diff options
author | Ola Aunrønning <olaa@verizonmedia.com> | 2021-12-02 14:43:43 +0100 |
---|---|---|
committer | Ola Aunrønning <olaa@verizonmedia.com> | 2021-12-02 14:43:43 +0100 |
commit | 8de87bd5c425689970395c80781fdfe3ba9d98f6 (patch) | |
tree | be04f1b054ff3f1bb48a08dccfc8b07b46084a9d | |
parent | 0c15763bef77955744d9b26785f78ced4fe7042c (diff) |
Delete app before tenant. Add test
5 files changed, 78 insertions, 4 deletions
diff --git a/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/user/RoleMaintainerMock.java b/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/user/RoleMaintainerMock.java index df39f51b6fe..a2b6ad612da 100644 --- a/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/user/RoleMaintainerMock.java +++ b/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/user/RoleMaintainerMock.java @@ -4,6 +4,7 @@ package com.yahoo.vespa.hosted.controller.api.integration.user; import com.yahoo.config.provision.ApplicationId; import com.yahoo.vespa.hosted.controller.tenant.Tenant; +import java.util.ArrayList; import java.util.List; /** @@ -11,6 +12,8 @@ import java.util.List; */ public class RoleMaintainerMock implements RoleMaintainer { + private List<Tenant> tenantsToDelete = new ArrayList<>(); + @Override public void deleteLeftoverRoles(List<Tenant> tenants, List<ApplicationId> applications) { @@ -18,6 +21,10 @@ public class RoleMaintainerMock implements RoleMaintainer { @Override public List<Tenant> tenantsToDelete(List<Tenant> tenants) { - return List.of(); + return tenantsToDelete; + } + + public void mockTenantToDelete(Tenant tenant) { + tenantsToDelete.add(tenant); } } diff --git a/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/ApplicationController.java b/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/ApplicationController.java index 9e7c614d4e8..49939f4bfd2 100644 --- a/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/ApplicationController.java +++ b/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/ApplicationController.java @@ -561,6 +561,10 @@ public class ApplicationController { * @throws IllegalArgumentException if the application has deployments or the caller is not authorized */ public void deleteApplication(TenantAndApplicationId id, Credentials credentials) { + deleteApplication(id, Optional.of(credentials)); + } + + public void deleteApplication(TenantAndApplicationId id, Optional<Credentials> credentials) { lockApplicationOrThrow(id, application -> { var deployments = application.get().instances().values().stream() .filter(instance -> ! instance.deployments().isEmpty()) @@ -580,7 +584,7 @@ public class ApplicationController { applicationStore.removeAllTesters(id.tenant(), id.application()); applicationStore.putMetaTombstone(id.tenant(), id.application(), clock.instant()); - accessControl.deleteApplication(id, credentials); + credentials.ifPresent(creds -> accessControl.deleteApplication(id, creds)); curator.removeApplication(id); controller.jobController().collectGarbage(); diff --git a/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/maintenance/UserManagementMaintainer.java b/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/maintenance/UserManagementMaintainer.java index 0d278b7be6d..05a7e2368d1 100644 --- a/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/maintenance/UserManagementMaintainer.java +++ b/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/maintenance/UserManagementMaintainer.java @@ -14,7 +14,7 @@ import java.util.stream.Collectors; /** * Maintains user management resources. - * For now, ensures there's no discrepnacy between expected tenant/application roles and Auth0 roles + * For now, ensures there's no discrepnacy between expected tenant/application roles and auth0/athenz roles * * @author olaa */ @@ -41,6 +41,8 @@ public class UserManagementMaintainer extends ControllerMaintainer { roleMaintainer.tenantsToDelete(tenants) .forEach(tenant -> { logger.warning(tenant.name() + " has a non-existing Athenz