Add flag for controlling presence of legacy endpoints

author: Martin Polden <mpolden@mpolden.no> 2023-09-29 13:58:54 +0200
committer: Martin Polden <mpolden@mpolden.no> 2023-09-29 14:02:22 +0200
commit: 75d04deb315883c308e3a2b42cf41513e1f4ace3 (patch)
tree: 00b9546635435610d225b338f89cf2643a430251
parent: baec2cce6cd62f6bd42f09c2ebe4a9dcdd921cb3 (diff)
3 files changed, 61 insertions, 7 deletions
diff --git a/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/RoutingController.java b/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/RoutingController.java
index 8231040f7d8..b1ffce65852 100644
--- a/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/RoutingController.java
+++ b/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/RoutingController.java
@@ -82,7 +82,8 @@ public class RoutingController {
     private final Controller controller;
     private final RoutingPolicies routingPolicies;
     private final RotationRepository rotationRepository;
-    private final BooleanFlag randomizedEndpoints;
+    private final BooleanFlag generatedEndpoints;
+    private final BooleanFlag legacyEndpoints;
 
     public RoutingController(Controller controller, RotationsConfig rotationsConfig) {
         this.controller = Objects.requireNonNull(controller, "controller must be non-null");
@@ -90,7 +91,8 @@ public class RoutingController {
         this.rotationRepository = new RotationRepository(Objects.requireNonNull(rotationsConfig, "rotationsConfig must be non-null"),
                                                          controller.applications(),
                                                          controller.curator());
-        this.randomizedEndpoints = Flags.RANDOMIZED_ENDPOINT_NAMES.bindTo(controller.flagSource());
+        this.generatedEndpoints = Flags.RANDOMIZED_ENDPOINT_NAMES.bindTo(controller.flagSource());
+        this.legacyEndpoints = Flags.LEGACY_ENDPOINTS.bindTo(controller.flagSource());
     }
 
     /** Create a routing context for given deployment */
@@ -235,7 +237,7 @@ public class RoutingController {
                 }
             }
         }
-        return EndpointList.copyOf(endpoints);
+        return filterEndpoints(deployment.applicationId(), EndpointList.copyOf(endpoints));
     }
 
     /** Read routing policies and return zone- and region-scoped endpoints for given deployment */
@@ -269,7 +271,7 @@ public class RoutingController {
                 endpoints.add(builder.generatedFrom(ge).authMethod(ge.authMethod()).in(controller.system()));
             }
         }
-        return EndpointList.copyOf(endpoints);
+        return filterEndpoints(routingId.instance(), EndpointList.copyOf(endpoints));
     }
 
     /** Returns application endpoints pointing to given deployments */
@@ -425,6 +427,13 @@ public class RoutingController {
                                                                        Optional.of(application.id())));
     }
 
+    private EndpointList filterEndpoints(ApplicationId instance, EndpointList endpoints) {
+        if (generatedEndpointsEnabled(instance) && !legacyEndpointsEnabled(instance)) {
+            return endpoints.generated();
+        }
+        return endpoints;
+    }
+
     private void registerRotationEndpointsInDns(PreparedEndpoints prepared) {
         TenantAndApplicationId owner = TenantAndApplicationId.from(prepared.deployment().applicationId());
         EndpointList globalEndpoints = prepared.endpoints().scope(Scope.global);
@@ -542,8 +551,17 @@ public class RoutingController {
     }
 
     public boolean generatedEndpointsEnabled(ApplicationId instance) {
-        return randomizedEndpoints.with(FetchVector.Dimension.INSTANCE_ID, instance.serializedForm())
-                                  .with(FetchVector.Dimension.TENANT_ID, instance.tenant().value()).value();
+        return generatedEndpoints.with(FetchVector.Dimension.INSTANCE_ID, instance.serializedForm())
+                                 .with(FetchVector.Dimension.TENANT_ID, instance.tenant().value())
+                                 .with(FetchVector.Dimension.APPLICATION_ID, TenantAndApplicationId.from(instance).serialized())
+                                 .value();
+    }
+
+    public boolean legacyEndpointsEnabled(ApplicationId instance) {
+        return legacyEndpoints.with(FetchVector.Dimension.INSTANCE_ID, instance.serializedForm())
+                              .with(FetchVector.Dimension.TENANT_ID, instance.tenant().value())
+                              .with(FetchVector.Dimension.APPLICATION_ID, TenantAndApplicationId.from(instance).serialized())
+                              .value();
     }
 
     private static void requireGeneratedEndpoints(GeneratedEndpointList generatedEndpoints, boolean declared) {
diff --git a/controller-server/src/test/java/com/yahoo/vespa/hosted/controller/routing/RoutingPoliciesTest.java b/controller-server/src/test/java/com/yahoo/vespa/hosted/controller/routing/RoutingPoliciesTest.java
index 37feb319a7a..b2b34441219 100644
--- a/controller-server/src/test/java/com/yahoo/vespa/hosted/controller/routing/RoutingPoliciesTest.java
+++ b/controller-server/src/test/java/com/yahoo/vespa/hosted/controller/routing/RoutingPoliciesTest.java
@@ -1181,6 +1181,35 @@ public class RoutingPoliciesTest {
     }
 
