diff options
6 files changed, 29 insertions, 24 deletions
diff --git a/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/role/SimplePrincipal.java b/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/role/SimplePrincipal.java index 780171d0ccb..363d0726a1f 100644 --- a/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/role/SimplePrincipal.java +++ b/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/role/SimplePrincipal.java @@ -18,6 +18,10 @@ public class SimplePrincipal implements Principal { this.name = name; } + public static SimplePrincipal of(Principal principal) { + return new SimplePrincipal(principal.getName()); + } + @Override public String getName() { return name; diff --git a/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/tenant/CloudTenant.java b/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/tenant/CloudTenant.java index 44f9c0ea3b8..ae0467fcc86 100644 --- a/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/tenant/CloudTenant.java +++ b/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/tenant/CloudTenant.java @@ -5,6 +5,7 @@ import com.google.common.collect.BiMap; import com.google.common.collect.ImmutableBiMap; import com.yahoo.config.provision.TenantName; import com.yahoo.vespa.hosted.controller.api.integration.secrets.TenantSecretStore; +import com.yahoo.vespa.hosted.controller.api.role.SimplePrincipal; import java.security.Principal; import java.security.PublicKey; @@ -20,16 +21,16 @@ import java.util.Optional; */ public class CloudTenant extends Tenant { - private final Optional<Principal> creator; - private final BiMap<PublicKey, Principal> developerKeys; + private final Optional<SimplePrincipal> creator; + private final BiMap<PublicKey, SimplePrincipal> developerKeys; private final TenantInfo info; private final List<TenantSecretStore> tenantSecretStores; private final ArchiveAccess archiveAccess; private final Optional<Instant> invalidateUserSessionsBefore; /** Public for the serialization layer — do not use! */ - public CloudTenant(TenantName name, Instant createdAt, LastLoginInfo lastLoginInfo, Optional<Principal> creator, - BiMap<PublicKey, Principal> developerKeys, TenantInfo info, + public CloudTenant(TenantName name, Instant createdAt, LastLoginInfo lastLoginInfo, Optional<SimplePrincipal> creator, + BiMap<PublicKey, SimplePrincipal> developerKeys, TenantInfo info, List<TenantSecretStore> tenantSecretStores, ArchiveAccess archiveAccess, Optional<Instant> invalidateUserSessionsBefore) { super(name, createdAt, lastLoginInfo, Optional.empty()); this.creator = creator; @@ -45,12 +46,12 @@ public class CloudTenant extends Tenant { return new CloudTenant(requireName(tenantName), createdAt, LastLoginInfo.EMPTY, - Optional.ofNullable(creator), + Optional.ofNullable(creator).map(SimplePrincipal::of), ImmutableBiMap.of(), TenantInfo.empty(), List.of(), new ArchiveAccess(), Optional.empty()); } /** The user that created the tenant */ - public Optional<Principal> creator() { + public Optional<SimplePrincipal> creator() { return creator; } @@ -60,7 +61,7 @@ public class CloudTenant extends Tenant { } /** Returns the set of developer keys and their corresponding developers for this tenant. */ - public BiMap<PublicKey, Principal> developerKeys() { return developerKeys; } + public BiMap<PublicKey, SimplePrincipal> developerKeys() { return developerKeys; } /** List of configured secret stores */ public List<TenantSecretStore> tenantSecretStores() { diff --git a/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/LockedTenant.java b/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/LockedTenant.java index a340982bec0..da40f63d543 100644 --- a/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/LockedTenant.java +++ b/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/LockedTenant.java @@ -125,15 +125,15 @@ public abstract class LockedTenant { /** A locked CloudTenant. */ public static class Cloud extends LockedTenant { - private final Optional<Principal> creator; - private final BiMap<PublicKey, Principal> developerKeys; + private final Optional<SimplePrincipal> creator; + private final BiMap<PublicKey, SimplePrincipal> developerKeys; private final TenantInfo info; private final List<TenantSecretStore> tenantSecretStores; private final ArchiveAccess archiveAccess; private final Optional<Instant> invalidateUserSessionsBefore; - private Cloud(TenantName name, Instant createdAt, LastLoginInfo lastLoginInfo, Optional<Principal> creator, - BiMap<PublicKey, Principal> developerKeys, TenantInfo info, + private Cloud(TenantName name, Instant createdAt, LastLoginInfo lastLoginInfo, Optional<SimplePrincipal> creator, + BiMap<PublicKey, SimplePrincipal> developerKeys, TenantInfo info, List<TenantSecretStore> tenantSecretStores, ArchiveAccess archiveAccess, Optional<Instant> invalidateUserSessionsBefore) { super(name, createdAt, lastLoginInfo); this.developerKeys = ImmutableBiMap.copyOf(developerKeys); @@ -154,18 +154,18 @@ public abstract class LockedTenant { } public Cloud withDeveloperKey(PublicKey key, Principal principal) { - BiMap<PublicKey, Principal> keys = HashBiMap.create(developerKeys); - principal = new SimplePrincipal(principal.getName()); + BiMap<PublicKey, SimplePrincipal> keys = HashBiMap.create(developerKeys); + SimplePrincipal