diff options
| author | Morten Tokle <morten.tokle@gmail.com> | 2017-10-18 11:39:11 +0200 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2017-10-18 11:39:11 +0200 |
| commit | aa5d354f2d8f3f2a44a71325436a6e17e21447d9 (patch) | |
| tree | ac60e051292db9a7a1eac972213fe6bd1a06c96d /controller-server/src | |
| parent | 0a35bb6fc1e07b3869e818c2e48d78454c134e22 (diff) | |
| parent | 25e92db25ee2e7f3286007ffa839f9ed36666315 (diff) | |
Merge pull request #3787 from vespa-engine/bjorncs/athenz
Bjorncs/athenz
Diffstat (limited to 'controller-server/src')
24 files changed, 189 insertions, 189 deletions
diff --git a/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/Controller.java b/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/Controller.java index c293e00ae48..079eed2be38 100644 --- a/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/Controller.java +++ b/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/Controller.java @@ -10,7 +10,7 @@ import com.yahoo.config.provision.ApplicationId; import com.yahoo.config.provision.Environment; import com.yahoo.config.provision.RegionName; import com.yahoo.config.provision.SystemName; -import com.yahoo.vespa.hosted.controller.api.identifiers.AthensDomain; +import com.yahoo.vespa.hosted.controller.api.identifiers.AthenzDomain; import com.yahoo.vespa.hosted.controller.api.identifiers.DeploymentId; import com.yahoo.vespa.hosted.controller.api.identifiers.Property; import com.yahoo.vespa.hosted.controller.api.identifiers.PropertyId; @@ -140,7 +140,7 @@ public class Controller extends AbstractComponent { /** Returns the instance controlling applications */ public ApplicationController applications() { return applicationController; } - public List<AthensDomain> getDomainList(String prefix) { + public List<AthenzDomain> getDomainList(String prefix) { return zmsClient.getDomainList(prefix); } diff --git a/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/TenantController.java b/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/TenantController.java index 229c46f0a22..da4627c2183 100644 --- a/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/TenantController.java +++ b/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/TenantController.java @@ -5,7 +5,7 @@ import com.yahoo.config.provision.TenantName; import com.yahoo.vespa.curator.Lock; import com.yahoo.vespa.hosted.controller.api.Tenant; import com.yahoo.vespa.hosted.controller.api.identifiers.ApplicationId; -import com.yahoo.vespa.hosted.controller.api.identifiers.AthensDomain; +import com.yahoo.vespa.hosted.controller.api.identifiers.AthenzDomain; import com.yahoo.vespa.hosted.controller.api.identifiers.Property; import com.yahoo.vespa.hosted.controller.api.identifiers.PropertyId; import com.yahoo.vespa.hosted.controller.api.identifiers.TenantId; @@ -66,7 +66,7 @@ public class TenantController { public List<Tenant> asList(UserId user) { Set<UserGroup> userGroups = entityService.getUserGroups(user); - Set<AthensDomain> userDomains = new HashSet<>(athenzClientFactory.createZtsClientWithServicePrincipal() + Set<AthenzDomain> userDomains = new HashSet<>(athenzClientFactory.createZtsClientWithServicePrincipal() .getTenantDomainsForUser(AthenzUtils.createPrincipal(user))); Predicate<Tenant> hasUsersGroup = (tenant) -> tenant.getUserGroup().isPresent() && userGroups.contains(tenant.getUserGroup().get()); @@ -105,7 +105,7 @@ public class TenantController { throw new IllegalArgumentException("Could not create " + tenant + ": No NToken provided"); if (tenant.isAthensTenant()) { - AthensDomain domain = tenant.getAthensDomain().get(); + AthenzDomain domain = tenant.getAthensDomain().get(); Optional<Tenant> existingTenantWithDomain = tenantHaving(domain); if (existingTenantWithDomain.isPresent()) throw new IllegalArgumentException("Could not create " + tenant + ": The Athens domain '" + domain + @@ -119,7 +119,7 @@ public class TenantController { } /** Returns the tenant having the given Athens domain, or empty if none */ - private Optional<Tenant> tenantHaving(AthensDomain domain) { + private Optional<Tenant> tenantHaving(AthenzDomain domain) { return asList().stream().filter(Tenant::isAthensTenant) .filter(t -> t.getAthensDomain().get().equals(domain)) .findAny(); @@ -152,8 +152,8 @@ public class TenantController { Tenant existingTenant = tenant(updatedTenant.getId()).get(); if ( ! existingTenant.isAthensTenant()) return; - AthensDomain existingDomain = existingTenant.getAthensDomain().get(); - AthensDomain newDomain = updatedTenant.getAthensDomain().get(); + AthenzDomain existingDomain = existingTenant.getAthensDomain().get(); + AthenzDomain newDomain = updatedTenant.getAthensDomain().get(); if (existingDomain.equals(newDomain)) return; Optional<Tenant> existingTenantWithNewDomain = tenantHaving(newDomain); if (existingTenantWithNewDomain.isPresent()) @@ -193,7 +193,7 @@ public class TenantController { } public Tenant migrateTenantToAthens(TenantId tenantId, - AthensDomain tenantDomain, + AthenzDomain tenantDomain, PropertyId propertyId, Property property, NToken nToken) { diff --git a/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/api/Tenant.java b/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/api/Tenant.java index 325c40c24c8..4889f789819 100644 --- a/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/api/Tenant.java +++ b/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/api/Tenant.java @@ -2,7 +2,7 @@ package com.yahoo.vespa.hosted.controller.api; import com.yahoo.vespa.hosted.controller.api.application.v4.model.TenantType; -import com.yahoo.vespa.hosted.controller.api.identifiers.AthensDomain; +import com.yahoo.vespa.hosted.controller.api.identifiers.AthenzDomain; import com.yahoo.vespa.hosted.controller.api.identifiers.Property; import com.yahoo.vespa.hosted.controller.api.identifiers.PropertyId; import com.yahoo.vespa.hosted.controller.api.identifiers.TenantId; @@ -19,41 +19,41 @@ public class Tenant { private final TenantId id; private final Optional<UserGroup> userGroup; private final Optional<Property> property; - private final Optional<AthensDomain> athensDomain; + private final Optional<AthenzDomain> athenzDomain; private final Optional<PropertyId> propertyId; // TODO: Use factory methods. They're down at the bottom! - public Tenant(TenantId id, Optional<UserGroup> userGroup, Optional<Property> property, Optional<AthensDomain> athensDomain) { - this(id, userGroup, property, athensDomain, Optional.empty()); + public Tenant(TenantId id, Optional<UserGroup> userGroup, Optional<Property> property, Optional<AthenzDomain> athenzDomain) { + this(id, userGroup, property, athenzDomain, Optional.empty()); } - public Tenant(TenantId id, Optional<UserGroup> userGroup, Optional<Property> property, Optional<AthensDomain> athensDomain, Optional<PropertyId> propertyId) { + public Tenant(TenantId id, Optional<UserGroup> userGroup, Optional<Property> property, Optional<AthenzDomain> athenzDomain, Optional<PropertyId> propertyId) { if (id.isUser()) { require(!userGroup.isPresent(), "User tenant '%s' cannot have a user group.", id); require(!property.isPresent(), "User tenant '%s' cannot have a property.", id); require(!propertyId.isPresent(), "User tenant '%s' cannot have a property ID.", id); - require(!athensDomain.isPresent(), "User tenant '%s' cannot have an athens domain.", id); - } else if (athensDomain.isPresent()) { + require(!athenzDomain.isPresent(), "User tenant '%s' cannot have an athens domain.", id); + } else if (athenzDomain.isPresent()) { require(property.isPresent(), "Athens tenant '%s' must have a property.", id); require(!userGroup.isPresent(), "Athens tenant '%s' cannot have a user group.", id); - require(athensDomain.isPresent(), "Athens tenant '%s' must have an athens domain.", id); + require(athenzDomain.isPresent(), "Athens tenant '%s' must have an athens domain.", id); } else { require(property.isPresent(), "OpsDB tenant '%s' must have a property.", id); require(userGroup.isPresent(), "OpsDb tenant '%s' must have a user group.", id); - require(!athensDomain.isPresent(), "OpsDb tenant '%s' cannot have an athens domain.", id); + require(!athenzDomain.isPresent(), "OpsDb tenant '%s' cannot have an athens domain.", id); } this.id = id; this.userGroup = userGroup; this.property = property; - this.athensDomain = athensDomain; + this.athenzDomain = athenzDomain; this.propertyId = propertyId; // TODO: Check validity after TODO@14. OpsDb tenants have this set in Sherpa, while athens tenants do not. } - public boolean isAthensTenant() { return athensDomain.isPresent(); } + public boolean isAthensTenant() { return athenzDomain.isPresent(); } public boolean isOpsDbTenant() { return userGroup.isPresent();} public TenantType tenantType() { - if (athensDomain.isPresent()) { + if (athenzDomain.isPresent()) { return TenantType.ATHENS; } else if (id.isUser()) { return TenantType.USER; @@ -80,15 +80,15 @@ public class Tenant { return propertyId; } - public Optional<AthensDomain> getAthensDomain() { - return athensDomain; + public Optional<AthenzDomain> getAthensDomain() { + return