diff options
author | Martin Polden <mpolden@mpolden.no> | 2019-09-10 12:34:50 +0200 |
---|---|---|
committer | GitHub <noreply@github.com> | 2019-09-10 12:34:50 +0200 |
commit | 54191f07d60ea084011c764fd48e2180484c30c0 (patch) | |
tree | de3cd3828088bd1d101ecf7259984ce35197071f /controller-server | |
parent | 0c72768ea7290ebd3792201636bdca3b005ddf82 (diff) | |
parent | 4b98938fec3e69214c83caccebfe8a2eadae3a1f (diff) |
Merge pull request #10583 from vespa-engine/mpolden/create-dns-names-in-controller
Move shared controller classes to controller-api
Diffstat (limited to 'controller-server')
19 files changed, 65 insertions, 486 deletions
diff --git a/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/ApplicationController.java b/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/ApplicationController.java index 06baa0a7720..caed78b2d25 100644 --- a/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/ApplicationController.java +++ b/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/ApplicationController.java @@ -28,7 +28,6 @@ import com.yahoo.vespa.hosted.controller.api.application.v4.model.configserverbi import com.yahoo.vespa.hosted.controller.api.identifiers.DeploymentId; import com.yahoo.vespa.hosted.controller.api.identifiers.Hostname; import com.yahoo.vespa.hosted.controller.api.identifiers.RevisionId; -import com.yahoo.vespa.hosted.controller.api.integration.BuildService; import com.yahoo.vespa.hosted.controller.api.integration.certificates.ApplicationCertificate; import com.yahoo.vespa.hosted.controller.api.integration.configserver.ConfigServer; import com.yahoo.vespa.hosted.controller.api.integration.configserver.ConfigServerException; @@ -52,6 +51,7 @@ import com.yahoo.vespa.hosted.controller.application.Deployment; import com.yahoo.vespa.hosted.controller.application.DeploymentMetrics; import com.yahoo.vespa.hosted.controller.application.DeploymentSpecValidator; import com.yahoo.vespa.hosted.controller.application.Endpoint; +import com.yahoo.vespa.hosted.controller.application.EndpointId; import com.yahoo.vespa.hosted.controller.application.JobList; import com.yahoo.vespa.hosted.controller.application.JobStatus; import com.yahoo.vespa.hosted.controller.application.JobStatus.JobRun; @@ -95,6 +95,7 @@ import java.util.function.Consumer; import java.util.logging.Level; import java.util.logging.Logger; import java.util.stream.Collectors; +import java.util.stream.Stream; import static com.yahoo.vespa.hosted.controller.api.integration.configserver.Node.State.active; import static com.yahoo.vespa.hosted.controller.api.integration.configserver.Node.State.reserved; @@ -521,12 +522,37 @@ public class ApplicationController { if(applicationCertificate.isPresent()) return applicationCertificate; - ApplicationCertificate newCertificate = controller.serviceRegistry().applicationCertificateProvider().requestCaSignedCertificate(application.id()); + ApplicationCertificate newCertificate = controller.serviceRegistry().applicationCertificateProvider().requestCaSignedCertificate(application.id(), dnsNamesOf(application.id())); curator.writeApplicationCertificate(application.id(), newCertificate); return Optional.of(newCertificate); } + /** Returns all valid DNS names of given application */ + private List<String> dnsNamesOf(ApplicationId applicationId) { + List<String> endpointDnsNames = new ArrayList<>(); + + // We add first an endpoint name based on a hash of the applicationId, + // as the certificate provider requires the first CN to be < 64 characters long. + endpointDnsNames.add(Endpoint.createHashedCn(applicationId, controller.system())); + + var globalDefaultEndpoint = Endpoint.of(applicationId).named(EndpointId.default_()); + var rotationEndpoints = Endpoint.of(applicationId).wildcard(); + + var zoneLocalEndpoints = controller.zoneRegistry().zones().directlyRouted().zones().stream().flatMap(zone -> Stream.of( + Endpoint.of(applicationId).target(ClusterSpec.Id.from("default"), zone.getId()), + Endpoint.of(applicationId).wildcard(zone.getId()) + )); + + Stream.concat(Stream.of(globalDefaultEndpoint, rotationEndpoints), zoneLocalEndpoints) + .map(Endpoint.EndpointBuilder::directRouting) + .map(endpoint -> endpoint.on(Endpoint.Port.tls())) + .map(endpointBuilder -> endpointBuilder.in(controller.system())) + .map(Endpoint::dnsName).forEach(endpointDnsNames::add); + + return Collections.unmodifiableList(endpointDnsNames); + } + private ActivateResult unexpectedDeployment(ApplicationId application, ZoneId zone) { Log logEntry = new Log(); logEntry.level = "WARNING"; diff --git a/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/athenz/ApplicationAction.java b/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/athenz/ApplicationAction.java deleted file mode 100644 index 8614414dc95..00000000000 --- a/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/athenz/ApplicationAction.java +++ /dev/null @@ -1,17 +0,0 @@ -// Copyright 2017 Yahoo Holdings. Licensed under the terms of the Apache 2.0 license. See LICENSE in the project root. -package com.yahoo.vespa.hosted.controller.athenz; - -/** - * @author bjorncs - */ -public enum ApplicationAction { - deploy("deployer"), - read("reader"), - write("writer"); - - public final String roleName; - - ApplicationAction(String roleName) { - this.roleName = roleName; - } -} diff --git a/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/athenz/impl/AthenzFacade.java b/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/athenz/impl/AthenzFacade.java index 9257855eb6c..91f9e2d56d7 100644 --- a/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/athenz/impl/AthenzFacade.java +++ b/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/athenz/impl/AthenzFacade.java @@ -18,7 +18,7 @@ import com.yahoo.vespa.athenz.client.zms.ZmsClient; import com.yahoo.vespa.athenz.client.zts.ZtsClient; import com.yahoo.vespa.hosted.controller.Application; import com.yahoo.vespa.hosted.controller.api.integration.athenz.AthenzClientFactory; -import com.yahoo.vespa.hosted.controller.athenz.ApplicationAction; +import com.yahoo.vespa.hosted.controller.api.integration.athenz.ApplicationAction; import com.yahoo.vespa.hosted.controller.security.AccessControl; import com.yahoo.vespa.hosted.controller.security.AthenzCredentials; import com.yahoo.vespa.hosted.controller.security.AthenzTenantSpec; diff --git a/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/athenz/mock/AthenzClientFactoryMock.java b/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/athenz/mock/AthenzClientFactoryMock.java deleted file mode 100644 index f9f449121e0..00000000000 --- a/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/athenz/mock/AthenzClientFactoryMock.java +++ /dev/null @@ -1,55 +0,0 @@ -// Copyright 2017 Yahoo Holdings. Licensed under the terms of the Apache 2.0 license. See LICENSE in the project root. -package com.yahoo.vespa.hosted.controller.athenz.mock; - -import com.google.inject.Inject; -import com.yahoo.component.AbstractComponent; -import com.yahoo.vespa.athenz.api.AthenzService; -import com.yahoo.vespa.athenz.client.zms.ZmsClient; -import com.yahoo.vespa.athenz.client.zts.ZtsClient; -import com.yahoo.vespa.hosted.controller.api.integration.athenz.AthenzClientFactory; - -import java.util.logging.Level; -import java.util.logging.Logger; - -/** - * @author bjorncs - */ -public class AthenzClientFactoryMock extends AbstractComponent implements AthenzClientFactory { - - private static final Logger log = Logger.getLogger(AthenzClientFactoryMock.class.getName()); - - private final AthenzDbMock athenz; - - @Inject - public AthenzClientFactoryMock() { - this(new AthenzDbMock()); - } - - public AthenzClientFactoryMock(AthenzDbMock athenz) { - this.athenz = athenz; - } - - public AthenzDbMock getSetup() { - return athenz; - } - - @Override - public AthenzService getControllerIdentity() { - return new AthenzService("vespa.hosting"); - } - - @Override - public ZmsClient createZmsClient() { - return new ZmsClientMock(athenz, getControllerIdentity()); - } - - @Override - public ZtsClient createZtsClient() { - return new ZtsClientMock(athenz); - } - - private static void log(String format, Object... args) { - log.log(Level.INFO, String.format(format, args)); - } - -} diff --git a/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/athenz/mock/AthenzDbMock.java b/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/athenz/mock/AthenzDbMock.java deleted file mode 100644 index 4d9296ea18d..00000000000 --- a/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/athenz/mock/AthenzDbMock.java +++ /dev/null @@ -1,94 +0,0 @@ -// Copyright 2017 Yahoo Holdings. Licensed under the terms of the Apache 2.0 license. See LICENSE in the project root. -package com.yahoo.vespa.hosted.controller.athenz.mock; - -import com.yahoo.vespa.athenz.api.AthenzDomain; -import com.yahoo.vespa.athenz.api.AthenzIdentity; -import com.yahoo.vespa.hosted.controller.api.identifiers.ApplicationId; -import com.yahoo.vespa.hosted.controller.athenz.ApplicationAction; - -import java.util.ArrayList; -import java.util.HashMap; -import java.util.HashSet; -import java.util.List; -import java.util.Map; -import java.util.Set; - -/** - * @author bjorncs - */ -public class AthenzDbMock { - - public final Map<AthenzDomain, Domain> domains = new HashMap<>(); - public final List<AthenzIdentity> hostedOperators = new ArrayList<>(); - - public AthenzDbMock addDomain(Domain domain) { - domains.put(domain.name, domain); - return this; - } - - public Domain getOrCreateDomain(AthenzDomain domain) { - return domains.computeIfAbsent(domain, Domain::new); - } - - public AthenzDbMock addHostedOperator(AthenzIdentity athenzIdentity) { - hostedOperators.add(athenzIdentity); - return