diff options
| author | Øyvind Grønnesby <oyving@verizonmedia.com> | 2021-02-25 11:23:08 +0100 |
|---|---|---|
| committer | Øyvind Grønnesby <oyving@verizonmedia.com> | 2021-02-25 11:23:08 +0100 |
| commit | ef74aeff20de66d8d0adfd5d522ba4f090675168 (patch) | |
| tree | e1fa79ac953c0d6606c0813a2aa9ab2f304c1602 | |
| parent | 407d2235deb390ad5076e750689deb1ac9a88b99 (diff) | |
Make the secret store a field on the tenant object
5 files changed, 52 insertions, 0 deletions
diff --git a/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/restapi/application/ApplicationApiHandler.java b/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/restapi/application/ApplicationApiHandler.java index d435ad2da77..a1b7807e43f 100644 --- a/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/restapi/application/ApplicationApiHandler.java +++ b/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/restapi/application/ApplicationApiHandler.java @@ -1961,6 +1961,14 @@ public class ApplicationApiHandler extends LoggingRequestHandler { keyObject.setString("user", user.getName()); }); + Cursor secretStore = object.setArray("secretStores"); + cloudTenant.tenantSecretStores().forEach(store -> { + Cursor storeObject = secretStore.addObject(); + storeObject.setString("name", store.getName()); + storeObject.setString("awsId", store.getAwsId()); + storeObject.setString("role", store.getRole()); + }); + var tenantQuota = controller.serviceRegistry().billingController().getQuota(tenant.name()); var usedQuota = applications.stream() .map(com.yahoo.vespa.hosted.controller.Application::quotaUsage) diff --git a/controller-server/src/test/java/com/yahoo/vespa/hosted/controller/restapi/user/UserApiTest.java b/controller-server/src/test/java/com/yahoo/vespa/hosted/controller/restapi/user/UserApiTest.java index 3357e5ca8a4..422364de5c1 100644 --- a/controller-server/src/test/java/com/yahoo/vespa/hosted/controller/restapi/user/UserApiTest.java +++ b/controller-server/src/test/java/com/yahoo/vespa/hosted/controller/restapi/user/UserApiTest.java @@ -20,6 +20,7 @@ import java.util.Set; import static com.yahoo.application.container.handler.Request.Method.DELETE; import static com.yahoo.application.container.handler.Request.Method.POST; +import static com.yahoo.application.container.handler.Request.Method.PUT; import static org.junit.Assert.assertEquals; /** @@ -172,6 +173,21 @@ public class UserApiTest extends ControllerContainerCloudTest { .data("{\"key\":\"" + pemPublicKey + "\"}"), new File("second-developer-key.json")); + // PUT in a new secret store for the tenant + tester.assertResponse(request("/application/v4/tenant/my-tenant/secret-store/", PUT) + .principal("developer@tenant") + .roles(Set.of(Role.administrator(id.tenant()))) + .data("{\"name\":\"secret-foo\",\"awsId\":\"123\",\"role\":\"secret-role\",\"externalId\":\"abc\"}"), + "{\"message\":\"Configured secret store: TenantSecretStore{name='secret-foo', awsId='123', role='secret-role'}\"}", + 200); + + // GET a tenant with secret stores configured + tester.assertResponse(request("/application/v4/tenant/my-tenant") + .principal("developer@tenant") + .roles(Set.of(Role.reader(id.tenant()))) + .data("{\"name\":\"secret-foo\",\"awsId\":\"123\",\"role\":\"secret-role\",\"externalId\":\"abc\"}"), + new File("tenant-with-secrets.json")); + // DELETE an application is available to developers. tester.assertResponse(request("/application/v4/tenant/my-tenant/application/my-app", DELETE) .roles(Set.of(Role.developer(id.tenant()))), diff --git a/controller-server/src/test/java/com/yahoo/vespa/hosted/controller/restapi/user/responses/tenant-with-keys.json b/controller-server/src/test/java/com/yahoo/vespa/hosted/controller/restapi/user/responses/tenant-with-keys.json index 9323067904c..f94dc7c562b 100644 --- a/controller-server/src/test/java/com/yahoo/vespa/hosted/controller/restapi/user/responses/tenant-with-keys.json +++ b/controller-server/src/test/java/com/yahoo/vespa/hosted/controller/restapi/user/responses/tenant-with-keys.json @@ -10,6 +10,7 @@ "key": "-----BEGIN PUBLIC KEY-----\nMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEFELzPyinTfQ/sZnTmRp5E4Ve/sbE\npDhJeqczkyFcT2PysJ5sZwm7rKPEeXDOhzTPCyRvbUqc2SGdWbKUGGa/Yw==\n-----END PUBLIC KEY-----\n", "user": "developer@tenant" }], + "secretStores": [], "quota": { "budget": null, "budgetUsed": 0.0, diff --git a/controller-server/src/test/java/com/yahoo/vespa/hosted/controller/restapi/user/responses/tenant-with-secrets.json b/controller-server/src/test/java/com/yahoo/vespa/hosted/controller/restapi/user/responses/tenant-with-secrets.json new file mode 100644 index 00000000000..25891755323 --- /dev/null +++ b/controller-server/src/test/java/com/yahoo/vespa/hosted/controller/restapi/user/responses/tenant-with-secrets.json @@ -0,0 +1,26 @@ +{ + "tenant": "my-tenant", + "type": "CLOUD", + "pemDeveloperKeys": [ + { + "key": "-----BEGIN PUBLIC KEY-----\nMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEFELzPyinTfQ/sZnTmRp5E4Ve/sbE\npDhJeqczkyFcT2PysJ5sZwm7rKPEeXDOhzTPCyRvbUqc2SGdWbKUGGa/Yw==\n-----END PUBLIC KEY-----\n", + "user": "developer@tenant" + } + ], + "secretStores": [ + { + "name": "secret-foo", + "awsId": "123", + "role": "secret-role" + } + ], + "quota": { + "budget": null, + "budgetUsed": 0.0, + "clusterSize": 5 + }, + "applications": [], + "metaData": { + "createdAtMillis": "(ignore)" + } +} diff --git a/controller-server/src/test/java/com/yahoo/vespa/hosted/controller/restapi/user/responses/tenant-without-applications.json b/controller-server/src/test/java/com/yahoo/vespa/hosted/controller/restapi/user/responses/tenant-without-applications.json index eaabb9fe3e1..5965d4b5b00 100644 --- a/controller-server/src/test/java/com/yahoo/vespa/hosted/controller/restapi/user/responses/tenant-without-applications.json +++ b/controller-server/src/test/java/com/yahoo/vespa/hosted/controller/restapi/user/responses/tenant-without-applications.json @@ -3,6 +3,7 @@ "type": "CLOUD", "creator": "administrator@tenant", "pemDeveloperKeys": [], + "secretStores": [], "quota": { "budget": null, "budgetUsed": 0.0, |