aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorJon Marius Venstad <venstad@gmail.com>2021-01-11 09:24:42 +0100
committerJon Marius Venstad <venstad@gmail.com>2021-01-11 09:24:42 +0100
commite8921cf5e953e0abef58ace4cbdbb1877130d274 (patch)
tree24f47da134a9da343dc964bdd488763e007d3ee8
parent65d8b3d6e2a3a95a495e9b3096660e15581d1bed (diff)
Add dev suspend requests to path group for dev deployments
Diffstat
-rw-r--r--controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/role/PathGroup.java2
-rw-r--r--controller-server/src/test/java/com/yahoo/vespa/hosted/controller/restapi/application/ApplicationApiTest.java36
2 files changed, 28 insertions, 10 deletions
diff --git a/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/role/PathGroup.java b/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/role/PathGroup.java
index 2acf7c93925..12df0a5e0a7 100644
--- a/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/role/PathGroup.java
+++ b/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/role/PathGroup.java
@@ -169,8 +169,10 @@ enum PathGroup {
"/application/v4/tenant/{tenant}/application/{application}/instance/{instance}/deploy/{job}",
"/application/v4/tenant/{tenant}/application/{application}/instance/{instance}/environment/dev/region/{region}",
"/application/v4/tenant/{tenant}/application/{application}/instance/{instance}/environment/dev/region/{region}/deploy",
+ "/application/v4/tenant/{tenant}/application/{application}/instance/{instance}/environment/dev/region/{region}/suspend",
"/application/v4/tenant/{tenant}/application/{application}/instance/{instance}/environment/perf/region/{region}",
"/application/v4/tenant/{tenant}/application/{application}/instance/{instance}/environment/perf/region/{region}/deploy",
+ "/application/v4/tenant/{tenant}/application/{application}/instance/{instance}/environment/perf/region/{region}/suspend",
"/application/v4/tenant/{tenant}/application/{application}/environment/dev/region/{region}/instance/{instance}",
"/application/v4/tenant/{tenant}/application/{application}/environment/dev/region/{region}/instance/{instance}/deploy",
"/application/v4/tenant/{tenant}/application/{application}/environment/perf/region/{region}/instance/{instance}",
diff --git a/controller-server/src/test/java/com/yahoo/vespa/hosted/controller/restapi/application/ApplicationApiTest.java b/controller-server/src/test/java/com/yahoo/vespa/hosted/controller/restapi/application/ApplicationApiTest.java
index 3d1375601ad..d9234c9a28e 100644
--- a/controller-server/src/test/java/com/yahoo/vespa/hosted/controller/restapi/application/ApplicationApiTest.java
+++ b/controller-server/src/test/java/com/yahoo/vespa/hosted/controller/restapi/application/ApplicationApiTest.java
@@ -113,6 +113,7 @@ public class ApplicationApiTest extends ControllerContainerTest {
"z/4jKSTHwbYR8wdsOSrJGVEUPbS2nguIJ64OJH7gFnxM6sxUVj+Nm2HlXw==\n" +
"-----END PUBLIC KEY-----\n";
private static final String quotedPemPublicKey = pemPublicKey.replaceAll("\\n", "\\\\n");
+ private static final String accessDenied = "{\n \"code\" : 403,\n \"message\" : \"Access denied\"\n}";
private static final ApplicationPackage applicationPackageDefault = new ApplicationPackageBuilder()
.instances("default")
@@ -262,13 +263,13 @@ public class ApplicationApiTest extends ControllerContainerTest {
tester.assertResponse(request("/application/v4/tenant/tenant1/application/application1/instance/otheruser/deploy/dev-us-east-1", POST)
.userIdentity(OTHER_USER_ID)
.data(createApplicationDeployData(applicationPackageInstance1, false)),
- "{\n \"code\" : 403,\n \"message\" : \"Access denied\"\n}",
+ accessDenied,
403);
// DELETE a dev deployment is not generally allowed under user instance
tester.assertResponse(request("/application/v4/tenant/tenant1/application/application1/instance/otheruser/environment/dev/region/us-east-1", DELETE)
.userIdentity(OTHER_USER_ID),
- "{\n \"code\" : 403,\n \"message\" : \"Access denied\"\n}",
+ accessDenied,
403);
// When the user is a tenant admin, user instances are allowed.
