diff options
author | Ola Aunrønning <olaa@verizonmedia.com> | 2021-03-04 15:04:24 +0100 |
---|---|---|
committer | Ola Aunrønning <olaa@verizonmedia.com> | 2021-03-04 15:04:24 +0100 |
commit | f3b17b2cf1488053eb386608574c3369d4b668a1 (patch) | |
tree | 42ca05c4219d5f84461246ad30aa7409ca5a3ca6 | |
parent | 6db2e1194c4e737340de486feee4ee6482033b99 (diff) |
Delete tenant policy when deleting secret store. Adding/Deleting stores returns current list of secret stores
3 files changed, 23 insertions, 15 deletions
diff --git a/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/restapi/application/ApplicationApiHandler.java b/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/restapi/application/ApplicationApiHandler.java index 23f62ee3cf5..fbe668a6b3d 100644 --- a/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/restapi/application/ApplicationApiHandler.java +++ b/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/restapi/application/ApplicationApiHandler.java @@ -700,7 +700,11 @@ public class ApplicationApiHandler extends LoggingRequestHandler { lockedTenant = lockedTenant.withSecretStore(tenantSecretStore); controller.tenants().store(lockedTenant); }); - return new MessageResponse("Configured secret store: " + tenantSecretStore); + + tenant = (CloudTenant) controller.tenants().require(TenantName.from(tenantName)); + var slime = new Slime(); + toSlime(slime.setObject(), tenant.tenantSecretStores()); + return new SlimeJsonResponse(slime); } private HttpResponse deleteSecretStore(String tenantName, String name, HttpRequest request) { @@ -715,15 +719,15 @@ public class ApplicationApiHandler extends LoggingRequestHandler { var tenantSecretStore = optionalSecretStore.get(); controller.serviceRegistry().tenantSecretService().deleteSecretStore(tenant.name(), tenantSecretStore); + controller.serviceRegistry().roleService().deleteTenantPolicy(tenant.name(), tenantSecretStore.getName()); controller.tenants().lockOrThrow(tenant.name(), LockedTenant.Cloud.class, lockedTenant -> { lockedTenant = lockedTenant.withoutSecretStore(tenantSecretStore); controller.tenants().store(lockedTenant); }); + + tenant = (CloudTenant) controller.tenants().require(TenantName.from(tenantName)); var slime = new Slime(); - var cursor = slime.setObject(); - cursor.setString("name", tenantSecretStore.getName()); - cursor.setString("awsId", tenantSecretStore.getAwsId()); - cursor.setString("role", tenantSecretStore.getRole()); + toSlime(slime.setObject(), tenant.tenantSecretStores()); return new SlimeJsonResponse(slime); } @@ -2004,13 +2008,7 @@ public class ApplicationApiHandler extends LoggingRequestHandler { keyObject.setString("user", user.getName()); }); - Cursor secretStore = object.setArray("secretStores"); - cloudTenant.tenantSecretStores().forEach(store -> { - Cursor storeObject = secretStore.addObject(); - storeObject.setString("name", store.getName()); - storeObject.setString("awsId", store.getAwsId()); - storeObject.setString("role", store.getRole()); - }); + toSlime(object, cloudTenant.tenantSecretStores()); var tenantQuota = controller.serviceRegistry().billingController().getQuota(tenant.name()); var usedQuota = applications.stream() @@ -2269,6 +2267,16 @@ public class ApplicationApiHandler extends LoggingRequestHandler { array.addString(string); } + private void toSlime(Cursor object, List<TenantSecretStore> tenantSecretStores) { + Cursor secretStore = object.setArray("secretStores"); + tenantSecretStores.forEach(store -> { + Cursor storeObject = secretStore.addObject(); + storeObject.setString("name", store.getName()); + storeObject.setString("awsId", store.getAwsId()); + storeObject.setString("role", store.getRole()); + }); + } + private String readToString(InputStream stream) { Scanner scanner = new Scanner(stream).useDelimiter("\\A"); if ( ! scanner.hasNext()) return null; diff --git a/controller-server/src/test/java/com/yahoo/vespa/hosted/controller/restapi/application/ApplicationApiCloudTest.java b/controller-server/src/test/java/com/yahoo/vespa/hosted/controller/restapi/application/ApplicationApiCloudTest.java index 88307018385..4d18388dda6 100644 --- a/controller-server/src/test/java/com/yahoo/vespa/hosted/controller/restapi/application/ApplicationApiCloudTest.java +++ b/controller-server/src/test/java/com/yahoo/vespa/hosted/controller/restapi/application/ApplicationApiCloudTest.java @@ -129,7 +129,7 @@ public class ApplicationApiCloudTest extends ControllerContainerCloudTest { "\"externalId\": \"321\"" + "}") .roles(Set.of(Role.administrator(tenantName))); - tester.assertResponse(secretStoreRequest, "{\"message\":\"Configured secret store: TenantSecretStore{name='some-name', awsId='123', role='role-id'}\"}", 200); + tester.assertResponse(secretStoreRequest, "{\"secretStores\":[{\"name\":\"some-name\",\"awsId\":\"123\",\"role\":\"role-id\"}]}", 200); tester.assertResponse(secretStoreRequest, "{" + "\"error-code\":\"BAD_REQUEST\"," + "\"message\":\"Secret store TenantSecretStore{name='some-name', awsId='123', role='role-id'} is already configured\"" + @@ -198,7 +198,7 @@ public class ApplicationApiCloudTest extends ControllerContainerCloudTest { }); var tenant = (CloudTenant) tester.controller().tenants().require(tenantName); assertEquals(1, tenant.tenantSecretStores().size()); - tester.assertResponse(deleteRequest, "{\"name\":\"secret-foo\",\"awsId\":\"123\",\"role\":\"some-role\"}", 200); + tester.assertResponse(deleteRequest, "{\"secretStores\":[]}", 200); tenant = (CloudTenant) tester.controller().tenants().require(tenantName); assertEquals(0, tenant.tenantSecretStores().size()); } diff --git a/controller-server/src/test/java/com/yahoo/vespa/hosted/controller/restapi/user/UserApiTest.java b/controller-server/src/test/java/com/yahoo/vespa/hosted/controller/restapi/user/UserApiTest.java index 9e0d645583a..bbba115b0a8 100644 --- a/controller-server/src/test/java/com/yahoo/vespa/hosted/controller/restapi/user/UserApiTest.java +++ b/controller-server/src/test/java/com/yahoo/vespa/hosted/controller/restapi/user/UserApiTest.java @@ -178,7 +178,7 @@ public class UserApiTest extends ControllerContainerCloudTest { .principal("admin@tenant") .roles(Set.of(Role.administrator(id.tenant()))) .data("{\"awsId\":\"123\",\"role\":\"secret-role\",\"externalId\":\"abc\"}"), - "{\"message\":\"Configured secret store: TenantSecretStore{name='secret-foo', awsId='123', role='secret-role'}\"}", + "{\"secretStores\":[{\"name\":\"secret-foo\",\"awsId\":\"123\",\"role\":\"secret-role\"}]}", 200); // GET a tenant with secret stores configured |