this; - } - - public static class Domain { - - public final AthenzDomain name; - public final Set<AthenzIdentity> admins = new HashSet<>(); - public final Set<AthenzIdentity> tenantAdmins = new HashSet<>(); - public final Map<ApplicationId, Application> applications = new HashMap<>(); - public final Map<String, Service> services = new HashMap<>(); - public boolean isVespaTenant = false; - - public Domain(AthenzDomain name) { - this.name = name; - } - - public Domain admin(AthenzIdentity identity) { - admins.add(identity); - return this; - } - - public Domain tenantAdmin(AthenzIdentity identity) { - tenantAdmins.add(identity); - return this; - } - - /** - * Simulates establishing Vespa tenancy in Athens. - */ - public void markAsVespaTenant() { - isVespaTenant = true; - } - - } - - public static class Application { - - public final Map<ApplicationAction, Set<AthenzIdentity>> acl = new HashMap<>(); - - public Application() { - acl.put(ApplicationAction.deploy, new HashSet<>()); - acl.put(ApplicationAction.read, new HashSet<>()); - acl.put(ApplicationAction.write, new HashSet<>()); - } - - public Application addRoleMember(ApplicationAction action, AthenzIdentity identity) { - acl.get(action).add(identity); - return this; - } - } - - public static class Service { - - public final boolean allowLaunch; - - public Service(boolean allowLaunch) { - this.allowLaunch = allowLaunch; - } - } -} diff --git a/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/athenz/mock/ZmsClientMock.java b/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/athenz/mock/ZmsClientMock.java deleted file mode 100644 index 01f77795c4b..00000000000 --- a/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/athenz/mock/ZmsClientMock.java +++ /dev/null @@ -1,160 +0,0 @@ -// Copyright 2017 Yahoo Holdings. Licensed under the terms of the Apache 2.0 license. See LICENSE in the project root. -package com.yahoo.vespa.hosted.controller.athenz.mock; - -import com.yahoo.vespa.athenz.api.AthenzDomain; -import com.yahoo.vespa.athenz.api.AthenzIdentity; -import com.yahoo.vespa.athenz.api.AthenzResourceName; -import com.yahoo.vespa.athenz.api.AthenzRole; -import com.yahoo.vespa.athenz.api.OktaAccessToken; -import com.yahoo.vespa.athenz.client.zms.RoleAction; -import com.yahoo.vespa.athenz.client.zms.ZmsClient; -import com.yahoo.vespa.athenz.client.zms.ZmsClientException; -import com.yahoo.vespa.hosted.controller.api.identifiers.ApplicationId; -import com.yahoo.vespa.hosted.controller.athenz.ApplicationAction; - -import java.util.ArrayList; -import java.util.List; -import java.util.Optional; -import java.util.Set; -import java.util.logging.Level; -import java.util.logging.Logger; -import java.util.regex.Matcher; -import java.util.regex.Pattern; - -/** - * @author bjorncs - */ -public class ZmsClientMock implements ZmsClient { - - private static final Logger log = Logger.getLogger(ZmsClientMock.class.getName()); - - private final AthenzDbMock athenz; - private final AthenzIdentity controllerIdentity; - private static final Pattern TENANT_RESOURCE_PATTERN = Pattern.compile("service\\.hosting\\.tenant\\.(?<tenantDomain>[\\w\\-_]+)\\..*"); - private static final Pattern APPLICATION_RESOURCE_PATTERN = Pattern.compile("service\\.hosting\\.tenant\\.[\\w\\-_]+\\.res_group\\.(?<resourceGroup>[\\w\\-_]+)\\.wildcard"); - - public ZmsClientMock(AthenzDbMock athenz, AthenzIdentity controllerIdentity) { - this.athenz = athenz; - this.controllerIdentity = controllerIdentity; - } - - @Override - public void createTenancy(AthenzDomain tenantDomain, AthenzIdentity providerService, OktaAccessToken token) { - log("createTenancy(tenantDomain='%s')", tenantDomain); - getDomainOrThrow(tenantDomain, false).isVespaTenant = true; - } - - @Override - public void deleteTenancy(AthenzDomain tenantDomain, AthenzIdentity providerService, OktaAccessToken token) { - log("deleteTenancy(tenantDomain='%s')", tenantDomain); - AthenzDbMock.Domain domain = getDomainOrThrow(tenantDomain, false); - domain.isVespaTenant = false; - domain.applications.clear(); - domain.tenantAdmins.clear(); - } - - @Override - public void createProviderResourceGroup(AthenzDomain tenantDomain, AthenzIdentity providerService, String resourceGroup, Set<RoleAction> roleActions, OktaAccessToken token) { - log("createProviderResourceGroup(tenantDomain='%s', resourceGroup='%s')", tenantDomain, resourceGroup); - AthenzDbMock.Domain domain = getDomainOrThrow(tenantDomain, true); - ApplicationId applicationId = new ApplicationId(resourceGroup); - if (!domain.applications.containsKey(applicationId)) { - domain.applications.put(applicationId, new AthenzDbMock.Application()); - } - } - - @Override - public void deleteProviderResourceGroup(AthenzDomain tenantDomain, AthenzIdentity providerService, String resourceGroup, OktaAccessToken