domain. Deleting"); + controller().applications().asList(tenant.name()) + .forEach(application -> controller().applications().deleteApplication(application.id(), Optional.empty())); controller().tenants().delete(tenant.name(), Optional.empty(), false); }); } diff --git a/controller-server/src/test/java/com/yahoo/vespa/hosted/controller/integration/ServiceRegistryMock.java b/controller-server/src/test/java/com/yahoo/vespa/hosted/controller/integration/ServiceRegistryMock.java index b1311b8081c..b81b3ae5d66 100644 --- a/controller-server/src/test/java/com/yahoo/vespa/hosted/controller/integration/ServiceRegistryMock.java +++ b/controller-server/src/test/java/com/yahoo/vespa/hosted/controller/integration/ServiceRegistryMock.java @@ -88,7 +88,7 @@ public class ServiceRegistryMock extends AbstractComponent implements ServiceReg private final PlanRegistry planRegistry = new PlanRegistryMock(); private final ResourceDatabaseClient resourceDb = new ResourceDatabaseClientMock(planRegistry); private final BillingDatabaseClient billingDb = new BillingDatabaseClientMock(clock, planRegistry); - private final RoleMaintainer roleMaintainer = new RoleMaintainerMock(); + private final RoleMaintainerMock roleMaintainer = new RoleMaintainerMock(); public ServiceRegistryMock(SystemName system) { this.zoneRegistryMock = new ZoneRegistryMock(system); @@ -291,4 +291,7 @@ public class ServiceRegistryMock extends AbstractComponent implements ServiceReg return endpointCertificateMock; } + public RoleMaintainerMock roleMaintainerMock() { + return roleMaintainer; + } } diff --git a/controller-server/src/test/java/com/yahoo/vespa/hosted/controller/maintenance/UserManagementMaintainerTest.java b/controller-server/src/test/java/com/yahoo/vespa/hosted/controller/maintenance/UserManagementMaintainerTest.java new file mode 100644 index 00000000000..e35c2058eb4 --- /dev/null +++ b/controller-server/src/test/java/com/yahoo/vespa/hosted/controller/maintenance/UserManagementMaintainerTest.java @@ -0,0 +1,58 @@ +// Copyright Yahoo. Licensed under the terms of the Apache 2.0 license. See LICENSE in the project root. +package com.yahoo.vespa.hosted.controller.maintenance; + +import com.yahoo.config.provision.SystemName; +import com.yahoo.vespa.hosted.controller.ControllerTester; +import org.junit.Test; + +import java.time.Duration; + +import static org.junit.Assert.*; + +/** + * @author olaa + */ +public class UserManagementMaintainerTest { + + private final String TENANT_1 = "tenant1"; + private final String TENANT_2 = "tenant2"; + private final String APP_NAME = "some-app"; + + @Test + public void deletes_tenant_when_not_public() { + var tester = createTester(SystemName.main); + var maintainer = new UserManagementMaintainer(tester.controller(), Duration.ofMinutes(5), tester.serviceRegistry().roleMaintainer()); + maintainer.maintain(); + + var tenants = tester.controller().tenants().asList(); + var apps = tester.controller().applications().asList(); + assertEquals(1, tenants.size()); + assertEquals(1, apps.size()); + assertEquals(TENANT_2, tenants.get(0).name().value()); + } + + @Test + public void no_tenant_deletion_in_public() { + var tester = createTester(SystemName.Public); + var maintainer = new UserManagementMaintainer(tester.controller(), Duration.ofMinutes(5), tester.serviceRegistry().roleMaintainer()); + maintainer.maintain(); + + var tenants = tester.controller().tenants().asList(); + var apps = tester.controller().applications().asList(); + assertEquals(2, tenants.size()); + assertEquals(2, apps.size()); + } + + private ControllerTester createTester(SystemName systemName) { + var tester = new ControllerTester(systemName); + tester.createTenant(TENANT_1); + tester.createTenant(TENANT_2); + tester.createApplication(TENANT_1, APP_NAME); + tester.createApplication(TENANT_2, APP_NAME); + + var tenantToDelete = tester.controller().tenants().get(TENANT_1).get(); + tester.serviceRegistry().roleMaintainerMock().mockTenantToDelete(tenantToDelete); + return tester; + } + +}
\ No newline at end of file |