Delete app before tenant. Add test

author: Ola Aunrønning <olaa@verizonmedia.com> 2021-12-02 14:43:43 +0100
committer: Ola Aunrønning <olaa@verizonmedia.com> 2021-12-02 14:43:43 +0100
commit: 8de87bd5c425689970395c80781fdfe3ba9d98f6 (patch)
tree: be04f1b054ff3f1bb48a08dccfc8b07b46084a9d /controller-server
parent: 0c15763bef77955744d9b26785f78ced4fe7042c (diff)
4 files changed, 70 insertions, 3 deletions
diff --git a/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/ApplicationController.java b/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/ApplicationController.java
index 9e7c614d4e8..49939f4bfd2 100644
--- a/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/ApplicationController.java
+++ b/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/ApplicationController.java
@@ -561,6 +561,10 @@ public class ApplicationController {
      * @throws IllegalArgumentException if the application has deployments or the caller is not authorized
      */
     public void deleteApplication(TenantAndApplicationId id, Credentials credentials) {
+        deleteApplication(id, Optional.of(credentials));
+    }
+
+    public void deleteApplication(TenantAndApplicationId id, Optional<Credentials> credentials) {
         lockApplicationOrThrow(id, application -> {
             var deployments = application.get().instances().values().stream()
                                          .filter(instance -> ! instance.deployments().isEmpty())
@@ -580,7 +584,7 @@ public class ApplicationController {
             applicationStore.removeAllTesters(id.tenant(), id.application());
             applicationStore.putMetaTombstone(id.tenant(), id.application(), clock.instant());
 
-            accessControl.deleteApplication(id, credentials);
+            credentials.ifPresent(creds -> accessControl.deleteApplication(id, creds));
             curator.removeApplication(id);
 
             controller.jobController().collectGarbage();
diff --git a/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/maintenance/UserManagementMaintainer.java b/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/maintenance/UserManagementMaintainer.java
index 0d278b7be6d..05a7e2368d1 100644
--- a/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/maintenance/UserManagementMaintainer.java
+++ b/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/maintenance/UserManagementMaintainer.java
@@ -14,7 +14,7 @@ import java.util.stream.Collectors;
 
 /**
  * Maintains user management resources.
- * For now, ensures there's no discrepnacy between expected tenant/application roles and Auth0 roles
+ * For now, ensures there's no discrepnacy between expected tenant/application roles and auth0/athenz roles
  *
  * @author olaa
  */
@@ -41,6 +41,8 @@ public class UserManagementMaintainer extends ControllerMaintainer {
             roleMaintainer.tenantsToDelete(tenants)
                     .forEach(tenant -> {
                         logger.warning(tenant.name() + " has a non-existing Athenz domain. Deleting");
+                        controller().applications().asList(tenant.name())
+                                .forEach(application -> controller().applications().deleteApplication(application.id(), Optional.empty()));
                         controller().tenants().delete(tenant.name(), Optional.empty(), false);
                     });
         }
diff --git a/controller-server/src/test/java/com/yahoo/vespa/hosted/controller/integration/ServiceRegistryMock.java b/controller-server/src/test/java/com/yahoo/vespa/hosted/controller/integration/ServiceRegistryMock.java
index b1311b8081c..b81b3ae5d66 100644
--- a/controller-server/src/test/java/com/yahoo/vespa/hosted/controller/integration/ServiceRegistryMock.java
+++ b/controller-server/src/test/java/com/yahoo/vespa/hosted/controller/integration/ServiceRegistryMock.java
@@ -88,7 +88,7 @@ public class ServiceRegistryMock extends AbstractComponent implements ServiceReg
     private final PlanRegistry planRegistry = new PlanRegistryMock();
     private final ResourceDatabaseClient resourceDb = new ResourceDatabaseClientMock(planRegistry);
     private final BillingDatabaseClient billingDb = new BillingDatabaseClientMock(clock, planRegistry);
-    private final RoleMaintainer roleMaintainer = new RoleMaintainerMock();
+    private final RoleMaintainerMock roleMaintainer = new RoleMaintainerMock();
 
     public ServiceRegistryMock(SystemName system) {
         this.zoneRegistryMock = new ZoneRegistryMock(system);
@@ -291,4 +291,7 @@ public class ServiceRegistryMock extends AbstractComponent implements ServiceReg
         return endpointCertificateMock;
     }
 
