diff options
author | jonmv <venstad@gmail.com> | 2023-01-04 15:42:32 +0100 |
---|---|---|
committer | jonmv <venstad@gmail.com> | 2023-01-04 15:42:32 +0100 |
commit | 7efb546c2b34d35ff49e393211345e1399dbfc2e (patch) | |
tree | 33d652eff8d4e5140a1078127027276c902a0aee /controller-server | |
parent | 028642b0a35645c086cda2a7fafa369b99f12476 (diff) |
No role means no managed access, and to wait a little before activating it
Diffstat (limited to 'controller-server')
2 files changed, 40 insertions, 27 deletions
diff --git a/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/restapi/application/ApplicationApiHandler.java b/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/restapi/application/ApplicationApiHandler.java index 2fffdc25875..8f254289f4e 100644 --- a/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/restapi/application/ApplicationApiHandler.java +++ b/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/restapi/application/ApplicationApiHandler.java @@ -31,6 +31,7 @@ import com.yahoo.container.jdisc.HttpRequest; import com.yahoo.container.jdisc.HttpResponse; import com.yahoo.container.jdisc.ThreadedHttpRequestHandler; import com.yahoo.io.IOUtils; +import com.yahoo.jdisc.Response; import com.yahoo.jdisc.http.filter.security.misc.User; import com.yahoo.restapi.ByteArrayResponse; import com.yahoo.restapi.ErrorResponse; @@ -47,6 +48,7 @@ import com.yahoo.slime.Slime; import com.yahoo.slime.SlimeUtils; import com.yahoo.text.Text; import com.yahoo.vespa.athenz.api.OAuthCredentials; +import com.yahoo.vespa.athenz.client.zms.ZmsClientException; import com.yahoo.vespa.flags.Flags; import com.yahoo.vespa.hosted.controller.Application; import com.yahoo.vespa.hosted.controller.Controller; @@ -228,10 +230,10 @@ public class ApplicationApiHandler extends AuditLoggingRequestHandler { } catch (ConfigServerException e) { return switch (e.code()) { - case NOT_FOUND: yield ErrorResponse.notFoundError(Exceptions.toMessageString(e)); - case ACTIVATION_CONFLICT: yield new ErrorResponse(CONFLICT, e.code().name(), Exceptions.toMessageString(e)); - case INTERNAL_SERVER_ERROR: yield ErrorResponses.logThrowing(request, log, e); - default: yield new ErrorResponse(BAD_REQUEST, e.code().name(), Exceptions.toMessageString(e)); + case NOT_FOUND -> ErrorResponse.notFoundError(Exceptions.toMessageString(e)); + case ACTIVATION_CONFLICT -> new ErrorResponse(CONFLICT, e.code().name(), Exceptions.toMessageString(e)); + case INTERNAL_SERVER_ERROR -> ErrorResponses.logThrowing(request, log, e); + default -> new ErrorResponse(BAD_REQUEST, e.code().name(), Exceptions.toMessageString(e)); }; } catch (RuntimeException e) { @@ -434,26 +436,31 @@ public class ApplicationApiHandler extends AuditLoggingRequestHandler { return ErrorResponse.badRequest("Can only see access requests for cloud tenants"); var accessControlService = controller.serviceRegistry().accessControlService(); - var accessRoleInformation = accessControlService.getAccessRoleInformation(tenant); - var managedAccess = accessControlService.getManagedAccess(tenant); var slime = new Slime(); var cursor = slime.setObject(); - cursor.setBool("managedAccess", managedAccess); - accessRoleInformation.getPendingRequest() - .ifPresent(membershipRequest -> { - var requestCursor = cursor.setObject("pendingRequest"); - requestCursor.setString("requestTime", membershipRequest.getCreationTime()); - requestCursor.setString("reason", membershipRequest.getReason()); - }); - var auditLogCursor = cursor.setArray("auditLog"); - accessRoleInformation.getAuditLog() - .forEach(auditLogEntry -> { - var entryCursor = auditLogCursor.addObject(); - entryCursor.setString("created", auditLogEntry.getCreationTime()); - entryCursor.setString("approver", auditLogEntry.getApprover()); - entryCursor.setString("reason", auditLogEntry.getReason()); - entryCursor.setString("status", auditLogEntry.getAction()); - }); + try { + var accessRoleInformation = accessControlService.getAccessRoleInformation(tenant); + var managedAccess = accessControlService.getManagedAccess(tenant); + cursor.setBool("managedAccess", managedAccess); + accessRoleInformation.getPendingRequest() + .ifPresent(membershipRequest -> { + var requestCursor = cursor.setObject("pendingRequest"); + requestCursor.setString("requestTime", membershipRequest.getCreationTime()); + requestCursor.setString("reason", membershipRequest.getReason()); + }); + var auditLogCursor = cursor.setArray("auditLog"); + accessRoleInformation.getAuditLog() + .forEach(auditLogEntry -> { + var entryCursor = auditLogCursor.addObject(); + entryCursor.setString("created", auditLogEntry.getCreationTime()); + entryCursor.setString("approver", auditLogEntry.getApprover()); + entryCursor.setString("reason", auditLogEntry.getReason()); + entryCursor.setString("status", auditLogEntry.getAction()); + }); + } + catch (ZmsClientException e) { + if (e.getErrorCode() == 404) cursor.setBool("managedAccess", false); + } return new SlimeJsonResponse(slime); } @@ -500,10 +507,16 @@ public class ApplicationApiHandler extends AuditLoggingRequestHandler { if (controller.tenants().require(tenant).type() != Tenant.Type.cloud) return ErrorResponse.badRequest("Can only set access privel for cloud tenants"); - controller.serviceRegistry().accessControlService().setManagedAccess(tenant, managedAccess); - var slime = new Slime(); - slime.setObject().setBool("managedAccess", managedAccess); - return new SlimeJsonResponse(slime); + try { + controller.serviceRegistry().accessControlService().setManagedAccess(tenant, managedAccess); + var slime = new Slime(); + slime.setObject().setBool("managedAccess", managedAccess); + return new SlimeJsonResponse(slime); + } + catch (ZmsClientException e) { + if (e.getErrorCode() == 404) return ErrorResponse.conflict("Configuration not yet ready, please try again in a few minutes"); + throw e; + } } private HttpResponse tenantInfo(String tenantName, HttpRequest request) { diff --git a/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/restapi/application/MultipartParser.java b/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/restapi/application/MultipartParser.java index a9e24943c0d..a28f0e9733d 100644 --- a/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/restapi/application/MultipartParser.java +++ b/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/restapi/application/MultipartParser.java @@ -33,7 +33,7 @@ public class MultipartParser { } /** - * Parses the given multi-part request and returns all the parts indexed by their name. + * Parses the given multipart request and returns all the parts indexed by their name. * * @throws IllegalArgumentException if this request is not a well-formed request with Content-Type multipart/form-data */ |