diff options
author | Jon Marius Venstad <venstad@gmail.com> | 2021-01-11 09:24:42 +0100 |
---|---|---|
committer | Jon Marius Venstad <venstad@gmail.com> | 2021-01-11 09:24:42 +0100 |
commit | e8921cf5e953e0abef58ace4cbdbb1877130d274 (patch) | |
tree | 24f47da134a9da343dc964bdd488763e007d3ee8 | |
parent | 65d8b3d6e2a3a95a495e9b3096660e15581d1bed (diff) |
Add dev suspend requests to path group for dev deployments
2 files changed, 28 insertions, 10 deletions
diff --git a/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/role/PathGroup.java b/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/role/PathGroup.java index 2acf7c93925..12df0a5e0a7 100644 --- a/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/role/PathGroup.java +++ b/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/role/PathGroup.java @@ -169,8 +169,10 @@ enum PathGroup { "/application/v4/tenant/{tenant}/application/{application}/instance/{instance}/deploy/{job}", "/application/v4/tenant/{tenant}/application/{application}/instance/{instance}/environment/dev/region/{region}", "/application/v4/tenant/{tenant}/application/{application}/instance/{instance}/environment/dev/region/{region}/deploy", + "/application/v4/tenant/{tenant}/application/{application}/instance/{instance}/environment/dev/region/{region}/suspend", "/application/v4/tenant/{tenant}/application/{application}/instance/{instance}/environment/perf/region/{region}", "/application/v4/tenant/{tenant}/application/{application}/instance/{instance}/environment/perf/region/{region}/deploy", + "/application/v4/tenant/{tenant}/application/{application}/instance/{instance}/environment/perf/region/{region}/suspend", "/application/v4/tenant/{tenant}/application/{application}/environment/dev/region/{region}/instance/{instance}", "/application/v4/tenant/{tenant}/application/{application}/environment/dev/region/{region}/instance/{instance}/deploy", "/application/v4/tenant/{tenant}/application/{application}/environment/perf/region/{region}/instance/{instance}", diff --git a/controller-server/src/test/java/com/yahoo/vespa/hosted/controller/restapi/application/ApplicationApiTest.java b/controller-server/src/test/java/com/yahoo/vespa/hosted/controller/restapi/application/ApplicationApiTest.java index 3d1375601ad..d9234c9a28e 100644 --- a/controller-server/src/test/java/com/yahoo/vespa/hosted/controller/restapi/application/ApplicationApiTest.java +++ b/controller-server/src/test/java/com/yahoo/vespa/hosted/controller/restapi/application/ApplicationApiTest.java @@ -113,6 +113,7 @@ public class ApplicationApiTest extends ControllerContainerTest { "z/4jKSTHwbYR8wdsOSrJGVEUPbS2nguIJ64OJH7gFnxM6sxUVj+Nm2HlXw==\n" + "-----END PUBLIC KEY-----\n"; private static final String quotedPemPublicKey = pemPublicKey.replaceAll("\\n", "\\\\n"); + private static final String accessDenied = "{\n \"code\" : 403,\n \"message\" : \"Access denied\"\n}"; private static final ApplicationPackage applicationPackageDefault = new ApplicationPackageBuilder() .instances("default") @@ -262,13 +263,13 @@ public class ApplicationApiTest extends ControllerContainerTest { tester.assertResponse(request("/application/v4/tenant/tenant1/application/application1/instance/otheruser/deploy/dev-us-east-1", POST) .userIdentity(OTHER_USER_ID) .data(createApplicationDeployData(applicationPackageInstance1, false)), - "{\n \"code\" : 403,\n \"message\" : \"Access denied\"\n}", + accessDenied, 403); // DELETE a dev deployment is not generally allowed under user instance tester.assertResponse(request("/application/v4/tenant/tenant1/application/application1/instance/otheruser/environment/dev/region/us-east-1", DELETE) .userIdentity(OTHER_USER_ID), - "{\n \"code\" : 403,\n \"message\" : \"Access denied\"\n}", + accessDenied, 403); // When the user is a tenant admin, user instances are allowed. @@ -648,6 +649,21 @@ public class ApplicationApiTest extends ControllerContainerTest { .screwdriverIdentity(SCREWDRIVER_ID), "{\"message\":\"Requested restart of tenant1.application1.instance1 in prod.us-central-1\"}", 200); + // POST a 'suspend application' in dev environment + tester.assertResponse(request("/application/v4/tenant/tenant1/application/application1/instance/instance1/environment/dev/region/us-east-1/suspend", POST) + .userIdentity(USER_ID), + "{\"message\":\"Suspended orchestration of tenant1.application1.instance1 in dev.us-east-1\"}"); + + // POST a 'resume application' in dev environment + tester.assertResponse(request("/application/v4/tenant/tenant1/application/application1/instance/instance1/environment/dev/region/us-east-1/suspend", DELETE) + .userIdentity(USER_ID), + "{\"message\":\"Resumed orchestration of tenant1.application1.instance1 in dev.us-east-1\"}"); + + // POST a 'suspend application' in prod environment fails + tester.assertResponse(request("/application/v4/tenant/tenant1/application/application1/instance/instance1/environment/prod/region/us-east-3/suspend", POST) + .userIdentity(USER_ID), + accessDenied, 403); + // GET suspended tester.assertResponse(request("/application/v4/tenant/tenant1/application/application1/environment/prod/region/us-central-1/instance/instance1/suspended", GET) .userIdentity(USER_ID), @@ -1060,7 +1076,7 @@ public class ApplicationApiTest extends ControllerContainerTest { .userIdentity(USER_ID) .oktaAccessToken(OKTA_AT).oktaIdentityToken(OKTA_IT) .data("{\"athensDomain\":\"domain1\", \"property\":\"property1\"}"), - "{\n \"code\" : 403,\n \"message\" : \"Access denied\"\n}", + accessDenied, 403); // GET non-existing tenant @@ -1216,7 +1232,7 @@ public class ApplicationApiTest extends ControllerContainerTest { // DELETE tenant again returns 403 as tenant access cannot be determined when the tenant does not exist tester.assertResponse(request("/application/v4/tenant/tenant1", DELETE) .userIdentity(USER_ID), - "{\n \"code\" : 403,\n \"message\" : \"Access denied\"\n}", + accessDenied, 403); // Create legancy tenant name containing underscores @@ -1271,7 +1287,7 @@ public class ApplicationApiTest extends ControllerContainerTest { tester.assertResponse(request("/application/v4/tenant/tenant1/application/application1/instance/instance1", POST) .userIdentity(unauthorizedUser) .oktaAccessToken(OKTA_AT).oktaIdentityToken(OKTA_IT), - "{\n \"code\" : 403,\n \"message\" : \"Access denied\"\n}", + accessDenied, 403); // (Create it with the right tenant id) @@ -1286,13 +1302,13 @@ public class ApplicationApiTest extends ControllerContainerTest { tester.assertResponse(request("/application/v4/tenant/tenant1/application/application1/environment/prod/region/us-west-1/instance/default/deploy", POST) .data(entity) .userIdentity(USER_ID), - "{\n \"code\" : 403,\n \"message\" : \"Access denied\"\n}", + accessDenied, 403); // Deleting an application for an Athens domain the user is not admin for is disallowed tester.assertResponse(request("/application/v4/tenant/tenant1/application/application1", DELETE) .userIdentity(unauthorizedUser), - "{\n \"code\" : 403,\n \"message\" : \"Access denied\"\n}", + accessDenied, 403); // Create another instance under the application @@ -1313,7 +1329,7 @@ public class ApplicationApiTest extends ControllerContainerTest { tester.assertResponse(request("/application/v4/tenant/tenant1", PUT) .data("{\"athensDomain\":\"domain1\", \"property\":\"property1\"}") .userIdentity(unauthorizedUser), - "{\n \"code\" : 403,\n \"message\" : \"Access denied\"\n}", + accessDenied, 403); // Change Athens domain @@ -1328,7 +1344,7 @@ public class ApplicationApiTest extends ControllerContainerTest { // Deleting a tenant for an Athens domain the user is not admin for is disallowed tester.assertResponse(request("/application/v4/tenant/tenant1", DELETE) .userIdentity(unauthorizedUser), - "{\n \"code\" : 403,\n \"message\" : \"Access denied\"\n}", + accessDenied, 403); } @@ -1394,7 +1410,7 @@ public class ApplicationApiTest extends ControllerContainerTest { tester.assertResponse(request("/application/v4/tenant/tenant1/application/application1/instance/new-user/deploy/dev-us-east-1", POST) .data(entity) .userIdentity(userId), - "{\n \"code\" : 403,\n \"message\" : \"Access denied\"\n}", + accessDenied, 403); // Add "new-user" to the admin role, to allow service launches. |