+    public RoleMaintainerMock roleMaintainerMock() {
+        return roleMaintainer;
+    }
 }
diff --git a/controller-server/src/test/java/com/yahoo/vespa/hosted/controller/maintenance/UserManagementMaintainerTest.java b/controller-server/src/test/java/com/yahoo/vespa/hosted/controller/maintenance/UserManagementMaintainerTest.java
new file mode 100644
index 00000000000..e35c2058eb4
--- /dev/null
+++ b/controller-server/src/test/java/com/yahoo/vespa/hosted/controller/maintenance/UserManagementMaintainerTest.java
@@ -0,0 +1,58 @@
+// Copyright Yahoo. Licensed under the terms of the Apache 2.0 license. See LICENSE in the project root.
+package com.yahoo.vespa.hosted.controller.maintenance;
+
+import com.yahoo.config.provision.SystemName;
+import com.yahoo.vespa.hosted.controller.ControllerTester;
+import org.junit.Test;
+
+import java.time.Duration;
+
+import static org.junit.Assert.*;
+
+/**
+ * @author olaa
+ */
+public class UserManagementMaintainerTest {
+
+    private final String TENANT_1 = "tenant1";
+    private final String TENANT_2 = "tenant2";
+    private final String APP_NAME = "some-app";
+
+    @Test
+    public void deletes_tenant_when_not_public() {
+        var tester = createTester(SystemName.main);
+        var maintainer = new UserManagementMaintainer(tester.controller(), Duration.ofMinutes(5), tester.serviceRegistry().roleMaintainer());
+        maintainer.maintain();
+
+        var tenants = tester.controller().tenants().asList();
+        var apps = tester.controller().applications().asList();
+        assertEquals(1, tenants.size());
+        assertEquals(1, apps.size());
+        assertEquals(TENANT_2, tenants.get(0).name().value());
+    }
+
+    @Test
+    public void no_tenant_deletion_in_public() {
+        var tester = createTester(SystemName.Public);
+        var maintainer = new UserManagementMaintainer(tester.controller(), Duration.ofMinutes(5), tester.serviceRegistry().roleMaintainer());
+        maintainer.maintain();
+
+        var tenants = tester.controller().tenants().asList();
+        var apps = tester.controller().applications().asList();
+        assertEquals(2, tenants.size());
+        assertEquals(2, apps.size());
+    }
+
+    private ControllerTester createTester(SystemName systemName) {
+        var tester = new ControllerTester(systemName);
+        tester.createTenant(TENANT_1);
+        tester.createTenant(TENANT_2);
+        tester.createApplication(TENANT_1, APP_NAME);
+        tester.createApplication(TENANT_2, APP_NAME);
+
+        var tenantToDelete = tester.controller().tenants().get(TENANT_1).get();
+        tester.serviceRegistry().roleMaintainerMock().mockTenantToDelete(tenantToDelete);
+        return tester;
+    }
+
+}
+\ No newline at end of file
author	Ola Aunrønning <olaa@verizonmedia.com>	2021-12-02 14:43:43 +0100
committer	Ola Aunrønning <olaa@verizonmedia.com>	2021-12-02 14:43:43 +0100
commit	8de87bd5c425689970395c80781fdfe3ba9d98f6 (patch)
tree	be04f1b054ff3f1bb48a08dccfc8b07b46084a9d /controller-server
parent	0c15763bef77955744d9b26785f78ced4fe7042c (diff)