diff options
author | Jon Marius Venstad <jvenstad@yahoo-inc.com> | 2019-03-20 09:43:13 +0100 |
---|---|---|
committer | Jon Marius Venstad <jvenstad@yahoo-inc.com> | 2019-03-21 12:07:43 +0100 |
commit | ce70664574f03f0825f91859e9ace93cc0b3e265 (patch) | |
tree | bd4bd50ea95b4bd29e8c469320620ec22b80c14e /controller-server | |
parent | ac2312f9593f62736ebf877fabecc26646431e24 (diff) |
permit -> claim
Diffstat (limited to 'controller-server')
21 files changed, 209 insertions, 220 deletions
diff --git a/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/ApplicationController.java b/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/ApplicationController.java index e0e76e7c262..06bda8826d8 100644 --- a/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/ApplicationController.java +++ b/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/ApplicationController.java @@ -50,7 +50,7 @@ import com.yahoo.vespa.hosted.controller.athenz.impl.AthenzFacade; import com.yahoo.vespa.hosted.controller.concurrent.Once; import com.yahoo.vespa.hosted.controller.deployment.DeploymentSteps; import com.yahoo.vespa.hosted.controller.deployment.DeploymentTrigger; -import com.yahoo.vespa.hosted.controller.permits.ApplicationPermit; +import com.yahoo.vespa.hosted.controller.permits.ApplicationClaim; import com.yahoo.vespa.hosted.controller.permits.AccessControl; import com.yahoo.vespa.hosted.controller.persistence.CuratorDb; import com.yahoo.vespa.hosted.controller.rotation.Rotation; @@ -217,7 +217,7 @@ public class ApplicationController { * * @throws IllegalArgumentException if the application already exists */ - public Application createApplication(ApplicationId id, Optional<ApplicationPermit> permit) { + public Application createApplication(ApplicationId id, Optional<ApplicationClaim> claim) { if ( ! (id.instance().isDefault())) // TODO: Support instances properly throw new IllegalArgumentException("Only the instance name 'default' is supported at the moment"); if (id.instance().isTester()) @@ -235,11 +235,11 @@ public class ApplicationController { if (get(dashToUnderscore(id)).isPresent()) // VESPA-1945 throw new IllegalArgumentException("Could not create '" + id + "': Application " + dashToUnderscore(id) + " already exists"); if (tenant.get().type() != Tenant.Type.user) { - if ( ! permit.isPresent()) + if ( ! claim.isPresent()) throw new IllegalArgumentException("Could not create '" + id + "': No permit provided"); if (id.instance().isDefault()) // Only store the application permits for non-user applications. - accessControl.createApplication(permit.get()); + accessControl.createApplication(claim.get()); } LockedApplication application = new LockedApplication(new Application(id, clock.instant()), lock); store(application); @@ -542,9 +542,9 @@ public class ApplicationController { * @throws IllegalArgumentException if the application has deployments or the caller is not authorized * @throws NotExistsException if no instances of the application exist */ - public void deleteApplication(ApplicationId applicationId, Optional<ApplicationPermit> permit) { + public void deleteApplication(ApplicationId applicationId, Optional<ApplicationClaim> claim) { Tenant tenant = controller.tenants().require(applicationId.tenant()); - if (tenant.type() != Tenant.Type.user && ! permit.isPresent()) + if (tenant.type() != Tenant.Type.user && ! claim.isPresent()) throw new IllegalArgumentException("Could not delete application '" + applicationId + "': No permit provided"); // Find all instances of the application @@ -570,7 +570,7 @@ public class ApplicationController { // Only delete permits once. if (tenant.type() != Tenant.Type.user) - accessControl.deleteApplication(permit.get()); + accessControl.deleteApplication(claim.get()); } /** diff --git a/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/TenantController.java b/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/TenantController.java index 36988d80914..da236eea986 100644 --- a/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/TenantController.java +++ b/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/TenantController.java @@ -5,7 +5,7 @@ import com.yahoo.config.provision.TenantName; import com.yahoo.vespa.curator.Lock; import com.yahoo.vespa.hosted.controller.concurrent.Once; import com.yahoo.vespa.hosted.controller.permits.AccessControl; -import com.yahoo.vespa.hosted.controller.permits.TenantPermit; +import com.yahoo.vespa.hosted.controller.permits.TenantClaim; import com.yahoo.vespa.hosted.controller.persistence.CuratorDb; import com.yahoo.vespa.hosted.controller.tenant.AthenzTenant; import com.yahoo.vespa.hosted.controller.tenant.Tenant; @@ -102,10 +102,10 @@ public class TenantController { } /** Create a tenant, provided the given permit is valid. */ - public void create(TenantPermit permit) { - try (Lock lock = lock(permit.tenant())) { - requireNonExistent(permit.tenant()); - curator.writeTenant(accessControl.createTenant(permit, asList())); + public void create(TenantClaim claim) { + try (Lock lock = lock(claim.tenant())) { + requireNonExistent(claim.tenant()); + curator.writeTenant(accessControl.createTenant(claim, asList())); } } @@ -131,23 +131,23 @@ public class TenantController { return athenzTenant(name).orElseThrow(() -> new IllegalArgumentException("Tenant '" + name + "' not found")); } - /** Updates the tenant contained in the given permit with new data. */ - public void update(TenantPermit permit) { - try (Lock lock = lock(permit.tenant())) { - curator.writeTenant(accessControl.updateTenant(permit, asList(), controller.applications().asList(permit.tenant()))); + /** Updates the tenant contained in the given claim with new data. */ + public void update(TenantClaim claim) { + try (Lock lock = lock(claim.tenant())) { + curator.writeTenant(accessControl.updateTenant(claim, asList(), controller.applications().asList(claim.tenant()))); } } - /** Deletes the tenant in the given permit. */ - public void delete(TenantPermit permit) { - try (Lock lock = lock(permit.tenant())) { - Tenant tenant = require(permit.tenant()); + /** Deletes the tenant in the given claim. */ + public void delete(TenantClaim claim) { + try (Lock lock = lock(claim.tenant())) { + Tenant tenant = require(claim.tenant()); if ( ! controller.applications().asList(tenant.name()).isEmpty()) throw new IllegalArgumentException("Could