diff options
3 files changed, 63 insertions, 14 deletions
diff --git a/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/stubs/MockUserManagement.java b/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/stubs/MockUserManagement.java index 6e65f015e98..5313139ff7d 100644 --- a/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/stubs/MockUserManagement.java +++ b/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/stubs/MockUserManagement.java @@ -6,6 +6,7 @@ import com.yahoo.vespa.hosted.controller.api.integration.user.UserId; import com.yahoo.vespa.hosted.controller.api.integration.user.UserManagement; import com.yahoo.vespa.hosted.controller.api.role.Role; +import java.util.ArrayList; import java.util.Collection; import java.util.Collections; import java.util.HashMap; @@ -82,6 +83,6 @@ public class MockUserManagement implements UserManagement { @Override public List<Role> listRoles() { - return List.of(); + return new ArrayList<>(memberships.keySet()); } } diff --git a/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/maintenance/UserManagementMaintainer.java b/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/maintenance/UserManagementMaintainer.java index ffc11106fe2..6b509e82dba 100644 --- a/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/maintenance/UserManagementMaintainer.java +++ b/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/maintenance/UserManagementMaintainer.java @@ -6,8 +6,10 @@ import com.yahoo.vespa.hosted.controller.Application; import com.yahoo.vespa.hosted.controller.Controller; import com.yahoo.vespa.hosted.controller.api.integration.user.Roles; import com.yahoo.vespa.hosted.controller.api.integration.user.UserManagement; +import com.yahoo.vespa.hosted.controller.api.role.Role; import java.time.Duration; +import java.util.List; import java.util.logging.Logger; import java.util.stream.Collectors; @@ -31,6 +33,18 @@ public class UserManagementMaintainer extends ControllerMaintainer { @Override protected double maintain() { + findLeftoverRoles().forEach(role -> { + /* + Log discrepancy now + TODO: userManagement.deleteRole(role); + */ + logger.warning(String.format("Found unexpected role %s - Please investigate", role.toString())); + }); + return 1.0; + } + + // protected for testing + protected List<Role> findLeftoverRoles() { var tenantRoles = controller().tenants().asList() .stream() .flatMap(tenant -> Roles.tenantRoles(tenant.name()).stream()) @@ -42,19 +56,9 @@ public class UserManagementMaintainer extends ControllerMaintainer { .flatMap(applicationId -> Roles.applicationRoles(applicationId.tenant(), applicationId.application()).stream()) .collect(Collectors.toList()); - var roles = userManagement.listRoles(); - - roles.forEach(role -> { - if (!tenantRoles.contains(role) && !applicationRoles.contains(role)) { - /* - Log discrepancy now - TODO: userManagement.deleteRole(role); - */ - logger.warning(String.format("Found unexpected role %s - Please investigate", role.toString())); - } - - }); - return 1.0; + return userManagement.listRoles().stream() + .filter(role -> !tenantRoles.contains(role) && !applicationRoles.contains(role)) + .collect(Collectors.toList()); } } diff --git a/controller-server/src/test/java/com/yahoo/vespa/hosted/controller/maintenance/UserManagementMaintainerTest.java b/controller-server/src/test/java/com/yahoo/vespa/hosted/controller/maintenance/UserManagementMaintainerTest.java new file mode 100644 index 00000000000..08be2266b2e --- /dev/null +++ b/controller-server/src/test/java/com/yahoo/vespa/hosted/controller/maintenance/UserManagementMaintainerTest.java @@ -0,0 +1,44 @@ +package com.yahoo.vespa.hosted.controller.maintenance; + +import com.yahoo.config.provision.ApplicationName; +import com.yahoo.config.provision.TenantName; +import com.yahoo.vespa.hosted.controller.ControllerTester; +import com.yahoo.vespa.hosted.controller.api.integration.stubs.MockUserManagement; +import com.yahoo.vespa.hosted.controller.api.integration.user.Roles; +import com.yahoo.vespa.hosted.controller.api.integration.user.UserManagement; +import org.junit.Test; + +import java.time.Duration; + +import static org.junit.Assert.*; + +/** + * @author olaa + */ +public class UserManagementMaintainerTest { + + private final ControllerTester tester = new ControllerTester(); + private final UserManagement userManagement = new MockUserManagement(); + private final UserManagementMaintainer userManagementMaintainer = new UserManagementMaintainer(tester.controller(), Duration.ofMinutes(1), userManagement); + + private final TenantName tenant = TenantName.from("tenant1"); + private final ApplicationName app = ApplicationName.from("app1"); + private final TenantName deletedTenant = TenantName.from("deleted-tenant"); + + @Test + public void finds_superfluous_roles() { + tester.createTenant(tenant.value()); + tester.createApplication(tenant.value(), app.value()); + + Roles.tenantRoles(tenant).forEach(userManagement::createRole); + Roles.applicationRoles(tenant, app).forEach(userManagement::createRole); + Roles.tenantRoles(deletedTenant).forEach(userManagement::createRole); + + var expectedRoles = Roles.tenantRoles(deletedTenant); + var actualRoles = userManagementMaintainer.findLeftoverRoles(); + + assertEquals(expectedRoles.size(), actualRoles.size()); + assertTrue(expectedRoles.containsAll(actualRoles) && actualRoles.containsAll(expectedRoles)); + } + +}
\ No newline at end of file |