diff options
author | Ola Aunrønning <olaa@verizonmedia.com> | 2021-12-02 15:28:55 +0100 |
---|---|---|
committer | GitHub <noreply@github.com> | 2021-12-02 15:28:55 +0100 |
commit | 546c454a5eecc440c4bb75c528697bbc59770faa (patch) | |
tree | 43017777a0b17b76669fda471360777d4c38b9e4 /controller-server/src/main | |
parent | 92c76f4257003c4b18dd1ee2b10f0766108b0843 (diff) | |
parent | 8de87bd5c425689970395c80781fdfe3ba9d98f6 (diff) |
Merge pull request #20317 from vespa-engine/olaa/delete-tenant-without-domain
Delete tenants without Athenz domain
Diffstat (limited to 'controller-server/src/main')
4 files changed, 15 insertions, 8 deletions
diff --git a/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/ApplicationController.java b/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/ApplicationController.java index 9e7c614d4e8..49939f4bfd2 100644 --- a/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/ApplicationController.java +++ b/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/ApplicationController.java @@ -561,6 +561,10 @@ public class ApplicationController { * @throws IllegalArgumentException if the application has deployments or the caller is not authorized */ public void deleteApplication(TenantAndApplicationId id, Credentials credentials) { + deleteApplication(id, Optional.of(credentials)); + } + + public void deleteApplication(TenantAndApplicationId id, Optional<Credentials> credentials) { lockApplicationOrThrow(id, application -> { var deployments = application.get().instances().values().stream() .filter(instance -> ! instance.deployments().isEmpty()) @@ -580,7 +584,7 @@ public class ApplicationController { applicationStore.removeAllTesters(id.tenant(), id.application()); applicationStore.putMetaTombstone(id.tenant(), id.application(), clock.instant()); - accessControl.deleteApplication(id, credentials); + credentials.ifPresent(creds -> accessControl.deleteApplication(id, creds)); curator.removeApplication(id); controller.jobController().collectGarbage(); diff --git a/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/TenantController.java b/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/TenantController.java index 537603427f5..59877fce634 100644 --- a/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/TenantController.java +++ b/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/TenantController.java @@ -161,7 +161,7 @@ public class TenantController { } /** Deletes the given tenant. */ - public void delete(TenantName tenant, Supplier<Credentials> credentials, boolean forget) { + public void delete(TenantName tenant, Optional<Credentials> credentials, boolean forget) { try (Lock lock = lock(tenant)) { Tenant oldTenant = get(tenant, true) .orElseThrow(() -> new NotExistsException("Could not delete tenant '" + tenant + "': Tenant not found")); @@ -171,7 +171,7 @@ public class TenantController { throw new IllegalArgumentException("Could not delete tenant '" + tenant.value() + "': This tenant has active applications"); - accessControl.deleteTenant(tenant, credentials.get()); + credentials.ifPresent(creds -> accessControl.deleteTenant(tenant, creds)); controller.notificationsDb().removeNotifications(NotificationSource.from(tenant)); } diff --git a/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/maintenance/UserManagementMaintainer.java b/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/maintenance/UserManagementMaintainer.java index 33012763f97..05a7e2368d1 100644 --- a/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/maintenance/UserManagementMaintainer.java +++ b/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/maintenance/UserManagementMaintainer.java @@ -8,12 +8,13 @@ import com.yahoo.vespa.hosted.controller.Controller; import com.yahoo.vespa.hosted.controller.api.integration.user.RoleMaintainer; import java.time.Duration; +import java.util.Optional; import java.util.logging.Logger; import java.util.stream.Collectors; /** * Maintains user management resources. - * For now, ensures there's no discrepnacy between expected tenant/application roles and Auth0 roles + * For now, ensures there's no discrepnacy between expected tenant/application roles and auth0/athenz roles * * @author olaa */ @@ -39,8 +40,10 @@ public class UserManagementMaintainer extends ControllerMaintainer { if (!controller().system().isPublic()) { roleMaintainer.tenantsToDelete(tenants) .forEach(tenant -> { - // TODO: controller().tenants().delete(tenant.name()); - logger.fine("Want to delete tenant " + tenant.name()); + logger.warning(tenant.name() + " has a non-existing Athenz domain. Deleting"); + controller().applications().asList(tenant.name()) + .forEach(application -> controller().applications().deleteApplication(application.id(), Optional.empty())); + controller().tenants().delete(tenant.name(), Optional.empty(), false); }); } diff --git a/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/restapi/application/ApplicationApiHandler.java b/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/restapi/application/ApplicationApiHandler.java index cf85d862041..8af26f564a6 100644 --- a/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/restapi/application/ApplicationApiHandler.java +++ b/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/restapi/application/ApplicationApiHandler.java @@ -2018,9 +2018,9 @@ public class ApplicationApiHandler extends AuditLoggingRequestHandler { return ErrorResponse.forbidden("Only operators can forget a tenant"); controller.tenants().delete(TenantName.from(tenantName), - () -> accessControlRequests.credentials(TenantName.from(tenantName), + Optional.of(accessControlRequests.credentials(TenantName.from(tenantName), toSlime(request.getData()).get(), - request.getJDiscRequest()), + request.getJDiscRequest())), forget); return new MessageResponse("Deleted tenant " + tenantName); |