Allow tenant administrator setting archive access role

author: Valerij Fredriksen <valerij92@gmail.com> 2021-03-18 16:56:04 +0100
committer: Valerij Fredriksen <valerij92@gmail.com> 2021-03-18 17:03:39 +0100
commit: e95bda2b0fc568c33a6ed18bb88c2d4cf80ff288 (patch)
tree: ae7da6f9c54ed99d70b09ed44e006031c594b024 /controller-server
parent: 1e37f667e3329cc5b4bc6d3b6574cd240991fa32 (diff)
3 files changed, 26 insertions, 2 deletions
diff --git a/controller-server/src/test/java/com/yahoo/vespa/hosted/controller/restapi/ContainerTester.java b/controller-server/src/test/java/com/yahoo/vespa/hosted/controller/restapi/ContainerTester.java
index 2bf6eb39089..10f143a8e96 100644
--- a/controller-server/src/test/java/com/yahoo/vespa/hosted/controller/restapi/ContainerTester.java
+++ b/controller-server/src/test/java/com/yahoo/vespa/hosted/controller/restapi/ContainerTester.java
@@ -142,12 +142,16 @@ public class ContainerTester {
                        expectedStatusCode);
     }
 
-    public void assertResponse(Supplier<Request> requestSupplier, Consumer<Response> responseAssertion, int expectedStatusCode) {
+    public void assertResponse(Supplier<Request> requestSupplier, ConsumerThrowingException<Response> responseAssertion, int expectedStatusCode) {
         var request = requestSupplier.get();
         FilterResult filterResult = invokeSecurityFilters(request);
         request = filterResult.request;
         Response response = filterResult.response != null ? filterResult.response : container.handleRequest(request);
-        responseAssertion.accept(response);
+        try {
+            responseAssertion.accept(response);
+        } catch (Exception e) {
+            throw new RuntimeException(e);
+        }
         assertEquals("Status code", expectedStatusCode, response.getStatus());
     }
 
@@ -203,5 +207,9 @@ public class ContainerTester {
         }
     }
 
+    @FunctionalInterface
+    public interface ConsumerThrowingException<T> {
+        void accept(T t) throws Exception;
+    }
 }
     
diff --git a/controller-server/src/test/java/com/yahoo/vespa/hosted/controller/restapi/ControllerContainerCloudTest.java b/controller-server/src/test/java/com/yahoo/vespa/hosted/controller/restapi/ControllerContainerCloudTest.java
index b935f8cbbe4..23573f86cc3 100644
--- a/controller-server/src/test/java/com/yahoo/vespa/hosted/controller/restapi/ControllerContainerCloudTest.java
+++ b/controller-server/src/test/java/com/yahoo/vespa/hosted/controller/restapi/ControllerContainerCloudTest.java
@@ -88,6 +88,7 @@ public class ControllerContainerCloudTest extends ControllerContainerTest {
         public RequestBuilder principal(String principal) { this.principal = new SimplePrincipal(principal); return this; }
         public RequestBuilder user(User user) { this.user = user; return this; }
         public RequestBuilder roles(Set<Role> roles) { this.roles = roles; return this; }
+        public RequestBuilder roles(Role... roles) { return roles(Set.of(roles)); }
 
         @Override
         public Request get() {
diff --git a/controller-server/src/test/java/com/yahoo/vespa/hosted/controller/restapi/application/ApplicationApiCloudTest.java b/controller-server/src/test/java/com/yahoo/vespa/hosted/controller/restapi/application/ApplicationApiCloudTest.java
index 62865ea9be2..a048c19e1ca 100644
--- a/controller-server/src/test/java/com/yahoo/vespa/hosted/controller/restapi/application/ApplicationApiCloudTest.java
+++ b/controller-server/src/test/java/com/yahoo/vespa/hosted/controller/restapi/application/ApplicationApiCloudTest.java
@@ -32,6 +32,7 @@ import java.util.Set;
 import static com.yahoo.application.container.handler.Request.Method.*;
 import static com.yahoo.vespa.hosted.controller.restapi.application.ApplicationApiTest.createApplicationSubmissionData;
 import static org.junit.Assert.assertEquals;
+import static org.junit.Assert.assertFalse;
 import static org.junit.Assert.fail;
 
 /**
@@ -193,6 +194,20 @@ public class ApplicationApiCloudTest extends ControllerContainerCloudTest {
         assertEquals(0, tenant.tenantSecretStores().size());
     }
 
+    @Test
+    public void archive_uri_test() {
+        tester.assertResponse(request("/application/v4/tenant/scoober/archive-access", PUT)
+                .data("{\"role\":\"dummy\"}").roles(Role.administrator(tenantName)),
+                "{\"error-code\":\"BAD_REQUEST\",\"message\":\"Invalid archive access role name: dummy\"}", 400);
+
+        tester.assertResponse(request("/application/v4/tenant/scoober/archive-access", PUT)
+                        .data("{\"role\":\"arn:aws:iam::123456789012:role/my-role\"}").roles(Role.administrator(tenantName)),
+                "{\"message\":\"Archive access role set to 'arn:aws:iam::123456789012:role/my-role' for tenant scoober.\"}", 200);
+
+        tester.assertResponse(request("/application/v4/tenant/scoober/archive-access", DELETE).roles(Role.administrator(tenantName)),
+                "{\"message\":\"Archive access role removed for tenant scoober.\"}", 200);
+    }
+
     private ApplicationPackageBuilder prodBuilder() {
         return new ApplicationPackageBuilder()
                 .instances("default")
author	Valerij Fredriksen <valerij92@gmail.com>	2021-03-18 16:56:04 +0100
committer	Valerij Fredriksen <valerij92@gmail.com>	2021-03-18 17:03:39 +0100
commit	e95bda2b0fc568c33a6ed18bb88c2d4cf80ff288 (patch)
tree	ae7da6f9c54ed99d70b09ed44e006031c594b024 /controller-server
parent	1e37f667e3329cc5b4bc6d3b6574cd240991fa32 (diff)