Merge pull request #10071 from vespa-engine/ogronnesby/athenz-domain-for-test-runner-config

Use security domain from ZoneRegistry in InternalStepRunner
author: Øyvind Grønnesby <oyving@verizonmedia.com> 2019-07-19 14:28:27 +0200
committer: GitHub <noreply@github.com> 2019-07-19 14:28:27 +0200
commit: 344f131dde68738a351f35afbdef504c995f6ca3 (patch)
tree: 228ef227b225524e31816ef45bdc4a1645bcde7b
parent: 4b04f0b6da1c27f7be90e2a87f29aad10d70d5b8 (diff)
parent: 8b372efe2a7347c24f7db6326d314e840362d070 (diff)
4 files changed, 16 insertions, 16 deletions
diff --git a/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/zone/ZoneRegistry.java b/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/zone/ZoneRegistry.java
index db9291cd651..475671181e3 100644
--- a/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/zone/ZoneRegistry.java
+++ b/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/zone/ZoneRegistry.java
@@ -2,6 +2,7 @@
 package com.yahoo.vespa.hosted.controller.api.integration.zone;
 
 import com.yahoo.config.provision.ApplicationId;
+import com.yahoo.config.provision.AthenzDomain;
 import com.yahoo.config.provision.CloudName;
 import com.yahoo.config.provision.Environment;
 import com.yahoo.config.provision.RegionName;
@@ -10,7 +11,6 @@ import com.yahoo.config.provision.zone.UpgradePolicy;
 import com.yahoo.config.provision.zone.ZoneFilter;
 import com.yahoo.config.provision.zone.ZoneId;
 import com.yahoo.vespa.athenz.api.AthenzIdentity;
-import com.yahoo.vespa.athenz.api.AthenzService;
 import com.yahoo.vespa.hosted.controller.api.identifiers.DeploymentId;
 import com.yahoo.vespa.hosted.controller.api.integration.deployment.RunId;
 
@@ -56,6 +56,9 @@ public interface ZoneRegistry {
     /** Return the configserver's Athenz service identity */
     AthenzIdentity getConfigServerAthenzIdentity(ZoneId zoneId);
 
+    /**  Return the system Athenz domain */
+    AthenzDomain accessControlDomain();
+
     /** Returns the Vespa upgrade policy to use for zones in this registry */
     UpgradePolicy upgradePolicy();
 
diff --git a/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/deployment/InternalStepRunner.java b/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/deployment/InternalStepRunner.java
index 45620c262cb..d2942d77b7a 100644
--- a/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/deployment/InternalStepRunner.java
+++ b/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/deployment/InternalStepRunner.java
@@ -12,7 +12,6 @@ import com.yahoo.config.provision.ApplicationId;
 import com.yahoo.config.provision.AthenzDomain;
 import com.yahoo.config.provision.AthenzService;
 import com.yahoo.config.provision.ClusterSpec;
-import com.yahoo.config.provision.SystemName;
 import com.yahoo.config.provision.zone.ZoneId;
 import com.yahoo.io.IOUtils;
 import com.yahoo.log.LogLevel;
@@ -587,7 +586,7 @@ public class InternalStepRunner implements StepRunner {
         ApplicationVersion version = controller.jobController().run(id).get().versions().targetApplication();
         DeploymentSpec spec = controller.applications().require(id.application()).deploymentSpec();
 
-        byte[] servicesXml = servicesXml(controller.system(), testerFlavorFor(id, spec));
+        byte[] servicesXml = servicesXml(controller.zoneRegistry().accessControlDomain(), testerFlavorFor(id, spec));
         byte[] testPackage = controller.applications().applicationStore().get(id.tester(), version);
 
         ZoneId zone = id.type().zone(controller.system());
@@ -619,9 +618,7 @@ public class InternalStepRunner implements StepRunner {
     }
 
     /** Returns the generated services.xml content for the tester application. */
-    static byte[] servicesXml(SystemName systemName, Optional<String> testerFlavor) {
-        String domain = systemName == SystemName.main ? "vespa.vespa" : "vespa.vespa.cd";
-
+    static byte[] servicesXml(AthenzDomain domain, Optional<String> testerFlavor) {
         String flavor = testerFlavor.orElse("d-1-4-50");
         int memoryGb = Integer.parseInt(flavor.split("-")[2]); // Memory available in tester container.
         int jdiscMemoryPercentage = (int) Math.ceil(200.0 / memoryGb); // 2Gb memory for tester application (excessive?).
@@ -646,7 +643,7 @@ public class InternalStepRunner implements StepRunner {
                 "        <http>\n" +
                 "            <server id='default' port='4080'/>\n" +
                 "            <filtering>\n" +
-                "                <access-control domain='" + domain + "'>\n" + // Set up dummy access control to pass validation :/
+                "                <access-control domain='" + domain.value() + "'>\n" + // Set up dummy access control to pass validation :/
                 "                    <exclude>\n" +
                 "                        <binding>http://*/tester/v1/*</binding>\n" +
                 "                    </exclude>\n" +
@@ -659,7 +656,7 @@ public class InternalStepRunner implements StepRunner {
                 "                        </config>\n" +
                 "                        <component id=\"com.yahoo.jdisc.http.filter.security.athenz.StaticRequestResourceMapper\" bundle=\"jdisc-security-filters\">\n" +
                 "                            <config name=\"jdisc.http.filter.security.athenz.static-request-resource-mapper\">\n" +
-                "                                <resourceName>" + domain + ":tester-application</resourceName>\n" +
+                "                                <resourceName>" + domain.value() + ":tester-application</resourceName>\n" +
                 "                                <action>deploy</action>\n" +
                 "                            </config>\n" +
                 "                        </component>\n" +
diff --git a/controller-server/src/test/java/com/yahoo/vespa/hosted/controller/deployment/InternalStepRunnerTest.java b/controller-server/src/test/java/com/yahoo/vespa/hosted/controller/deployment/InternalStepRunnerTest.java
index 095651df033..f8157680cfd 100644
--- a/controller-server/src/test/java/com/yahoo/vespa/hosted/controller/deployment/InternalStepRunnerTest.java
+++ b/controller-server/src/test/java/com/yahoo/vespa/hosted/controller/deployment/InternalStepRunnerTest.java
@@ -3,15 +3,12 @@ package com.yahoo.vespa.hosted.controller.deployment;
 
