diff options
| author | Morten Tokle <mortent@oath.com> | 2018-12-06 09:03:06 +0100 |
|---|---|---|
| committer | Morten Tokle <mortent@oath.com> | 2018-12-06 09:03:06 +0100 |
| commit | 89321cb5e7f153eeac5e2f85eb7fb545f517dcbd (patch) | |
| tree | 2afa52f3d632e6abbdbcc91501b1b418554b4cde /controller-server/src | |
| parent | 3b43551a5da2954643fb7534dbf801d107ff1adc (diff) | |
Improve error message for personal tenants
Diffstat (limited to 'controller-server/src')
2 files changed, 55 insertions, 15 deletions
diff --git a/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/ApplicationController.java b/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/ApplicationController.java index 953a226d089..aed2667c811 100644 --- a/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/ApplicationController.java +++ b/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/ApplicationController.java @@ -723,13 +723,24 @@ public class ApplicationController { public void verifyApplicationIdentityConfiguration(TenantName tenantName, ApplicationPackage applicationPackage) { applicationPackage.deploymentSpec().athenzDomain() .ifPresent(identityDomain -> { - AthenzTenant tenant = controller.tenants().athenzTenant(tenantName) - .orElseThrow(() -> new IllegalArgumentException("Tenant does not exist")); - AthenzDomain tenantDomain = tenant.domain(); - if ( ! Objects.equals(tenantDomain.getName(), identityDomain.value())) - throw new IllegalArgumentException(String.format("Athenz domain in deployment.xml: [%s] must match tenant domain: [%s]", - identityDomain.value(), - tenantDomain.getName())); + Optional<Tenant> tenant = controller.tenants().tenant(tenantName); + if(!tenant.isPresent()) { + throw new IllegalArgumentException("Tenant does not exist"); + } else { + AthenzDomain tenantDomain = tenant.filter(t -> t instanceof AthenzTenant) + .map(t -> (AthenzTenant) t) + .orElseThrow(() -> new IllegalArgumentException( + String.format("Athenz domain defined in deployment.xml, but no Athenz domain for tenant (%s). " + + "It is currently not possible to launch Athenz services from personal tenants, use " + + "Athenz tenant instead.", + tenantName.value()))) + .domain(); + + if (!Objects.equals(tenantDomain.getName(), identityDomain.value())) + throw new IllegalArgumentException(String.format("Athenz domain in deployment.xml: [%s] must match tenant domain: [%s]", + identityDomain.value(), + tenantDomain.getName())); + } }); } diff --git a/controller-server/src/test/java/com/yahoo/vespa/hosted/controller/restapi/application/ApplicationApiTest.java b/controller-server/src/test/java/com/yahoo/vespa/hosted/controller/restapi/application/ApplicationApiTest.java index 1ce4d37811e..8ff5d9c9963 100644 --- a/controller-server/src/test/java/com/yahoo/vespa/hosted/controller/restapi/application/ApplicationApiTest.java +++ b/controller-server/src/test/java/com/yahoo/vespa/hosted/controller/restapi/application/ApplicationApiTest.java @@ -27,13 +27,12 @@ import com.yahoo.vespa.hosted.controller.api.identifiers.PropertyId; import com.yahoo.vespa.hosted.controller.api.identifiers.ScrewdriverId; import com.yahoo.vespa.hosted.controller.api.identifiers.UserId; import com.yahoo.vespa.hosted.controller.api.integration.MetricsService.ApplicationMetrics; -import com.yahoo.vespa.hosted.controller.api.integration.organization.User; -import com.yahoo.vespa.hosted.controller.athenz.ApplicationAction; -import com.yahoo.vespa.hosted.controller.athenz.HostedAthenzIdentities; import com.yahoo.vespa.hosted.controller.api.integration.configserver.ConfigServerException; import com.yahoo.vespa.hosted.controller.api.integration.deployment.JobType; +import com.yahoo.vespa.hosted.controller.api.integration.organization.Contact; import com.yahoo.vespa.hosted.controller.api.integration.organization.IssueId; import com.yahoo.vespa.hosted.controller.api.integration.organization.MockContactRetriever; +import