not delete tenant '" + tenant.name().value() + "': This tenant has active applications"); curator.removeTenant(tenant.name()); - accessControl.deleteTenant(permit, tenant); + accessControl.deleteTenant(claim, tenant); } } diff --git a/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/athenz/impl/AthenzFacade.java b/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/athenz/impl/AthenzFacade.java index 631adaa89b0..22f2c8edb3a 100644 --- a/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/athenz/impl/AthenzFacade.java +++ b/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/athenz/impl/AthenzFacade.java @@ -17,11 +17,11 @@ import com.yahoo.vespa.athenz.client.zts.ZtsClient; import com.yahoo.vespa.hosted.controller.Application; import com.yahoo.vespa.hosted.controller.api.integration.athenz.AthenzClientFactory; import com.yahoo.vespa.hosted.controller.athenz.ApplicationAction; -import com.yahoo.vespa.hosted.controller.permits.ApplicationPermit; -import com.yahoo.vespa.hosted.controller.permits.AthenzApplicationPermit; -import com.yahoo.vespa.hosted.controller.permits.AthenzTenantPermit; +import com.yahoo.vespa.hosted.controller.permits.ApplicationClaim; +import com.yahoo.vespa.hosted.controller.permits.AthenzApplicationClaim; +import com.yahoo.vespa.hosted.controller.permits.AthenzTenantClaim; import com.yahoo.vespa.hosted.controller.permits.AccessControl; -import com.yahoo.vespa.hosted.controller.permits.TenantPermit; +import com.yahoo.vespa.hosted.controller.permits.TenantClaim; import com.yahoo.vespa.hosted.controller.tenant.AthenzTenant; import com.yahoo.vespa.hosted.controller.tenant.Tenant; import com.yahoo.vespa.hosted.controller.tenant.UserTenant; @@ -58,19 +58,19 @@ public class AthenzFacade implements AccessControl { } @Override - public Tenant createTenant(TenantPermit permit, List<Tenant> existing) { - AthenzTenantPermit athenzPermit = (AthenzTenantPermit) permit; - AthenzDomain domain = athenzPermit.domain() - .orElseThrow(() -> new IllegalArgumentException("Must provide Athenz domain.")); + public Tenant createTenant(TenantClaim claim, List<Tenant> existing) { + AthenzTenantClaim athenzClaim = (AthenzTenantClaim) claim; + AthenzDomain domain = athenzClaim.domain() + .orElseThrow(() -> new IllegalArgumentException("Must provide Athenz domain.")); - Tenant tenant = AthenzTenant.create(athenzPermit.tenant(), - athenzPermit.domain() - .orElseThrow(() -> new IllegalArgumentException("Must provide Athenz domain.")), - athenzPermit.property() - .orElseThrow(() -> new IllegalArgumentException("Must provide property.")), - athenzPermit.propertyId()); + Tenant tenant = AthenzTenant.create(athenzClaim.tenant(), + athenzClaim.domain() + .orElseThrow(() -> new IllegalArgumentException("Must provide Athenz domain.")), + athenzClaim.property() + .orElseThrow(() -> new IllegalArgumentException("Must provide property.")), + athenzClaim.propertyId()); - verifyIsDomainAdmin(((AthenzPrincipal) athenzPermit.user()).getIdentity(), domain); + verifyIsDomainAdmin(((AthenzPrincipal) athenzClaim.user()).getIdentity(), domain); Optional<Tenant> existingWithSameDomain = existing.stream() .filter(existingTenant -> existingTenant.type() == Tenant.Type.athenz @@ -78,36 +78,36 @@ public class AthenzFacade implements AccessControl { .findAny(); if (existingWithSameDomain.isPresent()) { // Throw if domain is already taken. - if ( ! existingWithSameDomain.get().name().equals(permit.tenant())) - throw new IllegalArgumentException("Could not create tenant '" + athenzPermit.tenant().value() + + if ( ! existingWithSameDomain.get().name().equals(claim.tenant())) + throw new IllegalArgumentException("Could not create tenant '" + athenzClaim.tenant().value() + "': The Athens domain '" + domain.getName() + "' is already connected to tenant '" + existingWithSameDomain.get().name().value() + "'"); } else { // Create tenant resources in Athenz if domain is not already taken. - log("createTenancy(tenantDomain=%s, service=%s)", athenzPermit.domain(), service); - zmsClient.createTenancy(domain, service, athenzPermit.token()); + log("createTenancy(tenantDomain=%s, service=%s)", athenzClaim.domain(), service); + zmsClient.createTenancy(domain, service, athenzClaim.token()); } return tenant; } @Override - public Tenant updateTenant(TenantPermit permit, List<Tenant> existing, List<Application> applications) { - AthenzTenantPermit athenzPermit = (AthenzTenantPermit) permit; - AthenzDomain domain = athenzPermit.domain() + public Tenant updateTenant(TenantClaim claim, List<Tenant> existing, List<Application> applications) { + AthenzTenantClaim tenantClaim = (AthenzTenantClaim) claim; + AthenzDomain domain = tenantClaim.domain() .orElseThrow(() -> new IllegalArgumentException("Must provide Athenz domain.")); - Tenant tenant = AthenzTenant.create(athenzPermit.tenant(), - athenzPermit.domain() + Tenant tenant = AthenzTenant.create(tenantClaim.tenant(), + tenantClaim.domain() .orElseThrow(() -> new IllegalArgumentException("Must provide Athenz domain.")), - athenzPermit.property() + tenantClaim.property() .orElseThrow(() -> new IllegalArgumentException("Must provide property.")), - athenzPermit.propertyId()); + tenantClaim.propertyId()); - verifyIsDomainAdmin(((AthenzPrincipal) athenzPermit.user()).getIdentity(), domain); + verifyIsDomainAdmin(((AthenzPrincipal) tenantClaim.user()).getIdentity(), domain); AthenzTenant oldTenant = existing.stream() - .filter(existingTenant -> existingTenant.name().equals(permit.tenant())) + .filter(existingTenant -> existingTenant.name().equals(claim.tenant())) .findAny() .map(AthenzTenant.class::cast) .orElseThrow(() -> new IllegalArgumentException("Cannot update a non-existent tenant.")); @@ -119,7 +119,7 @@ public class AthenzFacade implements AccessControl { if (existingWithSameDomain.isPresent()) { // Throw if domain taken by someone else, or do nothing if taken by this tenant. if ( ! existingWithSameDomain.get().equals(oldTenant)) - throw new IllegalArgumentException("Could not create tenant '" + athenzPermit.tenant().value() + + throw new IllegalArgumentException("Could not create tenant '" + tenantClaim.tenant().value() + "': The Athens domain '" + domain.getName() + "' is already connected to tenant '" + existingWithSameDomain.get().name().value() + "'"); @@ -127,33 +127,33 @@ public class AthenzFacade