summaryrefslogtreecommitdiffstats
path: root/controller-api
diff options
context:
space:
mode:
authorBjørn Christian Seime <bjorncs@oath.com>2018-10-24 13:27:05 +0200
committerBjørn Christian Seime <bjorncs@oath.com>2018-10-24 13:32:38 +0200
commit906980b5722c061673574fa74d6960e077f477c1 (patch)
treeb12fde48bad304f9329dc9dd4404fda74a62f38d /controller-api
parent1d24832d61672ae3a302a7552068abc35461854b (diff)
Create Athenz tenancy using Okta
- Use ZmsClient from vespa-athenz in AthenzClientFactory - Rename ZmsClientImpl (controller-server) to ZmsClientFacade and modify it to use ZmsClient - Move ApplicationAction and HostedAthenzIdentities to controller-server - Change ZmsClientMock to mock ZmsClient from vespa-athenz
Diffstat (limited to 'controller-api')
-rw-r--r--controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/athenz/ApplicationAction.java17
-rw-r--r--controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/athenz/AthenzClientFactory.java13
-rw-r--r--controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/athenz/HostedAthenzIdentities.java27
-rw-r--r--controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/athenz/ZmsClient.java34
-rw-r--r--controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/athenz/ZmsException.java24
5 files changed, 5 insertions, 110 deletions
diff --git a/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/athenz/ApplicationAction.java b/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/athenz/ApplicationAction.java
deleted file mode 100644
index 3323cda89b3..00000000000
--- a/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/athenz/ApplicationAction.java
+++ /dev/null
@@ -1,17 +0,0 @@
-// Copyright 2017 Yahoo Holdings. Licensed under the terms of the Apache 2.0 license. See LICENSE in the project root.
-package com.yahoo.vespa.hosted.controller.api.integration.athenz;
-
-/**
- * @author bjorncs
- */
-public enum ApplicationAction {
- deploy("deployer"),
- read("reader"),
- write("writer");
-
- public final String roleName;
-
- ApplicationAction(String roleName) {
- this.roleName = roleName;
- }
-}
diff --git a/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/athenz/AthenzClientFactory.java b/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/athenz/AthenzClientFactory.java
index e95e97527da..aba3b5f3ab7 100644
--- a/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/athenz/AthenzClientFactory.java
+++ b/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/athenz/AthenzClientFactory.java
@@ -1,8 +1,8 @@
// Copyright 2017 Yahoo Holdings. Licensed under the terms of the Apache 2.0 license. See LICENSE in the project root.
package com.yahoo.vespa.hosted.controller.api.integration.athenz;
-import com.yahoo.vespa.athenz.api.AthenzIdentity;
-import com.yahoo.vespa.athenz.api.NToken;
+import com.yahoo.vespa.athenz.api.AthenzService;
+import com.yahoo.vespa.athenz.client.zms.ZmsClient;
import com.yahoo.vespa.athenz.client.zts.ZtsClient;
/**
@@ -10,12 +10,9 @@ import com.yahoo.vespa.athenz.client.zts.ZtsClient;
*/
public interface AthenzClientFactory {
- AthenzIdentity getControllerIdentity();
+ AthenzService getControllerIdentity();
- ZmsClient createZmsClientWithServicePrincipal();
-
- ZtsClient createZtsClientWithServicePrincipal();
-
- ZmsClient createZmsClientWithAuthorizedServiceToken(NToken authorizedServiceToken);
+ ZmsClient createZmsClient();
+ ZtsClient createZtsClient();
}
diff --git a/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/athenz/HostedAthenzIdentities.java b/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/athenz/HostedAthenzIdentities.java
deleted file mode 100644
index bd385034a90..00000000000
--- a/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/athenz/HostedAthenzIdentities.java
+++ /dev/null
@@ -1,27 +0,0 @@
-// Copyright 2018 Yahoo Holdings. Licensed under the terms of the Apache 2.0 license. See LICENSE in the project root.
-package com.yahoo.vespa.hosted.controller.api.integration.athenz;
-
-import com.yahoo.vespa.athenz.api.AthenzDomain;
-import com.yahoo.vespa.athenz.api.AthenzService;
-import com.yahoo.vespa.athenz.api.AthenzUser;
-import com.yahoo.vespa.hosted.controller.api.identifiers.ScrewdriverId;
-import com.yahoo.vespa.hosted.controller.api.identifiers.UserId;
-
-/**
- * @author bjorncs
- */
-public class HostedAthenzIdentities {
-
- public static final AthenzDomain SCREWDRIVER_DOMAIN = new AthenzDomain("cd.screwdriver.project");
-
- private HostedAthenzIdentities() {}
-
- public static AthenzUser from(UserId userId) {
- return AthenzUser.fromUserId(userId.id());
- }
-
- public static AthenzService from(ScrewdriverId screwdriverId) {
- return new AthenzService(SCREWDRIVER_DOMAIN, "sd" + screwdriverId.id());
- }
-
-}
diff --git a/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/athenz/ZmsClient.java b/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/athenz/ZmsClient.java
deleted file mode 100644
index 3630748b10a..00000000000
--- a/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/athenz/ZmsClient.java
+++ /dev/null
@@ -1,34 +0,0 @@
-// Copyright 2017 Yahoo Holdings. Licensed under the terms of the Apache 2.0 license. See LICENSE in the project root.
-package com.yahoo.vespa.hosted.controller.api.integration.athenz;
-
-import com.yahoo.vespa.athenz.api.AthenzDomain;
-import com.yahoo.vespa.athenz.api.AthenzIdentity;
-import com.yahoo.vespa.hosted.controller.api.identifiers.ApplicationId;
-
-import java.util.List;
-
-/**
- * @author bjorncs
- */
-public interface ZmsClient {
-
- void createTenant(AthenzDomain tenantDomain);
-
- void deleteTenant(AthenzDomain tenantDomain);
-
- void addApplication(AthenzDomain tenantDomain, ApplicationId applicationName);
-
- void deleteApplication(AthenzDomain tenantDomain, ApplicationId applicationName);
-
- boolean hasApplicationAccess(AthenzIdentity athenzIdentity, ApplicationAction action, AthenzDomain tenantDomain, ApplicationId applicationName);
-
- boolean hasTenantAdminAccess(AthenzIdentity athenzIdentity, AthenzDomain tenantDomain);
-
- boolean hasHostedOperatorAccess(AthenzIdentity identity);
-
- // Used before vespa tenancy is established for the domain.
- boolean isDomainAdmin(AthenzIdentity athenzIdentity, AthenzDomain domain);
-
- List<AthenzDomain> getDomainList(String prefix);
-
-}
diff --git a/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/athenz/ZmsException.java b/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/athenz/ZmsException.java
deleted file mode 100644
index 31e9e549c08..00000000000
--- a/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/athenz/ZmsException.java
+++ /dev/null
@@ -1,24 +0,0 @@
-// Copyright 2017 Yahoo Holdings. Licensed under the terms of the Apache 2.0 license. See LICENSE in the project root.
-package com.yahoo.vespa.hosted.controller.api.integration.athenz;
-
-/**
- * @author bjorncs
- */
-public class ZmsException extends RuntimeException {
-
- private final int code;
-
- public ZmsException(int code, Throwable cause) {
- super(cause.getMessage(), cause);
- this.code = code;
- }
-
- public ZmsException(int code, String message) {
- super(message);
- this.code = code;
- }
-
- public int getCode() {
- return code;
- }
-}