diff options
author | Bjørn Christian Seime <bjorncs@oath.com> | 2018-03-13 17:28:34 +0100 |
---|---|---|
committer | Bjørn Christian Seime <bjorncs@oath.com> | 2018-03-13 17:28:34 +0100 |
commit | d3b0387cedc77dd59fdf47db8be0ce96ac49c552 (patch) | |
tree | 06bcb6eb738ab68a569949274190adec5d0316bd /controller-server | |
parent | 6efe23abadd6a6c2ed26ae30cee0c87e1c320b1c (diff) |
Remove api for migrating tenants to Athenz
Diffstat (limited to 'controller-server')
4 files changed, 0 insertions, 97 deletions
diff --git a/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/TenantController.java b/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/TenantController.java index c9f2ff6eb49..88d7a515db1 100644 --- a/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/TenantController.java +++ b/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/TenantController.java @@ -7,9 +7,6 @@ import com.yahoo.vespa.athenz.api.AthenzUser; import com.yahoo.vespa.athenz.api.NToken; import com.yahoo.vespa.curator.Lock; import com.yahoo.vespa.hosted.controller.api.Tenant; -import com.yahoo.vespa.hosted.controller.api.identifiers.ApplicationId; -import com.yahoo.vespa.hosted.controller.api.identifiers.Property; -import com.yahoo.vespa.hosted.controller.api.identifiers.PropertyId; import com.yahoo.vespa.hosted.controller.api.identifiers.TenantId; import com.yahoo.vespa.hosted.controller.api.identifiers.UserGroup; import com.yahoo.vespa.hosted.controller.api.identifiers.UserId; @@ -190,44 +187,6 @@ public class TenantController { } } - public Tenant migrateTenantToAthenz(TenantId tenantId, - AthenzDomain tenantDomain, - PropertyId propertyId, - Property property, - NToken nToken) { - try (Lock lock = lock(tenantId)) { - Tenant existing = tenant(tenantId).orElseThrow(() -> new NotExistsException(tenantId)); - if (existing.isAthensTenant()) return existing; // nothing to do - log.info("Starting migration of " + existing + " to Athenz domain " + tenantDomain.getName()); - if (tenantHaving(tenantDomain).isPresent()) - throw new IllegalArgumentException("Could not migrate " + existing + " to " + tenantDomain + ": " + - "This domain is already used by " + tenantHaving(tenantDomain).get()); - if ( ! existing.isOpsDbTenant()) - throw new IllegalArgumentException("Could not migrate " + existing + " to " + tenantDomain + ": " + - "Tenant is not currently an OpsDb tenant"); - - ZmsClient zmsClient = athenzClientFactory.createZmsClientWithAuthorizedServiceToken(nToken); - zmsClient.createTenant(tenantDomain); - - // Create resource group in Athenz for each application name - controller.applications() - .asList(TenantName.from(existing.getId().id())) - .stream() - .map(name -> new ApplicationId(name.id().application().value())) - .distinct() - .forEach(appId -> zmsClient.addApplication(tenantDomain, appId)); - - db.deleteTenant(tenantId); - Tenant tenant = Tenant.createAthensTenant(tenantId, tenantDomain, property, Optional.of(propertyId)); - db.createTenant(tenant); - log.info("Migration of " + existing + " to Athenz completed."); - return tenant; - } - catch (PersistenceException e) { - throw new RuntimeException("Failed migrating " + tenantId + " to Athenz", e); - } - } - private TenantId dashToUnderscore(TenantId id) { return new TenantId(id.id().replaceAll("-", "_")); } diff --git a/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/restapi/application/ApplicationApiHandler.java b/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/restapi/application/ApplicationApiHandler.java index 368fd323fb0..58e30c11baf 100644 --- a/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/restapi/application/ApplicationApiHandler.java +++ b/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/restapi/application/ApplicationApiHandler.java @@ -23,7 +23,6 @@ import com.yahoo.vespa.athenz.api.AthenzDomain; import com.yahoo.vespa.athenz.api.AthenzIdentity; import com.yahoo.vespa.athenz.api.AthenzPrincipal; import com.yahoo.vespa.athenz.api.AthenzUser; -import com.yahoo.vespa.athenz.api.NToken; import com.yahoo.vespa.config.SlimeUtils; import com.yahoo.vespa.hosted.controller.AlreadyExistsException; import com.yahoo.vespa.hosted.controller.Application; @@ -185,7 +184,6 @@ public class ApplicationApiHandler extends LoggingRequestHandler { Path path = new Path(request.getUri().getPath()); if (path.matches("/application/v4/user")) return createUser(request); if (path.matches("/application/v4/tenant/{tenant}")) return updateTenant(path.get("tenant"), request); - if (path.matches("/application/v4/tenant/{tenant}/migrateTenantToAthens")) return migrateTenant(path.get("tenant"), request); if (path.matches("/application/v4/tenant/{tenant}/application/{application}/environment/{environment}/region/{region}/instance/{instance}/global-rotation/override")) return