implements AccessControl { return tenant; // Short-circuit here if domain is still the same. } else { // Delete and recreate tenant, and optionally application, resources in Athenz otherwise. - log("createTenancy(tenantDomain=%s, service=%s)", athenzPermit.domain(), service); - zmsClient.createTenancy(domain, service, athenzPermit.token()); + log("createTenancy(tenantDomain=%s, service=%s)", tenantClaim.domain(), service); + zmsClient.createTenancy(domain, service, tenantClaim.token()); for (Application application : applications) - createApplication(domain, application.id().application(), athenzPermit.token()); + createApplication(domain, application.id().application(), tenantClaim.token()); - log("deleteTenancy(tenantDomain=%s, service=%s)", athenzPermit.domain(), service); + log("deleteTenancy(tenantDomain=%s, service=%s)", tenantClaim.domain(), service); for (Application application : applications) - deleteApplication(oldTenant.domain(), application.id().application(), athenzPermit.token()); - zmsClient.deleteTenancy(oldTenant.domain(), service, athenzPermit.token()); + deleteApplication(oldTenant.domain(), application.id().application(), tenantClaim.token()); + zmsClient.deleteTenancy(oldTenant.domain(), service, tenantClaim.token()); } return tenant; } @Override - public void deleteTenant(TenantPermit permit, Tenant tenant) { - AthenzTenantPermit athenzPermit = (AthenzTenantPermit) permit; + public void deleteTenant(TenantClaim claim, Tenant tenant) { + AthenzTenantClaim athenzClaim = (AthenzTenantClaim) claim; AthenzDomain domain = ((AthenzTenant) tenant).domain(); - log("deleteTenancy(tenantDomain=%s, service=%s)", athenzPermit.domain(), service); - zmsClient.deleteTenancy(domain, service, athenzPermit.token()); + log("deleteTenancy(tenantDomain=%s, service=%s)", athenzClaim.domain(), service); + zmsClient.deleteTenancy(domain, service, athenzClaim.token()); } @Override - public void createApplication(ApplicationPermit permit) { - AthenzApplicationPermit athenzPermit = (AthenzApplicationPermit) permit; - createApplication(athenzPermit.domain(), athenzPermit.application().application(), athenzPermit.token()); + public void createApplication(ApplicationClaim claim) { + AthenzApplicationClaim athenzClaim = (AthenzApplicationClaim) claim; + createApplication(athenzClaim.domain(), athenzClaim.application().application(), athenzClaim.token()); } private void createApplication(AthenzDomain domain, ApplicationName application, OktaAccessToken token) { @@ -165,11 +165,11 @@ public class AthenzFacade implements AccessControl { } @Override - public void deleteApplication(ApplicationPermit permit) { - AthenzApplicationPermit athenzPermit = (AthenzApplicationPermit) permit; + public void deleteApplication(ApplicationClaim claim) { + AthenzApplicationClaim athenzClaim = (AthenzApplicationClaim) claim; log("deleteProviderResourceGroup(tenantDomain=%s, providerDomain=%s, service=%s, resourceGroup=%s)", - athenzPermit.domain(), service.getDomain().getName(), service.getName(), athenzPermit.application()); - zmsClient.deleteProviderResourceGroup(athenzPermit.domain(), service, athenzPermit.application().application().value(), athenzPermit.token()); + athenzClaim.domain(), service.getDomain().getName(), service.getName(), athenzClaim.application()); + zmsClient.deleteProviderResourceGroup(athenzClaim.domain(), service, athenzClaim.application().application().value(), athenzClaim.token()); } @Override diff --git a/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/permits/AccessControl.java b/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/permits/AccessControl.java index bceba560da6..d6b056c2377 100644 --- a/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/permits/AccessControl.java +++ b/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/permits/AccessControl.java @@ -1,15 +1,10 @@ package com.yahoo.vespa.hosted.controller.permits; -import com.yahoo.config.application.api.DeploymentSpec; -import com.yahoo.vespa.athenz.api.AthenzDomain; -import com.yahoo.vespa.athenz.api.AthenzIdentity; -import com.yahoo.vespa.athenz.api.AthenzService; import com.yahoo.vespa.hosted.controller.Application; import com.yahoo.vespa.hosted.controller.tenant.Tenant; import java.security.Principal; import java.util.List; -import java.util.Optional; /** * Stores permissions for tenant and application resources. @@ -19,45 +14,45 @@ import java.util.Optional; public interface AccessControl { /** - * Sets up permissions for a tenant, based on the given permit, or throws. + * Sets up permissions for a tenant, based on the given claim, or throws. * - * @param tenantPermit permit for the tenant to create + * @param tenantClaim claim for the tenant to create * @param existing list of existing tenants, to check for conflicts * @return the created tenant, for keeping */ - Tenant createTenant(TenantPermit tenantPermit, List<Tenant> existing); + Tenant createTenant(TenantClaim tenantClaim, List<Tenant> existing); /** - * Modifies up permissions for a tenant, based on the given permit, or throws. + * Modifies up permissions for a tenant, based on the given claim, or throws. * - * @param tenantPermit permit for the tenant to update + * @param tenantClaim claim for the tenant to update * @param existing list of existing tenants, to check for conflicts * @param applications list of applications this tenant already owns * @return the updated tenant, for keeping */ - Tenant updateTenant(TenantPermit tenantPermit, List<Tenant> existing, List<Application> applications); + Tenant updateTenant(TenantClaim tenantClaim, List<Tenant> existing, List<Application> applications); /** - * Removes all permissions for tenant in the given permit, and for any applications it owns, or throws. + * Removes all permissions for tenant in the given claim, and for any applications it owns, or throws. * - * @param tenantPermit permit for the tenant to delete + * @param tenantClaim claim for the tenant to delete * @param tenant the tenant to delete */ - void deleteTenant(TenantPermit tenantPermit, Tenant tenant); + void deleteTenant(TenantClaim tenantClaim, Tenant tenant); /** - * Sets up permissions for an application, based on the given permit, or throws. + * Sets up permissions for an application, based on the given claim, or throws. * - * @param applicationPermit permit for the application