Merge pull request #8717 from vespa-engine/mpolden/audit-log-pinning

Log pin actions to audit log
author: Martin Polden <mpolden@mpolden.no> 2019-03-11 09:33:42 +0100
committer: GitHub <noreply@github.com> 2019-03-11 09:33:42 +0100
commit: 2b7cd4abc2e41da915901445a2c2adaec4cadf14 (patch)
tree: d30861e603bb74d973855253104a4511ffd0bbcd
parent: 85903430ed0e23ad251b82a9afad1fc6ed5ee2ef (diff)
parent: 196003f29d2960163a9d1228523f5e08cb6430b6 (diff)
4 files changed, 18 insertions, 12 deletions
diff --git a/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/organization/MockContactRetriever.java b/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/organization/MockContactRetriever.java
index 55bad0b77ac..7fbd1a955a1 100644
--- a/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/organization/MockContactRetriever.java
+++ b/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/organization/MockContactRetriever.java
@@ -17,8 +17,6 @@ public class MockContactRetriever extends AbstractComponent implements ContactRe
 
     private final Map<PropertyId, Contact> contacts = new HashMap<>();
 
-
-
     @Override
     public Contact getContact(Optional<PropertyId> propertyId) {
         return contacts.getOrDefault(propertyId.get(), contact());
@@ -28,7 +26,6 @@ public class MockContactRetriever extends AbstractComponent implements ContactRe
         contacts.put(propertyId, contact);
     }
 
-
     public Contact contact() {
         return new Contact(URI.create("contacts.tld"), URI.create("properties.tld"), URI.create("issues.tld"), Collections.emptyList(), "queue", Optional.of("component"));
     }
diff --git a/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/maintenance/ContactInformationMaintainer.java b/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/maintenance/ContactInformationMaintainer.java
index 8bffa455b7e..a02f28e371d 100644
--- a/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/maintenance/ContactInformationMaintainer.java
+++ b/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/maintenance/ContactInformationMaintainer.java
@@ -36,10 +36,13 @@ public class ContactInformationMaintainer extends Maintainer {
     @Override
     protected void maintain() {
         for (Tenant tenant : controller().tenants().asList()) {
-            try{
-            Optional<PropertyId> tenantPropertyId = tenant instanceof AthenzTenant ? ((AthenzTenant) tenant).propertyId() : Optional.empty();
-            Contact contact = contactRetriever.getContact(tenantPropertyId);
-            controller().tenants().lockIfPresent(tenant.name(), lockedTenant -> controller().tenants().store(lockedTenant.with(contact)));
+            try {
+                Optional<PropertyId> tenantPropertyId = Optional.empty();
+                if (tenant instanceof AthenzTenant) {
+                    tenantPropertyId = ((AthenzTenant) tenant).propertyId();
+                }
+                Contact contact = contactRetriever.getContact(tenantPropertyId);
+                controller().tenants().lockIfPresent(tenant.name(), lockedTenant -> controller().tenants().store(lockedTenant.with(contact)));
             } catch (Exception e) {
                 log.log(LogLevel.WARNING, "Failed to update contact information for " + tenant + ": " +
                                           Exceptions.toMessageString(e) + ". Retrying in " +
diff --git a/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/restapi/application/ApplicationApiHandler.java b/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/restapi/application/ApplicationApiHandler.java
index 6b5ffc23f0a..6fc5cc645e8 100644
--- a/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/restapi/application/ApplicationApiHandler.java
+++ b/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/restapi/application/ApplicationApiHandler.java
@@ -206,9 +206,9 @@ public class ApplicationApiHandler extends LoggingRequestHandler {
         if (path.matches("/application/v4/tenant/{tenant}")) return createTenant(path.get("tenant"), request);
         if (path.matches("/application/v4/tenant/{tenant}/application/{application}")) return createApplication(path.get("tenant"), path.get("application"), request);
         if (path.matches("/application/v4/tenant/{tenant}/application/{application}/promote")) return promoteApplication(path.get("tenant"), path.get("application"), request);
-        if (path.matches("/application/v4/tenant/{tenant}/application/{application}/deploying/platform")) return deployPlatform(path.get("tenant"), path.get("application"), readToString(request.getData()), false);
-        if (path.matches("/application/v4/tenant/{tenant}/application/{application}/deploying/pin")) return deployPlatform(path.get("tenant"), path.get("application"), readToString(request.getData()), true);
-        if (path.matches("/application/v4/tenant/{tenant}/application/{application}/deploying/application")) return deployApplication(path.get("tenant"), path.get("application"));
+        if (path.matches("/application/v4/tenant/{tenant}/application/{application}/deploying/platform")) return deployPlatform(path.get("tenant"), path.get("application"), false, request);
+        if (path.matches("/application/v4/tenant/{tenant}/application/{application}/deploying/pin")) return deployPlatform(path.get("tenant"), path.get("application"), true, request);
+        if (path.matches("/application/v4/tenant/{tenant}/application/{application}/deploying/application")) return deployApplication(path.get("tenant"), path.get("application"), request);
         if (path.matches("/application/v4/tenant/{tenant}/application/{application}/jobreport")) return notifyJobCompletion(path.get("tenant"), path.get("application"), request);
         if (path.matches("/application/v4/tenant/{tenant}/application/{application}/submit")) return submit(path.get("tenant"), path.get("application"), request);
         if (path.matches("/application/v4/tenant/{tenant}/application/{application}/instance/{instance}/job/{jobtype}")) return trigger(appIdFromPath(path), jobTypeFromPath(path), request);
@@ -803,7 +803,9 @@ public class ApplicationApiHandler extends LoggingRequestHandler {
     }
 