 import com.yahoo.component.Version;
 import com.yahoo.config.application.api.DeploymentSpec;
-import com.yahoo.config.provision.ApplicationId;
+import com.yahoo.config.provision.AthenzDomain;
 import com.yahoo.config.provision.ClusterSpec;
 import com.yahoo.config.provision.HostName;
-import com.yahoo.config.provision.SystemName;
 import com.yahoo.config.provision.zone.ZoneId;
 import com.yahoo.slime.ArrayTraverser;
 import com.yahoo.slime.Inspector;
-import com.yahoo.slime.JsonFormat;
-import com.yahoo.slime.ObjectTraverser;
 import com.yahoo.vespa.config.SlimeUtils;
 import com.yahoo.vespa.hosted.controller.api.application.v4.model.configserverbindings.ConfigChangeActions;
 import com.yahoo.vespa.hosted.controller.api.application.v4.model.configserverbindings.RefeedAction;
@@ -28,7 +25,6 @@ import com.yahoo.vespa.hosted.controller.application.RoutingPolicy;
 import org.junit.Before;
 import org.junit.Test;
 
-import java.io.ByteArrayOutputStream;
 import java.io.IOException;
 import java.io.UncheckedIOException;
 import java.net.URI;
@@ -38,7 +34,6 @@ import java.nio.file.Paths;
 import java.time.Duration;
 import java.util.Collections;
 import java.util.List;
-import java.util.Map;
 import java.util.Optional;
 import java.util.Set;
 import java.util.concurrent.Executors;
@@ -404,7 +399,7 @@ public class InternalStepRunnerTest {
 
     @Test
     public void generates_correct_services_xml_test() {
-        assertFile("test_runner_services.xml-cd", new String(InternalStepRunner.servicesXml(SystemName.cd, Optional.of("d-2-12-75"))));
+        assertFile("test_runner_services.xml-cd", new String(InternalStepRunner.servicesXml(AthenzDomain.from("vespa.vespa.cd"), Optional.of("d-2-12-75"))));
     }
 
     private void assertFile(String resourceName, String actualContent) {
diff --git a/controller-server/src/test/java/com/yahoo/vespa/hosted/controller/integration/ZoneRegistryMock.java b/controller-server/src/test/java/com/yahoo/vespa/hosted/controller/integration/ZoneRegistryMock.java
index f802a6af549..cff0f8da463 100644
--- a/controller-server/src/test/java/com/yahoo/vespa/hosted/controller/integration/ZoneRegistryMock.java
+++ b/controller-server/src/test/java/com/yahoo/vespa/hosted/controller/integration/ZoneRegistryMock.java
@@ -6,6 +6,7 @@ import com.google.inject.Inject;
 import com.yahoo.cloud.config.ConfigserverConfig;
 import com.yahoo.component.AbstractComponent;
 import com.yahoo.config.provision.ApplicationId;
+import com.yahoo.config.provision.AthenzDomain;
 import com.yahoo.config.provision.CloudName;
 import com.yahoo.config.provision.Environment;
 import com.yahoo.config.provision.RegionName;
@@ -27,7 +28,6 @@ import java.util.HashMap;
 import java.util.List;
 import java.util.Map;
 import java.util.Optional;
-import java.util.stream.Collectors;
 
 /**
  * @author mpolden
@@ -108,6 +108,11 @@ public class ZoneRegistryMock extends AbstractComponent implements ZoneRegistry
     }
 
     @Override
+    public AthenzDomain accessControlDomain() {
+        return AthenzDomain.from("vespadomain");
+    }
+
+    @Override
     public UpgradePolicy upgradePolicy() {
         return upgradePolicy;
     }
author	Øyvind Grønnesby <oyving@verizonmedia.com>	2019-07-19 14:28:27 +0200
committer	GitHub <noreply@github.com>	2019-07-19 14:28:27 +0200
commit	344f131dde68738a351f35afbdef504c995f6ca3 (patch)
tree	228ef227b225524e31816ef45bdc4a1645bcde7b
parent	4b04f0b6da1c27f7be90e2a87f29aad10d70d5b8 (diff)
parent	8b372efe2a7347c24f7db6326d314e840362d070 (diff)