diff options
author | Ola Aunrønning <olaa@verizonmedia.com> | 2022-03-01 13:36:59 +0100 |
---|---|---|
committer | Ola Aunrønning <olaa@verizonmedia.com> | 2022-03-01 13:36:59 +0100 |
commit | e31e567d8e14a5e260416742168dd48c0b091bfe (patch) | |
tree | 9669bd8b74877b90ed62d4778339998aa39955a2 /controller-api/src | |
parent | e0347064b1411fb294b2cd1a33e0b85f0d4d23e7 (diff) |
Synchronize athenz instances on request approval
Diffstat (limited to 'controller-api/src')
3 files changed, 27 insertions, 1 deletions
diff --git a/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/athenz/AthenzAccessControlService.java b/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/athenz/AthenzAccessControlService.java index 0568678219e..a3f789149cf 100644 --- a/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/athenz/AthenzAccessControlService.java +++ b/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/athenz/AthenzAccessControlService.java @@ -26,11 +26,13 @@ public class AthenzAccessControlService implements AccessControlService { private final AthenzRole dataPlaneAccessRole; private final AthenzGroup vespaTeam; private final ZmsClient vespaZmsClient; //TODO: Merge ZMS clients + private final AthenzInstanceSynchronizer athenzInstanceSynchronizer; - public AthenzAccessControlService(ZmsClient zmsClient, AthenzDomain domain, ZmsClient vespaZmsClient) { + public AthenzAccessControlService(ZmsClient zmsClient, AthenzDomain domain, ZmsClient vespaZmsClient, AthenzInstanceSynchronizer athenzInstanceSynchronizer) { this.zmsClient = zmsClient; this.vespaZmsClient = vespaZmsClient; + this.athenzInstanceSynchronizer = athenzInstanceSynchronizer; this.dataPlaneAccessRole = new AthenzRole(domain, DATAPLANE_ACCESS_ROLENAME); this.vespaTeam = new AthenzGroup(domain, ALLOWED_OPERATOR_GROUPNAME); } @@ -87,6 +89,7 @@ public class AthenzAccessControlService implements AccessControlService { vespaZmsClient.addRoleMember(role, vespaTeam, Optional.empty()); } vespaZmsClient.approvePendingRoleMembership(role, vespaTeam, expiry, Optional.empty(), Optional.of(oAuthCredentials)); + athenzInstanceSynchronizer.synchronizeInstances(); return true; } diff --git a/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/athenz/AthenzInstanceSynchronizer.java b/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/athenz/AthenzInstanceSynchronizer.java new file mode 100644 index 00000000000..fb2375d3ea2 --- /dev/null +++ b/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/athenz/AthenzInstanceSynchronizer.java @@ -0,0 +1,13 @@ +// Copyright Yahoo. Licensed under the terms of the Apache 2.0 license. See LICENSE in the project root. +package com.yahoo.vespa.hosted.controller.api.integration.athenz; + +/** + * @author olaa + * + * Responsible for synchronizing misc roles and their pending memberships between separate Athenz instances + */ +public interface AthenzInstanceSynchronizer { + + void synchronizeInstances(); + +} diff --git a/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/athenz/AthenzInstanceSynchronizerMock.java b/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/athenz/AthenzInstanceSynchronizerMock.java new file mode 100644 index 00000000000..484fb3d6dd2 --- /dev/null +++ b/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/athenz/AthenzInstanceSynchronizerMock.java @@ -0,0 +1,10 @@ +// Copyright Yahoo. Licensed under the terms of the Apache 2.0 license. See LICENSE in the project root. +package com.yahoo.vespa.hosted.controller.api.integration.athenz; + +/** + * @author olaa + */ +public class AthenzInstanceSynchronizerMock implements AthenzInstanceSynchronizer { + @Override + public void synchronizeInstances() {} +} |