token) { - log("deleteProviderResourceGroup(tenantDomain='%s', resourceGroup='%s')", tenantDomain, resourceGroup); - getDomainOrThrow(tenantDomain, true).applications.remove(new ApplicationId(resourceGroup)); - } - - @Override - public boolean getMembership(AthenzRole role, AthenzIdentity identity) { - if (role.roleName().equals("admin")) { - return getDomainOrThrow(role.domain(), false).admins.contains(identity); - } - return false; - } - - @Override - public List<AthenzDomain> getDomainList(String prefix) { - log("getDomainList()"); - return new ArrayList<>(athenz.domains.keySet()); - } - - @Override - public boolean hasAccess(AthenzResourceName resource, String action, AthenzIdentity identity) { - log("hasAccess(resource=%s, action=%s, identity=%s)", resource, action, identity); - if (resource.getDomain().equals(this.controllerIdentity.getDomain())) { - if (isHostedOperator(identity)) { - return true; - } - if (resource.getEntityName().startsWith("service.hosting.tenant.")) { - AthenzDomain tenantDomainName = getTenantDomain(resource); - AthenzDbMock.Domain tenantDomain = getDomainOrThrow(tenantDomainName, true); - if (tenantDomain.admins.contains(identity)) { - return true; - } - if (resource.getEntityName().contains(".res_group.")) { - ApplicationId applicationName = new ApplicationId(getResourceGroupName(resource)); - AthenzDbMock.Application application = tenantDomain.applications.get(applicationName); - if (application == null) { - throw zmsException(400, "Application '%s' not found", applicationName); - } - return application.acl.get(ApplicationAction.valueOf(action)).contains(identity); - } - return false; - } - return false; - } else if ("launch".equals(action)){ - AthenzDbMock.Domain domain = getDomainOrThrow(resource.getDomain(), false); - String serviceName = resource.getEntityName().replace("service.",""); - if(!domain.services.containsKey(serviceName)) return false; - AthenzDbMock.Service service = domain.services.get(serviceName); - return service.allowLaunch; - } - return false; - } - - @Override - public void close() {} - - private static AthenzDomain getTenantDomain(AthenzResourceName resource) { - Matcher matcher = TENANT_RESOURCE_PATTERN.matcher(resource.getEntityName()); - if (!matcher.matches()) { - throw new IllegalArgumentException(resource.toResourceNameString()); - } - return new AthenzDomain(matcher.group("tenantDomain")); - } - - private static String getResourceGroupName(AthenzResourceName resource) { - Matcher matcher = APPLICATION_RESOURCE_PATTERN.matcher(resource.getEntityName()); - if (!matcher.matches()) { - throw new IllegalArgumentException(resource.toResourceNameString()); - } - return matcher.group("resourceGroup"); - } - - private AthenzDbMock.Domain getDomainOrThrow(AthenzDomain domainName, boolean verifyVespaTenant) { - AthenzDbMock.Domain domain = Optional.ofNullable(athenz.domains.get(domainName)) - .orElseThrow(() -> zmsException(400, "Domain '%s' not found", domainName)); - if (verifyVespaTenant && !domain.isVespaTenant) { - throw zmsException(400, "Domain not a Vespa tenant: '%s'", domainName); - } - return domain; - } - - private boolean isHostedOperator(AthenzIdentity identity) { - return athenz.hostedOperators.contains(identity); - } - - private static ZmsClientException zmsException(int code, String message, Object... args) { - return new ZmsClientException(code, String.format(message, args)); - } - - private static void log(String format, Object... args) { - log.log(Level.INFO, String.format(format, args)); - } - -} diff --git a/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/athenz/mock/ZtsClientMock.java b/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/athenz/mock/ZtsClientMock.java deleted file mode 100644 index a2217246c1d..00000000000 --- a/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/athenz/mock/ZtsClientMock.java +++ /dev/null @@ -1,95 +0,0 @@ -// Copyright 2017 Yahoo Holdings. Licensed under the terms of the Apache 2.0 license. See LICENSE in the project root. -package com.yahoo.vespa.hosted.controller.athenz.mock; - -import com.yahoo.security.Pkcs10Csr; -import com.yahoo.vespa.athenz.api.AthenzDomain; -import com.yahoo.vespa.athenz.api.AthenzIdentity; -import com.yahoo.vespa.athenz.api.AthenzRole; -import com.yahoo.vespa.athenz.api.AwsRole; -import com.yahoo.vespa.athenz.api.AwsTemporaryCredentials; -import com.yahoo.vespa.athenz.api.ZToken; -import com.yahoo.vespa.athenz.client.zts.Identity; -import com.yahoo.vespa.athenz.client.zts.InstanceIdentity; -import com.yahoo.vespa.athenz.client.zts.ZtsClient; - -import java.security.KeyPair; -import java.security.cert.X509Certificate; -import java.time.Duration; -import java.util.List; -import java.util.logging.Level; -import java.util.logging.Logger; - -import static java.util.stream.Collectors.toList; - -/** - * @author bjorncs - */ -public class ZtsClientMock