@@ -648,6 +649,21 @@ public class ApplicationApiTest extends ControllerContainerTest {
.screwdriverIdentity(SCREWDRIVER_ID),
"{\"message\":\"Requested restart of tenant1.application1.instance1 in prod.us-central-1\"}", 200);
+ // POST a 'suspend application' in dev environment
+ tester.assertResponse(request("/application/v4/tenant/tenant1/application/application1/instance/instance1/environment/dev/region/us-east-1/suspend", POST)
+ .userIdentity(USER_ID),
+ "{\"message\":\"Suspended orchestration of tenant1.application1.instance1 in dev.us-east-1\"}");
+
+ // POST a 'resume application' in dev environment
+ tester.assertResponse(request("/application/v4/tenant/tenant1/application/application1/instance/instance1/environment/dev/region/us-east-1/suspend", DELETE)
+ .userIdentity(USER_ID),
+ "{\"message\":\"Resumed orchestration of tenant1.application1.instance1 in dev.us-east-1\"}");
+
+ // POST a 'suspend application' in prod environment fails
+ tester.assertResponse(request("/application/v4/tenant/tenant1/application/application1/instance/instance1/environment/prod/region/us-east-3/suspend", POST)
+ .userIdentity(USER_ID),
+ accessDenied, 403);
+
// GET suspended
tester.assertResponse(request("/application/v4/tenant/tenant1/application/application1/environment/prod/region/us-central-1/instance/instance1/suspended", GET)
.userIdentity(USER_ID),
@@ -1060,7 +1076,7 @@ public class ApplicationApiTest extends ControllerContainerTest {
.userIdentity(USER_ID)
.oktaAccessToken(OKTA_AT).oktaIdentityToken(OKTA_IT)
.data("{\"athensDomain\":\"domain1\", \"property\":\"property1\"}"),
- "{\n \"code\" : 403,\n \"message\" : \"Access denied\"\n}",
+ accessDenied,
403);
// GET non-existing tenant
@@ -1216,7 +1232,7 @@ public class ApplicationApiTest extends ControllerContainerTest {
// DELETE tenant again returns 403 as tenant access cannot be determined when the tenant does not exist
tester.assertResponse(request("/application/v4/tenant/tenant1", DELETE)
.userIdentity(USER_ID),
- "{\n \"code\" : 403,\n \"message\" : \"Access denied\"\n}",
+ accessDenied,
403);
// Create legancy tenant name containing underscores
@@ -1271,7 +1287,7 @@ public class ApplicationApiTest extends ControllerContainerTest {
tester.assertResponse(request("/application/v4/tenant/tenant1/application/application1/instance/instance1", POST)
.userIdentity(unauthorizedUser)
.oktaAccessToken(OKTA_AT).oktaIdentityToken(OKTA_IT),
- "{\n \"code\" : 403,\n \"message\" : \"Access denied\"\n}",
+ accessDenied,
403);
// (Create it with the right tenant id)
@@ -1286,13 +1302,13 @@ public class ApplicationApiTest extends ControllerContainerTest {
tester.assertResponse(request("/application/v4/tenant/tenant1/application/application1/environment/prod/region/us-west-1/instance/default/deploy", POST)
.data(entity)
.userIdentity(USER_ID),
- "{\n \"code\" : 403,\n \"message\" : \"Access denied\"\n}",
+ accessDenied,
403);
// Deleting an application for an Athens domain the user is not admin for is disallowed
tester.assertResponse(request("/application/v4/tenant/tenant1/application/application1", DELETE)
.userIdentity(unauthorizedUser),
- "{\n \"code\" : 403,\n \"message\" : \"Access denied\"\n}",
+ accessDenied,
403);
// Create another instance under the application
@@ -1313,7 +1329,7 @@ public class ApplicationApiTest extends ControllerContainerTest {
tester.assertResponse(request("/application/v4/tenant/tenant1", PUT)
.data("{\"athensDomain\":\"domain1\", \"property\":\"property1\"}")
.userIdentity(unauthorizedUser),
- "{\n \"code\" : 403,\n \"message\" : \"Access denied\"\n}",
+ accessDenied,
403);
// Change Athens domain
@@ -1328,7 +1344,7 @@ public class ApplicationApiTest extends ControllerContainerTest {
// Deleting a tenant for an Athens domain the user is not admin for is disallowed
tester.assertResponse(request("/application/v4/tenant/tenant1", DELETE)
.userIdentity(unauthorizedUser),
- "{\n \"code\" : 403,\n \"message\" : \"Access denied\"\n}",
+ accessDenied,
403);
}
@@ -1394,7 +1410,7 @@ public class ApplicationApiTest extends ControllerContainerTest {
tester.assertResponse(request("/application/v4/tenant/tenant1/application/application1/instance/new-user/deploy/dev-us-east-1", POST)
.data(entity)
.userIdentity(userId),
- "{\n \"code\" : 403,\n \"message\" : \"Access denied\"\n}",
+ accessDenied,
403);
// Add "new-user" to the admin role, to allow service launches.