simplePrincipal = new SimplePrincipal(principal.getName()); if (keys.containsKey(key)) throw new IllegalArgumentException("Key " + KeyUtils.toPem(key) + " is already owned by " + keys.get(key)); - if (keys.inverse().containsKey(principal)) - throw new IllegalArgumentException(principal + " is already associated with key " + KeyUtils.toPem(keys.inverse().get(principal))); - keys.put(key, principal); + if (keys.inverse().containsKey(simplePrincipal)) + throw new IllegalArgumentException(principal + " is already associated with key " + KeyUtils.toPem(keys.inverse().get(simplePrincipal))); + keys.put(key, simplePrincipal); return new Cloud(name, createdAt, lastLoginInfo, creator, keys, info, tenantSecretStores, archiveAccess, invalidateUserSessionsBefore); } public Cloud withoutDeveloperKey(PublicKey key) { - BiMap<PublicKey, Principal> keys = HashBiMap.create(developerKeys); + BiMap<PublicKey, SimplePrincipal> keys = HashBiMap.create(developerKeys); keys.remove(key); return new Cloud(name, createdAt, lastLoginInfo, creator, keys, info, tenantSecretStores, archiveAccess, invalidateUserSessionsBefore); } diff --git a/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/persistence/TenantSerializer.java b/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/persistence/TenantSerializer.java index e91fbe8b1b7..fc7cafe4c89 100644 --- a/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/persistence/TenantSerializer.java +++ b/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/persistence/TenantSerializer.java @@ -137,7 +137,7 @@ public class TenantSerializer { root.setLong(deletedAtField, tenant.deletedAt().toEpochMilli()); } - private void developerKeysToSlime(BiMap<PublicKey, Principal> keys, Cursor array) { + private void developerKeysToSlime(BiMap<PublicKey, ? extends Principal> keys, Cursor array) { keys.forEach((key, user) -> { Cursor object = array.addObject(); object.setString("key", KeyUtils.toPem(key)); @@ -184,8 +184,8 @@ public class TenantSerializer { TenantName name = TenantName.from(tenantObject.field(nameField).asString()); Instant createdAt = SlimeUtils.instant(tenantObject.field(createdAtField)); LastLoginInfo lastLoginInfo = lastLoginInfoFromSlime(tenantObject.field(lastLoginInfoField)); - Optional<Principal> creator = SlimeUtils.optionalString(tenantObject.field(creatorField)).map(SimplePrincipal::new); - BiMap<PublicKey, Principal> developerKeys = developerKeysFromSlime(tenantObject.field(pemDeveloperKeysField)); + Optional<SimplePrincipal> creator = SlimeUtils.optionalString(tenantObject.field(creatorField)).map(SimplePrincipal::new); + BiMap<PublicKey, SimplePrincipal> developerKeys = developerKeysFromSlime(tenantObject.field(pemDeveloperKeysField)); TenantInfo info = tenantInfoFromSlime(tenantObject.field(tenantInfoField)); List<TenantSecretStore> tenantSecretStores = secretStoresFromSlime(tenantObject.field(secretStoresField)); ArchiveAccess archiveAccess = archiveAccessFromSlime(tenantObject); @@ -200,8 +200,8 @@ public class TenantSerializer { return new DeletedTenant(name, createdAt, deletedAt); } - private BiMap<PublicKey, Principal> developerKeysFromSlime(Inspector array) { - ImmutableBiMap.Builder<PublicKey, Principal> keys = ImmutableBiMap.builder(); + private BiMap<PublicKey, SimplePrincipal> developerKeysFromSlime(Inspector array) { + ImmutableBiMap.Builder<PublicKey, SimplePrincipal> keys = ImmutableBiMap.builder(); array.traverse((ArrayTraverser) (__, keyObject) -> keys.put(KeyUtils.fromPemEncodedPublicKey(keyObject.field("key").asString()), new SimplePrincipal(keyObject.field("user").asString()))); diff --git a/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/restapi/application/ApplicationApiHandler.java b/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/restapi/application/ApplicationApiHandler.java index a4bb9034a85..9011274482b 100644 --- a/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/restapi/application/ApplicationApiHandler.java +++ b/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/restapi/application/ApplicationApiHandler.java @@ -1081,7 +1081,7 @@ public class ApplicationApiHandler extends AuditLoggingRequestHandler { return new SlimeJsonResponse(root); } - private void toSlime(Cursor keysArray, Map<PublicKey, Principal> keys) { + private void toSlime(Cursor keysArray, Map<PublicKey, ? extends Principal> keys) { keys.forEach((key, principal) -> { Cursor keyObject = keysArray.addObject(); keyObject.setString("key", KeyUtils.toPem(key)); diff --git a/controller-server/src/test/java/com/yahoo/vespa/hosted/controller/restapi/filter/SignatureFilterTest.java b/controller-server/src/test/java/com/yahoo/vespa/hosted/controller/restapi/filter/SignatureFilterTest.java index ec9be1f04c3..fcbecfa2e68 100644 --- a/controller-server/src/test/java/com/yahoo/vespa/hosted/controller/restapi/filter/SignatureFilterTest.java +++ b/controller-server/src/test/java/com/yahoo/vespa/hosted/controller/restapi/filter/SignatureFilterTest.java @@ -121,7 +121,7 @@ public class SignatureFilterTest { Instant.EPOCH, LastLoginInfo.EMPTY, Optional.empty(), - ImmutableBiMap.of(publicKey, () -> "user"), + ImmutableBiMap.of(publicKey, new SimplePrincipal("user")), TenantInfo.empty(), List.of(), new ArchiveAccess(), |