Remove cleanup-code for user tenants

author: Jon Marius Venstad <venstad@gmail.com> 2020-03-24 10:02:41 +0100
committer: Jon Marius Venstad <venstad@gmail.com> 2020-03-24 10:02:41 +0100
commit: 4a63d2244a39342f941a2b1bb3e6af6b2e4fa72e (patch)
tree: bc8bcd80a65821903b9c28a07a2e14e0509f737e /controller-server
parent: 76a82eeed23094e0f2b70b1325115b8b1e521904 (diff)
5 files changed, 11 insertions, 22 deletions
diff --git a/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/TenantController.java b/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/TenantController.java
index ae905d2b209..f64d79a2b80 100644
--- a/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/TenantController.java
+++ b/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/TenantController.java
@@ -46,13 +46,8 @@ public class TenantController {
             Instant start = controller.clock().instant();
             int count = 0;
             for (TenantName name : curator.readTenantNames()) {
-                if (name.value().startsWith(Tenant.userPrefix)) // TODO jonmv: Remove after run once.
-
-                    curator.removeTenant(name);
-                else {
-                    lockIfPresent(name, LockedTenant.class, this::store);
-                    count++;
-                }
+                lockIfPresent(name, LockedTenant.class, this::store);
+                count++;
             }
             log.log(Level.INFO, String.format("Wrote %d tenants in %s", count,
                                               Duration.between(start, controller.clock().instant())));
diff --git a/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/persistence/TenantSerializer.java b/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/persistence/TenantSerializer.java
index 9df87ab4c12..d4d5f4deb7b 100644
--- a/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/persistence/TenantSerializer.java
+++ b/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/persistence/TenantSerializer.java
@@ -108,7 +108,6 @@ public class TenantSerializer {
 
         switch (type) {
             case athenz: return athenzTenantFrom(tenantObject);
-            case user:   return null; // TODO jonmv: Remove when run once.
             case cloud:  return cloudTenantFrom(tenantObject);
             default:     throw new IllegalArgumentException("Unexpected tenant type '" + type + "'.");
         }
@@ -190,7 +189,6 @@ public class TenantSerializer {
     private static Tenant.Type typeOf(String value) {
         switch (value) {
             case "athenz": return Tenant.Type.athenz;
-            case "user":   return Tenant.Type.user;
             case "cloud":  return Tenant.Type.cloud;
             default: throw new IllegalArgumentException("Unknown tenant type '" + value + "'.");
         }
@@ -199,7 +197,6 @@ public class TenantSerializer {
     private static String valueOf(Tenant.Type type) {
         switch (type) {
             case athenz: return "athenz";
-            case user:   return "user";
             case cloud:  return "cloud";
             default: throw new IllegalArgumentException("Unexpected tenant type '" + type + "'.");
         }
diff --git a/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/restapi/filter/AthenzRoleFilter.java b/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/restapi/filter/AthenzRoleFilter.java
index 4ae3c38bdf2..afe8d156d00 100644
--- a/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/restapi/filter/AthenzRoleFilter.java
+++ b/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/restapi/filter/AthenzRoleFilter.java
@@ -100,22 +100,20 @@ public class AthenzRoleFilter extends JsonSecurityRequestFilterBase {
         }));
 
         futures.add(executor.submit(() -> {
-                    // Add all tenants that are accessible for this request
-                    athenz.accessibleTenants(tenants.asList(), new Credentials(principal))
-                          .forEach(accessibleTenant -> roleMemberships.add(Role.athenzTenantAdmin(accessibleTenant.name())));
+            // Add all tenants that are accessible for this request
+            athenz.accessibleTenants(tenants.asList(), new Credentials(principal))
+                  .forEach(accessibleTenant -> roleMemberships.add(Role.athenzTenantAdmin(accessibleTenant.name())));
         }));
 
         if (identity.getDomain().equals(SCREWDRIVER_DOMAIN) && application.isPresent() && tenant.isPresent())
-            // NOTE: Only fine-grained deploy authorization for Athenz tenants
             futures.add(executor.submit(() -> {
-                        if (   tenant.get().type() != Tenant.Type.athenz
-                            || hasDeployerAccess(identity, ((AthenzTenant) tenant.get()).domain(), application.get()))
-                            roleMemberships.add(Role.buildService(tenant.get().name(), application.get()));
+                if (hasDeployerAccess(identity, ((AthenzTenant) tenant.get()).domain(), application.get()))
+                    roleMemberships.add(Role.buildService(tenant.get().name(), application.get()));
             }));
 
         futures.add(executor.submit(() -> {
-                    if (athenz.hasSystemFlagsAccess(identity, /*dryrun*/false))
-                        roleMemberships.add(Role.systemFlagsDeployer());
+            if (athenz.hasSystemFlagsAccess(identity, /*dryrun*/false))
+                roleMemberships.add(Role.systemFlagsDeployer());
         }));
 
         // Run last request in handler thread to avoid creating extra thread.
diff --git a/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/tenant/Tenant.java b/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/tenant/Tenant.java
index d18318e5dcd..bac43517f1a 100644
--- a/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/tenant/Tenant.java
+++ b/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/tenant/Tenant.java
@@ -64,9 +64,6 @@ public abstract class Tenant {
         /** Tenant authenticated through Athenz. */
         athenz,
 
-        /** Tenant authenticated through Okta, as a user. */
-        user, // TODO jonmv: Remove.
-
         /** Tenant authenticated through some cloud identity provider. */
         cloud
 
diff --git a/controller-server/src/test/java/com/yahoo/vespa/hosted/controller/restapi/application/ApplicationApiTest.java b/controller-server/src/test/java/com/yahoo/vespa/hosted/controller/restapi/application/ApplicationApiTest.java
index c83961e315a..fd0981e8427 100644
--- a/controller-server/src/test/java/com/yahoo/vespa/hosted/controller/restapi/application/ApplicationApiTest.java
+++ b/controller-server/src/test/java/com/yahoo/vespa/hosted/controller/restapi/application/ApplicationApiTest.java
@@ -183,9 +183,11 @@ public class ApplicationApiTest extends ControllerContainerTest {
         // PUT a user tenant — does nothing
         tester.assertResponse(request("/application/v4/user", PUT).userIdentity(USER_ID),
                               "");
+
         // GET the authenticated user which now exists (with associated tenants)
         tester.assertResponse(request("/application/v4/user", GET).userIdentity(USER_ID),
                               new File("user.json"));
+
         // DELETE the user — it doesn't exist, so access control fails
         tester.assertResponse(request("/application/v4/tenant/by-myuser", DELETE).userIdentity(USER_ID),
                               "{\n  \"code\" : 403,\n  \"message\" : \"Access denied\"\n}", 403);
author	Jon Marius Venstad <venstad@gmail.com>	2020-03-24 10:02:41 +0100
committer	Jon Marius Venstad <venstad@gmail.com>	2020-03-24 10:02:41 +0100
commit	4a63d2244a39342f941a2b1bb3e6af6b2e4fa72e (patch)
tree	bc8bcd80a65821903b9c28a07a2e14e0509f737e /controller-server
parent	76a82eeed23094e0f2b70b1325115b8b1e521904 (diff)