athenzDomain; } private void require(boolean statement, String message, TenantId id) { if (!statement) throw new IllegalArgumentException(String.format(message, id)); } - public static Tenant createAthensTenant(TenantId id, AthensDomain athensDomain, Property property, Optional<PropertyId> propertyId) { + public static Tenant createAthensTenant(TenantId id, AthenzDomain athensDomain, Property property, Optional<PropertyId> propertyId) { if (id.isUser()) { throw new IllegalArgumentException("Invalid id for non-user tenant: " + id); } @@ -124,7 +124,7 @@ public class Tenant { if (!id.equals(tenant.id)) return false; if (!userGroup.equals(tenant.userGroup)) return false; if (!property.equals(tenant.property)) return false; - if (!athensDomain.equals(tenant.athensDomain)) return false; + if (!athenzDomain.equals(tenant.athenzDomain)) return false; if (!propertyId.equals(tenant.propertyId)) return false; return true; } @@ -134,7 +134,7 @@ public class Tenant { int result = id.hashCode(); result = 31 * result + userGroup.hashCode(); result = 31 * result + property.hashCode(); - result = 31 * result + athensDomain.hashCode(); + result = 31 * result + athenzDomain.hashCode(); result = 31 * result + propertyId.hashCode(); return result; } diff --git a/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/athenz/AthenzPrincipal.java b/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/athenz/AthenzPrincipal.java index 03d9f60c6b0..1e4952a39c5 100644 --- a/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/athenz/AthenzPrincipal.java +++ b/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/athenz/AthenzPrincipal.java @@ -1,7 +1,7 @@ // Copyright 2017 Yahoo Holdings. Licensed under the terms of the Apache 2.0 license. See LICENSE in the project root. package com.yahoo.vespa.hosted.controller.athenz; -import com.yahoo.vespa.hosted.controller.api.identifiers.AthensDomain; +import com.yahoo.vespa.hosted.controller.api.identifiers.AthenzDomain; import com.yahoo.vespa.hosted.controller.api.identifiers.UserId; import java.security.Principal; @@ -12,10 +12,10 @@ import java.util.Objects; */ public class AthenzPrincipal implements Principal { - private final AthensDomain domain; + private final AthenzDomain domain; private final UserId userId; - public AthenzPrincipal(AthensDomain domain, UserId userId) { + public AthenzPrincipal(AthenzDomain domain, UserId userId) { this.domain = domain; this.userId = userId; } @@ -24,7 +24,7 @@ public class AthenzPrincipal implements Principal { return userId; } - public AthensDomain getDomain() { + public AthenzDomain getDomain() { return domain; } diff --git a/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/athenz/AthenzService.java b/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/athenz/AthenzService.java index 780a14e4446..37c6459b687 100644 --- a/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/athenz/AthenzService.java +++ b/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/athenz/AthenzService.java @@ -1,7 +1,7 @@ // Copyright 2017 Yahoo Holdings. Licensed under the terms of the Apache 2.0 license. See LICENSE in the project root. package com.yahoo.vespa.hosted.controller.athenz; -import com.yahoo.vespa.hosted.controller.api.identifiers.AthensDomain; +import com.yahoo.vespa.hosted.controller.api.identifiers.AthenzDomain; import java.util.Objects; @@ -10,23 +10,23 @@ import java.util.Objects; */ public class AthenzService { - private final AthensDomain domain; + private final AthenzDomain domain; private final String serviceName; - public AthenzService(AthensDomain domain, String serviceName) { + public AthenzService(AthenzDomain domain, String serviceName) { this.domain = domain; this.serviceName = serviceName; } public AthenzService(String domain, String serviceName) { - this(new AthensDomain(domain), serviceName); + this(new AthenzDomain(domain), serviceName); } public String toFullServiceName() { return domain.id() + "." + serviceName; } - public AthensDomain getDomain() { + public AthenzDomain getDomain() { return domain; } diff --git a/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/athenz/AthenzUtils.java b/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/athenz/AthenzUtils.java index 0c0f4729100..664f67d9b11 100644 --- a/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/athenz/AthenzUtils.java +++ b/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/athenz/AthenzUtils.java @@ -1,7 +1,7 @@ // Copyright 2017 Yahoo Holdings. Licensed under the terms of the Apache 2.0 license. See LICENSE in the project root. package com.yahoo.vespa.hosted.controller.athenz; -import com.yahoo.vespa.hosted.controller.api.identifiers.AthensDomain; +import com.yahoo.vespa.hosted.controller.api.identifiers.AthenzDomain; import com.yahoo.vespa.hosted.controller.api.identifiers.ScrewdriverId; import com.yahoo.vespa.hosted.controller.api.identifiers.UserId; @@ -13,8 +13,8 @@ public class AthenzUtils { private AthenzUtils() {} // TODO Change to "user" as primary user principal domain. Also support "yby" for a limited time as per recent Athenz changes - public static final AthensDomain USER_PRINCIPAL_DOMAIN = new AthensDomain("yby"); - public static final AthensDomain SCREWDRIVER_DOMAIN = new AthensDomain("cd.screwdriver.project"); + public static final AthenzDomain USER_PRINCIPAL_DOMAIN = new AthenzDomain("yby"); + public static final AthenzDomain SCREWDRIVER_DOMAIN = new AthenzDomain("cd.screwdriver.project"); public static final AthenzService ZMS_ATHENZ_SERVICE = new AthenzService("sys.auth", "zms"); public static AthenzPrincipal createPrincipal(UserId userId) { diff --git a/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/athenz/NToken.java b/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/athenz/NToken.java index fec0523aaab..7e3abeb77d9 100644 --- a/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/athenz/NToken.java +++ b/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/athenz/NToken.java @@ -2,7 +2,7 @@ package com.yahoo.vespa.hosted.controller.athenz; import com.yahoo.athenz.auth.token.PrincipalToken; -import com.yahoo.vespa.hosted.controller.api.identifiers.AthensDomain; +import com.yahoo.vespa.hosted.controller.api.identifiers.AthenzDomain; import com.yahoo.vespa.hosted.controller.api.identifiers.UserId; import java.security.PrivateKey; @@ -45,8 +45,8 @@ public class NToken { return new UserId(token.getName()); } - public AthensDomain getDomain() { - return new AthensDomain(token.getDomain()); + public AthenzDomain getDomain() { + return new AthenzDomain(token.getDomain()); } public String getToken() { diff --git a/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/athenz/ZmsClient.java b/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/athenz/ZmsClient.java index 274a8fdf438..407bce05c6e 100644 --- a/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/athenz/ZmsClient.java +++ b/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/athenz/ZmsClient.java @@ -2,7 +2,7 @@ package com.yahoo.vespa.hosted.controller.athenz; import com.yahoo.vespa.hosted.controller.api.identifiers.ApplicationId; -import com.yahoo.vespa.hosted.controller.api.identifiers.AthensDomain; +import com.yahoo.vespa.hosted.controller.api.identifiers.AthenzDomain; import java.util.List; @@ -11,22 +11,22 @@ import java.util.List; */ public interface ZmsClient { - void createTenant(AthensDomain tenantDomain); + void createTenant(AthenzDomain tenantDomain); - void deleteTenant(AthensDomain tenantDomain); + void deleteTenant(AthenzDomain tenantDomain); - void addApplication(AthensDomain tenantDomain, ApplicationId applicationName); + void addApplication(AthenzDomain tenantDomain, ApplicationId applicationName); - void deleteApplication(AthensDomain tenantDomain, ApplicationId applicationName); + void deleteApplication(AthenzDomain tenantDomain, ApplicationId applicationName); - boolean hasApplicationAccess(AthenzPrincipal principal, ApplicationAction action, AthensDomain tenantDomain, ApplicationId applicationName); + boolean hasApplicationAccess(AthenzPrincipal principal, ApplicationAction action, AthenzDomain tenantDomain, ApplicationId applicationName); - boolean hasTenantAdminAccess(AthenzPrincipal principal, AthensDomain tenantDomain); + boolean hasTenantAdminAccess(AthenzPrincipal principal, AthenzDomain tenantDomain); // Used before vespa tenancy is established for the domain. - boolean isDomainAdmin(AthenzPrincipal principal, AthensDomain domain); + boolean isDomainAdmin(AthenzPrincipal principal, AthenzDomain domain); - List<AthensDomain> getDomainList(String prefix); + List<AthenzDomain> getDomainList(String prefix); AthenzPublicKey getPublicKey(AthenzService service, String keyId); diff --git a/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/athenz/ZtsClient.java b/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/athenz/ZtsClient.java index a44f1af0d2a..f400ba2eb99 100644 --- a/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/athenz/ZtsClient.java +++ b/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/athenz/ZtsClient.java @@ -1,7 +1,7 @@ // Copyright 2017 Yahoo Holdings. Licensed under the terms of the Apache 2.0 license. See LICENSE in the project root. package com.yahoo.vespa.hosted.controller.athenz; -import com.yahoo.vespa.hosted.controller.api.identifiers.AthensDomain; +import com.yahoo.vespa.hosted.controller.api.identifiers.AthenzDomain; import java.util.List; @@ -10,6 +10,6 @@ import java.util.List; */ public interface ZtsClient { - List<AthensDomain> getTenantDomainsForUser(AthenzPrincipal principal); + List<AthenzDomain> getTenantDomainsForUser(AthenzPrincipal principal); } diff --git a/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/athenz/impl/ZmsClientImpl.java b/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/athenz/impl/ZmsClientImpl.java index 16c088abcf8..cf2f7c798c6 100644 --- a/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/athenz/impl/ZmsClientImpl.java +++ b/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/athenz/impl/ZmsClientImpl.java @@ -12,7 +12,7 @@ import com.yahoo.athenz.zms.ZMSClient; import com.yahoo.athenz.zms.ZMSClientException; import com.yahoo.log.LogLevel; import com.yahoo.vespa.hosted.controller.api.identifiers.ApplicationId; -import com.yahoo.vespa.hosted.controller.api.identifiers.AthensDomain; +import com.yahoo.vespa.hosted.controller.api.identifiers.AthenzDomain; import com.yahoo.vespa.hosted.controller.athenz.ApplicationAction; import com.yahoo.vespa.hosted.controller.athenz.AthenzPrincipal; import com.yahoo.vespa.hosted.controller.athenz.AthenzPublicKey; @@ -44,7 +44,7 @@ public class ZmsClientImpl implements ZmsClient { } @Override - public void createTenant(AthensDomain tenantDomain) { + public void createTenant(AthenzDomain tenantDomain) { log("putTenancy(tenantDomain=%s, service=%s)", tenantDomain, service); runOrThrow(() -> { Tenancy tenancy = new Tenancy() @@ -56,13 +56,13 @@ public class ZmsClientImpl implements ZmsClient { } @Override - public void deleteTenant(AthensDomain tenantDomain) { + public void deleteTenant(AthenzDomain tenantDomain) { log("deleteTenancy(tenantDomain=%s, service=%s)", tenantDomain, service); runOrThrow(() -> zmsClient.deleteTenancy(tenantDomain.id(), service.toFullServiceName(), /*auditref*/null)); } @Override - public void addApplication(AthensDomain tenantDomain, ApplicationId applicationName) { + public void addApplication(AthenzDomain tenantDomain, ApplicationId applicationName) { List<TenantRoleAction> tenantRoleActions = createTenantRoleActions(); log("putProviderResourceGroupRoles(" + "tenantDomain=%s, providerDomain=%s, service=%s, resourceGroup=%s, roleActions=%s)", @@ -81,7 +81,7 @@ public class ZmsClientImpl implements ZmsClient { } @Override - public void deleteApplication(AthensDomain tenantDomain, ApplicationId applicationName) { + public void deleteApplication(AthenzDomain tenantDomain, ApplicationId applicationName) { log("deleteProviderResourceGroupRoles(tenantDomain=%s, providerDomain=%s, service=%s, resourceGroup=%s)", tenantDomain, service.getDomain().id(), service.getServiceName(), applicationName); runOrThrow(() -> { @@ -92,29 +92,29 @@ public class ZmsClientImpl implements ZmsClient { @Override public boolean hasApplicationAccess( - AthenzPrincipal principal, ApplicationAction action, AthensDomain tenantDomain, ApplicationId applicationName) { + AthenzPrincipal principal, ApplicationAction action, AthenzDomain tenantDomain, ApplicationId applicationName) { return hasAccess( action.name(), applicationResourceString(tenantDomain, applicationName), principal); } @Override - public boolean hasTenantAdminAccess(AthenzPrincipal principal, AthensDomain tenantDomain) { + public boolean hasTenantAdminAccess(AthenzPrincipal principal, AthenzDomain tenantDomain) { return hasAccess(TenantAction._modify_.name(), tenantResourceString(tenantDomain), principal); } /** * Used when creating tenancies. As there are no tenancy policies at this point, - * we cannot use {@link #hasTenantAdminAccess(AthenzPrincipal, AthensDomain)} + * we cannot use {@link #hasTenantAdminAccess(AthenzPrincipal, AthenzDomain)} */ @Override - public boolean isDomainAdmin(AthenzPrincipal principal, AthensDomain domain) { + public boolean isDomainAdmin(AthenzPrincipal principal, AthenzDomain domain) { log("getMembership(domain=%s, role=%s, principal=%s)", domain, "admin", principal); return getOrThrow( () -> zmsClient.getMembership(domain.id(), "admin", principal.toYRN()).getIsMember()); } @Override - public List<AthensDomain> getDomainList(String prefix) { + public List<AthenzDomain> getDomainList(String prefix) { log.log(LogLevel.DEBUG, String.format("getDomainList(prefix=%s)", prefix)); return getOrThrow( () -> { @@ -153,8 +153,8 @@ public class ZmsClientImpl implements ZmsClient { .collect(toList()); } - private static List<AthensDomain> toAthensDomains(List<String> domains) { - return domains.stream().map(AthensDomain::new).collect(toList()); + private static List<AthenzDomain> toAthensDomains(List<String> domains) { + return domains.stream().map(AthenzDomain::new).collect(toList()); } private static List<AthenzPublicKey> toAthensPublicKeys(List<PublicKeyEntry> publicKeys) { @@ -195,16 +195,16 @@ public class ZmsClientImpl implements ZmsClient { log.warning("Error from Athens: " + e.getMessage()); } - private String resourceStringPrefix(AthensDomain tenantDomain) { + private String resourceStringPrefix(AthenzDomain tenantDomain) { return String.format("%s:service.%s.tenant.%s", service.getDomain().id(), service.getServiceName(), tenantDomain.id()); } - private String tenantResourceString(AthensDomain tenantDomain) { + private String tenantResourceString(AthenzDomain tenantDomain) { return resourceStringPrefix(tenantDomain) + ".wildcard"; } - private String applicationResourceString(AthensDomain tenantDomain, ApplicationId applicationName) { + private String applicationResourceString(AthenzDomain tenantDomain, ApplicationId applicationName) { return resourceStringPrefix(tenantDomain) + "." + "res_group" + "." + applicationName.id() + ".wildcard"; } diff --git a/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/athenz/impl/ZtsClientImpl.java b/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/athenz/impl/ZtsClientImpl.java index 62b80b898b5..1111e56c742 100644 --- a/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/athenz/impl/ZtsClientImpl.java +++ b/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/athenz/impl/ZtsClientImpl.java @@ -5,7 +5,7 @@ import com.yahoo.athenz.zts.TenantDomains; import com.yahoo.athenz.zts.ZTSClient; import com.yahoo.athenz.zts.ZTSClientException; import com.yahoo.log.LogLevel; -import com.yahoo.vespa.hosted.controller.api.identifiers.AthensDomain; +import com.yahoo.vespa.hosted.controller.api.identifiers.AthenzDomain; import com.yahoo.vespa.hosted.controller.athenz.AthenzPrincipal; import com.yahoo.vespa.hosted.controller.athenz.AthenzService; import com.yahoo.vespa.hosted.controller.athenz.ZtsClient; @@ -33,7 +33,7 @@ public class ZtsClientImpl implements ZtsClient { } @Override - public List<AthensDomain> getTenantDomainsForUser(AthenzPrincipal principal) { + public List<AthenzDomain> getTenantDomainsForUser(AthenzPrincipal principal) { log.log(LogLevel.DEBUG, String.format( "getTenantDomains(domain=%s, username=%s, rolename=admin, service=%s)", service.getDomain().id(), principal, service.getServiceName())); @@ -41,7 +41,7 @@ public class ZtsClientImpl implements ZtsClient { TenantDomains domains = ztsClient.getTenantDomains( service.getDomain().id(), principal.toYRN(), "admin", service.getServiceName()); return domains.getTenantDomainNames().stream() - .map(AthensDomain::new) + .map(AthenzDomain::new) .collect(toList()); } catch (ZTSClientException e) { throw new ZtsException(e); diff --git a/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/athenz/mock/AthenzClientFactoryMock.java b/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/athenz/mock/AthenzClientFactoryMock.java index 92c7ba5a007..0cd55fc685f 100644 --- a/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/athenz/mock/AthenzClientFactoryMock.java +++ b/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/athenz/mock/AthenzClientFactoryMock.java @@ -17,36 +17,36 @@ public class AthenzClientFactoryMock extends AbstractComponent implements Athenz private static final Logger log = Logger.getLogger(AthenzClientFactoryMock.class.getName()); - private final AthensDbMock athens; + private final AthenzDbMock athenz; public AthenzClientFactoryMock() { - this(new AthensDbMock()); + this(new AthenzDbMock()); } - public AthenzClientFactoryMock(AthensDbMock athens) { - this.athens = athens; + public AthenzClientFactoryMock(AthenzDbMock athenz) { + this.athenz = athenz; } - public AthensDbMock getSetup() { - return athens; + public AthenzDbMock getSetup() { + return athenz; } @Override public ZmsClient createZmsClientWithServicePrincipal() { log("createZmsClientWithServicePrincipal()"); - return new ZmsClientMock(athens); + return new ZmsClientMock(athenz); } @Override public ZtsClient