diff options
author | Jon Marius Venstad <jonmv@users.noreply.github.com> | 2019-11-05 09:57:10 +0100 |
---|---|---|
committer | GitHub <noreply@github.com> | 2019-11-05 09:57:10 +0100 |
commit | 2d890099a5890da7c81e31b3561869dd5ac95d53 (patch) | |
tree | 5818ade407be7e65486a4578da243a406741ad84 /controller-server | |
parent | d5bb73f0b4eb064471d1fd751d2d7bc58298dd81 (diff) | |
parent | 762f51b35e5e50f23ce7d95f51eca14f9800a0cb (diff) |
Merge pull request #11094 from vespa-engine/jvenstad/stop-using-deprecated-deployment-spec-methods
Jvenstad/stop using deprecated deployment spec methods
Diffstat (limited to 'controller-server')
7 files changed, 64 insertions, 47 deletions
diff --git a/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/ApplicationController.java b/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/ApplicationController.java index 7c718518129..71cfc679ca7 100644 --- a/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/ApplicationController.java +++ b/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/ApplicationController.java @@ -945,50 +945,61 @@ public class ApplicationController { public void verifyApplicationIdentityConfiguration(TenantName tenantName, ApplicationPackage applicationPackage, Optional<Principal> deployer) { verifyAllowedLaunchAthenzService(applicationPackage.deploymentSpec()); - applicationPackage.deploymentSpec().athenzDomain().ifPresent(identityDomain -> { - Tenant tenant = controller.tenants().require(tenantName); - deployer.filter(AthenzPrincipal.class::isInstance) - .map(AthenzPrincipal.class::cast) - .map(AthenzPrincipal::getIdentity) - .filter(AthenzUser.class::isInstance) - .ifPresentOrElse(user -> { - if ( ! ((AthenzFacade) accessControl).hasTenantAdminAccess(user, new AthenzDomain(identityDomain.value()))) - throw new IllegalArgumentException("User " + user.getFullName() + " is not allowed to launch " + - "services in Athenz domain " + identityDomain.value() + ". " + - "Please reach out to the domain admin."); - }, - () -> { - if (tenant.type() != Tenant.Type.athenz) - throw new IllegalArgumentException("Athenz domain defined in deployment.xml, but no " + - "Athenz domain for tenant " + tenantName.value()); - - AthenzDomain tenantDomain = ((AthenzTenant) tenant).domain(); - if ( ! Objects.equals(tenantDomain.getName(), identityDomain.value())) - throw new IllegalArgumentException("Athenz domain in deployment.xml: [" + identityDomain.value() + "] " + - "must match tenant domain: [" + tenantDomain.getName() + "]"); - }); - }); + Tenant tenant = controller.tenants().require(tenantName); + Stream.concat(applicationPackage.deploymentSpec().athenzDomain().stream(), + applicationPackage.deploymentSpec().instances().stream() + .flatMap(spec -> spec.athenzDomain().stream())) + .distinct() + .forEach(identityDomain -> { + deployer.filter(AthenzPrincipal.class::isInstance) + .map(AthenzPrincipal.class::cast) + .map(AthenzPrincipal::getIdentity) + .filter(AthenzUser.class::isInstance) + .ifPresentOrElse(user -> { + if ( ! ((AthenzFacade) accessControl).hasTenantAdminAccess(user, new AthenzDomain(identityDomain.value()))) + throw new IllegalArgumentException("User " + user.getFullName() + " is not allowed to launch " + + "services in Athenz domain " + identityDomain.value() + ". " + + "Please reach out to the domain admin."); + }, + () -> { + if (tenant.type() != Tenant.Type.athenz) + throw new IllegalArgumentException("Athenz domain defined in deployment.xml, but no " + + "Athenz domain for tenant " + tenantName.value()); + + AthenzDomain tenantDomain = ((AthenzTenant) tenant).domain(); + if ( ! Objects.equals(tenantDomain.getName(), identityDomain.value())) + throw new IllegalArgumentException("Athenz domain in deployment.xml: [" + identityDomain.value() + "] " + + "must match tenant domain: [" + tenantDomain.getName() + "]"); + }); + }); } /* * Verifies that the configured athenz service (if any) can be launched. */ private void verifyAllowedLaunchAthenzService(DeploymentSpec deploymentSpec) { - deploymentSpec.athenzDomain().ifPresent(athenzDomain -> { - controller.zoneRegistry().zones().reachable().ids() - .forEach(zone -> { - AthenzIdentity configServerAthenzIdentity = controller.zoneRegistry().getConfigServerHttpsIdentity(zone); - deploymentSpec.athenzService(zone.environment(), zone.region()) - .map(service -> new AthenzService(athenzDomain.value(), service.value())) - .ifPresent(service -> { - boolean allowedToLaunch = ((AthenzFacade) accessControl).canLaunch(configServerAthenzIdentity, service); - if (!allowedToLaunch) - throw new IllegalArgumentException("Not allowed to launch Athenz service " + service.getFullName()); - }); - }); + controller.zoneRegistry().zones().reachable().ids().forEach(zone -> { + AthenzIdentity configServerAthenzIdentity = controller.zoneRegistry().getConfigServerHttpsIdentity(zone); + deploymentSpec.athenzDomain().ifPresent(domain -> { + deploymentSpec.athenzService().ifPresent(service -> { + verifyAthenzServiceCanBeLaunchedBy(configServerAthenzIdentity, new AthenzService(domain.value(), service.value())); + }); + }); + deploymentSpec.instances().forEach(spec -> { + spec.athenzDomain().ifPresent(domain -> { + spec.athenzService(zone.environment(), zone.region()).ifPresent(service -> { + verifyAthenzServiceCanBeLaunchedBy(configServerAthenzIdentity, new AthenzService(domain.value(), service.value())); + }); + }); + }); }); } + private void verifyAthenzServiceCanBeLaunchedBy(AthenzIdentity configServerAthenzIdentity, AthenzService athenzService) { + if ( ! ((AthenzFacade) accessControl).canLaunch(configServerAthenzIdentity, athenzService)) + throw new IllegalArgumentException("Not allowed to launch Athenz service " + athenzService.getFullName()); + } + /** Returns the latest known version within the given major. */ private Optional<Version> lastCompatibleVersion(int targetMajorVersion) { return controller.versionStatus().versions().stream() diff --git a/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/application/ApplicationList.java b/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/application/ApplicationList.java index a2487e8a0d1..638f406409f 100644 --- a/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/application/ApplicationList.java +++ b/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/application/ApplicationList.java @@ -177,7 +177,8 @@ public class ApplicationList { /** Returns the subset of applications that are allowed to upgrade at the given time */ public ApplicationList canUpgradeAt(Instant instant) { - return filteredOn(application -> application.deploymentSpec().canUpgradeAt(instant)); + return filteredOn(application -> application.deploymentSpec().instances().stream() + .allMatch(instance -> instance.canUpgradeAt(instant))); } /** Returns the subset of applications that have at least one assigned rotation */ diff --git a/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/deployment/InternalStepRunner.java b/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/deployment/InternalStepRunner.java index 9df0dff3966..ce5a2a8dd21 100644 --- a/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/deployment/InternalStepRunner.java +++ b/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/deployment/InternalStepRunner.java @@ -657,7 +657,8 @@ public class InternalStepRunner implements StepRunner { .orElse(zone.region().value().contains("aws-") ? DEFAULT_TESTER_RESOURCES_AWS : DEFAULT_TESTER_RESOURCES)); byte[] testPackage = controller.applications().applicationStore().getTester(id.application().tenant(), id.application().application(), version); - byte[] deploymentXml = deploymentXml(spec.athenzDomain(), spec.athenzService(zone.environment(), zone.region())); + byte[] deploymentXml = deploymentXml(spec.requireInstance(id.application().instance()).athenzDomain(), + spec.requireInstance(id.application().instance()).athenzService(zone.environment(), zone.region())); try (ZipBuilder zipBuilder = new ZipBuilder(testPackage.length + servicesXml.length + 1000)) { zipBuilder.add(testPackage); diff --git a/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/maintenance/OutstandingChangeDeployer.java b/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/maintenance/OutstandingChangeDeployer.java index 95e1c53f10c..b130f7107dd 100644 --- a/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/maintenance/OutstandingChangeDeployer.java +++ b/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/maintenance/OutstandingChangeDeployer.java @@ -21,8 +21,9 @@ public class OutstandingChangeDeployer extends Maintainer { @Override protected void maintain() { for (Application application : controller().applications().asList()) { - if (application.outstandingChange().hasTargets() - && application.deploymentSpec().canChangeRevisionAt(controller().clock().instant())) { + if ( application.outstandingChange().hasTargets() + && application.deploymentSpec().instances().stream() + .allMatch(instance -> instance.canChangeRevisionAt(controller().clock().instant()))) { controller().applications().deploymentTrigger().triggerChange(application.id(), application.outstandingChange()); } diff --git a/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/restapi/application/ApplicationApiHandler.java b/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/restapi/application/ApplicationApiHandler.java index 48e72f8ad2c..c7ed77d0c90 100644 --- a/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/restapi/application/ApplicationApiHandler.java +++ b/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/restapi/application/ApplicationApiHandler.java @@ -737,7 +737,7 @@ public class ApplicationApiHandler extends LoggingRequestHandler { // Change blockers Cursor changeBlockers = object.setArray("changeBlockers"); - deploymentSpec.changeBlocker().forEach(changeBlocker -> { + deploymentSpec.requireInstance(instance.name()).changeBlocker().forEach(changeBlocker -> { Cursor changeBlockerObject = changeBlockers.addObject(); changeBlockerObject.setBool("versions", changeBlocker.blocksVersions()); changeBlockerObject.setBool("revisions", changeBlocker.blocksRevisions()); @@ -843,7 +843,7 @@ public class ApplicationApiHandler extends LoggingRequestHandler { // Change blockers Cursor changeBlockers = object.setArray("changeBlockers"); - application.deploymentSpec().changeBlocker().forEach(changeBlocker -> { + application.deploymentSpec().requireInstance(instance.name()).changeBlocker().forEach(changeBlocker -> { Cursor changeBlockerObject = changeBlockers.addObject(); changeBlockerObject.setBool("versions", changeBlocker.blocksVersions()); changeBlockerObject.setBool("revisions", changeBlocker.blocksRevisions()); diff --git a/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/restapi/application/JobControllerApiHandlerHelper.java b/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/restapi/application/JobControllerApiHandlerHelper.java index 23d2646acd7..08d6b5602fe 100644 --- a/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/restapi/application/JobControllerApiHandlerHelper.java +++ b/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/restapi/application/JobControllerApiHandlerHelper.java @@ -177,8 +177,10 @@ class JobControllerApiHandlerHelper { lastPlatformObject.setString("deploying", completed + " of " + steps.productionJobs().size() + " complete"); else if (completed == steps.productionJobs().size()) lastPlatformObject.setString("completed", completed + " of " + steps.productionJobs().size() + " complete"); - else if ( ! application.deploymentSpec().canUpgradeAt(controller.clock().instant())) { - lastPlatformObject.setString("blocked", application.deploymentSpec().changeBlocker().stream() + else if ( ! application.deploymentSpec().instances().stream() + .allMatch(spec -> spec.canUpgradeAt(controller.clock().instant()))) { + lastPlatformObject.setString("blocked", application.deploymentSpec().instances().stream() + .flatMap(spec -> spec.changeBlocker().stream()) .filter(blocker -> blocker.blocksVersions()) .filter(blocker -> blocker.window().includes(controller.clock().instant())) .findAny().map(blocker -> blocker.window().toString()).get()); @@ -200,8 +202,10 @@ class JobControllerApiHandlerHelper { lastApplicationObject.setString("deploying", completed + " of " + steps.productionJobs().size() + " complete"); else if (completed == steps.productionJobs().size()) lastApplicationObject.setString("completed", completed + " of " + steps.productionJobs().size() + " complete"); - else if ( ! application.deploymentSpec().canChangeRevisionAt(controller.clock().instant())) { - lastApplicationObject.setString("blocked", application.deploymentSpec().changeBlocker().stream() + else if ( ! application.deploymentSpec().instances().stream() + .allMatch(spec -> spec.canChangeRevisionAt(controller.clock().instant()))) { + lastApplicationObject.setString("blocked", application.deploymentSpec().instances().stream() + .flatMap(spec -> spec.changeBlocker().stream()) .filter(blocker -> blocker.blocksRevisions()) .filter(blocker -> blocker.window().includes(controller.clock().instant())) .findAny().map(blocker -> blocker.window().toString()).get()); diff --git a/controller-server/src/test/java/com/yahoo/vespa/hosted/controller/deployment/InternalStepRunnerTest.java b/controller-server/src/test/java/com/yahoo/vespa/hosted/controller/deployment/InternalStepRunnerTest.java index d50399c6c78..2320ca41b49 100644 --- a/controller-server/src/test/java/com/yahoo/vespa/hosted/controller/deployment/InternalStepRunnerTest.java +++ b/controller-server/src/test/java/com/yahoo/vespa/hosted/controller/deployment/InternalStepRunnerTest.java @@ -95,8 +95,7 @@ public class InternalStepRunnerTest { .application(app.testerId().id(), JobType.stagingTest.zone(system())).get() .applicationPackage().deploymentSpec(); assertEquals("domain", spec.athenzDomain().get().value()); - ZoneId zone = JobType.stagingTest.zone(system()); - assertEquals("service", spec.athenzService(zone.environment(), zone.region()).get().value()); + assertEquals("service", spec.athenzService().get().value()); } @Test |