to create + * @param applicationClaim claim for the application to create */ - void createApplication(ApplicationPermit applicationPermit); + void createApplication(ApplicationClaim applicationClaim); /** - * Removes permissions for the application in the given permit, or throws. + * Removes permissions for the application in the given claim, or throws. * - * @param applicationPermit permit for the application to delete + * @param applicationClaim claim for the application to delete */ - void deleteApplication(ApplicationPermit applicationPermit); + void deleteApplication(ApplicationClaim applicationClaim); /** * Returns the list of tenants to which this principal has access. diff --git a/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/permits/ApplicationPermit.java b/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/permits/ApplicationClaim.java index 20492ae16ab..62a73acc952 100644 --- a/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/permits/ApplicationPermit.java +++ b/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/permits/ApplicationClaim.java @@ -5,15 +5,15 @@ import com.yahoo.config.provision.ApplicationId; import static java.util.Objects.requireNonNull; /** - * Data that relates identities to permissions to an application. + * A claim for ownership of some application by some identity. * * @author jonmv */ -public abstract class ApplicationPermit { +public abstract class ApplicationClaim { private final ApplicationId application; - protected ApplicationPermit(ApplicationId application) { + protected ApplicationClaim(ApplicationId application) { this.application = requireNonNull(application); } @@ -21,4 +21,3 @@ public abstract class ApplicationPermit { public ApplicationId application() { return application; } } - diff --git a/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/permits/AthenzApplicationPermit.java b/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/permits/AthenzApplicationClaim.java index 084d13fe128..b9da6d9c52a 100644 --- a/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/permits/AthenzApplicationPermit.java +++ b/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/permits/AthenzApplicationClaim.java @@ -7,16 +7,16 @@ import com.yahoo.vespa.athenz.api.OktaAccessToken; import static java.util.Objects.requireNonNull; /** - * Wraps the permit data of an Athenz application modification. + * Wraps the claim data of an Athenz application modification. * * @author jonmv */ -public class AthenzApplicationPermit extends ApplicationPermit { +public class AthenzApplicationClaim extends ApplicationClaim { private final AthenzDomain domain; private final OktaAccessToken token; - public AthenzApplicationPermit(ApplicationId application, AthenzDomain domain, OktaAccessToken token) { + public AthenzApplicationClaim(ApplicationId application, AthenzDomain domain, OktaAccessToken token) { super(application); this.domain = requireNonNull(domain); this.token = requireNonNull(token); diff --git a/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/permits/AthenzPermitExtractor.java b/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/permits/AthenzClaims.java index 70f382e7885..ef5e10a75a2 100644 --- a/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/permits/AthenzPermitExtractor.java +++ b/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/permits/AthenzClaims.java @@ -24,31 +24,31 @@ import static com.yahoo.yolean.Exceptions.uncheck; * * @author jonmv */ -public class AthenzPermitExtractor implements PermitExtractor { +public class AthenzClaims implements Claims { private final Controller controller; @Inject - public AthenzPermitExtractor(Controller controller) { + public AthenzClaims(Controller controller) { this.controller = Objects.requireNonNull(controller); } @Override - public TenantPermit getTenantPermit(TenantName tenant, HttpRequest request) { + public TenantClaim getTenantClaim(TenantName tenant, HttpRequest request) { Inspector root = jsonToSlime(uncheck(() -> readBytes(request.getData(), 1 << 20))).get(); - return new AthenzTenantPermit(tenant, - request.getJDiscRequest().getUserPrincipal(), - optional("athensDomain", root).map(AthenzDomain::new), - optional("property", root).map(Property::new), - optional("propertyId", root).map(PropertyId::new), - requireOktaAccessToken(request)); + return new AthenzTenantClaim(tenant, + request.getJDiscRequest().getUserPrincipal(), + optional("athensDomain", root).map(AthenzDomain::new), + optional("property", root).map(Property::new), + optional("propertyId", root).map(PropertyId::new), + requireOktaAccessToken(request)); } @Override - public ApplicationPermit getApplicationPermit(ApplicationId application, HttpRequest request) { - return new AthenzApplicationPermit(application, - ((AthenzTenant) controller.tenants().require(application.tenant())).domain(), - requireOktaAccessToken(request)); + public ApplicationClaim getApplicationClaim(ApplicationId application, HttpRequest request) { + return new AthenzApplicationClaim(application, + ((AthenzTenant) controller.tenants().require(application.tenant())).domain(), + requireOktaAccessToken(request)); } private static OktaAccessToken requireOktaAccessToken(HttpRequest request) { diff --git a/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/permits/AthenzTenantPermit.java b/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/permits/AthenzTenantClaim.java index d9bf8815c74..e4de3c3af9c 100644 --- a/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/permits/AthenzTenantPermit.java +++ b/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/permits/AthenzTenantClaim.java @@ -12,19 +12,19 @@ import java.util.Optional; import static java.util.Objects.requireNonNull; /** - * Wraps the permit data for creating an Athenz tenant. + * Wraps the claim data for creating an Athenz tenant. * * @author jonmv */ -public class AthenzTenantPermit extends TenantPermit { +public class AthenzTenantClaim extends TenantClaim { private final Optional<Property> property; private final Optional<PropertyId> propertyId; private final Optional<AthenzDomain> domain; private final OktaAccessToken token; - public AthenzTenantPermit(TenantName tenant, Principal user, Optional<AthenzDomain> domain, - Optional<Property> property, Optional<PropertyId> propertyId, OktaAccessToken token) { + public