diff options
author | Jon Marius Venstad <jonmv@users.noreply.github.com> | 2020-03-30 11:16:12 +0200 |
---|---|---|
committer | GitHub <noreply@github.com> | 2020-03-30 11:16:12 +0200 |
commit | 27148ddb441e25a7a9ed5dadf7b54edd6f5ac353 (patch) | |
tree | 5e29f3a1e2d2a8d4a02817db7b50f7da356cb44b /controller-server | |
parent | 4609c89fca91eeaeff67e147cc845ac75b3856e5 (diff) | |
parent | 53b5efffada6ccd0a02800e13bf388270c0901c1 (diff) |
Merge pull request #12681 from vespa-engine/jonmv/cleanup-after-user-tenants
Remove more user tenant leftovers
Diffstat (limited to 'controller-server')
6 files changed, 2 insertions, 90 deletions
diff --git a/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/restapi/application/ApplicationApiHandler.java b/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/restapi/application/ApplicationApiHandler.java index be3f4e50dc7..08f22ac778e 100644 --- a/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/restapi/application/ApplicationApiHandler.java +++ b/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/restapi/application/ApplicationApiHandler.java @@ -205,7 +205,6 @@ public class ApplicationApiHandler extends LoggingRequestHandler { private HttpResponse handleGET(Path path, HttpRequest request) { if (path.matches("/application/v4/")) return root(request); - if (path.matches("/application/v4/user")) return authenticatedUser(request); if (path.matches("/application/v4/tenant")) return tenants(request); if (path.matches("/application/v4/tenant/{tenant}")) return tenant(path.get("tenant"), request); if (path.matches("/application/v4/tenant/{tenant}/cost")) return tenantCost(path.get("tenant"), request); @@ -248,7 +247,6 @@ public class ApplicationApiHandler extends LoggingRequestHandler { } private HttpResponse handlePUT(Path path, HttpRequest request) { - if (path.matches("/application/v4/user")) return new EmptyResponse(); if (path.matches("/application/v4/tenant/{tenant}")) return updateTenant(path.get("tenant"), request); if (path.matches("/application/v4/tenant/{tenant}/application/{application}/instance/{instance}/environment/{environment}/region/{region}/global-rotation/override")) return setGlobalRotationOverride(path.get("tenant"), path.get("application"), path.get("instance"), path.get("environment"), path.get("region"), false, request); if (path.matches("/application/v4/tenant/{tenant}/application/{application}/environment/{environment}/region/{region}/instance/{instance}/global-rotation/override")) return setGlobalRotationOverride(path.get("tenant"), path.get("application"), path.get("instance"), path.get("environment"), path.get("region"), false, request); @@ -325,24 +323,7 @@ public class ApplicationApiHandler extends LoggingRequestHandler { private HttpResponse root(HttpRequest request) { return recurseOverTenants(request) ? recursiveRoot(request) - : new ResourceResponse(request, "user", "tenant"); - } - - // TODO jonmv: Move to Athenz API. - private HttpResponse authenticatedUser(HttpRequest request) { - Principal user = requireUserPrincipal(request); - - String userName = user instanceof AthenzPrincipal ? ((AthenzPrincipal) user).getIdentity().getName() : user.getName(); - List<Tenant> tenants = controller.tenants().asList(new Credentials(user)); - - Slime slime = new Slime(); - Cursor response = slime.setObject(); - response.setString("user", userName); - Cursor tenantsArray = response.setArray("tenants"); - for (Tenant tenant : tenants) - tenantInTenantsListToSlime(tenant, request.getUri(), tenantsArray.addObject()); - response.setBool("tenantExists", true); - return new SlimeJsonResponse(slime); + : new ResourceResponse(request, "tenant"); } private HttpResponse tenants(HttpRequest request) { diff --git a/controller-server/src/test/java/com/yahoo/vespa/hosted/controller/restapi/application/ApplicationApiTest.java b/controller-server/src/test/java/com/yahoo/vespa/hosted/controller/restapi/application/ApplicationApiTest.java index