diff options
author | Ola Aunrønning <olaa@verizonmedia.com> | 2020-08-06 12:31:58 +0200 |
---|---|---|
committer | Ola Aunrønning <olaa@verizonmedia.com> | 2020-08-06 12:31:58 +0200 |
commit | ceb9846ab1f17cfcef957b93076f6de34afdd494 (patch) | |
tree | 0e99f8f81f2f3a837534584999ba96c8d0ea6fc3 /controller-server | |
parent | 60ab52bd72920adc7040851593b48262c89db621 (diff) |
BillingController deletes billing info
Diffstat (limited to 'controller-server')
2 files changed, 11 insertions, 82 deletions
diff --git a/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/security/CloudAccessControl.java b/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/security/CloudAccessControl.java index 320b376c2ae..4f410f60204 100644 --- a/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/security/CloudAccessControl.java +++ b/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/security/CloudAccessControl.java @@ -10,7 +10,6 @@ import com.yahoo.vespa.flags.Flags; import com.yahoo.vespa.hosted.controller.Application; import com.yahoo.vespa.hosted.controller.api.integration.ServiceRegistry; import com.yahoo.vespa.hosted.controller.api.integration.billing.BillingController; -import com.yahoo.vespa.hosted.controller.api.integration.organization.BillingInfo; import com.yahoo.vespa.hosted.controller.api.integration.user.Roles; import com.yahoo.vespa.hosted.controller.api.integration.user.UserId; import com.yahoo.vespa.hosted.controller.api.integration.user.UserManagement; @@ -22,9 +21,8 @@ import com.yahoo.vespa.hosted.controller.tenant.CloudTenant; import com.yahoo.vespa.hosted.controller.tenant.Tenant; import javax.ws.rs.ForbiddenException; -import java.math.BigDecimal; -import java.time.LocalDate; import java.util.List; +import java.util.stream.Collectors; import static com.yahoo.vespa.hosted.controller.api.role.RoleDefinition.*; @@ -101,19 +99,11 @@ public class CloudAccessControl implements AccessControl { @Override public void deleteTenant(TenantName tenant, Credentials credentials) { - if(!(allowedByPrivilegedRole((Auth0Credentials) credentials) || noOutstandingCharges(tenant))) - throw new ForbiddenException("Please contact the Vespa team for assistance in deleting tenants with outstanding charges"); - + deleteBillingInfo(tenant, credentials); for (TenantRole role : Roles.tenantRoles(tenant)) userManagement.deleteRole(role); } - private boolean noOutstandingCharges(TenantName tenant) { - return billingController.createUncommittedInvoice(tenant, LocalDate.now()).sum().compareTo(BigDecimal.ZERO) == 0 && - billingController.getUnusedLineItems(tenant).size() == 0 && - billingController.getPlan(tenant).value().equals("trial"); - } - @Override public void createApplication(TenantAndApplicationId id, Credentials credentials) { for (Role role : Roles.applicationRoles(id.tenant(), id.application())) @@ -126,4 +116,13 @@ public class CloudAccessControl implements AccessControl { userManagement.deleteRole(role); } + private void deleteBillingInfo(TenantName tenant, Credentials credentials) { + var users = Roles.tenantRoles(tenant) + .stream() + .flatMap(role -> userManagement.listUsers(role).stream()) + .collect(Collectors.toSet()); + var isPrivileged = allowedByPrivilegedRole((Auth0Credentials) credentials); + billingController.deleteBillingInfo(tenant, users, isPrivileged); + } + } diff --git a/controller-server/src/test/java/com/yahoo/vespa/hosted/controller/security/CloudAccessControlTest.java b/controller-server/src/test/java/com/yahoo/vespa/hosted/controller/security/CloudAccessControlTest.java deleted file mode 100644 index baf7d3826f1..00000000000 --- a/controller-server/src/test/java/com/yahoo/vespa/hosted/controller/security/CloudAccessControlTest.java +++ /dev/null @@ -1,70 +0,0 @@ -// Copyright Verizon Media. Licensed under the terms of the Apache 2.0 license. See LICENSE in the project root. -package com.yahoo.vespa.hosted.controller.security; - -import com.yahoo.config.provision.TenantName; -import com.yahoo.vespa.flags.FlagSource; -import com.yahoo.vespa.flags.InMemoryFlagSource; -import com.yahoo.vespa.hosted.controller.api.integration.ServiceRegistry; -import com.yahoo.vespa.hosted.controller.api.integration.billing.Invoice; -import com.yahoo.vespa.hosted.controller.api.integration.billing.MockBillingController; -import com.yahoo.vespa.hosted.controller.api.integration.billing.PlanId; -import com.yahoo.vespa.hosted.controller.api.integration.stubs.MockUserManagement; -import com.yahoo.vespa.hosted.controller.api.integration.user.UserManagement; -import com.yahoo.vespa.hosted.controller.integration.ServiceRegistryMock; -import org.junit.Test; - -import javax.ws.rs.ForbiddenException; -import java.math.BigDecimal; -import java.security.Principal; -import java.util.HashSet; - -import static org.junit.Assert.*; -import static org.mockito.Mockito.mock; -import static org.mockito.Mockito.when; - -/** - * @author olaa - */ -public class CloudAccessControlTest { - - private final UserManagement userManagement = new MockUserManagement(); - private final FlagSource flagSource = new InMemoryFlagSource(); - private final ServiceRegistry serviceRegistry = new ServiceRegistryMock(); - private final MockBillingController billingController = (MockBillingController) serviceRegistry.billingController(); - private final CloudAccessControl cloudAccessControl = new CloudAccessControl(userManagement, flagSource, serviceRegistry); - - @Test - public void tenant_deletion_fails_when_outstanding_charges() { - // First verify that it works with no outstanding charges - var tenant = TenantName.defaultName(); - var principal = mock(Principal.class); - var credentials = new Auth0Credentials(principal, new HashSet<>()); - cloudAccessControl.deleteTenant(tenant, credentials); - - // Forbidden if plan != trial - billingController.setPlan(tenant, PlanId.from("subscription"), false); - try { - cloudAccessControl.deleteTenant(tenant, credentials); - fail(); - } catch (ForbiddenException ignored) {} - billingController.setPlan(tenant, PlanId.from("trial"), false); - - // Forbidden if outstanding lineitems - billingController.addLineItem(tenant, "Some expense", BigDecimal.TEN, "agent"); - try { - cloudAccessControl.deleteTenant(tenant, credentials); - fail(); - } catch (ForbiddenException ignored) {} - billingController.deleteLineItem("line-item-id"); - - // Forbidden if uncommited invoice exists - var invoice = mock(Invoice.class); - when(invoice.sum()).thenReturn(BigDecimal.TEN); - billingController.addInvoice(tenant, invoice, false); - try { - cloudAccessControl.deleteTenant(tenant, credentials); - fail(); - } catch (ForbiddenException ignored) {} - - } -}
\ No newline at end of file |