createZtsClientWithServicePrincipal() { log("createZtsClientWithServicePrincipal()"); - return new ZtsClientMock(athens); + return new ZtsClientMock(athenz); } @Override public ZmsClient createZmsClientWithAuthorizedServiceToken(NToken authorizedServiceToken) { log("createZmsClientWithAuthorizedServiceToken(authorizedServiceToken='%s')", authorizedServiceToken); - return new ZmsClientMock(athens); + return new ZmsClientMock(athenz); } private static void log(String format, Object... args) { diff --git a/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/athenz/mock/AthensDbMock.java b/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/athenz/mock/AthenzDbMock.java index 55fe435c9be..017e8c7be44 100644 --- a/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/athenz/mock/AthensDbMock.java +++ b/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/athenz/mock/AthenzDbMock.java @@ -2,7 +2,7 @@ package com.yahoo.vespa.hosted.controller.athenz.mock; import com.yahoo.vespa.hosted.controller.api.identifiers.ApplicationId; -import com.yahoo.vespa.hosted.controller.api.identifiers.AthensDomain; +import com.yahoo.vespa.hosted.controller.api.identifiers.AthenzDomain; import com.yahoo.vespa.hosted.controller.athenz.ApplicationAction; import com.yahoo.vespa.hosted.controller.athenz.AthenzPrincipal; @@ -14,24 +14,24 @@ import java.util.Set; /** * @author bjorncs */ -public class AthensDbMock { +public class AthenzDbMock { - public final Map<AthensDomain, Domain> domains = new HashMap<>(); + public final Map<AthenzDomain, Domain> domains = new HashMap<>(); - public AthensDbMock addDomain(Domain domain) { + public AthenzDbMock addDomain(Domain domain) { domains.put(domain.name, domain); return this; } public static class Domain { - public final AthensDomain name; + public final AthenzDomain name; public final Set<AthenzPrincipal> admins = new HashSet<>(); public final Set<AthenzPrincipal> tenantAdmins = new HashSet<>(); public final Map<ApplicationId, Application> applications = new HashMap<>(); public boolean isVespaTenant = false; - public Domain(AthensDomain name) { + public Domain(AthenzDomain name) { this.name = name; } diff --git a/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/athenz/mock/ZmsClientMock.java b/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/athenz/mock/ZmsClientMock.java index bba7d410bf7..b2e657eae09 100644 --- a/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/athenz/mock/ZmsClientMock.java +++ b/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/athenz/mock/ZmsClientMock.java @@ -3,7 +3,7 @@ package com.yahoo.vespa.hosted.controller.athenz.mock; import com.yahoo.athenz.zms.ZMSClientException; import com.yahoo.vespa.hosted.controller.api.identifiers.ApplicationId; -import com.yahoo.vespa.hosted.controller.api.identifiers.AthensDomain; +import com.yahoo.vespa.hosted.controller.api.identifiers.AthenzDomain; import com.yahoo.vespa.hosted.controller.athenz.ApplicationAction; import com.yahoo.vespa.hosted.controller.athenz.AthenzPrincipal; import com.yahoo.vespa.hosted.controller.athenz.AthenzPublicKey; @@ -24,48 +24,48 @@ public class ZmsClientMock implements ZmsClient { private static final Logger log = Logger.getLogger(ZmsClientMock.class.getName()); - private final AthensDbMock athens; + private final AthenzDbMock athenz; - public ZmsClientMock(AthensDbMock athens) { - this.athens = athens; + public ZmsClientMock(AthenzDbMock athenz) { + this.athenz = athenz; } @Override - public void createTenant(AthensDomain tenantDomain) { + public void createTenant(AthenzDomain tenantDomain) { log("createTenant(tenantDomain='%s')", tenantDomain); getDomainOrThrow(tenantDomain, false).isVespaTenant = true; } @Override - public void deleteTenant(AthensDomain tenantDomain) { + public void deleteTenant(AthenzDomain tenantDomain) { log("deleteTenant(tenantDomain='%s')", tenantDomain); - AthensDbMock.Domain domain = getDomainOrThrow(tenantDomain, false); + AthenzDbMock.Domain domain = getDomainOrThrow(tenantDomain, false); domain.isVespaTenant = false; domain.applications.clear(); domain.tenantAdmins.clear(); } @Override - public void addApplication(AthensDomain tenantDomain, ApplicationId applicationName) { + public void addApplication(AthenzDomain tenantDomain, ApplicationId applicationName) { log("addApplication(tenantDomain='%s', applicationName='%s')", tenantDomain, applicationName); - AthensDbMock.Domain domain = getDomainOrThrow(tenantDomain, true); + AthenzDbMock.Domain domain = getDomainOrThrow(tenantDomain, true); if (!domain.applications.containsKey(applicationName)) { - domain.applications.put(applicationName, new AthensDbMock.Application()); + domain.applications.put(applicationName, new AthenzDbMock.Application()); } } @Override - public void deleteApplication(AthensDomain tenantDomain, ApplicationId applicationName) { + public void deleteApplication(AthenzDomain tenantDomain, ApplicationId applicationName) { log("addApplication(tenantDomain='%s', applicationName='%s')", tenantDomain, applicationName); getDomainOrThrow(tenantDomain, true).applications.remove(applicationName); } @Override - public boolean hasApplicationAccess(AthenzPrincipal principal, ApplicationAction action, AthensDomain tenantDomain, ApplicationId applicationName) { + public boolean hasApplicationAccess(AthenzPrincipal principal, ApplicationAction action, AthenzDomain tenantDomain, ApplicationId applicationName) { log("hasApplicationAccess(principal='%s', action='%s', tenantDomain='%s', applicationName='%s')", principal, action, tenantDomain, applicationName); - AthensDbMock.Domain domain = getDomainOrThrow(tenantDomain, true); - AthensDbMock.Application application = domain.applications.get(applicationName); + AthenzDbMock.Domain domain = getDomainOrThrow(tenantDomain, true); + AthenzDbMock.Application application = domain.applications.get(applicationName); if (application == null) { throw zmsException(400, "Application '%s' not found", applicationName); } @@ -73,22 +73,22 @@ public class ZmsClientMock implements ZmsClient { } @Override - public boolean hasTenantAdminAccess(AthenzPrincipal principal, AthensDomain tenantDomain) { + public boolean hasTenantAdminAccess(AthenzPrincipal principal, AthenzDomain tenantDomain) { log("hasTenantAdminAccess(principal='%s', tenantDomain='%s')", principal, tenantDomain); return isDomainAdmin(principal, tenantDomain) || getDomainOrThrow(tenantDomain, true).tenantAdmins.contains(principal); } @Override - public boolean isDomainAdmin(AthenzPrincipal principal, AthensDomain domain) { + public boolean isDomainAdmin(AthenzPrincipal principal, AthenzDomain domain) { log("isDomainAdmin(principal='%s', domain='%s')", principal, domain); return getDomainOrThrow(domain, false).admins.contains(principal); } @Override - public List<AthensDomain> getDomainList(String prefix) { + public List<AthenzDomain> getDomainList(String prefix) { log("getDomainList()"); - return new ArrayList<>(athens.domains.keySet()); + return new ArrayList<>(athenz.domains.keySet()); } @Override @@ -101,8 +101,8 @@ public class ZmsClientMock implements ZmsClient { throw new UnsupportedOperationException(); } - private AthensDbMock.Domain getDomainOrThrow(AthensDomain domainName, boolean verifyVespaTenant) { - AthensDbMock.Domain domain = Optional.ofNullable(athens.domains.get(domainName)) + private AthenzDbMock.Domain getDomainOrThrow(AthenzDomain domainName, boolean verifyVespaTenant) { + AthenzDbMock.Domain domain = Optional.ofNullable(athenz.domains.get(domainName)) .orElseThrow(() -> zmsException(400, "Domain '%s' not found", domainName)); if (verifyVespaTenant && !domain.isVespaTenant) { throw zmsException(400, "Domain not a Vespa tenant: '%s'", domainName); diff --git a/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/athenz/mock/ZtsClientMock.java b/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/athenz/mock/ZtsClientMock.java index fa41dcc6446..f21bc011273 100644 --- a/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/athenz/mock/ZtsClientMock.java +++ b/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/athenz/mock/ZtsClientMock.java @@ -1,7 +1,7 @@ // Copyright 2017 Yahoo Holdings. Licensed under the terms of the Apache 2.0 license. See LICENSE in the project root. package com.yahoo.vespa.hosted.controller.athenz.mock; -import com.yahoo.vespa.hosted.controller.api.identifiers.AthensDomain; +import com.yahoo.vespa.hosted.controller.api.identifiers.AthenzDomain; import com.yahoo.vespa.hosted.controller.athenz.AthenzPrincipal; import com.yahoo.vespa.hosted.controller.athenz.ZtsClient; @@ -17,16 +17,16 @@ import static java.util.stream.Collectors.toList; public class ZtsClientMock implements ZtsClient { private static final Logger log = Logger.getLogger(ZtsClientMock.class.getName()); - private final AthensDbMock athens; + private final AthenzDbMock athenz; - public ZtsClientMock(AthensDbMock athens) { - this.athens = athens; + public ZtsClientMock(AthenzDbMock athenz) { + this.athenz = athenz; } @Override - public List<AthensDomain> getTenantDomainsForUser(AthenzPrincipal