Merge remote-tracking branch 'origin/master' into ogronnesby/billing-service

10 files changed, 96 insertions, 10 deletions

diff --git a/controller-api/pom.xml b/controller-api/pom.xml
index 2f01f45edaa..02a7028b8ca 100644
--- a/controller-api/pom.xml
+++ b/controller-api/pom.xml
@@ -27,6 +27,13 @@
 
         <dependency>
             <groupId>com.yahoo.vespa</groupId>
+            <artifactId>container-apache-http-client-bundle</artifactId>
+            <version>${project.version}</version>
+            <scope>provided</scope>
+        </dependency>
+
+        <dependency>
+            <groupId>com.yahoo.vespa</groupId>
             <artifactId>serviceview</artifactId>
             <scope>provided</scope>
             <version>${project.version}</version>
diff --git a/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/application/v4/model/ClusterMetrics.java b/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/application/v4/model/ClusterMetrics.java
index 0e11bcdccaf..ee74aca0e14 100644
--- a/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/application/v4/model/ClusterMetrics.java
+++ b/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/application/v4/model/ClusterMetrics.java
@@ -23,11 +23,13 @@ public class ClusterMetrics {
     private final String clusterId;
     private final String clusterType;
     private final Map<String, Double> metrics;
+    private final Map<String, Double> reindexingProgress;
 
-    public ClusterMetrics(String clusterId, String clusterType, Map<String, Double> metrics) {
+    public ClusterMetrics(String clusterId, String clusterType, Map<String, Double> metrics, Map<String, Double> reindexingProgress) {
         this.clusterId = clusterId;
         this.clusterType = clusterType;
         this.metrics = Map.copyOf(metrics);
+        this.reindexingProgress = Map.copyOf(reindexingProgress);
     }
 
     public String getClusterId() {
@@ -74,4 +76,7 @@ public class ClusterMetrics {
         return Optional.ofNullable(metrics.get(DISK_FEED_BLOCK_LIMIT));
     }
 
+    public Map<String, Double> reindexingProgress() {
+        return reindexingProgress;
+    }
 }
diff --git a/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/athenz/AthenzAccessControlService.java b/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/athenz/AthenzAccessControlService.java
index 233759f47a7..0be32165916 100644
--- a/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/athenz/AthenzAccessControlService.java
+++ b/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/athenz/AthenzAccessControlService.java
@@ -3,6 +3,7 @@
 package com.yahoo.vespa.hosted.controller.api.integration.athenz;
 
 import com.yahoo.vespa.athenz.api.AthenzDomain;
+import com.yahoo.vespa.athenz.api.AthenzGroup;
 import com.yahoo.vespa.athenz.api.AthenzRole;
 import com.yahoo.vespa.athenz.api.AthenzUser;
 import com.yahoo.vespa.athenz.client.zms.ZmsClient;
@@ -14,18 +15,25 @@ import java.util.stream.Collectors;
 
 public class AthenzAccessControlService implements AccessControlService {
 
+    private static final String ALLOWED_OPERATOR_GROUPNAME = "vespa-team";
     private static final String DATAPLANE_ACCESS_ROLENAME = "operator-data-plane";
     private final ZmsClient zmsClient;
     private final AthenzRole dataPlaneAccessRole;
+    private final AthenzGroup vespaTeam;
 
 
     public AthenzAccessControlService(ZmsClient zmsClient, AthenzDomain domain) {
         this.zmsClient = zmsClient;
         this.dataPlaneAccessRole = new AthenzRole(domain, DATAPLANE_ACCESS_ROLENAME);
+        this.vespaTeam = new AthenzGroup(domain, ALLOWED_OPERATOR_GROUPNAME);
     }
 