fd0981e8427..2752ba64b61 100644 --- a/controller-server/src/test/java/com/yahoo/vespa/hosted/controller/restapi/application/ApplicationApiTest.java +++ b/controller-server/src/test/java/com/yahoo/vespa/hosted/controller/restapi/application/ApplicationApiTest.java @@ -176,24 +176,6 @@ public class ApplicationApiTest extends ControllerContainerTest { .oktaAccessToken(OKTA_AT).oktaIdentityToken(OKTA_IT) .data("{\"athensDomain\":\"domain1\", \"property\":\"property1\"}"), new File("tenant-without-applications.json")); - // GET the authenticated user (with associated tenants) - tester.assertResponse(request("/application/v4/user", GET).userIdentity(USER_ID), - new File("user.json")); - // TODO jonmv: Remove when dashboard is gone. - // PUT a user tenant — does nothing - tester.assertResponse(request("/application/v4/user", PUT).userIdentity(USER_ID), - ""); - - // GET the authenticated user which now exists (with associated tenants) - tester.assertResponse(request("/application/v4/user", GET).userIdentity(USER_ID), - new File("user.json")); - - // DELETE the user — it doesn't exist, so access control fails - tester.assertResponse(request("/application/v4/tenant/by-myuser", DELETE).userIdentity(USER_ID), - "{\n \"code\" : 403,\n \"message\" : \"Access denied\"\n}", 403); - // GET all tenants - tester.assertResponse(request("/application/v4/tenant/", GET).userIdentity(USER_ID), - new File("tenant-list.json")); // GET list of months for a tenant tester.assertResponse(request("/application/v4/tenant/tenant1/cost", GET).userIdentity(USER_ID).oktaAccessToken(OKTA_AT).oktaIdentityToken(OKTA_IT), @@ -783,11 +765,6 @@ public class ApplicationApiTest extends ControllerContainerTest { .userIdentity(USER_ID), "{\"message\":\"Aborting run 2 of staging-test for tenant1.application1.instance1\"}"); - // GET user lists only tenants for the authenticated user - tester.assertResponse(request("/application/v4/user", GET) - .userIdentity(new UserId("other_user")), - "{\"user\":\"other_user\",\"tenants\":[],\"tenantExists\":true}"); - // OPTIONS return 200 OK tester.assertResponse(request("/application/v4/", Request.Method.OPTIONS) .userIdentity(USER_ID), @@ -1108,14 +1085,6 @@ public class ApplicationApiTest extends ControllerContainerTest { "{\"error-code\":\"BAD_REQUEST\",\"message\":\"New tenant or application names must start with a letter, may contain no more than 20 characters, and may only contain lowercase letters, digits or dashes, but no double-dashes.\"}", 400); - // POST (add) an Athenz tenant with by- prefix - tester.assertResponse(request("/application/v4/tenant/by-tenant2", POST) - .userIdentity(USER_ID) - .data("{\"athensDomain\":\"domain1\", \"property\":\"property1\"}") - .oktaAccessToken(OKTA_AT).oktaIdentityToken(OKTA_IT), - "{\"error-code\":\"BAD_REQUEST\",\"message\":\"Athenz tenant name cannot have prefix 'by-'\"}", - 400); - // POST (add) an Athenz tenant with a reserved name tester.assertResponse(request("/application/v4/tenant/hosted-vespa", POST) .userIdentity(USER_ID) @@ -1395,25 +1364,12 @@ public class ApplicationApiTest extends ControllerContainerTest { createAthenzDomainWithAdmin(ATHENZ_TENANT_DOMAIN, tenantAdmin); allowLaunchOfService(new com.yahoo.vespa.athenz.api.AthenzService(ATHENZ_TENANT_DOMAIN, "service")); - // Create tenant - // PUT (create) the authenticated user - tester.assertResponse(request("/application/v4/user?user=new_user&domain=by", PUT) - .userIdentity(userId), // Normalized to by-new-user by API - ""); - ApplicationPackage applicationPackage = new ApplicationPackageBuilder() .athenzIdentity(com.yahoo.config.provision.AthenzDomain.from("domain1"), com.yahoo.config.provision.AthenzService.from("service")) .build(); - // POST (deploy) an application to a dev zone fails because user tenant is used — these do not exist. - MultiPartStreamer entity = createApplicationDeployData(applicationPackage, true); - tester.assertResponse(request("/application/v4/tenant/by-new-user/application/application1/environment/dev/region/us-west-1/instance/default", POST) - .data(entity) - .userIdentity(userId), - "{\n \"code\" : 403,\n \"message\" : \"Access denied\"\n}", - 403); - createTenantAndApplication(); + MultiPartStreamer entity = createApplicationDeployData(applicationPackage, true); // POST (deploy) an application to dev through a deployment job, with user instance and a proper tenant tester.assertResponse(request("/application/v4/tenant/tenant1/application/application1/instance/new-user/deploy/dev-us-east-1", POST) .data(entity) @@ -1426,13 +1382,6 @@ public class ApplicationApiTest extends ControllerContainerTest { .domains.get(ATHENZ_TENANT_DOMAIN) .admin(HostedAthenzIdentities.from(userId)); - // POST (deploy) an application to a dev zone fails because user tenant is used — these do not exist. - tester.assertResponse(request("/application/v4/tenant/by-new-user/application/application1/environment/dev/region/us-west-1/instance/default", POST) - .data(entity) - .userIdentity(userId), - "{\n \"code\" : 403,\n \"message\" : \"Access denied\"\n}", - 403); - // POST (deploy) an application to dev through a deployment job tester.assertResponse(request("/application/v4/tenant/tenant1/application/application1/instance/new-user/deploy/dev-us-east-1", POST) .data(entity) diff --git a/controller-server/src/test/java/com/yahoo/vespa/hosted/controller/restapi/application/responses/root.json b/controller-server/src/test/java/com/yahoo/vespa/hosted/controller/restapi/application/responses/root.json index 986245decca..d63a7ba7d56 100644 --- a/controller-server/src/test/java/com/yahoo/vespa/hosted/controller/restapi/application/responses/root.json +++ b/controller-server/src/test/java/com/yahoo/vespa/hosted/controller/restapi/application/responses/root.json @@ -1,9 +1,6 @@ { "resources":[ { - "url":"http://localhost:8080/application/v4/user/" - }, - { "url":"http://localhost:8080/application/v4/tenant/" } ] diff --git a/controller-server/src/test/java/com/yahoo/vespa/hosted/controller/restapi/application/responses/user-which-exists.json b/controller-server/src/test/java/com/yahoo/vespa/hosted/controller/restapi/application/responses/user-which-exists.json deleted file mode 100644 index f2703677738..00000000000 --- a/controller-server/src/test/java/com/yahoo/vespa/hosted/controller/restapi/application/responses/user-which-exists.json +++ /dev/null @@ -1,5 +0,0 @@ -{ - "user": "myuser", - "tenants": @include(tenant-list-with-user.json), - "tenantExists": true -}
\ No newline at end of file diff --git a/controller-server/src/test/java/com/yahoo/vespa/hosted/controller/restapi/application/responses/user.json b/controller-server/src/test/java/com/yahoo/vespa/hosted/controller/restapi/application/responses/user.json deleted file mode 100644 index 9902267dbb5..00000000000 --- a/controller-server/src/test/java/com/yahoo/vespa/hosted/controller/restapi/application/responses/user.json +++ /dev/null @@ -1,5 +0,0 @@ -{ - "user": "myuser", - "tenants": @include(tenant-list.json), - "tenantExists": true -}
\ No newline at end of file diff --git a/controller-server/src/test/java/com/yahoo/vespa/hosted/controller/restapi/user/UserApiTest.java b/controller-server/src/test/java/com/yahoo/vespa/hosted/controller/restapi/user/UserApiTest.java index 6db5bc9f523..51466e5b1e2 100644 --- a/controller-server/src/test/java/com/yahoo/vespa/hosted/controller/restapi/user/UserApiTest.java +++ b/controller-server/src/test/java/com/yahoo/vespa/hosted/controller/restapi/user/UserApiTest.java @@ -71,11 +71,6 @@ public class UserApiTest extends ControllerContainerCloudTest { .data("{\"token\":\"hello\"}"), new File("tenant-without-applications.json")); - // PUT a tenant is ignored. - tester.assertResponse(request("/application/v4/user/", PUT) - .roles(operator), - "", 200); - // GET at user/v1 root fails as no access control is defined there. tester.assertResponse(request("/user/v1/"), accessDenied, 403); |