diff options
4 files changed, 36 insertions, 7 deletions
diff --git a/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/role/PathGroup.java b/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/role/PathGroup.java index 5e5dfcd6aed..3b6c86222ac 100644 --- a/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/role/PathGroup.java +++ b/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/role/PathGroup.java @@ -202,10 +202,6 @@ enum PathGroup { classifiedTenantInfo("/application/v4/", "/application/v4/tenant/"), - /** Paths which contain (not very strictly) classified information about, e.g., customers. */ - classifiedInfo("/", - "/d/{*}"), - /** Paths providing public information. */ publicInfo("/user/v1/user", // Information about who you are. "/badge/v1/{*}", // Badges for deployment jobs. @@ -229,7 +225,10 @@ enum PathGroup { endpointCertificateRequestInfo("/certificateRequests/"), /** Path used for secret store management */ - secretStore(Matcher.tenant, "/application/v4/tenant/{tenant}/secret-store/{*}"); + secretStore(Matcher.tenant, "/application/v4/tenant/{tenant}/secret-store/{*}"), + + /** Paths used to proxy Horizon metric requests */ + horizonProxy("/horizion/v1/{*}"); final List<String> pathSpecs; final List<Matcher> matchers; diff --git a/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/role/Policy.java b/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/role/Policy.java index ee5f1d806ab..eae5ad5b685 100644 --- a/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/role/Policy.java +++ b/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/role/Policy.java @@ -201,7 +201,11 @@ enum Policy { /** Secret store operations */ secretStoreOperations(Privilege.grant(Action.all()) .on(PathGroup.secretStore) - .in(SystemName.PublicCd, SystemName.Public)); + .in(SystemName.PublicCd, SystemName.Public)), + + horizonProxyOperations(Privilege.grant(Action.all()) + .on(PathGroup.horizonProxy) + .in(SystemName.PublicCd)); private final Set<Privilege> privileges; diff --git a/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/role/RoleDefinition.java b/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/role/RoleDefinition.java index a0ee0fe3548..3b0e7222cf1 100644 --- a/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/role/RoleDefinition.java +++ b/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/role/RoleDefinition.java @@ -44,7 +44,8 @@ public enum RoleDefinition { Policy.publicRead, Policy.paymentInstrumentRead, Policy.paymentInstrumentDelete, - Policy.billingInformationRead), + Policy.billingInformationRead, + Policy.horizonProxyOperations), /** User — the dev.ops. role for normal Vespa tenant users */ developer(Policy.applicationCreate, diff --git a/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/restapi/horizon/HorizonApiHandler.java b/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/restapi/horizon/HorizonApiHandler.java new file mode 100644 index 00000000000..83efccbf1e5 --- /dev/null +++ b/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/restapi/horizon/HorizonApiHandler.java @@ -0,0 +1,25 @@ +package com.yahoo.vespa.hosted.controller.restapi.horizon; + +import com.google.inject.Inject; +import com.yahoo.container.jdisc.HttpRequest; +import com.yahoo.container.jdisc.HttpResponse; +import com.yahoo.container.jdisc.LoggingRequestHandler; +import com.yahoo.restapi.MessageResponse; + +/** + * Proxies metrics requests from Horizon UI + * + * @author valerijf + */ +public class HorizonApiHandler extends LoggingRequestHandler { + + @Inject + public HorizonApiHandler(LoggingRequestHandler.Context parentCtx) { + super(parentCtx); + } + + @Override + public HttpResponse handle(HttpRequest request) { + return new MessageResponse("OK"); + } +} |