Delete tenant policy when deleting secret store. Adding/Deleting stores returns current list of secret stores

author: Ola Aunrønning <olaa@verizonmedia.com> 2021-03-04 15:04:24 +0100
committer: Ola Aunrønning <olaa@verizonmedia.com> 2021-03-04 15:04:24 +0100
commit: f3b17b2cf1488053eb386608574c3369d4b668a1 (patch)
tree: 42ca05c4219d5f84461246ad30aa7409ca5a3ca6
parent: 6db2e1194c4e737340de486feee4ee6482033b99 (diff)
3 files changed, 23 insertions, 15 deletions
diff --git a/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/restapi/application/ApplicationApiHandler.java b/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/restapi/application/ApplicationApiHandler.java
index 23f62ee3cf5..fbe668a6b3d 100644
--- a/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/restapi/application/ApplicationApiHandler.java
+++ b/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/restapi/application/ApplicationApiHandler.java
@@ -700,7 +700,11 @@ public class ApplicationApiHandler extends LoggingRequestHandler {
             lockedTenant = lockedTenant.withSecretStore(tenantSecretStore);
             controller.tenants().store(lockedTenant);
         });
-        return new MessageResponse("Configured secret store: " + tenantSecretStore);
+
+        tenant = (CloudTenant) controller.tenants().require(TenantName.from(tenantName));
+        var slime = new Slime();
+        toSlime(slime.setObject(), tenant.tenantSecretStores());
+        return new SlimeJsonResponse(slime);
     }
 
     private HttpResponse deleteSecretStore(String tenantName, String name, HttpRequest request) {
@@ -715,15 +719,15 @@ public class ApplicationApiHandler extends LoggingRequestHandler {
 
         var tenantSecretStore = optionalSecretStore.get();
         controller.serviceRegistry().tenantSecretService().deleteSecretStore(tenant.name(), tenantSecretStore);
+        controller.serviceRegistry().roleService().deleteTenantPolicy(tenant.name(), tenantSecretStore.getName());
         controller.tenants().lockOrThrow(tenant.name(), LockedTenant.Cloud.class, lockedTenant -> {
             lockedTenant = lockedTenant.withoutSecretStore(tenantSecretStore);
             controller.tenants().store(lockedTenant);
         });
+
+        tenant = (CloudTenant) controller.tenants().require(TenantName.from(tenantName));
         var slime = new Slime();
-        var cursor = slime.setObject();
-        cursor.setString("name", tenantSecretStore.getName());
-        cursor.setString("awsId", tenantSecretStore.getAwsId());
-        cursor.setString("role", tenantSecretStore.getRole());
+        toSlime(slime.setObject(), tenant.tenantSecretStores());
         return new SlimeJsonResponse(slime);
     }
 
@@ -2004,13 +2008,7 @@ public class ApplicationApiHandler extends LoggingRequestHandler {
                     keyObject.setString("user", user.getName());
                 });
 
-                Cursor secretStore = object.setArray("secretStores");
-                cloudTenant.tenantSecretStores().forEach(store -> {
-                    Cursor storeObject = secretStore.addObject();
-                    storeObject.setString("name", store.getName());
-                    storeObject.setString("awsId", store.getAwsId());
-                    storeObject.setString("role", store.getRole());
-                });
+                toSlime(object, cloudTenant.tenantSecretStores());
 
                 var tenantQuota = controller.serviceRegistry().billingController().getQuota(tenant.name());
                 var usedQuota = applications.stream()
@@ -2269,6 +2267,16 @@ public class ApplicationApiHandler extends LoggingRequestHandler {
             array.addString(string);
     }
 