implements ZtsClient { - private static final Logger log = Logger.getLogger(ZtsClientMock.class.getName()); - - private final AthenzDbMock athenz; - - public ZtsClientMock(AthenzDbMock athenz) { - this.athenz = athenz; - } - - @Override - public List<AthenzDomain> getTenantDomains(AthenzIdentity providerIdentity, AthenzIdentity userIdentity, String roleName) { - log.log(Level.INFO, String.format("getTenantDomains(providerIdentity='%s', userIdentity='%s', roleName='%s')", - providerIdentity.getFullName(), userIdentity.getFullName(), roleName)); - return athenz.domains.values().stream() - .filter(domain -> domain.tenantAdmins.contains(userIdentity) || domain.admins.contains(userIdentity)) - .map(domain -> domain.name) - .collect(toList()); - } - - @Override - public InstanceIdentity registerInstance(AthenzIdentity providerIdentity, AthenzIdentity instanceIdentity, String attestationData, Pkcs10Csr csr) { - throw new UnsupportedOperationException(); - } - - @Override - public InstanceIdentity refreshInstance(AthenzIdentity providerIdentity, AthenzIdentity instanceIdentity, String instanceId, Pkcs10Csr csr) { - throw new UnsupportedOperationException(); - } - - @Override - public Identity getServiceIdentity(AthenzIdentity identity, String keyId, Pkcs10Csr csr) { - throw new UnsupportedOperationException(); - } - - @Override - public Identity getServiceIdentity(AthenzIdentity identity, String keyId, KeyPair keyPair, String dnsSuffix) { - throw new UnsupportedOperationException(); - } - - @Override - public ZToken getRoleToken(AthenzDomain domain) { - throw new UnsupportedOperationException(); - } - - @Override - public ZToken getRoleToken(AthenzRole athenzRole) { - throw new UnsupportedOperationException(); - } - - @Override - public X509Certificate getRoleCertificate(AthenzRole role, Pkcs10Csr csr, Duration expiry) { - throw new UnsupportedOperationException(); - } - - @Override - public X509Certificate getRoleCertificate(AthenzRole role, Pkcs10Csr csr) { - throw new UnsupportedOperationException(); - } - - @Override - public AwsTemporaryCredentials getAwsTemporaryCredentials(AthenzDomain athenzDomain, AwsRole awsRole, Duration duration, String externalId) { - throw new UnsupportedOperationException(); - } - - @Override - public void close() { - - } -} diff --git a/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/restapi/cost/CostReportConsumerMock.java b/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/restapi/cost/CostReportConsumerMock.java deleted file mode 100644 index 5c16560b509..00000000000 --- a/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/restapi/cost/CostReportConsumerMock.java +++ /dev/null @@ -1,38 +0,0 @@ -package com.yahoo.vespa.hosted.controller.restapi.cost; - -import com.yahoo.vespa.hosted.controller.api.identifiers.Property; -import com.yahoo.vespa.hosted.controller.api.integration.resource.CostReportConsumer; -import com.yahoo.vespa.hosted.controller.api.integration.resource.ResourceAllocation; - -import java.util.Map; -import java.util.function.Consumer; - -/** - * @author ldalves - */ -public class CostReportConsumerMock implements CostReportConsumer { - - private final Consumer<String> csvConsumer; - private final Map<Property, ResourceAllocation> fixedAllocations; - - public CostReportConsumerMock() { - this.csvConsumer = (ignored) -> {}; - this.fixedAllocations = Map.of(); - } - - public CostReportConsumerMock(Consumer<String> csvConsumer, Map<Property, ResourceAllocation> fixedAllocations) { - this.csvConsumer = csvConsumer; - this.fixedAllocations = Map.copyOf(fixedAllocations); - } - - @Override - public void consume(String csv) { - csvConsumer.accept(csv); - } - - @Override - public Map<Property, ResourceAllocation> fixedAllocations() { - return fixedAllocations; - } - -} diff --git a/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/restapi/filter/AthenzRoleFilter.java b/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/restapi/filter/AthenzRoleFilter.java index 5f9313053f8..76546cfb929 100644 --- a/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/restapi/filter/AthenzRoleFilter.java +++ b/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/restapi/filter/AthenzRoleFilter.java @@ -3,7 +3,6 @@ package com.yahoo.vespa.hosted.controller.restapi.filter; import com.google.inject.Inject; import com.yahoo.config.provision.ApplicationName; import com.yahoo.config.provision.TenantName; -import com.yahoo.jdisc.Response; import com.yahoo.jdisc.http.filter.DiscFilterRequest; import com.yahoo.jdisc.http.filter.security.base.JsonSecurityRequestFilterBase; import com.yahoo.log.LogLevel; @@ -17,7 +16,7 @@ import com.yahoo.vespa.hosted.controller.TenantController; import com.yahoo.vespa.hosted.controller.api.integration.athenz.AthenzClientFactory; import com.yahoo.vespa.hosted.controller.api.role.Role; import