diff options
author | Jon Marius Venstad <jvenstad@yahoo-inc.com> | 2019-04-15 10:05:14 +0200 |
---|---|---|
committer | Jon Marius Venstad <jvenstad@yahoo-inc.com> | 2019-04-15 10:18:15 +0200 |
commit | c0cfa08a3f6d538a684135e2711442a18bd7ddf0 (patch) | |
tree | 26ef1d9866327847f9056fa91cf81816a7e128d6 /controller-server | |
parent | c5c5015d4c4aeb1615f86a1b1aa3744bd3ff0722 (diff) |
Make Roles static
Diffstat (limited to 'controller-server')
3 files changed, 15 insertions, 22 deletions
diff --git a/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/Controller.java b/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/Controller.java index 9886e5c1329..365b7960958 100644 --- a/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/Controller.java +++ b/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/Controller.java @@ -23,11 +23,10 @@ import com.yahoo.vespa.hosted.controller.api.integration.github.GitHub; import com.yahoo.vespa.hosted.controller.api.integration.organization.Mailer; import com.yahoo.vespa.hosted.controller.api.integration.routing.RoutingGenerator; import com.yahoo.config.provision.zone.ZoneId; -import com.yahoo.vespa.hosted.controller.api.integration.user.UserRoles; +import com.yahoo.vespa.hosted.controller.api.integration.user.Roles; import com.yahoo.vespa.hosted.controller.api.integration.zone.ZoneRegistry; import com.yahoo.vespa.hosted.controller.api.role.ApplicationRole; import com.yahoo.vespa.hosted.controller.api.role.Role; -import com.yahoo.vespa.hosted.controller.api.role.Roles; import com.yahoo.vespa.hosted.controller.api.role.TenantRole; import com.yahoo.vespa.hosted.controller.auditlog.AuditLogger; import com.yahoo.vespa.hosted.controller.deployment.JobController; @@ -82,7 +81,6 @@ public class Controller extends AbstractComponent { private final Mailer mailer; private final AuditLogger auditLogger; private final FlagSource flagSource; - private final UserRoles roles; /** * Creates a controller @@ -135,7 +133,6 @@ public class Controller extends AbstractComponent { ); tenantController = new TenantController(this, curator, accessControl); auditLogger = new AuditLogger(curator, clock); - roles = new UserRoles(new Roles(zoneRegistry.system())); // Record the version of this controller curator().writeControllerVersion(this.hostname(), Vtag.currentVersion); @@ -298,16 +295,16 @@ public class Controller extends AbstractComponent { /** Returns all other roles the given tenant role implies. */ public Set<Role> impliedRoles(TenantRole role) { - return Stream.concat(roles.tenantRoles(role.tenant()).stream(), + return Stream.concat(Roles.tenantRoles(role.tenant()).stream(), applications().asList(role.tenant()).stream() - .flatMap(application -> roles.applicationRoles(application.id().tenant(), application.id().application()).stream())) + .flatMap(application -> Roles.applicationRoles(application.id().tenant(), application.id().application()).stream())) .filter(role::implies) .collect(Collectors.toUnmodifiableSet()); } /** Returns all other roles the given application role implies. */ public Set<Role> impliedRoles(ApplicationRole role) { - return roles.applicationRoles(role.tenant(), role.application()).stream() + return Roles.applicationRoles(role.tenant(), role.application()).stream() .filter(role::implies) .collect(Collectors.toUnmodifiableSet()); } diff --git a/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/restapi/user/UserApiHandler.java b/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/restapi/user/UserApiHandler.java index d2979824651..5ef997b6d55 100644 --- a/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/restapi/user/UserApiHandler.java +++ b/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/restapi/user/UserApiHandler.java @@ -45,13 +45,11 @@ public class UserApiHandler extends LoggingRequestHandler { private final static Logger log = Logger.getLogger(UserApiHandler.class.getName()); private static final String optionalPrefix = "/api"; - private final Roles roles; private final UserManagement users; @Inject public UserApiHandler(Context parentCtx, UserManagement users) { super(parentCtx); - this.roles = new Roles(); this.users = users; } @@ -111,7 +109,7 @@ public class UserApiHandler extends LoggingRequestHandler { Cursor root = slime.setObject(); root.setString("tenant", tenantName); fillRoles(root, - roles.tenantRoles(TenantName.from(tenantName)), + Roles.tenantRoles(TenantName.from(tenantName)), Collections.emptyList()); return new SlimeJsonResponse(slime); } @@ -122,8 +120,8 @@ public class UserApiHandler extends LoggingRequestHandler { root.setString("tenant", tenantName); root.setString("application", applicationName); fillRoles(root, - roles.applicationRoles(TenantName.from(tenantName), ApplicationName.from(applicationName)), - roles.tenantRoles(TenantName.from(tenantName))); + Roles.applicationRoles(TenantName.from(tenantName), ApplicationName.from(applicationName)), + Roles.tenantRoles(TenantName.from(tenantName))); return