principal) { + public List<AthenzDomain> getTenantDomainsForUser(AthenzPrincipal principal) { log.log(Level.INFO, "getTenantDomainsForUser(principal='%s')", principal); - return athens.domains.values().stream() + return athenz.domains.values().stream() .filter(domain -> domain.tenantAdmins.contains(principal) || domain.admins.contains(principal)) .map(domain -> domain.name) .collect(toList()); diff --git a/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/restapi/application/ApplicationApiHandler.java b/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/restapi/application/ApplicationApiHandler.java index ac041a992ca..99530557981 100644 --- a/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/restapi/application/ApplicationApiHandler.java +++ b/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/restapi/application/ApplicationApiHandler.java @@ -38,7 +38,7 @@ import com.yahoo.vespa.hosted.controller.api.application.v4.model.ScrewdriverBui import com.yahoo.vespa.hosted.controller.api.application.v4.model.configserverbindings.RefeedAction; import com.yahoo.vespa.hosted.controller.api.application.v4.model.configserverbindings.RestartAction; import com.yahoo.vespa.hosted.controller.api.application.v4.model.configserverbindings.ServiceInfo; -import com.yahoo.vespa.hosted.controller.api.identifiers.AthensDomain; +import com.yahoo.vespa.hosted.controller.api.identifiers.AthenzDomain; import com.yahoo.vespa.hosted.controller.api.identifiers.DeploymentId; import com.yahoo.vespa.hosted.controller.api.identifiers.GitBranch; import com.yahoo.vespa.hosted.controller.api.identifiers.GitCommit; @@ -273,7 +273,7 @@ public class ApplicationApiHandler extends LoggingRequestHandler { Slime slime = new Slime(); Cursor response = slime.setObject(); Cursor array = response.setArray("data"); - for (AthensDomain athensDomain : controller.getDomainList(request.getProperty("prefix"))) { + for (AthenzDomain athensDomain : controller.getDomainList(request.getProperty("prefix"))) { array.addString(athensDomain.id()); } return new SlimeJsonResponse(slime); @@ -611,7 +611,7 @@ public class ApplicationApiHandler extends LoggingRequestHandler { if (requestData.field("userGroup").valid()) throw new BadRequestException("Cannot set OpsDB user group to Athens tenant"); updatedTenant = Tenant.createAthensTenant(new TenantId(tenantName), - new AthensDomain(mandatory("athensDomain", requestData).asString()), + new AthenzDomain(mandatory("athensDomain", requestData).asString()), new Property(mandatory("property", requestData).asString()), optional("propertyId", requestData).map(PropertyId::new)); controller.tenants().updateTenant(updatedTenant, authorizer.getNToken(request)); @@ -633,12 +633,12 @@ public class ApplicationApiHandler extends LoggingRequestHandler { Tenant tenant = new Tenant(new TenantId(tenantName), optional("userGroup", requestData).map(UserGroup::new), optional("property", requestData).map(Property::new), - optional("athensDomain", requestData).map(AthensDomain::new), + optional("athensDomain", requestData).map(AthenzDomain::new), optional("propertyId", requestData).map(PropertyId::new)); if (tenant.isOpsDbTenant()) throwIfNotSuperUserOrPartOfOpsDbGroup(new UserGroup(mandatory("userGroup", requestData).asString()), request); if (tenant.isAthensTenant()) - throwIfNotAthensDomainAdmin(new AthensDomain(mandatory("athensDomain", requestData).asString()), request); + throwIfNotAthensDomainAdmin(new AthenzDomain(mandatory("athensDomain", requestData).asString()), request); controller.tenants().addTenant(tenant, authorizer.getNToken(request)); return new SlimeJsonResponse(toSlime(tenant, request, true)); @@ -647,7 +647,7 @@ public class ApplicationApiHandler extends LoggingRequestHandler { private HttpResponse migrateTenant(String tenantName, HttpRequest request) { TenantId tenantid = new TenantId(tenantName); Inspector requestData = toSlime(request.getData()).get(); - AthensDomain tenantDomain = new AthensDomain(mandatory("athensDomain", requestData).asString()); + AthenzDomain tenantDomain = new AthenzDomain(mandatory("athensDomain", requestData).asString()); Property property = new Property(mandatory("property", requestData).asString()); PropertyId propertyId = new PropertyId(mandatory("propertyId", requestData).asString()); @@ -959,7 +959,7 @@ public class ApplicationApiHandler extends LoggingRequestHandler { } } - private void throwIfNotAthensDomainAdmin(AthensDomain tenantDomain, HttpRequest request) { + private void throwIfNotAthensDomainAdmin(AthenzDomain tenantDomain, HttpRequest request) { UserId userId = authorizer.getUserId(request); if ( ! authorizer.isAthensDomainAdmin(userId, tenantDomain)) { throw new ForbiddenException( diff --git a/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/restapi/application/Authorizer.java b/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/restapi/application/Authorizer.java index 84e731ec994..cbd39b201c1 100644 --- a/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/restapi/application/Authorizer.java +++ b/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/restapi/application/Authorizer.java @@ -6,7 +6,7 @@ import com.yahoo.config.provision.Environment; import com.yahoo.container.jdisc.HttpRequest; import com.yahoo.vespa.hosted.controller.Controller; import com.yahoo.vespa.hosted.controller.api.Tenant; -import com.yahoo.vespa.hosted.controller.api.identifiers.AthensDomain; +import com.yahoo.vespa.hosted.controller.api.identifiers.AthenzDomain; import com.yahoo.vespa.hosted.controller.api.identifiers.TenantId; import com.yahoo.vespa.hosted.controller.api.identifiers.UserGroup; import com.yahoo.vespa.hosted.controller.api.identifiers.UserId; @@ -123,12 +123,12 @@ public class Authorizer { throw new IllegalArgumentException("Unknown tenant type: " + tenant.tenantType()); } - private boolean isAthensTenantAdmin(UserId userId, AthensDomain tenantDomain) { + private boolean isAthensTenantAdmin(UserId userId, AthenzDomain tenantDomain) { return athenzClientFactory.createZmsClientWithServicePrincipal() .hasTenantAdminAccess(AthenzUtils.createPrincipal(userId), tenantDomain); } - public boolean isAthensDomainAdmin(UserId userId, AthensDomain tenantDomain) { + public boolean isAthensDomainAdmin(UserId userId, AthenzDomain tenantDomain) { return athenzClientFactory.createZmsClientWithServicePrincipal() .isDomainAdmin(AthenzUtils.createPrincipal(userId), tenantDomain); } diff --git a/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/restapi/application/DeployAuthorizer.java b/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/restapi/application/DeployAuthorizer.java index fa82c9239df..209f17464a7 100644 --- a/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/restapi/application/DeployAuthorizer.java +++ b/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/restapi/application/DeployAuthorizer.java @@ -4,7 +4,7 @@ package com.yahoo.vespa.hosted.controller.restapi.application; import com.yahoo.config.provision.ApplicationId; import com.yahoo.config.provision.Environment; import com.yahoo.vespa.hosted.controller.api.Tenant; -import com.yahoo.vespa.hosted.controller.api.identifiers.AthensDomain; +import com.yahoo.vespa.hosted.controller.api.identifiers.AthenzDomain; import com.yahoo.vespa.hosted.controller.api.identifiers.ScrewdriverId; import com.yahoo.vespa.hosted.controller.api.identifiers.UserId; import com.yahoo.vespa.hosted.controller.api.integration.zone.ZoneRegistry; @@ -62,7 +62,7 @@ public class DeployAuthorizer { // TODO: inline when deployment via ssh is removed private void checkAthensCredentials(Principal principal, Tenant tenant, ApplicationId applicationId) { - AthensDomain domain = tenant.getAthensDomain().get(); + AthenzDomain domain = tenant.getAthensDomain().get(); if (! (principal instanceof AthenzPrincipal)) throw loggedForbiddenException("Principal '%s' is not authenticated.", principal.getName()); @@ -101,7 +101,7 @@ public class DeployAuthorizer { } } - private boolean hasDeployAccessToAthensApplication(AthenzPrincipal principal, AthensDomain domain, ApplicationId applicationId) { + private boolean hasDeployAccessToAthensApplication(AthenzPrincipal principal, AthenzDomain domain, ApplicationId applicationId) { try { return athenzClientFactory.createZmsClientWithServicePrincipal() .hasApplicationAccess( diff --git a/controller-server/src/test/java/com/yahoo/vespa/hosted/controller/ControllerTest.java b/controller-server/src/test/java/com/yahoo/vespa/hosted/controller/ControllerTest.java index 408be6a49c2..d39f72ec1b8 100644 --- a/controller-server/src/test/java/com/yahoo/vespa/hosted/controller/ControllerTest.java +++ b/controller-server/src/test/java/com/yahoo/vespa/hosted/controller/ControllerTest.java @@ -17,7 +17,7 @@ import com.yahoo.vespa.curator.Lock; import com.yahoo.vespa.hosted.controller.api.Tenant; import com.yahoo.vespa.hosted.controller.api.application.v4.model.DeployOptions; import com.yahoo.vespa.hosted.controller.api.application.v4.model.EndpointStatus; -import