com.yahoo.vespa.hosted.controller.api.role.SecurityContext; -import com.yahoo.vespa.hosted.controller.athenz.ApplicationAction; +import com.yahoo.vespa.hosted.controller.api.integration.athenz.ApplicationAction; import com.yahoo.vespa.hosted.controller.athenz.impl.AthenzFacade; import com.yahoo.vespa.hosted.controller.tenant.AthenzTenant; import com.yahoo.vespa.hosted.controller.tenant.Tenant; diff --git a/controller-server/src/test/java/com/yahoo/vespa/hosted/controller/ControllerTest.java b/controller-server/src/test/java/com/yahoo/vespa/hosted/controller/ControllerTest.java index 6155191fb8f..d25a364904c 100644 --- a/controller-server/src/test/java/com/yahoo/vespa/hosted/controller/ControllerTest.java +++ b/controller-server/src/test/java/com/yahoo/vespa/hosted/controller/ControllerTest.java @@ -709,6 +709,19 @@ public class ControllerTest { tester.deployCompletely(app1, applicationPackage); var cert = certificate.apply(app1); assertTrue("Provisions certificate in " + Environment.prod, cert.isPresent()); + assertEquals(List.of( + "vznqtz7a5ygwjkbhhj7ymxvlrekgt4l6g.vespa.oath.cloud", + "app1.tenant1.global.vespa.oath.cloud", + "*.app1.tenant1.global.vespa.oath.cloud", + "app1.tenant1.us-east-3.vespa.oath.cloud", + "*.app1.tenant1.us-east-3.vespa.oath.cloud", + "app1.tenant1.us-west-1.vespa.oath.cloud", + "*.app1.tenant1.us-west-1.vespa.oath.cloud", + "app1.tenant1.us-central-1.vespa.oath.cloud", + "*.app1.tenant1.us-central-1.vespa.oath.cloud", + "app1.tenant1.eu-west-1.vespa.oath.cloud", + "*.app1.tenant1.eu-west-1.vespa.oath.cloud" + ), tester.controllerTester().serviceRegistry().applicationCertificateMock().dnsNamesOf(app1.id())); // Next deployment reuses certificate tester.deployCompletely(app1, applicationPackage, BuildJob.defaultBuildNumber + 1); diff --git a/controller-server/src/test/java/com/yahoo/vespa/hosted/controller/ControllerTester.java b/controller-server/src/test/java/com/yahoo/vespa/hosted/controller/ControllerTester.java index 29a00784e6d..b270474ba7d 100644 --- a/controller-server/src/test/java/com/yahoo/vespa/hosted/controller/ControllerTester.java +++ b/controller-server/src/test/java/com/yahoo/vespa/hosted/controller/ControllerTester.java @@ -28,8 +28,8 @@ import com.yahoo.vespa.hosted.controller.api.integration.organization.Contact; import com.yahoo.vespa.hosted.controller.api.integration.stubs.MockMavenRepository; import com.yahoo.vespa.hosted.controller.application.ApplicationPackage; import com.yahoo.vespa.hosted.controller.athenz.impl.AthenzFacade; -import com.yahoo.vespa.hosted.controller.athenz.mock.AthenzClientFactoryMock; -import com.yahoo.vespa.hosted.controller.athenz.mock.AthenzDbMock; +import com.yahoo.vespa.hosted.controller.api.integration.athenz.AthenzClientFactoryMock; +import com.yahoo.vespa.hosted.controller.api.integration.athenz.AthenzDbMock; import com.yahoo.vespa.hosted.controller.integration.ConfigServerMock; import com.yahoo.vespa.hosted.controller.integration.ServiceRegistryMock; import com.yahoo.vespa.hosted.controller.integration.ZoneRegistryMock; diff --git a/controller-server/src/test/java/com/yahoo/vespa/hosted/controller/deployment/InternalDeploymentTester.java b/controller-server/src/test/java/com/yahoo/vespa/hosted/controller/deployment/InternalDeploymentTester.java index 2691a152f77..a20e768fb02 100644 --- a/controller-server/src/test/java/com/yahoo/vespa/hosted/controller/deployment/InternalDeploymentTester.java +++ b/controller-server/src/test/java/com/yahoo/vespa/hosted/controller/deployment/InternalDeploymentTester.java @@ -5,7 +5,6 @@ import com.yahoo.component.Version; import com.yahoo.config.provision.ApplicationId; import com.yahoo.config.provision.AthenzDomain; import com.yahoo.config.provision.AthenzService; -import com.yahoo.config.provision.SystemName; import com.yahoo.log.LogLevel; import com.yahoo.security.KeyAlgorithm; import com.yahoo.security.KeyUtils; @@ -24,7 +23,7 @@ import com.yahoo.vespa.hosted.controller.api.integration.stubs.MockTesterCloud; import com.yahoo.config.provision.zone.ZoneId; import com.yahoo.vespa.hosted.controller.application.ApplicationPackage; import com.yahoo.vespa.hosted.controller.api.integration.deployment.ApplicationVersion; -import com.yahoo.vespa.hosted.controller.athenz.mock.AthenzDbMock; +import com.yahoo.vespa.hosted.controller.api.integration.athenz.AthenzDbMock; import com.yahoo.vespa.hosted.controller.integration.ConfigServerMock; import com.yahoo.vespa.hosted.controller.integration.RoutingGeneratorMock; import com.yahoo.vespa.hosted.controller.maintenance.JobControl; @@ -38,11 +37,8 @@ import java.security.cert.X509Certificate; import java.time.Duration; import java.time.Instant; import java.util.Collections; -import java.util.List; import java.util.Optional; import java.util.logging.Logger; -import java.util.stream.Collectors; -import