diff options
author | Morten Tokle <mortent@verizonmedia.com> | 2021-03-04 13:12:11 +0100 |
---|---|---|
committer | GitHub <noreply@github.com> | 2021-03-04 13:12:11 +0100 |
commit | 65b1933e6b2c1b5a2b2c678490590c2ad1af3cc2 (patch) | |
tree | 5feeb17071cdc6588bf7f13bed4e3106568b3359 | |
parent | c599cb94339acd099b878976a46db8a48c71a5ea (diff) | |
parent | 0964cd8a731d2628f03199fc2478140f1f84760f (diff) |
Merge pull request #16781 from vespa-engine/mortent/maintain-roles
Add new methods to RoleService, create maintainer for maintaining roles
4 files changed, 58 insertions, 0 deletions
diff --git a/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/aws/NoopRoleService.java b/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/aws/NoopRoleService.java index dceb56d14c1..d967ad3dca4 100644 --- a/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/aws/NoopRoleService.java +++ b/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/aws/NoopRoleService.java @@ -4,6 +4,8 @@ package com.yahoo.vespa.hosted.controller.api.integration.aws; import com.yahoo.config.provision.ApplicationId; import com.yahoo.config.provision.TenantName; +import java.util.Collections; +import java.util.List; import java.util.Optional; /** @@ -17,7 +19,16 @@ public class NoopRoleService implements RoleService { } @Override + public void deleteTenantRole(TenantName tenant) { } + + @Override public String createTenantPolicy(TenantName tenant, String policyName, String awsId, String role) { return ""; } + + @Override + public void deleteTenantPolicy(TenantName tenant, String policyName) { } + + @Override + public void maintainRoles(List<TenantName> tenants) { } } diff --git a/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/aws/RoleService.java b/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/aws/RoleService.java index 3c04546f479..4219ad35612 100644 --- a/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/aws/RoleService.java +++ b/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/aws/RoleService.java @@ -4,6 +4,7 @@ package com.yahoo.vespa.hosted.controller.api.integration.aws; import com.yahoo.config.provision.ApplicationId; import com.yahoo.config.provision.TenantName; +import java.util.List; import java.util.Optional; /** @@ -13,6 +14,14 @@ public interface RoleService { Optional<TenantRoles> createTenantRole(TenantName tenant); + void deleteTenantRole(TenantName tenant); + String createTenantPolicy(TenantName tenant, String policyName, String awsId, String role); + void deleteTenantPolicy(TenantName tenant, String policyName); + + /* + * Maintain roles for the tenants in the system. Create missing roles, update trust. + */ + void maintainRoles(List<TenantName> tenants); } diff --git a/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/maintenance/ControllerMaintenance.java b/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/maintenance/ControllerMaintenance.java index 9f9a0f6d56f..d9a233eb475 100644 --- a/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/maintenance/ControllerMaintenance.java +++ b/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/maintenance/ControllerMaintenance.java @@ -66,6 +66,7 @@ public class ControllerMaintenance extends AbstractComponent { maintainers.add(new EndpointCertificateMaintainer(controller, intervals.endpointCertificateMaintainer)); maintainers.add(new TrafficShareUpdater(controller, intervals.trafficFractionUpdater)); maintainers.add(new ArchiveUriUpdater(controller, intervals.archiveUriUpdater)); + maintainers.add(new TenantRoleMaintainer(controller, intervals.tenantRoleMaintainer)); } public Upgrader upgrader() { return upgrader; } @@ -117,6 +118,7 @@ public class ControllerMaintenance extends AbstractComponent { private final Duration endpointCertificateMaintainer; private final Duration trafficFractionUpdater; private final Duration archiveUriUpdater; + private final Duration tenantRoleMaintainer; public Intervals(SystemName system) { this.system = Objects.requireNonNull(system); @@ -145,6 +147,7 @@ public class ControllerMaintenance extends AbstractComponent { this.endpointCertificateMaintainer = duration(12, HOURS); this.trafficFractionUpdater = duration(5, MINUTES); this.archiveUriUpdater = duration(5, MINUTES); + this.tenantRoleMaintainer = duration(5, MINUTES); } private Duration duration(long amount, TemporalUnit unit) { diff --git a/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/maintenance/TenantRoleMaintainer.java b/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/maintenance/TenantRoleMaintainer.java new file mode 100644 index 00000000000..e8b50a6b604 --- /dev/null +++ b/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/maintenance/TenantRoleMaintainer.java @@ -0,0 +1,35 @@ +// Copyright Verizon Media. Licensed under the terms of the Apache 2.0 license. See LICENSE in the project root. + +package com.yahoo.vespa.hosted.controller.maintenance; + +import com.yahoo.vespa.flags.BooleanFlag; +import com.yahoo.vespa.flags.FetchVector; +import com.yahoo.vespa.flags.Flags; +import com.yahoo.vespa.hosted.controller.Controller; +import com.yahoo.vespa.hosted.controller.tenant.Tenant; + +import java.time.Duration; +import java.util.stream.Collectors; + +public class TenantRoleMaintainer extends ControllerMaintainer { + + private final BooleanFlag provisionTenantRoles; + + public TenantRoleMaintainer(Controller controller, Duration tenantRoleMaintainer) { + super(controller, tenantRoleMaintainer); + provisionTenantRoles = Flags.PROVISION_TENANT_ROLES.bindTo(controller.flagSource()); + } + + @Override + protected boolean maintain() { + var roleService = controller().serviceRegistry().roleService(); + var tenants = controller().tenants().asList(); + var tenantsWithRoles = tenants.stream() + .map(Tenant::name) + // Only maintain a subset of the tenants + .filter(name -> provisionTenantRoles.with(FetchVector.Dimension.TENANT_ID, name.value()).value()) + .collect(Collectors.toList()); + roleService.maintainRoles(tenantsWithRoles); + return true; + } +} |