summaryrefslogtreecommitdiffstats
path: root/controller-server
diff options
context:
space:
mode:
authorJon Marius Venstad <jonmv@users.noreply.github.com>2019-11-05 09:57:10 +0100
committerGitHub <noreply@github.com>2019-11-05 09:57:10 +0100
commit2d890099a5890da7c81e31b3561869dd5ac95d53 (patch)
tree5818ade407be7e65486a4578da243a406741ad84 /controller-server
parentd5bb73f0b4eb064471d1fd751d2d7bc58298dd81 (diff)
parent762f51b35e5e50f23ce7d95f51eca14f9800a0cb (diff)
Merge pull request #11094 from vespa-engine/jvenstad/stop-using-deprecated-deployment-spec-methods
Jvenstad/stop using deprecated deployment spec methods
Diffstat (limited to 'controller-server')
-rw-r--r--controller-server/src/main/java/com/yahoo/vespa/hosted/controller/ApplicationController.java81
-rw-r--r--controller-server/src/main/java/com/yahoo/vespa/hosted/controller/application/ApplicationList.java3
-rw-r--r--controller-server/src/main/java/com/yahoo/vespa/hosted/controller/deployment/InternalStepRunner.java3
-rw-r--r--controller-server/src/main/java/com/yahoo/vespa/hosted/controller/maintenance/OutstandingChangeDeployer.java5
-rw-r--r--controller-server/src/main/java/com/yahoo/vespa/hosted/controller/restapi/application/ApplicationApiHandler.java4
-rw-r--r--controller-server/src/main/java/com/yahoo/vespa/hosted/controller/restapi/application/JobControllerApiHandlerHelper.java12
-rw-r--r--controller-server/src/test/java/com/yahoo/vespa/hosted/controller/deployment/InternalStepRunnerTest.java3
7 files changed, 64 insertions, 47 deletions
diff --git a/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/ApplicationController.java b/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/ApplicationController.java
index 7c718518129..71cfc679ca7 100644
--- a/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/ApplicationController.java
+++ b/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/ApplicationController.java
@@ -945,50 +945,61 @@ public class ApplicationController {
public void verifyApplicationIdentityConfiguration(TenantName tenantName, ApplicationPackage applicationPackage, Optional<Principal> deployer) {
verifyAllowedLaunchAthenzService(applicationPackage.deploymentSpec());
- applicationPackage.deploymentSpec().athenzDomain().ifPresent(identityDomain -> {
- Tenant tenant = controller.tenants().require(tenantName);
- deployer.filter(AthenzPrincipal.class::isInstance)
- .map(AthenzPrincipal.class::cast)
- .map(AthenzPrincipal::getIdentity)
- .filter(AthenzUser.class::isInstance)
- .ifPresentOrElse(user -> {
- if ( ! ((AthenzFacade) accessControl).hasTenantAdminAccess(user, new AthenzDomain(identityDomain.value())))
- throw new IllegalArgumentException("User " + user.getFullName() + " is not allowed to launch " +
- "services in Athenz domain " + identityDomain.value() + ". " +
- "Please reach out to the domain admin.");
- },
- () -> {
- if (tenant.type() != Tenant.Type.athenz)
- throw new IllegalArgumentException("Athenz domain defined in deployment.xml, but no " +
- "Athenz domain for tenant " + tenantName.value());
-
- AthenzDomain tenantDomain = ((AthenzTenant) tenant).domain();
- if ( ! Objects.equals(tenantDomain.getName(), identityDomain.value()))
- throw new IllegalArgumentException("Athenz domain in deployment.xml: [" + identityDomain.value() + "] " +
- "must match tenant domain: [" + tenantDomain.getName() + "]");
- });
- });
+ Tenant tenant = controller.tenants().require(tenantName);
+ Stream.concat(applicationPackage.deploymentSpec().athenzDomain().stream(),
+ applicationPackage.deploymentSpec().instances().stream()
+ .flatMap(spec -> spec.athenzDomain().stream()))
+ .distinct()
+ .forEach(identityDomain -> {
+ deployer.filter(AthenzPrincipal.class::isInstance)
+ .map(AthenzPrincipal.class::cast)
+ .map(AthenzPrincipal::getIdentity)
+ .filter(AthenzUser.class::isInstance)
+ .ifPresentOrElse(user -> {
+ if ( ! ((AthenzFacade) accessControl).hasTenantAdminAccess(user, new AthenzDomain(identityDomain.value())))
+ throw new IllegalArgumentException("User " + user.getFullName() + " is not allowed to launch " +
+ "services in Athenz domain " + identityDomain.value() + ". " +
+ "Please reach out to the domain admin.");
+ },
+ () -> {
+ if (tenant.type() != Tenant.Type.athenz)
+ throw new IllegalArgumentException("Athenz domain defined in deployment.xml, but no " +
+ "Athenz domain for tenant " + tenantName.value());
+
+ AthenzDomain tenantDomain = ((AthenzTenant) tenant).domain();
+ if ( ! Objects.equals(tenantDomain.getName(), identityDomain.value()))
+ throw new IllegalArgumentException("Athenz domain in deployment.xml: [" + identityDomain.value() + "] " +
+ "must match tenant domain: [" + tenantDomain.getName() + "]");
+ });
+ });
}
/*
* Verifies that the configured athenz service (if any) can be launched.