AthenzTenantClaim(TenantName tenant, Principal user, Optional<AthenzDomain> domain, + Optional<Property> property, Optional<PropertyId> propertyId, OktaAccessToken token) { super(tenant, user); this.domain = requireNonNull(domain); this.token = requireNonNull(token); @@ -43,4 +43,5 @@ public class AthenzTenantPermit extends TenantPermit { /** The Okta issued token proving the user's access to Athenz. */ public OktaAccessToken token() { return token; } + } diff --git a/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/permits/Claims.java b/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/permits/Claims.java new file mode 100644 index 00000000000..fe2e85a2c5c --- /dev/null +++ b/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/permits/Claims.java @@ -0,0 +1,20 @@ +package com.yahoo.vespa.hosted.controller.permits; + +import com.yahoo.config.provision.ApplicationId; +import com.yahoo.config.provision.TenantName; +import com.yahoo.container.jdisc.HttpRequest; + +/** + * Extracts {@link TenantClaim}s and {@link ApplicationClaim}s from HTTP requests, to be stored in an {@link AccessControl}. + * + * @author jonmv + */ +public interface Claims { + + /** Extracts claim data for a tenant, from the given request. */ + TenantClaim getTenantClaim(TenantName tenant, HttpRequest request); + + /** Extracts claim data for an application, from the given request. */ + ApplicationClaim getApplicationClaim(ApplicationId application, HttpRequest request); + +} diff --git a/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/permits/CloudAccessControl.java b/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/permits/CloudAccessControl.java index 8cd6c111d57..c4ed26b5332 100644 --- a/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/permits/CloudAccessControl.java +++ b/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/permits/CloudAccessControl.java @@ -24,8 +24,8 @@ public class CloudAccessControl implements AccessControl { } @Override - public CloudTenant createTenant(TenantPermit permit, List<Tenant> existing) { - CloudTenantPermit cloudPermit = (CloudTenantPermit) permit; + public CloudTenant createTenant(TenantClaim claim, List<Tenant> existing) { + CloudTenantClaim cloudPermit = (CloudTenantClaim) claim; // Do things ... @@ -33,26 +33,26 @@ public class CloudAccessControl implements AccessControl { } @Override - public Tenant updateTenant(TenantPermit tenantPermit, List<Tenant> existing, List<Application> applications) { + public Tenant updateTenant(TenantClaim tenantClaim, List<Tenant> existing, List<Application> applications) { throw new UnsupportedOperationException("Update is not supported here, as it would entail changing the tenant name."); } @Override - public void deleteTenant(TenantPermit permit, Tenant tenant) { + public void deleteTenant(TenantClaim claim, Tenant tenant) { // Probably delete customer subscription? } @Override - public void createApplication(ApplicationPermit permit) { + public void createApplication(ApplicationClaim claim) { // No-op? } @Override - public void deleteApplication(ApplicationPermit permit) { + public void deleteApplication(ApplicationClaim claim) { // No-op? @@ -60,6 +60,7 @@ public class CloudAccessControl implements AccessControl { @Override public List<Tenant> accessibleTenants(List<Tenant> tenants, Principal user) { + // Should be more than a Principal, or one castable to a type with more data. return Collections.emptyList(); } diff --git a/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/permits/CloudApplicationPermit.java b/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/permits/CloudApplicationClaim.java index 00856ea5e41..ae6563558f8 100644 --- a/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/permits/CloudApplicationPermit.java +++ b/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/permits/CloudApplicationClaim.java @@ -7,15 +7,15 @@ import java.security.Principal; import static java.util.Objects.requireNonNull; /** - * Wraps the permit data of an Okta application modification. + * Wraps the claim data of an Okta application modification. * * @author jonmv */ -public class CloudApplicationPermit extends ApplicationPermit { +public class CloudApplicationClaim extends ApplicationClaim { private final Principal user; - public CloudApplicationPermit(ApplicationId application, Principal user) { + public CloudApplicationClaim(ApplicationId application, Principal user) { super(application); this.user = requireNonNull(user); } diff --git a/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/permits/CloudClaims.java b/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/permits/CloudClaims.java new file mode 100644 index 00000000000..41ef578f016 --- /dev/null +++ b/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/permits/CloudClaims.java @@ -0,0 +1,25 @@ +package com.yahoo.vespa.hosted.controller.permits; + +import com.yahoo.config.provision.ApplicationId; +import com.yahoo.config.provision.TenantName; +import com.yahoo.container.jdisc.HttpRequest; +import com.yahoo.vespa.hosted.controller.tenant.CloudTenant; + +/** + * Extracts permits for {@link CloudTenant}s from HTTP requests. + * + * @author jonmv + */ +public class CloudClaims implements Claims { + + @Override + public CloudTenantClaim getTenantClaim(TenantName tenant, HttpRequest request) { + return new CloudTenantClaim(tenant, request.getJDiscRequest().getUserPrincipal(), "token"); + } + + @Override + public CloudApplicationClaim getApplicationClaim(ApplicationId application, HttpRequest request) { + return new CloudApplicationClaim(application, request.getJDiscRequest().getUserPrincipal()); + } + +} diff --git a/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/permits/CloudPermitExtractor.java b/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/permits/CloudPermitExtractor.java deleted file mode 100644 index 1cbe2345680..00000000000 --- a/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/permits/CloudPermitExtractor.java +++ /dev/null @@ -1,25 +0,0 @@ -package com.yahoo.vespa.hosted.controller.permits; - -import com.yahoo.config.provision.ApplicationId; -import com.yahoo.config.provision.TenantName; -import com.yahoo.container.jdisc.HttpRequest; -import com.yahoo.vespa.hosted.controller.tenant.CloudTenant; - -/** - * Extracts permits for {@link CloudTenant}s from HTTP