com.yahoo.vespa.hosted.controller.api.identifiers.AthensDomain; +import com.yahoo.vespa.hosted.controller.api.identifiers.AthenzDomain; import com.yahoo.vespa.hosted.controller.api.identifiers.DeploymentId; import com.yahoo.vespa.hosted.controller.api.identifiers.Property; import com.yahoo.vespa.hosted.controller.api.identifiers.PropertyId; @@ -34,7 +34,7 @@ import com.yahoo.vespa.hosted.controller.application.DeploymentJobs.JobReport; import com.yahoo.vespa.hosted.controller.application.DeploymentJobs.JobType; import com.yahoo.vespa.hosted.controller.application.JobStatus; import com.yahoo.vespa.hosted.controller.athenz.NToken; -import com.yahoo.vespa.hosted.controller.athenz.mock.AthensDbMock; +import com.yahoo.vespa.hosted.controller.athenz.mock.AthenzDbMock; import com.yahoo.vespa.hosted.controller.deployment.ApplicationPackageBuilder; import com.yahoo.vespa.hosted.controller.deployment.BuildSystem; import com.yahoo.vespa.hosted.controller.deployment.DeploymentTester; @@ -357,13 +357,13 @@ public class ControllerTest { } @Test - public void testMigratingTenantToAthensWillModifyAthensDomainsCorrectly() { + public void testMigratingTenantToAthenzWillModifyAthenzDomainsCorrectly() { ControllerTester tester = new ControllerTester(); // Create Athens domain mock - AthensDomain athensDomain = new AthensDomain("vespa.john"); - AthensDbMock.Domain mockDomain = new AthensDbMock.Domain(athensDomain); - tester.athensDb().addDomain(mockDomain); + AthenzDomain athensDomain = new AthenzDomain("vespa.john"); + AthenzDbMock.Domain mockDomain = new AthenzDbMock.Domain(athensDomain); + tester.athenzDb().addDomain(mockDomain); // Create OpsDb tenant TenantId tenantId = new TenantId("mytenant"); diff --git a/controller-server/src/test/java/com/yahoo/vespa/hosted/controller/ControllerTester.java b/controller-server/src/test/java/com/yahoo/vespa/hosted/controller/ControllerTester.java index 8e1234b7e96..b49d55aeb3b 100644 --- a/controller-server/src/test/java/com/yahoo/vespa/hosted/controller/ControllerTester.java +++ b/controller-server/src/test/java/com/yahoo/vespa/hosted/controller/ControllerTester.java @@ -13,7 +13,7 @@ import com.yahoo.vespa.hosted.controller.api.Tenant; import com.yahoo.vespa.hosted.controller.api.application.v4.model.DeployOptions; import com.yahoo.vespa.hosted.controller.api.application.v4.model.GitRevision; import com.yahoo.vespa.hosted.controller.api.application.v4.model.ScrewdriverBuildJob; -import com.yahoo.vespa.hosted.controller.api.identifiers.AthensDomain; +import com.yahoo.vespa.hosted.controller.api.identifiers.AthenzDomain; import com.yahoo.vespa.hosted.controller.api.identifiers.GitBranch; import com.yahoo.vespa.hosted.controller.api.identifiers.GitCommit; import com.yahoo.vespa.hosted.controller.api.identifiers.GitRepository; @@ -28,7 +28,7 @@ import com.yahoo.vespa.hosted.controller.api.integration.github.GitHubMock; import com.yahoo.vespa.hosted.controller.api.integration.jira.JiraMock; import com.yahoo.vespa.hosted.controller.api.integration.routing.MemoryGlobalRoutingService; import com.yahoo.vespa.hosted.controller.application.ApplicationPackage; -import com.yahoo.vespa.hosted.controller.athenz.mock.AthensDbMock; +import com.yahoo.vespa.hosted.controller.athenz.mock.AthenzDbMock; import com.yahoo.vespa.hosted.controller.athenz.mock.AthenzClientFactoryMock; import com.yahoo.vespa.hosted.controller.integration.MockMetricsService; import com.yahoo.vespa.hosted.controller.persistence.ControllerDb; @@ -53,7 +53,7 @@ import static org.junit.Assert.assertTrue; public final class ControllerTester { private final ControllerDb db; - private final AthensDbMock athensDb; + private final AthenzDbMock athenzDb; private final ManualClock clock; private final ConfigServerClientMock configServer; private final ZoneRegistryMock zoneRegistry; @@ -64,20 +64,20 @@ public final class ControllerTester { private Controller controller; public ControllerTester() { - this(new MemoryControllerDb(), new AthensDbMock(), new ManualClock(), new ConfigServerClientMock(), + this(new MemoryControllerDb(), new AthenzDbMock(), new ManualClock(), new ConfigServerClientMock(), new ZoneRegistryMock(), new GitHubMock(), new MockCuratorDb(), new MemoryNameService()); } public ControllerTester(ManualClock clock) { - this(new MemoryControllerDb(), new AthensDbMock(), clock, new ConfigServerClientMock(), + this(new MemoryControllerDb(), new AthenzDbMock(), clock, new ConfigServerClientMock(), new ZoneRegistryMock(), new GitHubMock(), new MockCuratorDb(), new MemoryNameService()); } - private ControllerTester(ControllerDb db, AthensDbMock athensDb, ManualClock clock, + private ControllerTester(ControllerDb db, AthenzDbMock athenzDb, ManualClock clock, ConfigServerClientMock configServer, ZoneRegistryMock zoneRegistry, GitHubMock gitHub, CuratorDb curator, MemoryNameService nameService) { this.db = db; - this.athensDb = athensDb; + this.athenzDb = athenzDb; this.clock = clock; this.configServer = configServer; this.zoneRegistry = zoneRegistry; @@ -85,7 +85,7 @@ public final class ControllerTester { this.curator = curator; this.nameService = nameService; this.controller = createController(db, curator, configServer, clock, gitHub, zoneRegistry, - athensDb, nameService); + athenzDb, nameService); } public Controller controller() { return controller; } @@ -94,7 +94,7 @@ public final class ControllerTester { public ManualClock clock() { return clock; } - public AthensDbMock athensDb() { return athensDb; } + public AthenzDbMock athenzDb() { return athenzDb; } public MemoryNameService nameService() { return nameService; } @@ -106,7 +106,7 @@ public final class ControllerTester { /** Create a new controller instance. Useful to verify that controller state is rebuilt from persistence */ public final void createNewController() { - controller = createController(db, curator, configServer, clock, gitHub, zoneRegistry, athensDb, nameService); + controller = createController(db, curator, configServer, clock, gitHub, zoneRegistry, athenzDb, nameService); } /** Creates the given tenant and application and deploys it */ @@ -147,9 +147,9 @@ public final class ControllerTester { } } - public AthensDomain createDomain(String domainName) { - AthensDomain domain = new AthensDomain(domainName); - athensDb.addDomain(new AthensDbMock.Domain(domain)); + public AthenzDomain createDomain(String domainName) { + AthenzDomain domain = new AthenzDomain(domainName); + athenzDb.addDomain(new AthenzDbMock.Domain(domain)); return domain; } @@ -199,7 +199,7 @@ public final class ControllerTester { private static Controller createController(ControllerDb db, CuratorDb curator, ConfigServerClientMock configServerClientMock, ManualClock clock, GitHubMock gitHubClientMock, ZoneRegistryMock zoneRegistryMock, - AthensDbMock athensDb, MemoryNameService nameService) { + AthenzDbMock athensDb, MemoryNameService nameService) { Controller controller = new Controller(db, curator, new MemoryRotationRepository(), diff --git a/controller-server/src/test/java/com/yahoo/vespa/hosted/controller/athenz/filter/NTokenValidatorTest.java b/controller-server/src/test/java/com/yahoo/vespa/hosted/controller/athenz/filter/NTokenValidatorTest.java index e269f2842e2..69b4daf7aba 100644 --- a/controller-server/src/test/java/com/yahoo/vespa/hosted/controller/athenz/filter/NTokenValidatorTest.java +++ b/controller-server/src/test/java/com/yahoo/vespa/hosted/controller/athenz/filter/NTokenValidatorTest.java @@ -1,7 +1,7 @@ // Copyright 2017 Yahoo Holdings. Licensed under the terms of the Apache 2.0 license. See LICENSE in the project root. package com.yahoo.vespa.hosted.controller.athenz.filter; -import com.yahoo.vespa.hosted.controller.api.identifiers.AthensDomain; +import com.yahoo.vespa.hosted.controller.api.identifiers.AthenzDomain; import com.yahoo.vespa.hosted.controller.api.identifiers.UserId; import com.yahoo.vespa.hosted.controller.athenz.AthenzPrincipal; import com.yahoo.vespa.hosted.controller.athenz.InvalidTokenException; @@ -25,7 +25,7 @@ public class NTokenValidatorTest { private static final KeyPair TRUSTED_KEY = AthenzTestUtils.generateRsaKeypair(); private static final KeyPair UNKNOWN_KEY = AthenzTestUtils.generateRsaKeypair(); - private static final AthenzPrincipal PRINCIPAL = new AthenzPrincipal(new AthensDomain("yby"), new UserId("user")); + private static final AthenzPrincipal PRINCIPAL = new AthenzPrincipal(new AthenzDomain("yby"), new UserId("user")); @Rule public ExpectedException exceptionRule = ExpectedException.none(); diff --git a/controller-server/src/test/java/com/yahoo/vespa/hosted/controller/restapi/ContainerControllerTester.java b/controller-server/src/test/java/com/yahoo/vespa/hosted/controller/restapi/ContainerControllerTester.java index 99381d538d5..45a8972eafe 100644 --- a/controller-server/src/test/java/com/yahoo/vespa/hosted/controller/restapi/ContainerControllerTester.java +++ b/controller-server/src/test/java/com/yahoo/vespa/hosted/controller/restapi/ContainerControllerTester.java @@ -12,7 +12,7 @@ import com.yahoo.vespa.hosted.controller.api.Tenant; import