java.util.stream.IntStream; import static com.yahoo.vespa.hosted.controller.deployment.RunStatus.aborted; import static com.yahoo.vespa.hosted.controller.deployment.Step.Status.unfinished; diff --git a/controller-server/src/test/java/com/yahoo/vespa/hosted/controller/integration/ServiceRegistryMock.java b/controller-server/src/test/java/com/yahoo/vespa/hosted/controller/integration/ServiceRegistryMock.java index 101a5d78b1e..1c4aeb49971 100644 --- a/controller-server/src/test/java/com/yahoo/vespa/hosted/controller/integration/ServiceRegistryMock.java +++ b/controller-server/src/test/java/com/yahoo/vespa/hosted/controller/integration/ServiceRegistryMock.java @@ -38,7 +38,7 @@ import com.yahoo.vespa.hosted.controller.api.integration.stubs.MockMailer; import com.yahoo.vespa.hosted.controller.api.integration.stubs.MockMeteringClient; import com.yahoo.vespa.hosted.controller.api.integration.stubs.MockRunDataStore; import com.yahoo.vespa.hosted.controller.api.integration.stubs.MockTesterCloud; -import com.yahoo.vespa.hosted.controller.restapi.cost.CostReportConsumerMock; +import com.yahoo.vespa.hosted.controller.api.integration.resource.CostReportConsumerMock; /** * A mock implementation of a {@link ServiceRegistry} for testing purposes. @@ -201,4 +201,8 @@ public class ServiceRegistryMock extends AbstractComponent implements ServiceReg return mockBuildService; } + public ApplicationCertificateMock applicationCertificateMock() { + return applicationCertificateMock; + } + } diff --git a/controller-server/src/test/java/com/yahoo/vespa/hosted/controller/maintenance/CostReportMaintainerTest.java b/controller-server/src/test/java/com/yahoo/vespa/hosted/controller/maintenance/CostReportMaintainerTest.java index bc68491d8dd..9867ea4bdc2 100644 --- a/controller-server/src/test/java/com/yahoo/vespa/hosted/controller/maintenance/CostReportMaintainerTest.java +++ b/controller-server/src/test/java/com/yahoo/vespa/hosted/controller/maintenance/CostReportMaintainerTest.java @@ -4,7 +4,7 @@ import com.yahoo.vespa.hosted.controller.ControllerTester; import com.yahoo.vespa.hosted.controller.api.identifiers.Property; import com.yahoo.vespa.hosted.controller.api.integration.resource.ResourceAllocation; import com.yahoo.vespa.hosted.controller.integration.ZoneApiMock; -import com.yahoo.vespa.hosted.controller.restapi.cost.CostReportConsumerMock; +import com.yahoo.vespa.hosted.controller.api.integration.resource.CostReportConsumerMock; import org.junit.Test; import java.time.Duration; diff --git a/controller-server/src/test/java/com/yahoo/vespa/hosted/controller/restapi/ContainerControllerTester.java b/controller-server/src/test/java/com/yahoo/vespa/hosted/controller/restapi/ContainerControllerTester.java index 648dd10378a..ea051efcd02 100644 --- a/controller-server/src/test/java/com/yahoo/vespa/hosted/controller/restapi/ContainerControllerTester.java +++ b/controller-server/src/test/java/com/yahoo/vespa/hosted/controller/restapi/ContainerControllerTester.java @@ -21,10 +21,10 @@ import com.yahoo.vespa.hosted.controller.api.integration.deployment.JobType; import com.yahoo.vespa.hosted.controller.api.integration.stubs.MockBuildService; import com.yahoo.vespa.hosted.controller.application.ApplicationPackage; import com.yahoo.vespa.hosted.controller.application.DeploymentJobs; -import com.yahoo.vespa.hosted.controller.athenz.ApplicationAction; +import com.yahoo.vespa.hosted.controller.api.integration.athenz.ApplicationAction; import com.yahoo.vespa.hosted.controller.athenz.HostedAthenzIdentities; -import com.yahoo.vespa.hosted.controller.athenz.mock.AthenzClientFactoryMock; -import com.yahoo.vespa.hosted.controller.athenz.mock.AthenzDbMock; +import com.yahoo.vespa.hosted.controller.api.integration.athenz.AthenzClientFactoryMock; +import com.yahoo.vespa.hosted.controller.api.integration.athenz.AthenzDbMock; import com.yahoo.vespa.hosted.controller.deployment.BuildJob; import com.yahoo.vespa.hosted.controller.deployment.DeploymentSteps; import com.yahoo.vespa.hosted.controller.maintenance.JobControl; diff --git a/controller-server/src/test/java/com/yahoo/vespa/hosted/controller/restapi/ControllerContainerTest.java b/controller-server/src/test/java/com/yahoo/vespa/hosted/controller/restapi/ControllerContainerTest.java index 0cfb79a0743..f08dc18a58b 100644 --- a/controller-server/src/test/java/com/yahoo/vespa/hosted/controller/restapi/ControllerContainerTest.java +++ b/controller-server/src/test/java/com/yahoo/vespa/hosted/controller/restapi/ControllerContainerTest.java @@ -9,7 +9,7 @@ import com.yahoo.config.provision.SystemName; import com.yahoo.vespa.athenz.api.AthenzIdentity; import com.yahoo.vespa.athenz.api.AthenzUser; import com.yahoo.vespa.athenz.api.OktaAccessToken; -import com.yahoo.vespa.hosted.controller.athenz.mock.AthenzClientFactoryMock; +import com.yahoo.vespa.hosted.controller.api.integration.athenz.AthenzClientFactoryMock; import