controller/persistence/OsVersionSerializerTest.java b/controller-server/src/test/java/com/yahoo/vespa/hosted/controller/persistence/OsVersionSerializerTest.java index 568b17817a1..7f988f08a89 100644 --- a/controller-server/src/test/java/com/yahoo/vespa/hosted/controller/persistence/OsVersionSerializerTest.java +++ b/controller-server/src/test/java/com/yahoo/vespa/hosted/controller/persistence/OsVersionSerializerTest.java @@ -20,7 +20,7 @@ public class OsVersionSerializerTest { void test_serialization() { OsVersionSerializer serializer = new OsVersionSerializer(); Set<OsVersion> osVersions = ImmutableSet.of( - new OsVersion(Version.fromString("7.1"), CloudName.defaultName()), + new OsVersion(Version.fromString("7.1"), CloudName.DEFAULT), new OsVersion(Version.fromString("7.1"), CloudName.from("foo")) ); Set<OsVersion> serialized = serializer.fromSlime(serializer.toSlime(osVersions)); diff --git a/controller-server/src/test/java/com/yahoo/vespa/hosted/controller/persistence/OsVersionStatusSerializerTest.java b/controller-server/src/test/java/com/yahoo/vespa/hosted/controller/persistence/OsVersionStatusSerializerTest.java index 7461bf6516c..e552dfe94e1 100644 --- a/controller-server/src/test/java/com/yahoo/vespa/hosted/controller/persistence/OsVersionStatusSerializerTest.java +++ b/controller-server/src/test/java/com/yahoo/vespa/hosted/controller/persistence/OsVersionStatusSerializerTest.java @@ -29,11 +29,11 @@ public class OsVersionStatusSerializerTest { Version version2 = Version.fromString("7.2"); Map<OsVersion, List<NodeVersion>> versions = new LinkedHashMap<>(); - versions.put(new OsVersion(version1, CloudName.defaultName()), List.of( + versions.put(new OsVersion(version1, CloudName.DEFAULT), List.of( new NodeVersion(HostName.of("node1"), ZoneId.from("prod", "us-west"), version1, version2, Optional.of(Instant.ofEpochMilli(11))), new NodeVersion(HostName.of("node2"), ZoneId.from("prod", "us-east"), version1, version2, Optional.of(Instant.ofEpochMilli(22))) )); - versions.put(new OsVersion(version2, CloudName.defaultName()), List.of( + versions.put(new OsVersion(version2, CloudName.DEFAULT), List.of( new NodeVersion(HostName.of("node3"), ZoneId.from("prod", "us-west"), version2, version2, Optional.of(Instant.ofEpochMilli(33))), new NodeVersion(HostName.of("node4"), ZoneId.from("prod", "us-east"), version2, version2, Optional.of(Instant.ofEpochMilli(44))) )); diff --git a/controller-server/src/test/java/com/yahoo/vespa/hosted/controller/persistence/OsVersionTargetSerializerTest.java b/controller-server/src/test/java/com/yahoo/vespa/hosted/controller/persistence/OsVersionTargetSerializerTest.java index 654703b36c0..0f8a1c1b056 100644 --- a/controller-server/src/test/java/com/yahoo/vespa/hosted/controller/persistence/OsVersionTargetSerializerTest.java +++ b/controller-server/src/test/java/com/yahoo/vespa/hosted/controller/persistence/OsVersionTargetSerializerTest.java @@ -23,7 +23,7 @@ public class OsVersionTargetSerializerTest { void serialization() { OsVersionTargetSerializer serializer = new OsVersionTargetSerializer(new OsVersionSerializer()); Set<OsVersionTarget> targets = ImmutableSet.of( - new OsVersionTarget(new OsVersion(Version.fromString("7.1"), CloudName.defaultName()), Duration.ZERO, Instant.ofEpochMilli(123)), + new OsVersionTarget(new OsVersion(Version.fromString("7.1"), CloudName.DEFAULT), Duration.ZERO, Instant.ofEpochMilli(123)), new