     @Test
+    public void generated_endpoints_only() {
+        var tester = new RoutingPoliciesTester(SystemName.Public);
+        var context = tester.newDeploymentContext("tenant1", "app1", "default");
+        tester.controllerTester().flagSource()
+              .withBooleanFlag(Flags.RANDOMIZED_ENDPOINT_NAMES.id(), true)
+              .withBooleanFlag(Flags.LEGACY_ENDPOINTS.id(), false);
+        addCertificateToPool("cafed00d", UnassignedCertificate.State.ready, tester);
+
+        // Deploy application
+        var zone1 = ZoneId.from("prod", "aws-us-east-1c");
+        ApplicationPackage applicationPackage = applicationPackageBuilder().region(zone1.region())
+                                                                           .container("c0", AuthMethod.mtls)
+                                                                           .endpoint("foo", "c0")
+                                                                           .build();
+        tester.provisionLoadBalancers(1, context.instanceId(), zone1);
+        // ConfigServerMock provisions a load balancer for the "default" cluster, but in this scenario we need full
+        // control over the load balancer name because "default" has no special treatment when using generated endpoints
+        tester.provisionLoadBalancers(1, context.instanceId(), ZoneId.from("test", "aws-us-east-2c"));
+        tester.provisionLoadBalancers(1, context.instanceId(), ZoneId.from("staging", "aws-us-east-3c"));
+        context.submit(applicationPackage).deferLoadBalancerProvisioningIn(Environment.test, Environment.staging, Environment.prod).deploy();
+        tester.assertTargets(context.instance().id(), EndpointId.of("foo"), ClusterSpec.Id.from("c0"),
+                             0, Map.of(zone1, 1L), true);
+        assertEquals(List.of("a9c8c045.cafed00d.g.vespa-app.cloud",
+                             "ebd395b6.cafed00d.z.vespa-app.cloud",
+                             "fcf1bd63.cafed00d.aws-us-east-1.w.vespa-app.cloud"),
+                     tester.recordNames());
+    }
+
+    @Test
     public void generated_endpoints_multi_instance() {
         var tester = new RoutingPoliciesTester(SystemName.Public);
         var context0 = tester.newDeploymentContext("tenant1", "app1", "default");
diff --git a/flags/src/main/java/com/yahoo/vespa/flags/Flags.java b/flags/src/main/java/com/yahoo/vespa/flags/Flags.java
index cb87e99d3fe..a5b38eac909 100644
--- a/flags/src/main/java/com/yahoo/vespa/flags/Flags.java
+++ b/flags/src/main/java/com/yahoo/vespa/flags/Flags.java
@@ -13,6 +13,7 @@ import java.util.Optional;
 import java.util.TreeMap;
 import java.util.function.Predicate;
 
+import static com.yahoo.vespa.flags.FetchVector.Dimension.APPLICATION_ID;
 import static com.yahoo.vespa.flags.FetchVector.Dimension.INSTANCE_ID;
 import static com.yahoo.vespa.flags.FetchVector.Dimension.CLOUD_ACCOUNT;
 import static com.yahoo.vespa.flags.FetchVector.Dimension.CLUSTER_ID;
@@ -312,7 +313,7 @@ public class Flags {
             "randomized-endpoint-names", false, List.of("andreer"), "2023-04-26", "2023-10-14",
             "Whether to use randomized endpoint names",
             "Takes effect on application deployment",
-            INSTANCE_ID);
+            INSTANCE_ID, APPLICATION_ID, TENANT_ID);
 
     public static final UnboundBooleanFlag ENABLE_THE_ONE_THAT_SHOULD_NOT_BE_NAMED = defineFeatureFlag(
             "enable-the-one-that-should-not-be-named", false, List.of("hmusum"), "2023-05-08", "2023-11-01",
@@ -415,6 +416,12 @@ public class Flags {
             "Takes effect at redeployment",
             INSTANCE_ID);
 
+    public static final UnboundBooleanFlag LEGACY_ENDPOINTS = defineFeatureFlag(
+            "legacy-endpoints", true, List.of("mpolden", "tokle"), "2023-09-29", "2024-03-01",
+            "Whether legacy (non-anonymized) endpoints should be created in DNS",
+            "Takes effect on redeployment through controller",
+            INSTANCE_ID, APPLICATION_ID, TENANT_ID);
+
     /** WARNING: public for testing: All flags should be defined in {@link Flags}. */
     public static UnboundBooleanFlag defineFeatureFlag(String flagId, boolean defaultValue, List<String> owners,
                                                        String createdAt, String expiresAt, String description,
author	Martin Polden <mpolden@mpolden.no>	2023-09-29 13:58:54 +0200
committer	Martin Polden <mpolden@mpolden.no>	2023-09-29 14:02:22 +0200
commit	75d04deb315883c308e3a2b42cf41513e1f4ace3 (patch)
tree	00b9546635435610d225b338f89cf2643a430251
parent	baec2cce6cd62f6bd42f09c2ebe4a9dcdd921cb3 (diff)