setGlobalRotationOverride(path.get("tenant"), path.get("application"), path.get("instance"), path.get("environment"), path.get("region"), false, request); return ErrorResponse.notFoundError("Nothing at " + path); @@ -677,21 +675,6 @@ public class ApplicationApiHandler extends LoggingRequestHandler { return tenant(tenant, request, true); } - private HttpResponse migrateTenant(String tenantName, HttpRequest request) { - TenantId tenantid = new TenantId(tenantName); - Inspector requestData = toSlime(request.getData()).get(); - AthenzDomain tenantDomain = new AthenzDomain(mandatory("athensDomain", requestData).asString()); - Property property = new Property(mandatory("property", requestData).asString()); - PropertyId propertyId = new PropertyId(mandatory("propertyId", requestData).asString()); - - throwIfNotAthenzDomainAdmin(tenantDomain, request); - NToken nToken = getUserPrincipal(request).getNToken() - .orElseThrow(() -> - new BadRequestException("The NToken for a domain admin is required to migrate tenant to Athens")); - Tenant tenant = controller.tenants().migrateTenantToAthenz(tenantid, tenantDomain, propertyId, property, nToken); - return tenant(tenant, request, true); - } - private HttpResponse createApplication(String tenantName, String applicationName, HttpRequest request) { Application application; try { diff --git a/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/restapi/filter/ControllerAuthorizationFilter.java b/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/restapi/filter/ControllerAuthorizationFilter.java index 8a539beb83a..5a8cdc7bc6a 100644 --- a/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/restapi/filter/ControllerAuthorizationFilter.java +++ b/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/restapi/filter/ControllerAuthorizationFilter.java @@ -127,7 +127,6 @@ public class ControllerAuthorizationFilter implements SecurityRequestFilter { private static boolean isTenantAdminOperation(Path path, Method method) { if (isHostedOperatorOperation(path, method)) return false; return path.matches("/application/v4/tenant/{tenant}") || - path.matches("/application/v4/tenant/{tenant}/migrateTenantToAthens") || path.matches("/application/v4/tenant/{tenant}/application/{application}") || path.matches("/application/v4/tenant/{tenant}/application/{application}/environment/dev/{*}") || path.matches("/application/v4/tenant/{tenant}/application/{application}/environment/perf/{*}") || diff --git a/controller-server/src/test/java/com/yahoo/vespa/hosted/controller/ControllerTest.java b/controller-server/src/test/java/com/yahoo/vespa/hosted/controller/ControllerTest.java index 22730cd2fb2..a898c3eec68 100644 --- a/controller-server/src/test/java/com/yahoo/vespa/hosted/controller/ControllerTest.java +++ b/controller-server/src/test/java/com/yahoo/vespa/hosted/controller/ControllerTest.java @@ -415,44 +415,6 @@ public class ControllerTest { } @Test - public void testMigratingTenantToAthenzWillModifyAthenzDomainsCorrectly() { - ControllerTester tester = new ControllerTester(); - - // Create Athens domain mock - AthenzDomain athensDomain = new AthenzDomain("vespa.john"); - AthenzDbMock.Domain mockDomain = new AthenzDbMock.Domain(athensDomain); - tester.athenzDb().addDomain(mockDomain); - - // Create OpsDb tenant - TenantId tenantId = new TenantId("mytenant"); - Tenant existingTenant = Tenant.createOpsDbTenant(tenantId, new UserGroup("myusergroup"), new Property("myproperty")); - tester.controller().tenants().addTenant(existingTenant, Optional.empty()); - - // Create an application without instance - String applicationName = "myapplication"; - ApplicationId applicationId = ApplicationId.from(tenantId.id(), applicationName, "default"); - tester.controller().applications().createApplication(applicationId, Optional.empty()); - - // Verify that Athens domain does not have any relations to tenant/application yet - assertTrue(mockDomain.applications.keySet().isEmpty()); - assertFalse(mockDomain.isVespaTenant); - - // Migrate tenant to Athens - NToken nToken = TestIdentities.userNToken; - tester.controller().tenants().migrateTenantToAthenz( - tenantId, athensDomain, new PropertyId("1567"), new Property("vespa_dev.no"), nToken); - - // Verify that tenant is migrated - Tenant tenant = tester.controller().tenants().tenant(tenantId).get(); - assertTrue(tenant.isAthensTenant()); - assertEquals(athensDomain, tenant.getAthensDomain().get()); - // Verify that domain knows about tenant and application - assertTrue(mockDomain.isVespaTenant); - assertTrue(mockDomain.applications.keySet().contains( - new com.yahoo.vespa.hosted.controller.api.identifiers.ApplicationId(applicationName))); - } - - @Test public void requeueOutOfCapacityStagingJob() { DeploymentTester tester = new DeploymentTester(); |