     /** Trigger deployment of the given Vespa version if a valid one is given, e.g., "7.8.9". */
-    private HttpResponse deployPlatform(String tenantName, String applicationName, String versionString, boolean pin) {
+    private HttpResponse deployPlatform(String tenantName, String applicationName, boolean pin, HttpRequest request) {
+        request = controller.auditLogger().log(request);
+        String versionString = readToString(request.getData());
         ApplicationId id = ApplicationId.from(tenantName, applicationName, "default");
         StringBuilder response = new StringBuilder();
         controller.applications().lockOrThrow(id, application -> {
@@ -829,7 +831,8 @@ public class ApplicationApiHandler extends LoggingRequestHandler {
     }
 
     /** Trigger deployment to the last known application package for the given application. */
-    private HttpResponse deployApplication(String tenantName, String applicationName) {
+    private HttpResponse deployApplication(String tenantName, String applicationName, HttpRequest request) {
+        controller.auditLogger().log(request);
         ApplicationId id = ApplicationId.from(tenantName, applicationName, "default");
         StringBuilder response = new StringBuilder();
         controller.applications().lockOrThrow(id, application -> {
diff --git a/controller-server/src/test/java/com/yahoo/vespa/hosted/controller/restapi/application/ApplicationApiTest.java b/controller-server/src/test/java/com/yahoo/vespa/hosted/controller/restapi/application/ApplicationApiTest.java
index 2cdc124a88c..c0c2d4043d9 100644
--- a/controller-server/src/test/java/com/yahoo/vespa/hosted/controller/restapi/application/ApplicationApiTest.java
+++ b/controller-server/src/test/java/com/yahoo/vespa/hosted/controller/restapi/application/ApplicationApiTest.java
@@ -400,6 +400,9 @@ public class ApplicationApiTest extends ControllerContainerTest {
                                       .userIdentity(USER_ID)
                                       .data("6.1.0"),
                               "{\"message\":\"Triggered pin to 6.1 for tenant1.application1\"}");
+        assertTrue("Action is logged to audit log",
+                   tester.controller().auditLogger().readLog().entries().stream()
+                         .anyMatch(entry -> entry.resource().equals("/application/v4/tenant/tenant1/application/application1/deploying/pin")));
         tester.assertResponse(request("/application/v4/tenant/tenant1/application/application1/deploying", GET)
                                       .userIdentity(USER_ID), "{\"platform\":\"6.1\",\"pinned\":true}");
         tester.assertResponse(request("/application/v4/tenant/tenant1/application/application1/deploying/pin", GET)
author	Martin Polden <mpolden@mpolden.no>	2019-03-11 09:33:42 +0100
committer	GitHub <noreply@github.com>	2019-03-11 09:33:42 +0100
commit	2b7cd4abc2e41da915901445a2c2adaec4cadf14 (patch)
tree	d30861e603bb74d973855253104a4511ffd0bbcd
parent	85903430ed0e23ad251b82a9afad1fc6ed5ee2ef (diff)
parent	196003f29d2960163a9d1228523f5e08cb6430b6 (diff)