requests. - * - * @author jonmv - */ -public class CloudPermitExtractor implements PermitExtractor { - - @Override - public CloudTenantPermit getTenantPermit(TenantName tenant, HttpRequest request) { - return new CloudTenantPermit(tenant, request.getJDiscRequest().getUserPrincipal(), "token"); - } - - @Override - public CloudApplicationPermit getApplicationPermit(ApplicationId application, HttpRequest request) { - return new CloudApplicationPermit(application, request.getJDiscRequest().getUserPrincipal()); - } - -} diff --git a/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/permits/CloudTenantPermit.java b/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/permits/CloudTenantClaim.java index 01b43397b13..9182be7c6fb 100644 --- a/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/permits/CloudTenantPermit.java +++ b/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/permits/CloudTenantClaim.java @@ -11,11 +11,11 @@ import static java.util.Objects.requireNonNull; * * @author jonmv */ -public class CloudTenantPermit extends TenantPermit { +public class CloudTenantClaim extends TenantClaim { private final String registrationToken; - public CloudTenantPermit(TenantName tenant, Principal user, String registrationToken) { + public CloudTenantClaim(TenantName tenant, Principal user, String registrationToken) { super(tenant, user); this.registrationToken = requireNonNull(registrationToken); } diff --git a/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/permits/PermitExtractor.java b/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/permits/PermitExtractor.java deleted file mode 100644 index 38a7af0c88f..00000000000 --- a/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/permits/PermitExtractor.java +++ /dev/null @@ -1,20 +0,0 @@ -package com.yahoo.vespa.hosted.controller.permits; - -import com.yahoo.config.provision.ApplicationId; -import com.yahoo.config.provision.TenantName; -import com.yahoo.container.jdisc.HttpRequest; - -/** - * Extracts {@link TenantPermit}s and {@link ApplicationPermit}s from HTTP requests, to be stored in a {@link AccessControl}. - * - * @author jonmv - */ -public interface PermitExtractor { - - /** Extracts permit data for a tenant, from the given request. */ - TenantPermit getTenantPermit(TenantName tenant, HttpRequest request); - - /** Extracts permit data for an application, from the given request. */ - ApplicationPermit getApplicationPermit(ApplicationId application, HttpRequest request); - -} diff --git a/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/permits/TenantPermit.java b/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/permits/TenantClaim.java index 4f92b75d669..c9368b3a747 100644 --- a/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/permits/TenantPermit.java +++ b/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/permits/TenantClaim.java @@ -7,24 +7,24 @@ import java.security.Principal; import static java.util.Objects.requireNonNull; /** - * Data that relates identities to permissions to a tenant. + * A claim for ownership of some tenant by some identity. * * @author jonmv */ -public abstract class TenantPermit { +public abstract class TenantClaim { private final TenantName tenant; private final Principal user; - protected TenantPermit(TenantName tenant, Principal user) { + protected TenantClaim(TenantName tenant, Principal user) { this.user = requireNonNull(user); this.tenant = requireNonNull(tenant); } - /** The tenant this permit concerns. */ + /** The tenant this claim concerns. */ public TenantName tenant() { return tenant; } - /** The user handling this permit. */ + /** The user making this claim. */ public Principal user() { return user; } } diff --git a/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/restapi/application/ApplicationApiHandler.java b/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/restapi/application/ApplicationApiHandler.java index 0e3c07d1b3a..31d23e3233d 100644 --- a/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/restapi/application/ApplicationApiHandler.java +++ b/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/restapi/application/ApplicationApiHandler.java @@ -23,7 +23,6 @@ import com.yahoo.slime.Slime; import com.yahoo.vespa.athenz.api.AthenzDomain; import com.yahoo.vespa.athenz.api.AthenzPrincipal; import com.yahoo.vespa.athenz.api.AthenzUser; -import com.yahoo.vespa.athenz.api.OktaAccessToken; import com.yahoo.vespa.athenz.client.zms.ZmsClientException; import com.yahoo.vespa.config.SlimeUtils; import com.yahoo.vespa.hosted.controller.AlreadyExistsException; @@ -69,8 +68,8 @@ import com.yahoo.vespa.hosted.controller.application.RoutingPolicy; import com.yahoo.vespa.hosted.controller.application.SystemApplication; import com.yahoo.vespa.hosted.controller.deployment.DeploymentTrigger; import com.yahoo.vespa.hosted.controller.deployment.DeploymentTrigger.ChangesToCancel; -import com.yahoo.vespa.hosted.controller.permits.ApplicationPermit; -import com.yahoo.vespa.hosted.controller.permits.PermitExtractor; +import com.yahoo.vespa.hosted.controller.permits.ApplicationClaim; +import com.yahoo.vespa.hosted.controller.permits.Claims; import com.yahoo.vespa.hosted.controller.restapi.ErrorResponse; import com.yahoo.vespa.hosted.controller.restapi.MessageResponse; import com.yahoo.vespa.hosted.controller.restapi.ResourceResponse; @@ -116,12 +115,12 @@ import static java.util.stream.Collectors.joining; public class ApplicationApiHandler extends LoggingRequestHandler { private final Controller controller; - private final PermitExtractor permits; + private final Claims permits; @Inject public ApplicationApiHandler(LoggingRequestHandler.Context parentCtx, Controller controller, - PermitExtractor permits) { + Claims permits) { super(parentCtx); this.controller = controller; this.permits = permits; @@ -738,21 +737,21 @@ public class ApplicationApiHandler extends LoggingRequestHandler { private HttpResponse updateTenant(String tenantName, HttpRequest request) { getTenantOrThrow(tenantName); - controller.tenants().update(permits.getTenantPermit(TenantName.from(tenantName), request)); + controller.tenants().update(permits.getTenantClaim(TenantName.from(tenantName), request)); return tenant(controller.tenants().require(TenantName.from(tenantName)), request); } private HttpResponse createTenant(String tenantName, HttpRequest