     @Override
     public boolean approveDataPlaneAccess(AthenzUser user, Instant expiry) {
+        // Can only approve team members, other members must be manually approved
+        if(!isVespaTeamMember(user)) {
+            throw new IllegalArgumentException(String.format("User %s requires manual approval, please contact Vespa team", user.getName()));
+        }
         List<AthenzUser> users = zmsClient.listPendingRoleApprovals(dataPlaneAccessRole);
         if (users.contains(user)) {
             zmsClient.approvePendingRoleMembership(dataPlaneAccessRole, user, expiry);
@@ -42,4 +50,8 @@ public class AthenzAccessControlService implements AccessControlService {
                 .map(AthenzUser.class::cast)
                 .collect(Collectors.toList());
     }
+
+    public boolean isVespaTeamMember(AthenzUser user) {
+        return zmsClient.getGroupMembership(vespaTeam, user);
+    }
 }
diff --git a/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/athenz/ZmsClientMock.java b/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/athenz/ZmsClientMock.java
index deeecf217e7..396be0adf92 100644
--- a/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/athenz/ZmsClientMock.java
+++ b/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/athenz/ZmsClientMock.java
@@ -2,6 +2,7 @@
 package com.yahoo.vespa.hosted.controller.api.integration.athenz;
 
 import com.yahoo.vespa.athenz.api.AthenzDomain;
+import com.yahoo.vespa.athenz.api.AthenzGroup;
 import com.yahoo.vespa.athenz.api.AthenzIdentity;
 import com.yahoo.vespa.athenz.api.AthenzResourceName;
 import com.yahoo.vespa.athenz.api.AthenzRole;
@@ -76,7 +77,7 @@ public class ZmsClientMock implements ZmsClient {
     }
 
     @Override
-    public void addRoleMember(AthenzRole role, AthenzIdentity member) {
+    public void addRoleMember(AthenzRole role, AthenzIdentity member, Optional<String> reason) {
         if ( ! role.roleName().equals("tenancy.vespa.hosting.admin"))
             throw new IllegalArgumentException("Mock only supports adding tenant admins, not " + role.roleName());
         getDomainOrThrow(role.domain(), true).tenantAdmin(member);
@@ -98,6 +99,11 @@ public class ZmsClientMock implements ZmsClient {
     }
 
     @Override
+    public boolean getGroupMembership(AthenzGroup group, AthenzIdentity identity) {
+        return false;
+    }
+
+    @Override
     public List<AthenzDomain> getDomainList(String prefix) {
         log("getDomainList()");
         return new ArrayList<>(athenz.domains.keySet());
diff --git a/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/aws/MockResourceTagger.java b/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/aws/MockResourceTagger.java
index a74a362330b..0f05fa60db7 100644
--- a/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/aws/MockResourceTagger.java
+++ b/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/aws/MockResourceTagger.java
@@ -15,15 +15,15 @@ import java.util.Optional;
  */
 public class MockResourceTagger implements ResourceTagger {
 
-    Map<ZoneId, Map<HostName, Optional<ApplicationId>>> values = new HashMap<>();
+    Map<ZoneId, Map<HostName, ApplicationId>> values = new HashMap<>();
 
     @Override
-    public int tagResources(ZoneApi zone, Map<HostName, Optional<ApplicationId>> ownerOfHosts) {
+    public int tagResources(ZoneApi zone, Map<HostName, ApplicationId> ownerOfHosts) {
         values.put(zone.getId(), ownerOfHosts);
         return 0;
     }
 
-    public Map<ZoneId, Map<HostName, Optional<ApplicationId>>> getValues() {
+    public Map<ZoneId, Map<HostName, ApplicationId>> getValues() {
         return values;
     }
 }
diff --git a/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/aws/ResourceTagger.java b/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/aws/ResourceTagger.java
index 61f8a57ac8b..988949456bb 100644
--- a/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/aws/ResourceTagger.java
+++ b/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/aws/ResourceTagger.java
@@ -16,7 +16,7 @@ public interface ResourceTagger {
     /**
      * Returns number of tagged resources
      */
-    int tagResources(ZoneApi zone, Map<HostName, Optional<ApplicationId>> ownerOfHosts);
+    int tagResources(ZoneApi zone, Map<HostName, ApplicationId> ownerOfHosts);
 
     static ResourceTagger empty() {
         return (zone, tenantOfHosts) -> 0;
diff --git a/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/configserver/ConfigServer.java b/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/configserver/ConfigServer.java
index 81c4d7be483..8d9f20a7cee 100644
--- a/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/configserver/ConfigServer.java
+++ b/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/configserver/ConfigServer.java
@@ -55,7 +55,7 @@ public interface ConfigServer {
 
     Map<?,?> getServiceApiResponse(DeploymentId deployment, String serviceName, String restPath);
 