org.junit.After; import org.junit.Before; @@ -63,7 +63,7 @@ public class ControllerContainerTest { " <component id='com.yahoo.vespa.configserver.flags.db.FlagsDbImpl'/>\n" + " <component id='com.yahoo.vespa.curator.mock.MockCurator'/>\n" + " <component id='com.yahoo.vespa.hosted.controller.persistence.MockCuratorDb'/>\n" + - " <component id='com.yahoo.vespa.hosted.controller.athenz.mock.AthenzClientFactoryMock'/>\n" + + " <component id='com.yahoo.vespa.hosted.controller.api.integration.athenz.AthenzClientFactoryMock'/>\n" + " <component id='com.yahoo.vespa.hosted.controller.integration.ZoneRegistryMock'/>\n" + " <component id='com.yahoo.vespa.hosted.controller.integration.ServiceRegistryMock'/>\n" + " <component id='com.yahoo.vespa.hosted.controller.Controller'/>\n" + diff --git a/controller-server/src/test/java/com/yahoo/vespa/hosted/controller/restapi/application/ApplicationApiTest.java b/controller-server/src/test/java/com/yahoo/vespa/hosted/controller/restapi/application/ApplicationApiTest.java index c6cd388d75f..2999b2142de 100644 --- a/controller-server/src/test/java/com/yahoo/vespa/hosted/controller/restapi/application/ApplicationApiTest.java +++ b/controller-server/src/test/java/com/yahoo/vespa/hosted/controller/restapi/application/ApplicationApiTest.java @@ -48,10 +48,10 @@ import com.yahoo.vespa.hosted.controller.application.DeploymentMetrics; import com.yahoo.vespa.hosted.controller.application.EndpointId; import com.yahoo.vespa.hosted.controller.application.JobStatus; import com.yahoo.vespa.hosted.controller.application.RoutingPolicy; -import com.yahoo.vespa.hosted.controller.athenz.ApplicationAction; +import com.yahoo.vespa.hosted.controller.api.integration.athenz.ApplicationAction; import com.yahoo.vespa.hosted.controller.athenz.HostedAthenzIdentities; -import com.yahoo.vespa.hosted.controller.athenz.mock.AthenzClientFactoryMock; -import com.yahoo.vespa.hosted.controller.athenz.mock.AthenzDbMock; +import com.yahoo.vespa.hosted.controller.api.integration.athenz.AthenzClientFactoryMock; +import com.yahoo.vespa.hosted.controller.api.integration.athenz.AthenzDbMock; import com.yahoo.vespa.hosted.controller.deployment.ApplicationPackageBuilder; import com.yahoo.vespa.hosted.controller.deployment.BuildJob; import com.yahoo.vespa.hosted.controller.deployment.DeploymentTrigger; diff --git a/controller-server/src/test/java/com/yahoo/vespa/hosted/controller/restapi/athenz/AthenzApiTest.java b/controller-server/src/test/java/com/yahoo/vespa/hosted/controller/restapi/athenz/AthenzApiTest.java index 371674ddb29..e0fc403da8e 100644 --- a/controller-server/src/test/java/com/yahoo/vespa/hosted/controller/restapi/athenz/AthenzApiTest.java +++ b/controller-server/src/test/java/com/yahoo/vespa/hosted/controller/restapi/athenz/AthenzApiTest.java @@ -1,8 +1,8 @@ package com.yahoo.vespa.hosted.controller.restapi.athenz; import com.yahoo.vespa.athenz.api.AthenzDomain; -import com.yahoo.vespa.hosted.controller.athenz.mock.AthenzClientFactoryMock; -import com.yahoo.vespa.hosted.controller.athenz.mock.AthenzDbMock; +import com.yahoo.vespa.hosted.controller.api.integration.athenz.AthenzClientFactoryMock; +import com.yahoo.vespa.hosted.controller.api.integration.athenz.AthenzDbMock; import com.yahoo.vespa.hosted.controller.restapi.ContainerControllerTester; import com.yahoo.vespa.hosted.controller.restapi.ContainerTester; import com.yahoo.vespa.hosted.controller.restapi.ControllerContainerTest; diff --git a/controller-server/src/test/java/com/yahoo/vespa/hosted/controller/restapi/filter/AthenzRoleFilterTest.java b/controller-server/src/test/java/com/yahoo/vespa/hosted/controller/restapi/filter/AthenzRoleFilterTest.java index 70386e751ff..41236adfea9 100644 --- a/controller-server/src/test/java/com/yahoo/vespa/hosted/controller/restapi/filter/AthenzRoleFilterTest.java +++ b/controller-server/src/test/java/com/yahoo/vespa/hosted/controller/restapi/filter/AthenzRoleFilterTest.java @@ -10,10 +10,10 @@ import com.yahoo.vespa.hosted.controller.ControllerTester; import com.yahoo.vespa.hosted.controller.api.identifiers.ApplicationId; import com.yahoo.vespa.hosted.controller.api.identifiers.ScrewdriverId; import com.yahoo.vespa.hosted.controller.api.role.Role; -import com.yahoo.vespa.hosted.controller.athenz.ApplicationAction; +import com.yahoo.vespa.hosted.controller.api.integration.athenz.ApplicationAction; import com.yahoo.vespa.hosted.controller.athenz.HostedAthenzIdentities; -import com.yahoo.vespa.hosted.controller.athenz.mock.AthenzClientFactoryMock; -import com.yahoo.vespa.hosted.controller.athenz.mock.AthenzDbMock; +import com.yahoo.vespa.hosted.controller.api.integration.athenz.AthenzClientFactoryMock; +import com.yahoo.vespa.hosted.controller.api.integration.athenz.AthenzDbMock; import org.junit.Before; import org.junit.Test; |