summaryrefslogtreecommitdiffstats
path: root/controller-api
diff options
context:
space:
mode:
authorOla Aunrønning <olaa@verizonmedia.com>2021-11-23 11:59:14 +0100
committerOla Aunrønning <olaa@verizonmedia.com>2021-11-23 12:01:41 +0100
commit87fdbc72005ab6624bfa6a037562555d4b3ae728 (patch)
treedaaec27e5f21240383050dfa1f8d3127fd4a28cd /controller-api
parenteddbd9d4264e126fb862c0b33e952cec299e8a7c (diff)
Moves role maintainer to controller-api. Adds ZMS role deletion functionality
Diffstat (limited to 'controller-api')
-rw-r--r--controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/ServiceRegistry.java3
-rw-r--r--controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/athenz/ZmsClientMock.java4
-rw-r--r--controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/user/RoleMaintainer.java20
-rw-r--r--controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/user/RoleMaintainerMock.java23
4 files changed, 50 insertions, 0 deletions
diff --git a/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/ServiceRegistry.java b/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/ServiceRegistry.java
index b9cb0d773c6..d4e11163343 100644
--- a/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/ServiceRegistry.java
+++ b/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/ServiceRegistry.java
@@ -30,6 +30,7 @@ import com.yahoo.vespa.hosted.controller.api.integration.resource.MeteringClient
import com.yahoo.vespa.hosted.controller.api.integration.resource.ResourceDatabaseClient;
import com.yahoo.vespa.hosted.controller.api.integration.routing.GlobalRoutingService;
import com.yahoo.vespa.hosted.controller.api.integration.secrets.TenantSecretService;
+import com.yahoo.vespa.hosted.controller.api.integration.user.RoleMaintainer;
import com.yahoo.vespa.hosted.controller.api.integration.vcmr.ChangeRequestClient;
import com.yahoo.vespa.hosted.controller.api.integration.zone.ZoneRegistry;
@@ -108,4 +109,6 @@ public interface ServiceRegistry {
HorizonClient horizonClient();
PlanRegistry planRegistry();
+
+ RoleMaintainer roleMaintainer();
}
diff --git a/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/athenz/ZmsClientMock.java b/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/athenz/ZmsClientMock.java
index 561475caa54..4679f660319 100644
--- a/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/athenz/ZmsClientMock.java
+++ b/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/athenz/ZmsClientMock.java
@@ -252,6 +252,10 @@ public class ZmsClientMock implements ZmsClient {
}
@Override
+ public void deleteRole(AthenzRole athenzRole) {
+ athenz.domains.get(athenzRole.domain()).roles.removeIf(role -> role.name().equals(athenzRole.roleName()));
+ }
+ @Override
public void close() {}
private static AthenzDomain getTenantDomain(AthenzResourceName resource) {
diff --git a/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/user/RoleMaintainer.java b/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/user/RoleMaintainer.java
new file mode 100644
index 00000000000..97a15b421c5
--- /dev/null
+++ b/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/user/RoleMaintainer.java
@@ -0,0 +1,20 @@
+// Copyright Yahoo. Licensed under the terms of the Apache 2.0 license. See LICENSE in the project root.
+package com.yahoo.vespa.hosted.controller.api.integration.user;
+
+import com.yahoo.config.provision.ApplicationId;
+import com.yahoo.vespa.hosted.controller.tenant.Tenant;
+
+import java.util.List;
+
+/**
+ * @author olaa
+ */
+public interface RoleMaintainer {
+
+ /** Given the set of all existing tenants and applications, delete any superflous roles */
+ void deleteLeftoverRoles(List<Tenant> tenants, List<ApplicationId> applications);
+
+ /** Finds the subset of tenants that should be deleted based on role/domain existence */
+ List<Tenant> tenantsToDelete(List<Tenant> tenants);
+
+}
diff --git a/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/user/RoleMaintainerMock.java b/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/user/RoleMaintainerMock.java
new file mode 100644
index 00000000000..df39f51b6fe
--- /dev/null
+++ b/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/user/RoleMaintainerMock.java
@@ -0,0 +1,23 @@
+// Copyright Yahoo. Licensed under the terms of the Apache 2.0 license. See LICENSE in the project root.
+package com.yahoo.vespa.hosted.controller.api.integration.user;
+
+import com.yahoo.config.provision.ApplicationId;
+import com.yahoo.vespa.hosted.controller.tenant.Tenant;
+
+import java.util.List;
+
+/**
+ * @author olaa
+ */
+public class RoleMaintainerMock implements RoleMaintainer {
+
+ @Override
+ public void deleteLeftoverRoles(List<Tenant> tenants, List<ApplicationId> applications) {
+
+ }
+
+ @Override
+ public List<Tenant> tenantsToDelete(List<Tenant> tenants) {
+ return List.of();
+ }
+}