*/
private void verifyAllowedLaunchAthenzService(DeploymentSpec deploymentSpec) {
- deploymentSpec.athenzDomain().ifPresent(athenzDomain -> {
- controller.zoneRegistry().zones().reachable().ids()
- .forEach(zone -> {
- AthenzIdentity configServerAthenzIdentity = controller.zoneRegistry().getConfigServerHttpsIdentity(zone);
- deploymentSpec.athenzService(zone.environment(), zone.region())
- .map(service -> new AthenzService(athenzDomain.value(), service.value()))
- .ifPresent(service -> {
- boolean allowedToLaunch = ((AthenzFacade) accessControl).canLaunch(configServerAthenzIdentity, service);
- if (!allowedToLaunch)
- throw new IllegalArgumentException("Not allowed to launch Athenz service " + service.getFullName());
- });
- });
+ controller.zoneRegistry().zones().reachable().ids().forEach(zone -> {
+ AthenzIdentity configServerAthenzIdentity = controller.zoneRegistry().getConfigServerHttpsIdentity(zone);
+ deploymentSpec.athenzDomain().ifPresent(domain -> {
+ deploymentSpec.athenzService().ifPresent(service -> {
+ verifyAthenzServiceCanBeLaunchedBy(configServerAthenzIdentity, new AthenzService(domain.value(), service.value()));
+ });
+ });
+ deploymentSpec.instances().forEach(spec -> {
+ spec.athenzDomain().ifPresent(domain -> {
+ spec.athenzService(zone.environment(), zone.region()).ifPresent(service -> {
+ verifyAthenzServiceCanBeLaunchedBy(configServerAthenzIdentity, new AthenzService(domain.value(), service.value()));
+ });
+ });
+ });
});
}
+ private void verifyAthenzServiceCanBeLaunchedBy(AthenzIdentity configServerAthenzIdentity, AthenzService athenzService) {
+ if ( ! ((AthenzFacade) accessControl).canLaunch(configServerAthenzIdentity, athenzService))
+ throw new IllegalArgumentException("Not allowed to launch Athenz service " + athenzService.getFullName());
+ }
+
/** Returns the latest known version within the given major. */
private Optional<Version> lastCompatibleVersion(int targetMajorVersion) {
return controller.versionStatus().versions().stream()
diff --git a/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/application/ApplicationList.java b/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/application/ApplicationList.java
index a2487e8a0d1..638f406409f 100644
--- a/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/application/ApplicationList.java
+++ b/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/application/ApplicationList.java
@@ -177,7 +177,8 @@ public class ApplicationList {
/** Returns the subset of applications that are allowed to upgrade at the given time */
public ApplicationList canUpgradeAt(Instant instant) {
- return filteredOn(application -> application.deploymentSpec().canUpgradeAt(instant));
+ return filteredOn(application -> application.deploymentSpec().instances().stream()
+ .allMatch(instance -> instance.canUpgradeAt(instant)));
}
/** Returns the subset of applications that have at least one assigned rotation */
diff --git a/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/deployment/InternalStepRunner.java b/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/deployment/InternalStepRunner.java
index 9df0dff3966..ce5a2a8dd21 100644
--- a/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/deployment/InternalStepRunner.java
+++ b/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/deployment/InternalStepRunner.java
@@ -657,7 +657,8 @@ public class InternalStepRunner implements StepRunner {
.orElse(zone.region().value().contains("aws-") ?
