summaryrefslogtreecommitdiffstats
path: root/controller-server
diff options
context:
space:
mode:
authorBjørn Christian Seime <bjorncs@oath.com>2018-03-13 17:28:34 +0100
committerBjørn Christian Seime <bjorncs@oath.com>2018-03-13 17:28:34 +0100
commitd3b0387cedc77dd59fdf47db8be0ce96ac49c552 (patch)
tree06bcb6eb738ab68a569949274190adec5d0316bd /controller-server
parent6efe23abadd6a6c2ed26ae30cee0c87e1c320b1c (diff)
Remove api for migrating tenants to Athenz
Diffstat (limited to 'controller-server')
-rw-r--r--controller-server/src/main/java/com/yahoo/vespa/hosted/controller/TenantController.java41
-rw-r--r--controller-server/src/main/java/com/yahoo/vespa/hosted/controller/restapi/application/ApplicationApiHandler.java17
-rw-r--r--controller-server/src/main/java/com/yahoo/vespa/hosted/controller/restapi/filter/ControllerAuthorizationFilter.java1
-rw-r--r--controller-server/src/test/java/com/yahoo/vespa/hosted/controller/ControllerTest.java38
4 files changed, 0 insertions, 97 deletions
diff --git a/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/TenantController.java b/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/TenantController.java
index c9f2ff6eb49..88d7a515db1 100644
--- a/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/TenantController.java
+++ b/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/TenantController.java
@@ -7,9 +7,6 @@ import com.yahoo.vespa.athenz.api.AthenzUser;
import com.yahoo.vespa.athenz.api.NToken;
import com.yahoo.vespa.curator.Lock;
import com.yahoo.vespa.hosted.controller.api.Tenant;
-import com.yahoo.vespa.hosted.controller.api.identifiers.ApplicationId;
-import com.yahoo.vespa.hosted.controller.api.identifiers.Property;
-import com.yahoo.vespa.hosted.controller.api.identifiers.PropertyId;
import com.yahoo.vespa.hosted.controller.api.identifiers.TenantId;
import com.yahoo.vespa.hosted.controller.api.identifiers.UserGroup;
import com.yahoo.vespa.hosted.controller.api.identifiers.UserId;
@@ -190,44 +187,6 @@ public class TenantController {
}
}
- public Tenant migrateTenantToAthenz(TenantId tenantId,
- AthenzDomain tenantDomain,
- PropertyId propertyId,
- Property property,
- NToken nToken) {
- try (Lock lock = lock(tenantId)) {
- Tenant existing = tenant(tenantId).orElseThrow(() -> new NotExistsException(tenantId));
- if (existing.isAthensTenant()) return existing; // nothing to do
- log.info("Starting migration of " + existing + " to Athenz domain " + tenantDomain.getName());
- if (tenantHaving(tenantDomain).isPresent())
- throw new IllegalArgumentException("Could not migrate " + existing + " to " + tenantDomain + ": " +
- "This domain is already used by " + tenantHaving(tenantDomain).get());
- if ( ! existing.isOpsDbTenant())
- throw new IllegalArgumentException("Could not migrate " + existing + " to " + tenantDomain + ": " +
- "Tenant is not currently an OpsDb tenant");
-
- ZmsClient zmsClient = athenzClientFactory.createZmsClientWithAuthorizedServiceToken(nToken);
- zmsClient.createTenant(tenantDomain);
-
- // Create resource group in Athenz for each application name
- controller.applications()
- .asList(TenantName.from(existing.getId().id()))
- .stream()
- .map(name -> new ApplicationId(name.id().application().value()))
- .distinct()
- .forEach(appId -> zmsClient.addApplication(tenantDomain, appId));
-
- db.deleteTenant(tenantId);
- Tenant tenant = Tenant.createAthensTenant(tenantId, tenantDomain, property, Optional.of(propertyId));
- db.createTenant(tenant);
- log.info("Migration of " + existing + " to Athenz completed.");
- return tenant;
- }
- catch (PersistenceException e) {
- throw new RuntimeException("Failed migrating " + tenantId + " to Athenz", e);
- }
- }
-
private TenantId dashToUnderscore(TenantId id) {
return new TenantId(id.id().replaceAll("-", "_"));
}
diff --git a/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/restapi/application/ApplicationApiHandler.java b/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/restapi/application/ApplicationApiHandler.java
index 368fd323fb0..58e30c11baf 100644
--- a/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/restapi/application/ApplicationApiHandler.java
+++ b/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/restapi/application/ApplicationApiHandler.java
@@ -23,7 +23,6 @@ import com.yahoo.vespa.athenz.api.AthenzDomain;
import com.yahoo.vespa.athenz.api.AthenzIdentity;
import com.yahoo.vespa.athenz.api.AthenzPrincipal;
import com.yahoo.vespa.athenz.api.AthenzUser;
-import com.yahoo.vespa.athenz.api.NToken;
import com.yahoo.vespa.config.SlimeUtils;
import com.yahoo.vespa.hosted.controller.AlreadyExistsException;
import com.yahoo.vespa.hosted.controller.Application;
@@ -185,7 +184,6 @@ public class ApplicationApiHandler extends LoggingRequestHandler {
Path path = new Path(request.getUri().getPath());
if (path.matches("/application/v4/user")) return createUser(request);
if (path.matches("/application/v4/tenant/{tenant}")) return updateTenant(path.get("tenant"), request);