OsVersionTarget(new OsVersion(Version.fromString("7.1"), CloudName.from("foo")), Duration.ofDays(1), Instant.ofEpochMilli(456)) ); Set<OsVersionTarget> serialized = serializer.fromSlime(serializer.toSlime(targets)); diff --git a/node-admin/src/main/java/com/yahoo/vespa/hosted/node/admin/maintenance/servicedump/VespaServiceDumperImpl.java b/node-admin/src/main/java/com/yahoo/vespa/hosted/node/admin/maintenance/servicedump/VespaServiceDumperImpl.java index b526c573c05..d942e5c9e80 100644 --- a/node-admin/src/main/java/com/yahoo/vespa/hosted/node/admin/maintenance/servicedump/VespaServiceDumperImpl.java +++ b/node-admin/src/main/java/com/yahoo/vespa/hosted/node/admin/maintenance/servicedump/VespaServiceDumperImpl.java @@ -2,6 +2,7 @@ package com.yahoo.vespa.hosted.node.admin.maintenance.servicedump; import com.yahoo.config.provision.ApplicationId; +import com.yahoo.config.provision.CloudName; import com.yahoo.text.Lowercase; import com.yahoo.vespa.hosted.node.admin.configserver.noderepository.NodeAttributes; import com.yahoo.vespa.hosted.node.admin.configserver.noderepository.NodeRepository; @@ -61,7 +62,7 @@ public class VespaServiceDumperImpl implements VespaServiceDumper { @Override public void processServiceDumpRequest(NodeAgentContext context) { - if (context.zone().getCloudName().value().equals("gcp")) return; + if (context.zone().getCloudName().equals(CloudName.GCP)) return; Instant startedAt = clock.instant(); NodeSpec nodeSpec = context.node(); diff --git a/node-admin/src/main/java/com/yahoo/vespa/hosted/node/admin/nodeagent/NodeAgentContextImpl.java b/node-admin/src/main/java/com/yahoo/vespa/hosted/node/admin/nodeagent/NodeAgentContextImpl.java index 47c96103ab5..ed2de691eb0 100644 --- a/node-admin/src/main/java/com/yahoo/vespa/hosted/node/admin/nodeagent/NodeAgentContextImpl.java +++ b/node-admin/src/main/java/com/yahoo/vespa/hosted/node/admin/nodeagent/NodeAgentContextImpl.java @@ -262,7 +262,7 @@ public class NodeAgentContextImpl implements NodeAgentContext { @Override public CloudName getCloudName() { - return CloudName.defaultName(); + return CloudName.DEFAULT; } @Override diff --git a/node-repository/src/main/java/com/yahoo/vespa/hosted/provision/provisioning/CapacityPolicies.java b/node-repository/src/main/java/com/yahoo/vespa/hosted/provision/provisioning/CapacityPolicies.java index 5237e48907a..947a000eecf 100644 --- a/node-repository/src/main/java/com/yahoo/vespa/hosted/provision/provisioning/CapacityPolicies.java +++ b/node-repository/src/main/java/com/yahoo/vespa/hosted/provision/provisioning/CapacityPolicies.java @@ -127,14 +127,14 @@ public class CapacityPolicies { // The lowest amount resources that can be exclusive allocated (i.e. a matching host flavor for this exists) private NodeResources smallestExclusiveResources() { - return (zone.getCloud().name().equals(CloudName.from("gcp"))) + return (zone.getCloud().name().equals(CloudName.GCP)) ? new NodeResources(1, 4, 50, 0.3) : new NodeResources(0.5, 4, 50, 0.3); } // The lowest amount resources that can be shared (i.e. a matching host flavor for this exists) private NodeResources smallestSharedResources() { - return (zone.getCloud().name().equals(CloudName.from("gcp"))) + return (zone.getCloud().name().equals(CloudName.GCP)) ? new NodeResources(1, 4, 50, 0.3) : new NodeResources(0.5, 2, 50, 0.3); } |