+    private void toSlime(Cursor object, List<TenantSecretStore> tenantSecretStores) {
+        Cursor secretStore = object.setArray("secretStores");
+        tenantSecretStores.forEach(store -> {
+            Cursor storeObject = secretStore.addObject();
+            storeObject.setString("name", store.getName());
+            storeObject.setString("awsId", store.getAwsId());
+            storeObject.setString("role", store.getRole());
+        });
+    }
+
     private String readToString(InputStream stream) {
         Scanner scanner = new Scanner(stream).useDelimiter("\\A");
         if ( ! scanner.hasNext()) return null;
diff --git a/controller-server/src/test/java/com/yahoo/vespa/hosted/controller/restapi/application/ApplicationApiCloudTest.java b/controller-server/src/test/java/com/yahoo/vespa/hosted/controller/restapi/application/ApplicationApiCloudTest.java
index 88307018385..4d18388dda6 100644
--- a/controller-server/src/test/java/com/yahoo/vespa/hosted/controller/restapi/application/ApplicationApiCloudTest.java
+++ b/controller-server/src/test/java/com/yahoo/vespa/hosted/controller/restapi/application/ApplicationApiCloudTest.java
@@ -129,7 +129,7 @@ public class ApplicationApiCloudTest extends ControllerContainerCloudTest {
                                 "\"externalId\": \"321\"" +
                                 "}")
                         .roles(Set.of(Role.administrator(tenantName)));
-        tester.assertResponse(secretStoreRequest, "{\"message\":\"Configured secret store: TenantSecretStore{name='some-name', awsId='123', role='role-id'}\"}", 200);
+        tester.assertResponse(secretStoreRequest, "{\"secretStores\":[{\"name\":\"some-name\",\"awsId\":\"123\",\"role\":\"role-id\"}]}", 200);
         tester.assertResponse(secretStoreRequest, "{" +
                 "\"error-code\":\"BAD_REQUEST\"," +
                 "\"message\":\"Secret store TenantSecretStore{name='some-name', awsId='123', role='role-id'} is already configured\"" +
@@ -198,7 +198,7 @@ public class ApplicationApiCloudTest extends ControllerContainerCloudTest {
         });
         var tenant = (CloudTenant) tester.controller().tenants().require(tenantName);
         assertEquals(1, tenant.tenantSecretStores().size());
-        tester.assertResponse(deleteRequest, "{\"name\":\"secret-foo\",\"awsId\":\"123\",\"role\":\"some-role\"}", 200);
+        tester.assertResponse(deleteRequest, "{\"secretStores\":[]}", 200);
         tenant = (CloudTenant) tester.controller().tenants().require(tenantName);
         assertEquals(0, tenant.tenantSecretStores().size());
     }
diff --git a/controller-server/src/test/java/com/yahoo/vespa/hosted/controller/restapi/user/UserApiTest.java b/controller-server/src/test/java/com/yahoo/vespa/hosted/controller/restapi/user/UserApiTest.java
index 9e0d645583a..bbba115b0a8 100644
--- a/controller-server/src/test/java/com/yahoo/vespa/hosted/controller/restapi/user/UserApiTest.java
+++ b/controller-server/src/test/java/com/yahoo/vespa/hosted/controller/restapi/user/UserApiTest.java
@@ -178,7 +178,7 @@ public class UserApiTest extends ControllerContainerCloudTest {
                         .principal("admin@tenant")
                         .roles(Set.of(Role.administrator(id.tenant())))
                         .data("{\"awsId\":\"123\",\"role\":\"secret-role\",\"externalId\":\"abc\"}"),
-                "{\"message\":\"Configured secret store: TenantSecretStore{name='secret-foo', awsId='123', role='secret-role'}\"}",
+                "{\"secretStores\":[{\"name\":\"secret-foo\",\"awsId\":\"123\",\"role\":\"secret-role\"}]}",
                 200);
 
         // GET a tenant with secret stores configured
author	Ola Aunrønning <olaa@verizonmedia.com>	2021-03-04 15:04:24 +0100
committer	Ola Aunrønning <olaa@verizonmedia.com>	2021-03-04 15:04:24 +0100
commit	f3b17b2cf1488053eb386608574c3369d4b668a1 (patch)
tree	42ca05c4219d5f84461246ad30aa7409ca5a3ca6
parent	6db2e1194c4e737340de486feee4ee6482033b99 (diff)