- if (path.matches("/application/v4/tenant/{tenant}/migrateTenantToAthens")) return migrateTenant(path.get("tenant"), request);
if (path.matches("/application/v4/tenant/{tenant}/application/{application}/environment/{environment}/region/{region}/instance/{instance}/global-rotation/override"))
return setGlobalRotationOverride(path.get("tenant"), path.get("application"), path.get("instance"), path.get("environment"), path.get("region"), false, request);
return ErrorResponse.notFoundError("Nothing at " + path);
@@ -677,21 +675,6 @@ public class ApplicationApiHandler extends LoggingRequestHandler {
return tenant(tenant, request, true);
}
- private HttpResponse migrateTenant(String tenantName, HttpRequest request) {
- TenantId tenantid = new TenantId(tenantName);
- Inspector requestData = toSlime(request.getData()).get();
- AthenzDomain tenantDomain = new AthenzDomain(mandatory("athensDomain", requestData).asString());
- Property property = new Property(mandatory("property", requestData).asString());
- PropertyId propertyId = new PropertyId(mandatory("propertyId", requestData).asString());
-
- throwIfNotAthenzDomainAdmin(tenantDomain, request);
- NToken nToken = getUserPrincipal(request).getNToken()
- .orElseThrow(() ->
- new BadRequestException("The NToken for a domain admin is required to migrate tenant to Athens"));
- Tenant tenant = controller.tenants().migrateTenantToAthenz(tenantid, tenantDomain, propertyId, property, nToken);
- return tenant(tenant, request, true);
- }
-
private HttpResponse createApplication(String tenantName, String applicationName, HttpRequest request) {
Application application;
try {
diff --git a/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/restapi/filter/ControllerAuthorizationFilter.java b/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/restapi/filter/ControllerAuthorizationFilter.java
index 8a539beb83a..5a8cdc7bc6a 100644
--- a/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/restapi/filter/ControllerAuthorizationFilter.java
+++ b/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/restapi/filter/ControllerAuthorizationFilter.java
@@ -127,7 +127,6 @@ public class ControllerAuthorizationFilter implements SecurityRequestFilter {
private static boolean isTenantAdminOperation(Path path, Method method) {
if (isHostedOperatorOperation(path, method)) return false;
return path.matches("/application/v4/tenant/{tenant}") ||
- path.matches("/application/v4/tenant/{tenant}/migrateTenantToAthens") ||
path.matches("/application/v4/tenant/{tenant}/application/{application}") ||
path.matches("/application/v4/tenant/{tenant}/application/{application}/environment/dev/{*}") ||
path.matches("/application/v4/tenant/{tenant}/application/{application}/environment/perf/{*}") ||
diff --git a/controller-server/src/test/java/com/yahoo/vespa/hosted/controller/ControllerTest.java b/controller-server/src/test/java/com/yahoo/vespa/hosted/controller/ControllerTest.java
index 22730cd2fb2..a898c3eec68 100644
--- a/controller-server/src/test/java/com/yahoo/vespa/hosted/controller/ControllerTest.java
+++ b/controller-server/src/test/java/com/yahoo/vespa/hosted/controller/ControllerTest.java
@@ -415,44 +415,6 @@ public class ControllerTest {
}
@Test
- public void testMigratingTenantToAthenzWillModifyAthenzDomainsCorrectly() {
- ControllerTester tester = new ControllerTester();
-
- // Create Athens domain mock
- AthenzDomain athensDomain = new AthenzDomain("vespa.john");
- AthenzDbMock.Domain mockDomain = new AthenzDbMock.Domain(athensDomain);
- tester.athenzDb().addDomain(mockDomain);
-
- // Create OpsDb tenant
- TenantId tenantId = new TenantId("mytenant");
- Tenant existingTenant = Tenant.createOpsDbTenant(tenantId, new UserGroup("myusergroup"), new Property("myproperty"));
- tester.controller().tenants().addTenant(existingTenant, Optional.empty());
-
- // Create an application without instance
- String applicationName = "myapplication";
- ApplicationId applicationId = ApplicationId.from(tenantId.id(), applicationName, "default");
- tester.controller().applications().createApplication(applicationId, Optional.empty());
-
- // Verify that Athens domain does not have any relations to tenant/application yet
- assertTrue(mockDomain.applications.keySet().isEmpty());
- assertFalse(mockDomain.isVespaTenant);
-
- // Migrate tenant to Athens
- NToken nToken = TestIdentities.userNToken;
- tester.controller().tenants().migrateTenantToAthenz(
- tenantId, athensDomain, new PropertyId("1567"), new Property("vespa_dev.no"), nToken);
-
- // Verify that tenant is migrated
- Tenant tenant = tester.controller().tenants().tenant(tenantId).get();
- assertTrue(tenant.isAthensTenant());
- assertEquals(athensDomain, tenant.getAthensDomain().get());
- // Verify that domain knows about tenant and application
- assertTrue(mockDomain.isVespaTenant);
- assertTrue(mockDomain.applications.keySet().contains(
- new com.yahoo.vespa.hosted.controller.api.identifiers.ApplicationId(applicationName)));
- }
-
- @Test
public void requeueOutOfCapacityStagingJob() {
DeploymentTester tester = new DeploymentTester();