diff options
author | Ola Aunrønning <olaa@verizonmedia.com> | 2021-09-02 13:11:51 +0200 |
---|---|---|
committer | Ola Aunrønning <olaa@verizonmedia.com> | 2021-09-02 13:13:33 +0200 |
commit | 696be9ae9a3c8e476ae00afed3bacae6a592b36e (patch) | |
tree | c7e45890d964aa0ecb38d8eb60d1192df36ec804 /controller-server | |
parent | 795139f6c3f938f8e9f2f44fa3f28ae56e2797cb (diff) |
Create UserManagementMaintainer
Diffstat (limited to 'controller-server')
3 files changed, 68 insertions, 1 deletions
diff --git a/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/maintenance/ControllerMaintenance.java b/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/maintenance/ControllerMaintenance.java index 924116e04c0..3b7cf313b37 100644 --- a/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/maintenance/ControllerMaintenance.java +++ b/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/maintenance/ControllerMaintenance.java @@ -8,6 +8,7 @@ import com.yahoo.config.provision.SystemName; import com.yahoo.config.provision.zone.ZoneApi; import com.yahoo.jdisc.Metric; import com.yahoo.vespa.hosted.controller.Controller; +import com.yahoo.vespa.hosted.controller.api.integration.user.UserManagement; import java.time.Duration; import java.time.temporal.TemporalUnit; @@ -35,7 +36,7 @@ public class ControllerMaintenance extends AbstractComponent { @Inject @SuppressWarnings("unused") // instantiated by Dependency Injection - public ControllerMaintenance(Controller controller, Metric metric) { + public ControllerMaintenance(Controller controller, Metric metric, UserManagement userManagement) { Intervals intervals = new Intervals(controller.system()); upgrader = new Upgrader(controller, intervals.defaultInterval); maintainers.add(upgrader); @@ -73,6 +74,7 @@ public class ControllerMaintenance extends AbstractComponent { maintainers.add(new VcmrMaintainer(controller, intervals.vcmrMaintainer)); maintainers.add(new CloudTrialExpirer(controller, intervals.defaultInterval)); maintainers.add(new RetriggerMaintainer(controller, intervals.retriggerMaintainer)); + maintainers.add(new UserManagementMaintainer(controller, intervals.userManagementMaintainer, userManagement)); } public Upgrader upgrader() { return upgrader; } @@ -129,6 +131,7 @@ public class ControllerMaintenance extends AbstractComponent { private final Duration changeRequestMaintainer; private final Duration vcmrMaintainer; private final Duration retriggerMaintainer; + private final Duration userManagementMaintainer; public Intervals(SystemName system) { this.system = Objects.requireNonNull(system); @@ -162,6 +165,7 @@ public class ControllerMaintenance extends AbstractComponent { this.changeRequestMaintainer = duration(1, HOURS); this.vcmrMaintainer = duration(1, HOURS); this.retriggerMaintainer = duration(1, MINUTES); + this.userManagementMaintainer = duration(12, HOURS); } private Duration duration(long amount, TemporalUnit unit) { diff --git a/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/maintenance/UserManagementMaintainer.java b/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/maintenance/UserManagementMaintainer.java new file mode 100644 index 00000000000..ffc11106fe2 --- /dev/null +++ b/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/maintenance/UserManagementMaintainer.java @@ -0,0 +1,60 @@ +// Copyright Yahoo. Licensed under the terms of the Apache 2.0 license. See LICENSE in the project root. +package com.yahoo.vespa.hosted.controller.maintenance; + +import com.yahoo.config.provision.SystemName; +import com.yahoo.vespa.hosted.controller.Application; +import com.yahoo.vespa.hosted.controller.Controller; +import com.yahoo.vespa.hosted.controller.api.integration.user.Roles; +import com.yahoo.vespa.hosted.controller.api.integration.user.UserManagement; + +import java.time.Duration; +import java.util.logging.Logger; +import java.util.stream.Collectors; + +/** + * Maintains user management resources. + * For now, ensures there's no discrepnacy between expected tenant/application roles and Auth0 roles + * + * @author olaa + */ +public class UserManagementMaintainer extends ControllerMaintainer { + + private final UserManagement userManagement; + + private static final Logger logger = Logger.getLogger(UserManagementMaintainer.class.getName()); + + public UserManagementMaintainer(Controller controller, Duration interval, UserManagement userManagement) { + super(controller, interval, UserManagementMaintainer.class.getSimpleName(), SystemName.allOf(SystemName::isPublic)); + this.userManagement = userManagement; + + } + + @Override + protected double maintain() { + var tenantRoles = controller().tenants().asList() + .stream() + .flatMap(tenant -> Roles.tenantRoles(tenant.name()).stream()) + .collect(Collectors.toList()); + + var applicationRoles = controller().applications().asList() + .stream() + .map(Application::id) + .flatMap(applicationId -> Roles.applicationRoles(applicationId.tenant(), applicationId.application()).stream()) + .collect(Collectors.toList()); + + var roles = userManagement.listRoles(); + + roles.forEach(role -> { + if (!tenantRoles.contains(role) && !applicationRoles.contains(role)) { + /* + Log discrepancy now + TODO: userManagement.deleteRole(role); + */ + logger.warning(String.format("Found unexpected role %s - Please investigate", role.toString())); + } + + }); + return 1.0; + } + +} diff --git a/controller-server/src/test/java/com/yahoo/vespa/hosted/controller/restapi/controller/responses/maintenance.json b/controller-server/src/test/java/com/yahoo/vespa/hosted/controller/restapi/controller/responses/maintenance.json index be51312186b..2edf1867fd3 100644 --- a/controller-server/src/test/java/com/yahoo/vespa/hosted/controller/restapi/controller/responses/maintenance.json +++ b/controller-server/src/test/java/com/yahoo/vespa/hosted/controller/restapi/controller/responses/maintenance.json @@ -100,6 +100,9 @@ "name": "Upgrader" }, { + "name": "UserManagementMaintainer" + }, + { "name": "VcmrMaintainer" }, { |