request) { - controller.tenants().create(permits.getTenantPermit(TenantName.from(tenantName), request)); + controller.tenants().create(permits.getTenantClaim(TenantName.from(tenantName), request)); return tenant(controller.tenants().require(TenantName.from(tenantName)), request); } private HttpResponse createApplication(String tenantName, String applicationName, HttpRequest request) { ApplicationId id = ApplicationId.from(tenantName, applicationName, "default"); try { - Optional<ApplicationPermit> permit = controller.tenants().require(id.tenant()).type() != Tenant.Type.user - ? Optional.of(permits.getApplicationPermit(id, request)) : Optional.empty(); - Application application = controller.applications().createApplication(id, permit); + Optional<ApplicationClaim> claim = controller.tenants().require(id.tenant()).type() != Tenant.Type.user + ? Optional.of(permits.getApplicationClaim(id, request)) : Optional.empty(); + Application application = controller.applications().createApplication(id, claim); Slime slime = new Slime(); toSlime(application, slime.setObject(), request); @@ -953,7 +952,7 @@ public class ApplicationApiHandler extends LoggingRequestHandler { if (tenant.get().type() == Tenant.Type.user) controller.tenants().deleteUser((UserTenant) tenant.get()); else - controller.tenants().delete(permits.getTenantPermit(tenant.get().name(), request)); + controller.tenants().delete(permits.getTenantClaim(tenant.get().name(), request)); // TODO: Change to a message response saying the tenant was deleted return tenant(tenant.get(), request); @@ -961,9 +960,9 @@ public class ApplicationApiHandler extends LoggingRequestHandler { private HttpResponse deleteApplication(String tenantName, String applicationName, HttpRequest request) { ApplicationId id = ApplicationId.from(tenantName, applicationName, "default"); - Optional<ApplicationPermit> permit = controller.tenants().require(id.tenant()).type() != Tenant.Type.user - ? Optional.of(permits.getApplicationPermit(id, request)) : Optional.empty(); - controller.applications().deleteApplication(id, permit); + Optional<ApplicationClaim> claim = controller.tenants().require(id.tenant()).type() != Tenant.Type.user + ? Optional.of(permits.getApplicationClaim(id, request)) : Optional.empty(); + controller.applications().deleteApplication(id, claim); return new EmptyJsonResponse(); // TODO: Replicates current behavior but should return a message response instead } diff --git a/controller-server/src/test/java/com/yahoo/vespa/hosted/controller/ControllerTest.java b/controller-server/src/test/java/com/yahoo/vespa/hosted/controller/ControllerTest.java index 38f26427558..bbffeea8564 100644 --- a/controller-server/src/test/java/com/yahoo/vespa/hosted/controller/ControllerTest.java +++ b/controller-server/src/test/java/com/yahoo/vespa/hosted/controller/ControllerTest.java @@ -12,8 +12,6 @@ import com.yahoo.config.provision.InstanceName; import com.yahoo.config.provision.RegionName; import com.yahoo.config.provision.SystemName; import com.yahoo.config.provision.TenantName; -import com.yahoo.vespa.athenz.api.AthenzDomain; -import com.yahoo.vespa.athenz.api.OktaAccessToken; import com.yahoo.vespa.hosted.controller.api.application.v4.model.DeployOptions; import com.yahoo.vespa.hosted.controller.api.application.v4.model.EndpointStatus; import com.yahoo.vespa.hosted.controller.api.identifiers.DeploymentId; @@ -30,7 +28,6 @@ import com.yahoo.vespa.hosted.controller.application.JobStatus; import com.yahoo.vespa.hosted.controller.deployment.ApplicationPackageBuilder; import com.yahoo.vespa.hosted.controller.deployment.BuildJob; import com.yahoo.vespa.hosted.controller.deployment.DeploymentTester; -import com.yahoo.vespa.hosted.controller.permits.AthenzApplicationPermit; import com.yahoo.vespa.hosted.controller.rotation.RotationId; import com.yahoo.vespa.hosted.controller.rotation.RotationLock; import org.junit.Test; @@ -350,7 +347,7 @@ public class ControllerTest { tester.deployAndNotify(app1, applicationPackage, true, systemTest); tester.applications().deactivate(app1.id(), ZoneId.from(Environment.test, RegionName.from("us-east-1"))); tester.applications().deactivate(app1.id(), ZoneId.from(Environment.staging, RegionName.from("us-east-3"))); - tester.applications().deleteApplication(app1.id(), tester.controllerTester().permitFor(app1.id())); + tester.applications().deleteApplication(app1.id(), tester.controllerTester().claimFor(app1.id())); try (RotationLock lock = tester.applications().rotationRepository().lock()) { assertTrue("Rotation is unassigned", tester.applications().rotationRepository().availableRotations(lock) diff --git a/controller-server/src/test/java/com/yahoo/vespa/hosted/controller/ControllerTester.java b/controller-server/src/test/java/com/yahoo/vespa/hosted/controller/ControllerTester.java index 1f06e7d6218..8a096620991 100644 --- a/controller-server/src/test/java/com/yahoo/vespa/hosted/controller/ControllerTester.java +++ b/controller-server/src/test/java/com/yahoo/vespa/hosted/controller/ControllerTester.java @@ -44,9 +44,9 @@ import com.yahoo.vespa.hosted.controller.integration.ConfigServerMock; import com.yahoo.vespa.hosted.controller.integration.MetricsServiceMock; import com.yahoo.vespa.hosted.controller.integration.RoutingGeneratorMock; import com.yahoo.vespa.hosted.controller.integration.ZoneRegistryMock; -import com.yahoo.vespa.hosted.controller.permits.ApplicationPermit; -import com.yahoo.vespa.hosted.controller.permits.AthenzApplicationPermit; -import com.yahoo.vespa.hosted.controller.permits.AthenzTenantPermit; +import com.yahoo.vespa.hosted.controller.permits.ApplicationClaim; +import com.yahoo.vespa.hosted.controller.permits.AthenzApplicationClaim; +import com.yahoo.vespa.hosted.controller.permits.AthenzTenantClaim; import com.yahoo.vespa.hosted.controller.persistence.ApplicationSerializer; import com.yahoo.vespa.hosted.controller.persistence.CuratorDb; import com.yahoo.vespa.hosted.controller.persistence.MockCuratorDb; @@ -264,13 +264,13 @@ public final class ControllerTester { Optional<Tenant> existing = controller().tenants().get(name); if (existing.isPresent()) return name; AthenzUser user = new AthenzUser("user"); - AthenzTenantPermit permit = new AthenzTenantPermit(name, - new AthenzPrincipal(user), - Optional.of(createDomainWithAdmin(domainName, user)), - Optional.of(new