-    String getClusterControllerStatus(DeploymentId deployment, String node, String subPath);
+    String getServiceStatusPage(DeploymentId deployment, String serviceName, String node, String subPath);
 
     /**
      * Gets the Vespa logs of the given deployment.
diff --git a/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/deployment/ArtifactRepository.java b/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/deployment/ArtifactRepository.java
index 97f3acda67c..4a6cb10c5c2 100644
--- a/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/deployment/ArtifactRepository.java
+++ b/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/deployment/ArtifactRepository.java
@@ -15,4 +15,7 @@ public interface ArtifactRepository {
     /** Returns the system application package of the given version. */
     byte[] getSystemApplicationPackage(ApplicationId application, ZoneId zone, Version version);
 
+    /** Returns the current stable OS version for the given major version */
+    StableOsVersion stableOsVersion(int major);
+
 }
diff --git a/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/deployment/StableOsVersion.java b/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/deployment/StableOsVersion.java
new file mode 100644
index 00000000000..0eabb0b6b8a
--- /dev/null
+++ b/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/deployment/StableOsVersion.java
@@ -0,0 +1,52 @@
+// Copyright Verizon Media. Licensed under the terms of the Apache 2.0 license. See LICENSE in the project root.
+package com.yahoo.vespa.hosted.controller.api.integration.deployment;
+
+import com.yahoo.component.Version;
+
+import java.time.Instant;
+import java.util.Objects;
+
+/**
+ * A stable OS version.
+ *
+ * @author mpolden
+ */
+public class StableOsVersion {
+
+    private final Version version;
+    private final Instant promotedAt;
+
+    public StableOsVersion(Version version, Instant promotedAt) {
+        this.version = Objects.requireNonNull(version);
+        this.promotedAt = Objects.requireNonNull(promotedAt);
+    }
+
+    /** The version number */
+    public Version version() {
+        return version;
+    }
+
+    /** Returns the time this was promoted to stable */
+    public Instant promotedAt() {
+        return promotedAt;
+    }
+
+    @Override
+    public String toString() {
+        return "os version " + version + ", promoted at " + promotedAt;
+    }
+
+    @Override
+    public boolean equals(Object o) {
+        if (this == o) return true;
+        if (o == null || getClass() != o.getClass()) return false;
+        StableOsVersion that = (StableOsVersion) o;
+        return version.equals(that.version) && promotedAt.equals(that.promotedAt);
+    }
+
+    @Override
+    public int hashCode() {
+        return Objects.hash(version, promotedAt);
+    }
+
+}
diff --git a/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/organization/ApplicationSummary.java b/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/organization/ApplicationSummary.java
index 1d23cd52d23..01045eec020 100644
--- a/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/organization/ApplicationSummary.java
+++ b/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/organization/ApplicationSummary.java
@@ -3,6 +3,7 @@ package com.yahoo.vespa.hosted.controller.api.integration.organization;
 
 import com.yahoo.config.provision.ApplicationId;
 import com.yahoo.config.provision.zone.ZoneId;
+import com.yahoo.vespa.hosted.controller.api.identifiers.DeploymentId;
 
 import java.time.Instant;
 import java.util.Map;
@@ -20,10 +21,10 @@ public class ApplicationSummary {
     private final Optional<Instant> lastQueried;
     private final Optional<Instant> lastWritten;
     private final Optional<Instant> lastBuilt;
-    private final Map<ZoneId, Metric> metrics;
+    private final Map<DeploymentId, Metric> metrics;
 
     public ApplicationSummary(ApplicationId application, Optional<Instant> lastQueried, Optional<Instant> lastWritten,
-                              Optional<Instant> lastBuilt, Map<ZoneId, Metric> metrics) {
+                              Optional<Instant> lastBuilt, Map<DeploymentId, Metric> metrics) {
         this.application = Objects.requireNonNull(application);
         this.lastQueried = Objects.requireNonNull(lastQueried);
         this.lastWritten = Objects.requireNonNull(lastWritten);
@@ -47,7 +48,7 @@ public class ApplicationSummary {
         return lastBuilt;
     }
 
-    public Map<ZoneId, Metric> metrics() {
+    public Map<DeploymentId, Metric> metrics() {
         return metrics;
     }