DEFAULT_TESTER_RESOURCES_AWS : DEFAULT_TESTER_RESOURCES));
byte[] testPackage = controller.applications().applicationStore().getTester(id.application().tenant(), id.application().application(), version);
- byte[] deploymentXml = deploymentXml(spec.athenzDomain(), spec.athenzService(zone.environment(), zone.region()));
+ byte[] deploymentXml = deploymentXml(spec.requireInstance(id.application().instance()).athenzDomain(),
+ spec.requireInstance(id.application().instance()).athenzService(zone.environment(), zone.region()));
try (ZipBuilder zipBuilder = new ZipBuilder(testPackage.length + servicesXml.length + 1000)) {
zipBuilder.add(testPackage);
diff --git a/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/maintenance/OutstandingChangeDeployer.java b/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/maintenance/OutstandingChangeDeployer.java
index 95e1c53f10c..b130f7107dd 100644
--- a/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/maintenance/OutstandingChangeDeployer.java
+++ b/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/maintenance/OutstandingChangeDeployer.java
@@ -21,8 +21,9 @@ public class OutstandingChangeDeployer extends Maintainer {
@Override
protected void maintain() {
for (Application application : controller().applications().asList()) {
- if (application.outstandingChange().hasTargets()
- && application.deploymentSpec().canChangeRevisionAt(controller().clock().instant())) {
+ if ( application.outstandingChange().hasTargets()
+ && application.deploymentSpec().instances().stream()
+ .allMatch(instance -> instance.canChangeRevisionAt(controller().clock().instant()))) {
controller().applications().deploymentTrigger().triggerChange(application.id(),
application.outstandingChange());
}
diff --git a/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/restapi/application/ApplicationApiHandler.java b/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/restapi/application/ApplicationApiHandler.java
index 48e72f8ad2c..c7ed77d0c90 100644
--- a/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/restapi/application/ApplicationApiHandler.java
+++ b/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/restapi/application/ApplicationApiHandler.java
@@ -737,7 +737,7 @@ public class ApplicationApiHandler extends LoggingRequestHandler {
// Change blockers
Cursor changeBlockers = object.setArray("changeBlockers");
- deploymentSpec.changeBlocker().forEach(changeBlocker -> {
+ deploymentSpec.requireInstance(instance.name()).changeBlocker().forEach(changeBlocker -> {
Cursor changeBlockerObject = changeBlockers.addObject();
changeBlockerObject.setBool("versions", changeBlocker.blocksVersions());
changeBlockerObject.setBool("revisions", changeBlocker.blocksRevisions());
@@ -843,7 +843,7 @@ public class ApplicationApiHandler extends LoggingRequestHandler {
// Change blockers
Cursor changeBlockers = object.setArray("changeBlockers");
- application.deploymentSpec().changeBlocker().forEach(changeBlocker -> {
+ application.deploymentSpec().requireInstance(instance.name()).changeBlocker().forEach(changeBlocker -> {
Cursor changeBlockerObject = changeBlockers.addObject();
changeBlockerObject.setBool("versions", changeBlocker.blocksVersions());
changeBlockerObject.setBool("revisions", changeBlocker.blocksRevisions());
diff --git a/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/restapi/application/JobControllerApiHandlerHelper.java b/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/restapi/application/JobControllerApiHandlerHelper.java
index 23d2646acd7..08d6b5602fe 100644
--- a/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/restapi/application/JobControllerApiHandlerHelper.java
+++ b/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/restapi/application/JobControllerApiHandlerHelper.java
@@ -177,8 +177,10 @@ class JobControllerApiHandlerHelper {
lastPlatformObject.setString("deploying", completed + " of " + steps.productionJobs().size() + " complete");
else if (completed == steps.productionJobs().size())
lastPlatformObject.setString("completed", completed + " of " + steps.productionJobs().size() + " complete");
- else if ( ! application.deploymentSpec().canUpgradeAt(controller.clock().instant())) {
- lastPlatformObject.setString("blocked", application.deploymentSpec().changeBlocker().stream()
+ else if ( ! application.deploymentSpec().instances().stream()
+ .allMatch(spec -> spec.canUpgradeAt(controller.clock().instant()))) {
+ lastPlatformObject.setString("blocked", application.deploymentSpec().instances().stream()
+ .flatMap(spec -> spec.changeBlocker().stream())
.filter(blocker -> blocker.blocksVersions())
.filter(blocker -> blocker.window().includes(controller.clock().instant()))
.findAny().map(blocker -> blocker.window().toString()).get());
@@ -200,8 +202,10 @@ class JobControllerApiHandlerHelper {
lastApplicationObject.setString("deploying", completed + " of " + steps.productionJobs().size() + " complete");
else if (completed == steps.productionJobs().size())
lastApplicationObject.setString("completed", completed + " of " + steps.productionJobs().size() + " complete");
- else if ( ! application.deploymentSpec().canChangeRevisionAt(controller.clock().instant())) {
- lastApplicationObject.setString("blocked", application.deploymentSpec().changeBlocker().stream()
+ else if ( ! application.deploymentSpec().instances().stream()
+ .allMatch(spec -> spec.canChangeRevisionAt(controller.clock().instant()))) {
+ lastApplicationObject.setString("blocked", application.deploymentSpec().instances().stream()
+ .flatMap(spec -> spec.changeBlocker().stream())
.filter(blocker -> blocker.blocksRevisions())
.filter(blocker -> blocker.window().includes(controller.clock().instant()))
.findAny().map(blocker -> blocker.window().toString()).get());
diff --git a/controller-server/src/test/java/com/yahoo/vespa/hosted/controller/deployment/InternalStepRunnerTest.java b/controller-server/src/test/java/com/yahoo/vespa/hosted/controller/deployment/InternalStepRunnerTest.java
index d50399c6c78..2320ca41b49 100644
--- a/controller-server/src/test/java/com/yahoo/vespa/hosted/controller/deployment/InternalStepRunnerTest.java
+++ b/controller-server/src/test/java/com/yahoo/vespa/hosted/controller/deployment/InternalStepRunnerTest.java
@@ -95,8 +95,7 @@ public class InternalStepRunnerTest {
.application(app.testerId().id(), JobType.stagingTest.zone(system())).get()
.applicationPackage().deploymentSpec();
assertEquals("domain", spec.athenzDomain().get().value());
- ZoneId zone = JobType.stagingTest.zone(system());
- assertEquals("service", spec.athenzService(zone.environment(), zone.region()).get().value());
+ assertEquals("service", spec.athenzService().get().value());
}
@Test