Delete tenants without Athenz domain

author: Ola Aunrønning <olaa@verizonmedia.com> 2021-12-01 13:56:48 +0100
committer: Ola Aunrønning <olaa@verizonmedia.com> 2021-12-01 13:56:48 +0100
commit: 0c15763bef77955744d9b26785f78ced4fe7042c (patch)
tree: 2b86732d912240d9f54baa917bff7f0cab46da96 /controller-server
parent: 7cff9f240f16e5c02d562a691bc81a3dba830218 (diff)
4 files changed, 9 insertions, 6 deletions
diff --git a/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/TenantController.java b/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/TenantController.java
index 537603427f5..59877fce634 100644
--- a/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/TenantController.java
+++ b/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/TenantController.java
@@ -161,7 +161,7 @@ public class TenantController {
     }
 
     /** Deletes the given tenant. */
-    public void delete(TenantName tenant, Supplier<Credentials> credentials, boolean forget) {
+    public void delete(TenantName tenant, Optional<Credentials> credentials, boolean forget) {
         try (Lock lock = lock(tenant)) {
             Tenant oldTenant = get(tenant, true)
                     .orElseThrow(() -> new NotExistsException("Could not delete tenant '" + tenant + "': Tenant not found"));
@@ -171,7 +171,7 @@ public class TenantController {
                     throw new IllegalArgumentException("Could not delete tenant '" + tenant.value()
                             + "': This tenant has active applications");
 
-                accessControl.deleteTenant(tenant, credentials.get());
+                credentials.ifPresent(creds -> accessControl.deleteTenant(tenant, creds));
                 controller.notificationsDb().removeNotifications(NotificationSource.from(tenant));
             }
 
diff --git a/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/maintenance/UserManagementMaintainer.java b/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/maintenance/UserManagementMaintainer.java
index 33012763f97..0d278b7be6d 100644
--- a/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/maintenance/UserManagementMaintainer.java
+++ b/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/maintenance/UserManagementMaintainer.java
@@ -8,6 +8,7 @@ import com.yahoo.vespa.hosted.controller.Controller;
 import com.yahoo.vespa.hosted.controller.api.integration.user.RoleMaintainer;
 
 import java.time.Duration;
+import java.util.Optional;
 import java.util.logging.Logger;
 import java.util.stream.Collectors;
 
@@ -39,8 +40,8 @@ public class UserManagementMaintainer extends ControllerMaintainer {
         if (!controller().system().isPublic()) {
             roleMaintainer.tenantsToDelete(tenants)
                     .forEach(tenant -> {
-                        // TODO: controller().tenants().delete(tenant.name());
-                        logger.fine("Want to delete tenant " + tenant.name());
+                        logger.warning(tenant.name() + " has a non-existing Athenz domain. Deleting");
+                        controller().tenants().delete(tenant.name(), Optional.empty(), false);
                     });
         }
 
diff --git a/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/restapi/application/ApplicationApiHandler.java b/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/restapi/application/ApplicationApiHandler.java
index ed16c86c94e..3e6bc2b6dec 100644
--- a/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/restapi/application/ApplicationApiHandler.java
+++ b/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/restapi/application/ApplicationApiHandler.java
@@ -2018,9 +2018,9 @@ public class ApplicationApiHandler extends AuditLoggingRequestHandler {
             return ErrorResponse.forbidden("Only operators can forget a tenant");
 
         controller.tenants().delete(TenantName.from(tenantName),
-                                    () -> accessControlRequests.credentials(TenantName.from(tenantName),
+                                    Optional.of(accessControlRequests.credentials(TenantName.from(tenantName),
                                                                       toSlime(request.getData()).get(),
-                                                                      request.getJDiscRequest()),
+                                                                      request.getJDiscRequest())),
                                     forget);
 
         return new MessageResponse("Deleted tenant " + tenantName);
diff --git a/controller-server/src/test/java/com/yahoo/vespa/hosted/controller/restapi/application/ApplicationApiTest.java b/controller-server/src/test/java/com/yahoo/vespa/hosted/controller/restapi/application/ApplicationApiTest.java
index 6e8445102c3..e45bfb6eb88 100644
--- a/controller-server/src/test/java/com/yahoo/vespa/hosted/controller/restapi/application/ApplicationApiTest.java
+++ b/controller-server/src/test/java/com/yahoo/vespa/hosted/controller/restapi/application/ApplicationApiTest.java
@@ -895,6 +895,8 @@ public class ApplicationApiTest extends ControllerContainerTest {
 
         // Forget a deleted tenant
         tester.assertResponse(request("/application/v4/tenant/tenant1", DELETE).properties(Map.of("forget", "true"))
+                        .data("{\"athensDomain\":\"domain1\"}")
+                        .oktaAccessToken(OKTA_AT).oktaIdentityToken(OKTA_IT)
                         .userIdentity(HOSTED_VESPA_OPERATOR),
                 "{\"message\":\"Deleted tenant tenant1\"}");
         tester.assertResponse(request("/application/v4/tenant/tenant1", GET).properties(Map.of("includeDeleted", "true"))
author	Ola Aunrønning <olaa@verizonmedia.com>	2021-12-01 13:56:48 +0100
committer	Ola Aunrønning <olaa@verizonmedia.com>	2021-12-01 13:56:48 +0100
commit	0c15763bef77955744d9b26785f78ced4fe7042c (patch)
tree	2b86732d912240d9f54baa917bff7f0cab46da96 /controller-server
parent	7cff9f240f16e5c02d562a691bc81a3dba830218 (diff)