com.yahoo.vespa.hosted.controller.api.integration.organization.User; import com.yahoo.vespa.hosted.controller.api.integration.zone.ZoneId; import com.yahoo.vespa.hosted.controller.application.ApplicationPackage; import com.yahoo.vespa.hosted.controller.application.Change; @@ -44,21 +43,19 @@ import com.yahoo.vespa.hosted.controller.application.DeploymentJobs; import com.yahoo.vespa.hosted.controller.application.DeploymentMetrics; import com.yahoo.vespa.hosted.controller.application.JobStatus; import com.yahoo.vespa.hosted.controller.application.RotationStatus; +import com.yahoo.vespa.hosted.controller.athenz.ApplicationAction; +import com.yahoo.vespa.hosted.controller.athenz.HostedAthenzIdentities; import com.yahoo.vespa.hosted.controller.athenz.mock.AthenzClientFactoryMock; import com.yahoo.vespa.hosted.controller.athenz.mock.AthenzDbMock; -import com.yahoo.vespa.hosted.controller.authority.config.ApiAuthorityConfig; import com.yahoo.vespa.hosted.controller.deployment.ApplicationPackageBuilder; import com.yahoo.vespa.hosted.controller.deployment.BuildJob; import com.yahoo.vespa.hosted.controller.deployment.DeploymentTrigger; import com.yahoo.vespa.hosted.controller.integration.ConfigServerMock; import com.yahoo.vespa.hosted.controller.integration.MetricsServiceMock; -import com.yahoo.vespa.hosted.controller.maintenance.DeploymentMetricsMaintainer; -import com.yahoo.vespa.hosted.controller.maintenance.JobControl; import com.yahoo.vespa.hosted.controller.restapi.ContainerControllerTester; import com.yahoo.vespa.hosted.controller.restapi.ContainerTester; import com.yahoo.vespa.hosted.controller.restapi.ControllerContainerTest; import com.yahoo.vespa.hosted.controller.tenant.AthenzTenant; -import com.yahoo.vespa.hosted.controller.api.integration.organization.Contact; import org.apache.http.HttpEntity; import org.apache.http.entity.ContentType; import org.apache.http.entity.mime.MultipartEntityBuilder; @@ -71,7 +68,6 @@ import java.io.IOException; import java.io.UncheckedIOException; import java.net.URI; import java.nio.charset.StandardCharsets; -import java.time.Duration; import java.time.Instant; import java.util.ArrayList; import java.util.Arrays; @@ -990,6 +986,39 @@ public class ApplicationApiTest extends ControllerContainerTest { } @Test + public void deployment_fails_for_personal_tenants_when_athenzdomain_specified() { + // Setup + tester.computeVersionStatus(); + UserId userId = new UserId("new_user"); + createAthenzDomainWithAdmin(ATHENZ_TENANT_DOMAIN, userId); + + // Create tenant + // PUT (create) the authenticated user + byte[] data = new byte[0]; + tester.assertResponse(request("/application/v4/user?user=new_user&domain=by", PUT) + .data(data) + .userIdentity(userId), // Normalized to by-new-user by API + new File("create-user-response.json")); + + ApplicationPackage applicationPackage = new ApplicationPackageBuilder() + .upgradePolicy("default") + .athenzIdentity(com.yahoo.config.provision.AthenzDomain.from("domain1"), com.yahoo.config.provision.AthenzService.from("service")) + .environment(Environment.dev) + .region("us-west-1") + .build(); + + // POST (deploy) an application to a dev zone + String expectedResult="{\"error-code\":\"BAD_REQUEST\",\"message\":\"Athenz domain defined in deployment.xml, but no Athenz domain for tenant (by-new-user). It is currently not possible to launch Athenz services from personal tenants, use Athenz tenant instead.\"}"; + HttpEntity entity = createApplicationDeployData(applicationPackage, true); + tester.assertResponse(request("/application/v4/tenant/by-new-user/application/application1/environment/dev/region/us-west-1/instance/default", POST) + .data(entity) + .userIdentity(userId), + expectedResult, + 400); + + } + + @Test public void testJobStatusReporting() { addUserToHostedOperatorRole(HostedAthenzIdentities.from(HOSTED_VESPA_OPERATOR)); tester.computeVersionStatus(); |