com.yahoo.vespa.hosted.controller.api.application.v4.model.DeployOptions; import com.yahoo.vespa.hosted.controller.api.application.v4.model.GitRevision; import com.yahoo.vespa.hosted.controller.api.application.v4.model.ScrewdriverBuildJob; -import com.yahoo.vespa.hosted.controller.api.identifiers.AthensDomain; +import com.yahoo.vespa.hosted.controller.api.identifiers.AthenzDomain; import com.yahoo.vespa.hosted.controller.api.identifiers.GitBranch; import com.yahoo.vespa.hosted.controller.api.identifiers.GitCommit; import com.yahoo.vespa.hosted.controller.api.identifiers.GitRepository; @@ -24,7 +24,7 @@ import com.yahoo.vespa.hosted.controller.api.identifiers.UserId; import com.yahoo.vespa.hosted.controller.application.ApplicationPackage; import com.yahoo.vespa.hosted.controller.application.DeploymentJobs; import com.yahoo.vespa.hosted.controller.athenz.AthenzPrincipal; -import com.yahoo.vespa.hosted.controller.athenz.mock.AthensDbMock; +import com.yahoo.vespa.hosted.controller.athenz.mock.AthenzDbMock; import com.yahoo.vespa.hosted.controller.athenz.mock.AthenzClientFactoryMock; import com.yahoo.vespa.hosted.controller.maintenance.JobControl; import com.yahoo.vespa.hosted.controller.maintenance.Upgrader; @@ -68,7 +68,7 @@ public class ContainerControllerTester { } public Application createApplication(String athensDomain, String tenant, String application) { - AthensDomain domain1 = addTenantAthensDomain(athensDomain, "mytenant"); + AthenzDomain domain1 = addTenantAthenzDomain(athensDomain, "mytenant"); controller.tenants().addTenant(Tenant.createAthensTenant(new TenantId(tenant), domain1, new Property("property1"), Optional.of(new PropertyId("1234"))), @@ -94,13 +94,13 @@ public class ContainerControllerTester { )); } - public AthensDomain addTenantAthensDomain(String domainName, String userName) { + public AthenzDomain addTenantAthenzDomain(String domainName, String userName) { AthenzClientFactoryMock mock = (AthenzClientFactoryMock) containerTester.container().components() .getComponent(AthenzClientFactoryMock.class.getName()); - AthensDomain athensDomain = new AthensDomain(domainName); - AthensDbMock.Domain domain = new AthensDbMock.Domain(athensDomain); + AthenzDomain athensDomain = new AthenzDomain(domainName); + AthenzDbMock.Domain domain = new AthenzDbMock.Domain(athensDomain); domain.markAsVespaTenant(); - domain.admin(new AthenzPrincipal(new AthensDomain("domain"), new UserId(userName))); + domain.admin(new AthenzPrincipal(new AthenzDomain("domain"), new UserId(userName))); mock.getSetup().addDomain(domain); return athensDomain; } diff --git a/controller-server/src/test/java/com/yahoo/vespa/hosted/controller/restapi/application/ApplicationApiTest.java b/controller-server/src/test/java/com/yahoo/vespa/hosted/controller/restapi/application/ApplicationApiTest.java index 0c9ebedc09b..ef8a3809b25 100644 --- a/controller-server/src/test/java/com/yahoo/vespa/hosted/controller/restapi/application/ApplicationApiTest.java +++ b/controller-server/src/test/java/com/yahoo/vespa/hosted/controller/restapi/application/ApplicationApiTest.java @@ -8,7 +8,7 @@ import com.yahoo.config.provision.Environment; import com.yahoo.vespa.curator.Lock; import com.yahoo.vespa.hosted.controller.Application; import com.yahoo.vespa.hosted.controller.ConfigServerClientMock; -import com.yahoo.vespa.hosted.controller.api.identifiers.AthensDomain; +import com.yahoo.vespa.hosted.controller.api.identifiers.AthenzDomain; import com.yahoo.vespa.hosted.controller.api.identifiers.UserId; import com.yahoo.vespa.hosted.controller.api.integration.configserver.ConfigServerException; import com.yahoo.vespa.hosted.controller.application.ApplicationPackage; @@ -19,7 +19,7 @@ import com.yahoo.vespa.hosted.controller.application.DeploymentJobs; import com.yahoo.vespa.hosted.controller.application.DeploymentMetrics; import com.yahoo.vespa.hosted.controller.athenz.AthenzPrincipal; import com.yahoo.vespa.hosted.controller.athenz.AthenzUtils; -import com.yahoo.vespa.hosted.controller.athenz.mock.AthensDbMock; +import com.yahoo.vespa.hosted.controller.athenz.mock.AthenzDbMock; import com.yahoo.vespa.hosted.controller.athenz.mock.AthenzClientFactoryMock; import com.yahoo.vespa.hosted.controller.deployment.ApplicationPackageBuilder; import com.yahoo.vespa.hosted.controller.restapi.ContainerControllerTester; @@ -53,8 +53,8 @@ public class ApplicationApiTest extends ControllerContainerTest { .environment(Environment.prod) .region("corp-us-east-1") .build(); - private static final String athensUserDomain = "domain1"; - private static final String athensScrewdriverDomain = AthenzUtils.SCREWDRIVER_DOMAIN.id(); + private static final String athenzUserDomain = "domain1"; + private static final String athenzScrewdriverDomain = AthenzUtils.SCREWDRIVER_DOMAIN.id(); @Test @@ -63,7 +63,7 @@ public class ApplicationApiTest extends ControllerContainerTest { ContainerTester tester = controllerTester.containerTester(); tester.updateSystemVersion(); - addTenantAthensDomain(athensUserDomain, "mytenant"); // (Necessary but not provided in this API) + addTenantAthenzDomain(athenzUserDomain, "mytenant"); // (Necessary but not provided in this API) // GET API root tester.assertResponse(request("/application/v4/", "", Request.Method.GET), @@ -121,7 +121,7 @@ public class ApplicationApiTest extends ControllerContainerTest { tester.assertResponse(request("/application/v4/tenant/tenant1/application/application1/environment/dev/region/us-west-1/instance/default/deploy", entity, Request.Method.POST, - athensUserDomain, "mytenant"), + athenzUserDomain, "mytenant"), new File("deploy-result.json")); // POST (deploy) an application to a zone. This simulates calls done by our tenant pipeline. @@ -138,7 +138,7 @@ public class ApplicationApiTest extends ControllerContainerTest { tester.assertResponse(request("/application/v4/tenant/tenant1/application/application1/environment/test/region/us-east-1/instance/default/", createApplicationDeployData(applicationPackage, Optional.of(screwdriverProjectId)), Request.Method.POST, - athensScrewdriverDomain, "screwdriveruser1"), + athenzScrewdriverDomain, "screwdriveruser1"), new File("deploy-result.json")); tester.assertResponse(request("/application/v4/tenant/tenant1/application/application1/environment/test/region/us-east-1/instance/default", "", @@ -150,7 +150,7 @@ public class ApplicationApiTest extends ControllerContainerTest { tester.assertResponse(request("/application/v4/tenant/tenant1/application/application1/environment/staging/region/us-east-3/instance/default/", createApplicationDeployData(applicationPackage, Optional.of(screwdriverProjectId)), Request.Method.POST, - athensScrewdriverDomain, "screwdriveruser1"), + athenzScrewdriverDomain, "screwdriveruser1"), new File("deploy-result.json")); tester.assertResponse(request("/application/v4/tenant/tenant1/application/application1/environment/staging/region/us-east-3/instance/default", "", @@ -162,7 +162,7 @@ public class ApplicationApiTest extends ControllerContainerTest { tester.assertResponse(request("/application/v4/tenant/tenant1/application/application1/environment/prod/region/corp-us-east-1/instance/default/", createApplicationDeployData(applicationPackage, Optional.of(screwdriverProjectId)), Request.Method.POST, - athensScrewdriverDomain, "screwdriveruser1"), + athenzScrewdriverDomain, "screwdriveruser1"), new File("deploy-result.json")); controllerTester.notifyJobCompletion(id, screwdriverProjectId, false, DeploymentJobs.JobType.productionCorpUsEast1); @@ -228,14 +228,14 @@ public class ApplicationApiTest extends ControllerContainerTest { tester.assertResponse(request("/application/v4/user?user=newuser&domain=by", new byte[0], Request.Method.PUT, - athensUserDomain, "newuser", "application/json"), + athenzUserDomain, "newuser", "application/json"), new File("create-user-response.json")); // OPTIONS return 200 OK tester.assertResponse(request("/application/v4/", "", Request.Method.OPTIONS), ""); // Add another Athens domain, so we can try to create more tenants - addTenantAthensDomain("domain2", "mytenant"); // New domain to test tenant w/property ID + addTenantAthenzDomain("domain2", "mytenant"); // New domain to test tenant w/property ID // POST (add) a tenant with property ID tester.assertResponse(request("/application/v4/tenant/tenant2", "{\"athensDomain\":\"domain2\", \"property\":\"property2\", \"propertyId\":\"1234\"}", @@ -292,7 +292,7 @@ public class ApplicationApiTest extends ControllerContainerTest { ContainerControllerTester controllerTester = new ContainerControllerTester(container, responseFiles); ContainerTester tester = controllerTester.containerTester(); tester.updateSystemVersion(); - addTenantAthensDomain(athensUserDomain, "mytenant"); + addTenantAthenzDomain(athenzUserDomain, "mytenant"); addScrewdriverUserToDomain("screwdriveruser1", "domain1"); // Create tenant @@ -312,7 +312,7 @@ public class ApplicationApiTest extends ControllerContainerTest { tester.assertResponse(request("/application/v4/tenant/tenant1/application/application1/environment/prod/region/corp-us-east-1/instance/default/deploy", entity, Request.Method.POST, - athensScrewdriverDomain, "screwdriveruser1"), + athenzScrewdriverDomain, "screwdriveruser1"), new File("deploy-result.json")); } @@ -322,7 +322,7 @@ public class ApplicationApiTest extends ControllerContainerTest { ContainerControllerTester controllerTester = new ContainerControllerTester(container, responseFiles); ContainerTester tester = controllerTester.containerTester(); tester.updateSystemVersion(); - addTenantAthensDomain(athensUserDomain, "mytenant"); + addTenantAthenzDomain(athenzUserDomain, "mytenant"); addScrewdriverUserToDomain("screwdriveruser1", "domain1"); // Create tenant @@ -351,7 +351,7 @@ public class ApplicationApiTest extends ControllerContainerTest { tester.assertResponse(request("/application/v4/tenant/tenant1/application/application1/environment/prod/region/us-east-3/instance/default/deploy", deployData, Request.Method.POST, - athensScrewdriverDomain, "screwdriveruser1"), + athenzScrewdriverDomain, "screwdriveruser1"), new File("deploy-result.json")); controllerTester.notifyJobCompletion(id, projectId, true, DeploymentJobs.JobType.productionUsEast3); @@ -368,7 +368,7 @@ public class ApplicationApiTest extends ControllerContainerTest { tester.assertResponse(request("/application/v4/tenant/tenant1/application/application1/environment/prod/region/us-west-1/instance/default/deploy", deployData, Request.Method.POST, - athensScrewdriverDomain, "screwdriveruser1"), + athenzScrewdriverDomain, "screwdriveruser1"), new File("deploy-result.json")); controllerTester.notifyJobCompletion(id, projectId, true, DeploymentJobs.JobType.productionUsWest1); @@ -376,7 +376,7 @@ public class ApplicationApiTest extends ControllerContainerTest { tester.assertResponse(request("/application/v4/tenant/tenant1/application/application1/environment/prod/region/us-east-3/instance/default/deploy", deployData, Request.Method.POST, - athensScrewdriverDomain, "screwdriveruser1"), + athenzScrewdriverDomain, "screwdriveruser1"), new File("deploy-result.json")); controllerTester.notifyJobCompletion(id, projectId, true, DeploymentJobs.JobType.productionUsEast3); @@ -388,7 +388,7 @@ public class ApplicationApiTest extends ControllerContainerTest { public void testErrorResponses() throws Exception { ContainerTester tester = new ContainerTester(container, responseFiles); tester.updateSystemVersion(); - addTenantAthensDomain("domain1", "mytenant"); + addTenantAthenzDomain("domain1", "mytenant"); // PUT (update) non-existing tenant tester.assertResponse(request("/application/v4/tenant/tenant1", @@ -459,7 +459,7 @@ public class ApplicationApiTest extends ControllerContainerTest { tester.assertResponse(request("/application/v4/tenant/tenant1/application/application1/environment/dev/region/us-west-1/instance/default/deploy", entity, Request.Method.POST, - athensUserDomain, "mytenant"), + athenzUserDomain, "mytenant"), new File("deploy-failure.json"), 400); // POST (deploy) an application without available capacity @@ -467,7 +467,7 @@ public class ApplicationApiTest extends ControllerContainerTest { tester.assertResponse(request("/application/v4/tenant/tenant1/application/application1/environment/dev/region/us-west-1/instance/default/deploy", entity, Request.Method.POST, - athensUserDomain, "mytenant"), + athenzUserDomain, "mytenant"), new File("deploy-out-of-capacity.json"), 400); // DELETE tenant which has an application @@ -522,7 +522,7 @@ public class ApplicationApiTest extends ControllerContainerTest { "[]", 200); - addTenantAthensDomain("domain1", "mytenant"); + addTenantAthenzDomain("domain1", "mytenant"); // Creating a tenant for an Athens domain the user is not admin for is disallowed tester.assertResponse(request("/application/v4/tenant/tenant1", @@ -561,7 +561,7 @@ public class ApplicationApiTest extends ControllerContainerTest { tester.assertResponse(request("/application/v4/tenant/tenant1/application/application1/environment/prod/region/us-west-1/instance/default/deploy", entity, Request.Method.POST, - athensUserDomain, "mytenant"), + athenzUserDomain, "mytenant"), "{\"error-code\":\"FORBIDDEN\",\"message\":\"Principal 'mytenant' is not a screwdriver principal, and does not have deploy access to application 'tenant1.application1'\"}", 403); @@ -590,7 +590,7 @@ public class ApplicationApiTest extends ControllerContainerTest { 403); // Change Athens domain - addTenantAthensDomain("domain2", "mytenant"); + addTenantAthenzDomain("domain2", "mytenant"); tester.assertResponse(request("/application/v4/tenant/tenant1", "{\"athensDomain\":\"domain2\", \"property\":\"property1\"}", Request.Method.PUT, @@ -670,11 +670,11 @@ public class ApplicationApiTest extends ControllerContainerTest { * In production this happens outside hosted Vespa, so there is no API for it and we need to reach down into the * mock setup to replicate the action. */ - private AthensDomain addTenantAthensDomain(String domainName, String userName) { + private AthenzDomain addTenantAthenzDomain(String domainName, String userName) { AthenzClientFactoryMock mock = (AthenzClientFactoryMock) container.components() .getComponent(AthenzClientFactoryMock.class.getName()); - AthensDomain athensDomain = new AthensDomain(domainName); - AthensDbMock.Domain domain = new AthensDbMock.Domain(athensDomain); + AthenzDomain athensDomain = new AthenzDomain(domainName); + AthenzDbMock.Domain domain = new AthenzDbMock.Domain(athensDomain); domain.markAsVespaTenant(); domain.admin(AthenzUtils.createPrincipal(new UserId(userName))); mock.getSetup().addDomain(domain); @@ -688,8 +688,8 @@ public class ApplicationApiTest extends ControllerContainerTest { private void addScrewdriverUserToDomain(String screwdriverUserId, String domainName) { AthenzClientFactoryMock mock = (AthenzClientFactoryMock) container.components() .getComponent(AthenzClientFactoryMock.class.getName()); - AthensDbMock.Domain domain = mock.getSetup().domains.get(new AthensDomain(domainName)); - domain.admin(new AthenzPrincipal(new AthensDomain(athensScrewdriverDomain), new UserId(screwdriverUserId))); + AthenzDbMock.Domain domain = mock.getSetup().domains.get(new AthenzDomain(domainName)); + domain.admin(new AthenzPrincipal(new AthenzDomain(athenzScrewdriverDomain), new UserId(screwdriverUserId))); } private void startAndTestChange(ContainerControllerTester controllerTester, ApplicationId application, long projectId, @@ -703,9 +703,9 @@ public class ApplicationApiTest extends ControllerContainerTest { String testPath = String.format("/application/v4/tenant/%s/application/%s/environment/test/region/us-east-1/instance/default", application.tenant().value(), application.application().value()); tester.assertResponse(request(testPath, - deployData, - Request.Method.POST, - athensScrewdriverDomain, "screwdriveruser1"), + deployData, + Request.Method.POST, + athenzScrewdriverDomain, "screwdriveruser1"), new File("deploy-result.json")); tester.assertResponse(request(testPath, "", @@ -717,9 +717,9 @@ public class ApplicationApiTest extends ControllerContainerTest { String stagingPath = String.format("/application/v4/tenant/%s/application/%s/environment/staging/region/us-east-3/instance/default", application.tenant().value(), application.application().value()); tester.assertResponse(request(stagingPath, - deployData, - Request.Method.POST, - athensScrewdriverDomain, "screwdriveruser1"), + deployData, + Request.Method.POST, + athenzScrewdriverDomain, "screwdriveruser1"), new File("deploy-result.json")); tester.assertResponse(request(stagingPath, "", diff --git a/controller-server/src/test/java/com/yahoo/vespa/hosted/controller/restapi/application/MockAuthorizer.java b/controller-server/src/test/java/com/yahoo/vespa/hosted/controller/restapi/application/MockAuthorizer.java index 6f8dfc681ac..e5898b7a593 100644 --- a/controller-server/src/test/java/com/yahoo/vespa/hosted/controller/restapi/application/MockAuthorizer.java +++ b/controller-server/src/test/java/com/yahoo/vespa/hosted/controller/restapi/application/MockAuthorizer.java @@ -4,7 +4,7 @@ package com.yahoo.vespa.hosted.controller.restapi.application; import com.yahoo.container.jdisc.HttpRequest; import com.yahoo.vespa.hosted.controller.Controller; import com.yahoo.vespa.hosted.controller.TestIdentities; -import com.yahoo.vespa.hosted.controller.api.identifiers.AthensDomain; +import com.yahoo.vespa.hosted.controller.api.identifiers.AthenzDomain; import com.yahoo.vespa.hosted.controller.api.identifiers.UserId; import com.yahoo.vespa.hosted.controller.api.integration.entity.EntityService; import com.yahoo.vespa.hosted.controller.athenz.AthenzClientFactory; @@ -32,7 +32,7 @@ public class MockAuthorizer extends Authorizer { @Override public Optional<Principal> getPrincipalIfAny(HttpRequest request) { if (request.getProperty("user") == null) return Optional.empty(); - return Optional.of(new AthenzPrincipal(new AthensDomain(request.getProperty("domain")), + return Optional.of(new AthenzPrincipal(new AthenzDomain(request.getProperty("domain")), new UserId(request.getProperty("user")))); } |