Property("Property" + propertyId)), - Optional.ofNullable(propertyId).map(Object::toString).map(PropertyId::new), - new OktaAccessToken("okta-token")); - controller().tenants().create(permit); + AthenzTenantClaim claim = new AthenzTenantClaim(name, + new AthenzPrincipal(user), + Optional.of(createDomainWithAdmin(domainName, user)), + Optional.of(new Property("Property" + propertyId)), + Optional.ofNullable(propertyId).map(Object::toString).map(PropertyId::new), + new OktaAccessToken("okta-token")); + controller().tenants().create(claim); if (contact.isPresent()) controller().tenants().lockOrThrow(name, LockedTenant.Athenz.class, tenant -> controller().tenants().store(tenant.with(contact.get()))); @@ -282,20 +282,20 @@ public final class ControllerTester { return createTenant(tenantName, domainName, propertyId, Optional.empty()); } - public Optional<ApplicationPermit> permitFor(ApplicationId id) { - return domainOf(id).map(domain -> new AthenzApplicationPermit(id, domain, new OktaAccessToken("okta-token"))); + public Optional<ApplicationClaim> claimFor(ApplicationId id) { + return domainOf(id).map(domain -> new AthenzApplicationClaim(id, domain, new OktaAccessToken("okta-token"))); } public Application createApplication(TenantName tenant, String applicationName, String instanceName, long projectId) { ApplicationId applicationId = ApplicationId.from(tenant.value(), applicationName, instanceName); - controller().applications().createApplication(applicationId, permitFor(applicationId)); + controller().applications().createApplication(applicationId, claimFor(applicationId)); controller().applications().lockOrThrow(applicationId, lockedApplication -> controller().applications().store(lockedApplication.withProjectId(OptionalLong.of(projectId)))); return controller().applications().require(applicationId); } public void deleteApplication(ApplicationId id) { - controller().applications().deleteApplication(id, permitFor(id)); + controller().applications().deleteApplication(id, claimFor(id)); } public void deploy(Application application, ZoneId zone) { diff --git a/controller-server/src/test/java/com/yahoo/vespa/hosted/controller/restapi/ContainerControllerTester.java b/controller-server/src/test/java/com/yahoo/vespa/hosted/controller/restapi/ContainerControllerTester.java index d1117884347..30d30be7dd0 100644 --- a/controller-server/src/test/java/com/yahoo/vespa/hosted/controller/restapi/ContainerControllerTester.java +++ b/controller-server/src/test/java/com/yahoo/vespa/hosted/controller/restapi/ContainerControllerTester.java @@ -9,7 +9,6 @@ import com.yahoo.vespa.athenz.api.AthenzDomain; import com.yahoo.vespa.athenz.api.AthenzPrincipal; import com.yahoo.vespa.athenz.api.AthenzUser; import com.yahoo.vespa.athenz.api.OktaAccessToken; -import com.yahoo.vespa.athenz.utils.AthenzIdentities; import com.yahoo.vespa.hosted.controller.Application; import com.yahoo.vespa.hosted.controller.Controller; import com.yahoo.vespa.hosted.controller.api.application.v4.model.DeployOptions; @@ -29,8 +28,8 @@ import com.yahoo.vespa.hosted.controller.deployment.BuildJob; import com.yahoo.vespa.hosted.controller.integration.ArtifactRepositoryMock; import com.yahoo.vespa.hosted.controller.maintenance.JobControl; import com.yahoo.vespa.hosted.controller.maintenance.Upgrader; -import com.yahoo.vespa.hosted.controller.permits.AthenzApplicationPermit; -import com.yahoo.vespa.hosted.controller.permits.AthenzTenantPermit; +import com.yahoo.vespa.hosted.controller.permits.AthenzApplicationClaim; +import com.yahoo.vespa.hosted.controller.permits.AthenzTenantClaim; import com.yahoo.vespa.hosted.controller.persistence.CuratorDb; import com.yahoo.vespa.hosted.controller.persistence.MockCuratorDb; @@ -77,19 +76,19 @@ public class ContainerControllerTester { public Application createApplication(String athensDomain, String tenant, String application) { AthenzDomain domain1 = addTenantAthenzDomain(athensDomain, "user"); - AthenzTenantPermit tenantPermit = new AthenzTenantPermit(TenantName.from(tenant), - new AthenzPrincipal(new AthenzUser("user")), - Optional.of(domain1), - Optional.of(new Property("property1")), - Optional.of(new PropertyId("1234")), - new OktaAccessToken("okta-token")); - controller().tenants().create(tenantPermit); + AthenzTenantClaim tenantClaim = new AthenzTenantClaim(TenantName.from(tenant), + new AthenzPrincipal(new AthenzUser("user")), + Optional.of(domain1), + Optional.of(new Property("property1")), + Optional.of(new PropertyId("1234")), + new OktaAccessToken("okta-token")); + controller().tenants().create(tenantClaim); ApplicationId app = ApplicationId.from(tenant, application, "default"); - AthenzApplicationPermit applicationPermit = new AthenzApplicationPermit(app, - domain1, - new OktaAccessToken("okta-token")); - return controller().applications().createApplication(app, Optional.of(applicationPermit)); + AthenzApplicationClaim applicationClaim = new AthenzApplicationClaim(app, + domain1, + new OktaAccessToken("okta-token")); + return controller().applications().createApplication(app, Optional.of(applicationClaim)); } public Application deploy(Application application, ApplicationPackage applicationPackage, ZoneId zone) { diff --git a/controller-server/src/test/java/com/yahoo/vespa/hosted/controller/restapi/application/ApplicationApiTest.java b/controller-server/src/test/java/com/yahoo/vespa/hosted/controller/restapi/application/ApplicationApiTest.java index 9daf4d5e001..dc389704b69 100644 --- a/controller-server/src/test/java/com/yahoo/vespa/hosted/controller/restapi/application/ApplicationApiTest.java +++ b/controller-server/src/test/java/com/yahoo/vespa/hosted/controller/restapi/application/ApplicationApiTest.java @@ -56,8 +56,6 @@ import com.yahoo.vespa.hosted.controller.deployment.BuildJob; import com.yahoo.vespa.hosted.controller.deployment.DeploymentTrigger; import com.yahoo.vespa.hosted.controller.integration.ConfigServerMock; import com.yahoo.vespa.hosted.controller.integration.MetricsServiceMock; -import com.yahoo.vespa.hosted.controller.permits.AthenzTenantPermit; -import com.yahoo.vespa.hosted.controller.persistence.CuratorDb; import com.yahoo.vespa.hosted.controller.restapi.ContainerControllerTester; import com.yahoo.vespa.hosted.controller.restapi.ContainerTester; import com.yahoo.vespa.hosted.controller.restapi.ControllerContainerTest; |