Set up GCP container identities for enclaves

author: jonmv <venstad@gmail.com> 2023-06-30 17:12:11 +0200
committer: jonmv <venstad@gmail.com> 2023-06-30 17:12:11 +0200
commit: 8aa5007433b8512cfba31825f83be01ca25bc928 (patch)
tree: 5453536900977513917183137054e1609a1be893
parent: 8ff5c45ca2429ed8fb5cdb252043af97e6e89d99 (diff)
2 files changed, 69 insertions, 3 deletions
diff --git a/config-provisioning/src/main/java/com/yahoo/config/provision/CloudAccount.java b/config-provisioning/src/main/java/com/yahoo/config/provision/CloudAccount.java
index 91da7866603..cb52ece16a7 100644
--- a/config-provisioning/src/main/java/com/yahoo/config/provision/CloudAccount.java
+++ b/config-provisioning/src/main/java/com/yahoo/config/provision/CloudAccount.java
@@ -13,10 +13,10 @@ import java.util.stream.Collectors;
  */
 public class CloudAccount implements Comparable<CloudAccount> {
 
-    private record CloudMeta(String accountType, Pattern pattern) {
+    public record CloudMeta(String accountType, Pattern pattern) {
         private boolean matches(String account) { return pattern.matcher(account).matches(); }
     }
-    private static final Map<String, CloudMeta> META_BY_CLOUD = Map.of(
+    public static final Map<String, CloudMeta> META_BY_CLOUD = Map.of(
             "aws", new CloudMeta("Account ID", Pattern.compile("[0-9]{12}")),
             "gcp", new CloudMeta("Project ID", Pattern.compile("[a-z][a-z0-9-]{4,28}[a-z0-9]")));
 
diff --git a/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/athenz/AthenzDbMock.java b/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/athenz/AthenzDbMock.java
index 9a9c2af2d5d..820dc2ac573 100644
--- a/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/athenz/AthenzDbMock.java
+++ b/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/athenz/AthenzDbMock.java
@@ -96,6 +96,35 @@ public class AthenzDbMock {
         public boolean checkAccess(AthenzIdentity principal, String action, String resource) {
             return policies.values().stream().anyMatch(a -> a.matches(principal, action, resource));
         }
+
+        @Override
+        public boolean equals(Object o) {
+            if (this == o) return true;
+            if (o == null || getClass() != o.getClass()) return false;
+            Domain domain = (Domain) o;
+            return isVespaTenant == domain.isVespaTenant && Objects.equals(name, domain.name) && Objects.equals(admins, domain.admins) && Objects.equals(tenantAdmins, domain.tenantAdmins) && Objects.equals(applications, domain.applications) && Objects.equals(services, domain.services) && Objects.equals(roles, domain.roles) && Objects.equals(policies, domain.policies) && Objects.equals(attributes, domain.attributes);
+        }
+
+        @Override
+        public int hashCode() {
+            return Objects.hash(name, admins, tenantAdmins, applications, services, roles, policies, isVespaTenant, attributes);
+        }
+
+        @Override
+        public String toString() {
+            return "Domain{" +
+                   "name=" + name +
+                   ", admins=" + admins +
+                   ", tenantAdmins=" + tenantAdmins +
+                   ", applications=" + applications +
+                   ", services=" + services +
+                   ", roles=" + roles +
+                   ", policies=" + policies +
+                   ", isVespaTenant=" + isVespaTenant +
+                   ", attributes=" + attributes +
+                   '}';
+        }
+
     }
 
     public static class Application {
@@ -121,11 +150,30 @@ public class AthenzDbMock {
         public Service(boolean allowLaunch) {
             this.allowLaunch = allowLaunch;
         }
+
+        @Override
+        public boolean equals(Object o) {
+            if (this == o) return true;
+            if (o == null || getClass() != o.getClass()) return false;
+            Service service = (Service) o;
+            return allowLaunch == service.allowLaunch;
+        }
+
+        @Override
+        public int hashCode() {
+            return Objects.hash(allowLaunch);
+        }
+
+        @Override
+        public String toString() {
+            return allowLaunch ? "allowed" : "denied";
+        }
+
     }
 
     public static class Policy {
         private final String name;
-        final List<Assertion> assertions = new ArrayList<>();
+        public final List<Assertion> assertions = new ArrayList<>();
 
         public Policy(String name, String principal, String action, String resource) {
             this(name);
@@ -158,6 +206,12 @@ public class AthenzDbMock {
         public int hashCode() {
             return Objects.hash(name, assertions);
         }
+
+        @Override
+        public String toString() {
+            return name + ": " + assertions;
+        }
+
     }
 
     public static class Assertion {
@@ -203,6 +257,12 @@ public class AthenzDbMock {
         public int hashCode() {
             return Objects.hash(effect, role, action, resource);
         }
+
+        @Override
+        public String toString() {
+            return asString();
+        }
+
     }
 
     public static class Role {
@@ -228,5 +288,11 @@ public class AthenzDbMock {
         public int hashCode() {
             return Objects.hash(name);
         }
+
+        @Override
+        public String toString() {
+            return name;
+        }
+
     }
 }
author	jonmv <venstad@gmail.com>	2023-06-30 17:12:11 +0200
committer	jonmv <venstad@gmail.com>	2023-06-30 17:12:11 +0200
commit	8aa5007433b8512cfba31825f83be01ca25bc928 (patch)
tree	5453536900977513917183137054e1609a1be893
parent	8ff5c45ca2429ed8fb5cdb252043af97e6e89d99 (diff)