new SlimeJsonResponse(slime); } @@ -158,7 +156,7 @@ public class UserApiHandler extends LoggingRequestHandler { Inspector requestObject = bodyInspector(request); String roleName = require("roleName", Inspector::asString, requestObject); UserId user = new UserId(require("user", Inspector::asString, requestObject)); - Role role = roles.toRole(TenantName.from(tenantName), roleName); + Role role = Roles.toRole(TenantName.from(tenantName), roleName); users.addUsers(role, List.of(user)); return new MessageResponse(user + " is now a member of " + role); } @@ -167,7 +165,7 @@ public class UserApiHandler extends LoggingRequestHandler { Inspector requestObject = bodyInspector(request); String roleName = require("roleName", Inspector::asString, requestObject); UserId user = new UserId(require("user", Inspector::asString, requestObject)); - Role role = roles.toRole(TenantName.from(tenantName), ApplicationName.from(applicationName), roleName); + Role role = Roles.toRole(TenantName.from(tenantName), ApplicationName.from(applicationName), roleName); users.addUsers(role, List.of(user)); return new MessageResponse(user + " is now a member of " + role); } @@ -176,7 +174,7 @@ public class UserApiHandler extends LoggingRequestHandler { Inspector requestObject = bodyInspector(request); String roleName = require("roleName", Inspector::asString, requestObject); UserId user = new UserId(require("user", Inspector::asString, requestObject)); - Role role = roles.toRole(TenantName.from(tenantName), roleName); + Role role = Roles.toRole(TenantName.from(tenantName), roleName); if ( role.definition() == RoleDefinition.tenantOwner && users.listUsers(role).equals(List.of(user))) throw new IllegalArgumentException("Can't remove the last owner of a tenant."); @@ -189,7 +187,7 @@ public class UserApiHandler extends LoggingRequestHandler { Inspector requestObject = bodyInspector(request); String roleName = require("roleName", Inspector::asString, requestObject); UserId user = new UserId(require("user", Inspector::asString, requestObject)); - Role role = roles.toRole(TenantName.from(tenantName), ApplicationName.from(applicationName), roleName); + Role role = Roles.toRole(TenantName.from(tenantName), ApplicationName.from(applicationName), roleName); users.removeUsers(role, List.of(user)); return new MessageResponse(user + " is no longer a member of " + role); } diff --git a/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/security/CloudAccessControl.java b/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/security/CloudAccessControl.java index 4daa2216484..f803ab9f29c 100644 --- a/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/security/CloudAccessControl.java +++ b/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/security/CloudAccessControl.java @@ -24,13 +24,11 @@ public class CloudAccessControl implements AccessControl { private final Marketplace marketplace; private final UserManagement userManagement; - private final Roles roles; @Inject public CloudAccessControl(Marketplace marketplace, UserManagement userManagement) { this.marketplace = marketplace; this.userManagement = userManagement; - this.roles = new Roles(); } @Override @@ -38,7 +36,7 @@ public class CloudAccessControl implements AccessControl { CloudTenantSpec spec = (CloudTenantSpec) tenantSpec; CloudTenant tenant = new CloudTenant(spec.tenant(), marketplace.resolveCustomer(spec.getRegistrationToken())); - for (Role role : roles.tenantRoles(spec.tenant())) + for (Role role : Roles.tenantRoles(spec.tenant())) userManagement.createRole(role); userManagement.addUsers(Role.tenantOwner(spec.tenant()), List.of(new UserId(credentials.user().getName()))); @@ -54,20 +52,20 @@ public class CloudAccessControl implements AccessControl { public void deleteTenant(TenantName tenant, Credentials credentials) { // Probably terminate customer subscription? - for (TenantRole role : roles.tenantRoles(tenant)) + for (TenantRole role : Roles.tenantRoles(tenant)) userManagement.deleteRole(role); } @Override public void createApplication(ApplicationId id, Credentials credentials) { - for (Role role : roles.applicationRoles(id.tenant(), id.application())) + for (Role role : Roles.applicationRoles(id.tenant(), id.application())) userManagement.createRole(role); userManagement.addUsers(Role.applicationAdmin(id.tenant(), id.application()), List.of(new UserId(credentials.user().getName()))); } @Override public void deleteApplication(ApplicationId id, Credentials credentials) { - for (ApplicationRole role : roles.applicationRoles(id.tenant(), id.application())) + for (ApplicationRole role : Roles.applicationRoles(id.tenant(), id.application())) userManagement.deleteRole(role); } |