diff options
| author | Valerij Fredriksen <freva@users.noreply.github.com> | 2022-12-09 17:04:31 +0100 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2022-12-09 17:04:31 +0100 |
| commit | bb5ee0c17ffaebe047eb8aea528322b8e22c56f7 (patch) | |
| tree | e86d8397b38c421700ccc8d6af4cd73e4dfaa906 | |
| parent | 52288cca283f675435a74e1273a3eca165c2127d (diff) | |
| parent | e85735fa57e9e0bd6f9b131875f03a5a5eb77914 (diff) | |
Merge pull request #25192 from vespa-engine/freva/access-to-yum-mirror
Limit EnclaveAccessMaintainer to PublicCD
3 files changed, 10 insertions, 6 deletions
diff --git a/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/aws/EnclaveAccessService.java b/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/aws/EnclaveAccessService.java index 52e8ba5adf8..9ce2ae0a6fc 100644 --- a/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/aws/EnclaveAccessService.java +++ b/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/aws/EnclaveAccessService.java @@ -9,7 +9,10 @@ import java.util.Set; */ public interface EnclaveAccessService { - /** Ensures the given enclave accounts have access to resources they require to function. */ - void allowAccessFor(Set<CloudAccount> accounts); + /** + * Ensures the given enclave accounts have access to resources they require to function. + * @return the degree to which the run was successful - a number between 0 (no success), to 1 (complete success) + */ + double allowAccessFor(Set<CloudAccount> accounts); } diff --git a/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/aws/MockEnclaveAccessService.java b/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/aws/MockEnclaveAccessService.java index 81163404007..1cfc05bba7e 100644 --- a/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/aws/MockEnclaveAccessService.java +++ b/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/aws/MockEnclaveAccessService.java @@ -15,8 +15,9 @@ public class MockEnclaveAccessService implements EnclaveAccessService { public Set<CloudAccount> currentAccounts() { return currentAccounts; } @Override - public void allowAccessFor(Set<CloudAccount> accounts) { + public double allowAccessFor(Set<CloudAccount> accounts) { currentAccounts = new TreeSet<>(accounts); + return 1; } } diff --git a/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/maintenance/EnclaveAccessMaintainer.java b/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/maintenance/EnclaveAccessMaintainer.java index d9576f4e176..bce4abcb14b 100644 --- a/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/maintenance/EnclaveAccessMaintainer.java +++ b/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/maintenance/EnclaveAccessMaintainer.java @@ -1,6 +1,7 @@ package com.yahoo.vespa.hosted.controller.maintenance; import com.yahoo.config.provision.CloudAccount; +import com.yahoo.config.provision.SystemName; import com.yahoo.vespa.hosted.controller.Controller; import com.yahoo.vespa.hosted.controller.tenant.Tenant; @@ -16,14 +17,13 @@ public class EnclaveAccessMaintainer extends ControllerMaintainer { private static final Logger logger = Logger.getLogger(EnclaveAccessMaintainer.class.getName()); EnclaveAccessMaintainer(Controller controller, Duration interval) { - super(controller, interval); + super(controller, interval, null, Set.of(SystemName.PublicCd)); } @Override protected double maintain() { try { - controller().serviceRegistry().enclaveAccessService().allowAccessFor(externalAccounts()); - return 1; + return controller().serviceRegistry().enclaveAccessService().allowAccessFor(externalAccounts()); } catch (RuntimeException e) { logger.log(WARNING, "Failed sharing AMIs", e); |