diff options
author | Andreas Eriksen <andreer@verizonmedia.com> | 2020-06-18 14:13:22 +0200 |
---|---|---|
committer | GitHub <noreply@github.com> | 2020-06-18 14:13:22 +0200 |
commit | 512746391260dab84c48e7b4965719b8a8b6410b (patch) | |
tree | 1943d1ce3b349e718891fa90391b58bfab1ef1c1 | |
parent | 7325caa84077a27f8ff8e1efe022498a1c900e4d (diff) |
allow users to delete trial tenants (#13625)
* move classes to open-source repo
* add PlanController to ServiceRegistry
* allow tenant administrators to delete tenants if on trial plan
8 files changed, 128 insertions, 2 deletions
diff --git a/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/ServiceRegistry.java b/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/ServiceRegistry.java index 222910d5bc6..0b5f2538892 100644 --- a/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/ServiceRegistry.java +++ b/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/ServiceRegistry.java @@ -4,6 +4,7 @@ package com.yahoo.vespa.hosted.controller.api.integration; import com.yahoo.vespa.hosted.controller.api.integration.aws.ApplicationRoleService; import com.yahoo.vespa.hosted.controller.api.integration.aws.AwsEventFetcher; import com.yahoo.vespa.hosted.controller.api.integration.aws.ResourceTagger; +import com.yahoo.vespa.hosted.controller.api.integration.billing.PlanController; import com.yahoo.vespa.hosted.controller.api.integration.certificates.EndpointCertificateProvider; import com.yahoo.vespa.hosted.controller.api.integration.configserver.ConfigServer; import com.yahoo.vespa.hosted.controller.api.integration.deployment.ApplicationStore; @@ -76,4 +77,6 @@ public interface ServiceRegistry { SystemMonitor systemMonitor(); + PlanController planController(); + } diff --git a/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/billing/CostCalculator.java b/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/billing/CostCalculator.java new file mode 100644 index 00000000000..628beec8450 --- /dev/null +++ b/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/billing/CostCalculator.java @@ -0,0 +1,19 @@ +// Copyright Verizon Media. Licensed under the terms of the Apache 2.0 license. See LICENSE in the project root. +package com.yahoo.vespa.hosted.controller.api.integration.billing; + +import com.yahoo.config.provision.NodeResources; +import com.yahoo.vespa.hosted.controller.api.integration.resource.CostInfo; + + +/** + * @author ogronnesby + */ +public interface CostCalculator { + + /** Calculate the cost for the given usage */ + CostInfo calculate(ResourceUsage usage); + + /** Estimate the cost for the given resources */ + double calculate(NodeResources resources); + +} diff --git a/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/billing/Plan.java b/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/billing/Plan.java new file mode 100644 index 00000000000..75a88136c45 --- /dev/null +++ b/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/billing/Plan.java @@ -0,0 +1,23 @@ +// Copyright Verizon Media. Licensed under the terms of the Apache 2.0 license. See LICENSE in the project root. +package com.yahoo.vespa.hosted.controller.api.integration.billing; + +/** + * A Plan decides two different things: + * + * - How to map from usage to a sum of money that is owed. + * - Limits on how much resources can be used. + * + * @author ogronnesby + */ +public interface Plan { + + /** The ID of the plan as used in APIs and storage systems */ + String id(); + + /** The calculator used to calculate a bill for usage */ + CostCalculator calculator(); + + /** The quota limits associated with the plan */ + Object quota(); + +} diff --git a/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/billing/PlanController.java b/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/billing/PlanController.java new file mode 100644 index 00000000000..f13c251d212 --- /dev/null +++ b/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/billing/PlanController.java @@ -0,0 +1,10 @@ +// Copyright Verizon Media. Licensed under the terms of the Apache 2.0 license. See LICENSE in the project root. +package com.yahoo.vespa.hosted.controller.api.integration.billing; + +import com.yahoo.config.provision.TenantName; + +public interface PlanController { + + Plan getPlan(TenantName tenant); + +}
\ No newline at end of file diff --git a/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/billing/ResourceUsage.java b/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/billing/ResourceUsage.java new file mode 100644 index 00000000000..cbfd2b6ff50 --- /dev/null +++ b/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/billing/ResourceUsage.java @@ -0,0 +1,54 @@ +// Copyright Verizon Media. Licensed under the terms of the Apache 2.0 license. See LICENSE in the project root. +package com.yahoo.vespa.hosted.controller.api.integration.billing; + +import com.yahoo.config.provision.ApplicationId; +import com.yahoo.config.provision.zone.ZoneId; + +import java.math.BigDecimal; + +/** + * @author olaa + */ +public class ResourceUsage { + + private final ApplicationId applicationId; + private final ZoneId zoneId; + private final Plan plan; + private final BigDecimal cpuMillis; + private final BigDecimal memoryMillis; + private final BigDecimal diskMillis; + + public ResourceUsage(ApplicationId applicationId, ZoneId zoneId, Plan plan, + BigDecimal cpuMillis, BigDecimal memoryMillis, BigDecimal diskMillis) { + this.applicationId = applicationId; + this.zoneId = zoneId; + this.cpuMillis = cpuMillis; + this.memoryMillis = memoryMillis; + this.diskMillis = diskMillis; + this.plan = plan; + } + + public ApplicationId getApplicationId() { + return applicationId; + } + + public ZoneId getZoneId() { + return zoneId; + } + + public BigDecimal getCpuMillis() { + return cpuMillis; + } + + public BigDecimal getMemoryMillis() { + return memoryMillis; + } + + public BigDecimal getDiskMillis() { + return diskMillis; + } + + public Plan getPlan() { + return plan; + } +} diff --git a/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/role/RoleDefinition.java b/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/role/RoleDefinition.java index bf5ba4001fa..b9d534019db 100644 --- a/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/role/RoleDefinition.java +++ b/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/role/RoleDefinition.java @@ -61,6 +61,7 @@ public enum RoleDefinition { /** Admin — the administrative function for user management etc. */ administrator(Policy.tenantUpdate, Policy.tenantManager, + Policy.tenantDelete, Policy.applicationManager, Policy.paymentInstrumentRead, Policy.paymentInstrumentUpdate, diff --git a/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/security/CloudAccessControl.java b/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/security/CloudAccessControl.java index dc3dbabcc07..bd0143ef879 100644 --- a/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/security/CloudAccessControl.java +++ b/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/security/CloudAccessControl.java @@ -8,6 +8,8 @@ import com.yahoo.vespa.flags.FetchVector; import com.yahoo.vespa.flags.FlagSource; import com.yahoo.vespa.flags.Flags; import com.yahoo.vespa.hosted.controller.Application; +import com.yahoo.vespa.hosted.controller.api.integration.ServiceRegistry; +import com.yahoo.vespa.hosted.controller.api.integration.billing.PlanController; import com.yahoo.vespa.hosted.controller.api.integration.organization.BillingInfo; import com.yahoo.vespa.hosted.controller.api.integration.user.Roles; import com.yahoo.vespa.hosted.controller.api.integration.user.UserId; @@ -34,11 +36,13 @@ public class CloudAccessControl implements AccessControl { private final UserManagement userManagement; private final BooleanFlag enablePublicSignup; + private final PlanController planController; @Inject - public CloudAccessControl(UserManagement userManagement, FlagSource flagSource) { + public CloudAccessControl(UserManagement userManagement, FlagSource flagSource, ServiceRegistry serviceRegistry) { this.userManagement = userManagement; this.enablePublicSignup = Flags.ENABLE_PUBLIC_SIGNUP_FLOW.bindTo(flagSource); + planController = serviceRegistry.planController(); } @Override @@ -97,12 +101,17 @@ public class CloudAccessControl implements AccessControl { @Override public void deleteTenant(TenantName tenant, Credentials credentials) { - // TODO: allow only if 0 resources, 0 balance + if(!(allowedByPrivilegedRole((Auth0Credentials) credentials) || isTrial(tenant))) + throw new ForbiddenException("Please contact the Vespa team for assistance in deleting non-trial tenants"); for (TenantRole role : Roles.tenantRoles(tenant)) userManagement.deleteRole(role); } + private boolean isTrial(TenantName tenant) { + return planController.getPlan(tenant).id().equals("trial"); + } + @Override public void createApplication(TenantAndApplicationId id, Credentials credentials) { for (Role role : Roles.applicationRoles(id.tenant(), id.application())) diff --git a/controller-server/src/test/java/com/yahoo/vespa/hosted/controller/integration/ServiceRegistryMock.java b/controller-server/src/test/java/com/yahoo/vespa/hosted/controller/integration/ServiceRegistryMock.java index 4f81e443d9c..b7e7c9814e3 100644 --- a/controller-server/src/test/java/com/yahoo/vespa/hosted/controller/integration/ServiceRegistryMock.java +++ b/controller-server/src/test/java/com/yahoo/vespa/hosted/controller/integration/ServiceRegistryMock.java @@ -12,6 +12,7 @@ import com.yahoo.vespa.hosted.controller.api.integration.aws.MockAwsEventFetcher import com.yahoo.vespa.hosted.controller.api.integration.aws.MockResourceTagger; import com.yahoo.vespa.hosted.controller.api.integration.aws.NoopApplicationRoleService; import com.yahoo.vespa.hosted.controller.api.integration.aws.ResourceTagger; +import com.yahoo.vespa.hosted.controller.api.integration.billing.PlanController; import com.yahoo.vespa.hosted.controller.api.integration.certificates.EndpointCertificateMock; import com.yahoo.vespa.hosted.controller.api.integration.configserver.ConfigServer; import com.yahoo.vespa.hosted.controller.api.integration.dns.MemoryNameService; @@ -59,6 +60,7 @@ public class ServiceRegistryMock extends AbstractComponent implements ServiceReg private final MockRunDataStore mockRunDataStore = new MockRunDataStore(); private final MockResourceTagger mockResourceTagger = new MockResourceTagger(); private final ApplicationRoleService applicationRoleService = new NoopApplicationRoleService(); + private final PlanController planController = (tenantName) -> null; public ServiceRegistryMock(SystemName system) { this.zoneRegistryMock = new ZoneRegistryMock(system); @@ -201,4 +203,9 @@ public class ServiceRegistryMock extends AbstractComponent implements ServiceReg return endpointCertificateMock; } + @Override + public PlanController planController() { + return planController; + } + } |