Create role at tenant creation

3 files changed, 22 insertions, 4 deletions

diff --git a/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/ServiceRegistry.java b/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/ServiceRegistry.java
index 4006d68ba1f..d35f8f00fd1 100644
--- a/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/ServiceRegistry.java
+++ b/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/ServiceRegistry.java
@@ -1,7 +1,7 @@
 // Copyright 2019 Oath Inc. Licensed under the terms of the Apache 2.0 license. See LICENSE in the project root.
 package com.yahoo.vespa.hosted.controller.api.integration;
 
-import com.yahoo.vespa.hosted.controller.api.integration.aws.ApplicationRoleService;
+import com.yahoo.vespa.hosted.controller.api.integration.aws.RoleService;
 import com.yahoo.vespa.hosted.controller.api.integration.aws.AwsEventFetcher;
 import com.yahoo.vespa.hosted.controller.api.integration.aws.ResourceTagger;
 import com.yahoo.vespa.hosted.controller.api.integration.billing.BillingController;
@@ -74,7 +74,7 @@ public interface ServiceRegistry {
 
     ResourceTagger resourceTagger();
 
-    ApplicationRoleService applicationRoleService();
+    RoleService roleService();
 
     SystemMonitor systemMonitor();
 
diff --git a/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/aws/NoopApplicationRoleService.java b/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/aws/NoopRoleService.java
index 4842389bccb..81fec1582d0 100644
--- a/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/aws/NoopApplicationRoleService.java
+++ b/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/aws/NoopRoleService.java
@@ -2,16 +2,27 @@
 package com.yahoo.vespa.hosted.controller.api.integration.aws;
 
 import com.yahoo.config.provision.ApplicationId;
+import com.yahoo.config.provision.TenantName;
 
 import java.util.Optional;
 
 /**
  * @author mortent
  */
-public class NoopApplicationRoleService implements ApplicationRoleService {
+public class NoopRoleService implements RoleService {
 
     @Override
     public Optional<ApplicationRoles> createApplicationRoles(ApplicationId applicationId) {
         return Optional.empty();
     }
+
+    @Override
+    public String createTenantRole(TenantName tenant) {
+        return "";
+    }
+
+    @Override
+    public String createTenantPolicy(TenantName tenant, String policyName, String awsId, String role) {
+        return "";
+    }
 }
diff --git a/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/aws/ApplicationRoleService.java b/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/aws/RoleService.java
index e72ba5823d8..93c86c406b4 100644
--- a/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/aws/ApplicationRoleService.java
+++ b/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/aws/RoleService.java
@@ -2,12 +2,19 @@
 package com.yahoo.vespa.hosted.controller.api.integration.aws;
 
 import com.yahoo.config.provision.ApplicationId;
+import com.yahoo.config.provision.TenantName;
 
 import java.util.Optional;
 
 /**
  * @author mortent
  */
-public interface ApplicationRoleService {
+public interface RoleService {
+
     Optional<ApplicationRoles> createApplicationRoles(ApplicationId applicationId);
+
+    String createTenantRole(TenantName tenant);
+
+    String createTenantPolicy(TenantName tenant, String policyName, String awsId, String role);
+
 }