diff options
17 files changed, 128 insertions, 143 deletions
diff --git a/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/ServiceRegistry.java b/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/ServiceRegistry.java index b9cb0d773c6..d4e11163343 100644 --- a/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/ServiceRegistry.java +++ b/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/ServiceRegistry.java @@ -30,6 +30,7 @@ import com.yahoo.vespa.hosted.controller.api.integration.resource.MeteringClient import com.yahoo.vespa.hosted.controller.api.integration.resource.ResourceDatabaseClient; import com.yahoo.vespa.hosted.controller.api.integration.routing.GlobalRoutingService; import com.yahoo.vespa.hosted.controller.api.integration.secrets.TenantSecretService; +import com.yahoo.vespa.hosted.controller.api.integration.user.RoleMaintainer; import com.yahoo.vespa.hosted.controller.api.integration.vcmr.ChangeRequestClient; import com.yahoo.vespa.hosted.controller.api.integration.zone.ZoneRegistry; @@ -108,4 +109,6 @@ public interface ServiceRegistry { HorizonClient horizonClient(); PlanRegistry planRegistry(); + + RoleMaintainer roleMaintainer(); } diff --git a/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/athenz/ZmsClientMock.java b/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/athenz/ZmsClientMock.java index 561475caa54..4679f660319 100644 --- a/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/athenz/ZmsClientMock.java +++ b/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/athenz/ZmsClientMock.java @@ -252,6 +252,10 @@ public class ZmsClientMock implements ZmsClient { } @Override + public void deleteRole(AthenzRole athenzRole) { + athenz.domains.get(athenzRole.domain()).roles.removeIf(role -> role.name().equals(athenzRole.roleName())); + } + @Override public void close() {} private static AthenzDomain getTenantDomain(AthenzResourceName resource) { diff --git a/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/user/RoleMaintainer.java b/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/user/RoleMaintainer.java new file mode 100644 index 00000000000..97a15b421c5 --- /dev/null +++ b/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/user/RoleMaintainer.java @@ -0,0 +1,20 @@ +// Copyright Yahoo. Licensed under the terms of the Apache 2.0 license. See LICENSE in the project root. +package com.yahoo.vespa.hosted.controller.api.integration.user; + +import com.yahoo.config.provision.ApplicationId; +import com.yahoo.vespa.hosted.controller.tenant.Tenant; + +import java.util.List; + +/** + * @author olaa + */ +public interface RoleMaintainer { + + /** Given the set of all existing tenants and applications, delete any superflous roles */ + void deleteLeftoverRoles(List<Tenant> tenants, List<ApplicationId> applications); + + /** Finds the subset of tenants that should be deleted based on role/domain existence */ + List<Tenant> tenantsToDelete(List<Tenant> tenants); + +} diff --git a/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/user/RoleMaintainerMock.java b/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/user/RoleMaintainerMock.java new file mode 100644 index 00000000000..df39f51b6fe --- /dev/null +++ b/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/user/RoleMaintainerMock.java @@ -0,0 +1,23 @@ +// Copyright Yahoo. Licensed under the terms of the Apache 2.0 license. See LICENSE in the project root. +package com.yahoo.vespa.hosted.controller.api.integration.user; + +import com.yahoo.config.provision.ApplicationId; +import com.yahoo.vespa.hosted.controller.tenant.Tenant; + +import java.util.List; + +/** + * @author olaa + */ +public class RoleMaintainerMock implements RoleMaintainer { + + @Override + public void deleteLeftoverRoles(List<Tenant> tenants, List<ApplicationId> applications) { + + } + + @Override + public List<Tenant> tenantsToDelete(List<Tenant> tenants) { + return List.of(); + } +} diff --git a/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/maintenance/ControllerMaintenance.java b/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/maintenance/ControllerMaintenance.java index f11cd78c303..913d6dfeab8 100644 --- a/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/maintenance/ControllerMaintenance.java +++ b/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/maintenance/ControllerMaintenance.java @@ -74,7 +74,7 @@ public class ControllerMaintenance extends AbstractComponent { maintainers.add(new VcmrMaintainer(controller, intervals.vcmrMaintainer)); maintainers.add(new CloudTrialExpirer(controller, intervals.defaultInterval)); maintainers.add(new RetriggerMaintainer(controller, intervals.retriggerMaintainer)); - maintainers.add(new UserManagementMaintainer(controller, intervals.userManagementMaintainer, userManagement)); + maintainers.add(new UserManagementMaintainer(controller, intervals.userManagementMaintainer, controller.serviceRegistry().roleMaintainer())); } public Upgrader upgrader() { return upgrader; } diff --git a/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/maintenance/UserManagementMaintainer.java b/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/maintenance/UserManagementMaintainer.java index 5f6f917bc75..52073ad13dc 100644 --- a/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/maintenance/UserManagementMaintainer.java +++ b/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/maintenance/UserManagementMaintainer.java @@ -1,17 +1,13 @@ // Copyright Yahoo. Licensed under the terms of the Apache 2.0 license. See LICENSE in the project root. package com.yahoo.vespa.hosted.controller.maintenance; +import com.yahoo.config.provision.ApplicationId; +import com.yahoo.config.provision.InstanceName; import com.yahoo.config.provision.SystemName; -import com.yahoo.vespa.hosted.controller.Application; import com.yahoo.vespa.hosted.controller.Controller; -import com.yahoo.vespa.hosted.controller.api.integration.user.Roles; -import com.yahoo.vespa.hosted.controller.api.integration.user.UserManagement; -import com.yahoo.vespa.hosted.controller.api.role.ApplicationRole; -import com.yahoo.vespa.hosted.controller.api.role.Role; -import com.yahoo.vespa.hosted.controller.api.role.TenantRole; +import com.yahoo.vespa.hosted.controller.api.integration.user.RoleMaintainer; import java.time.Duration; -import java.util.List; import java.util.logging.Logger; import java.util.stream.Collectors; @@ -23,43 +19,32 @@ import java.util.stream.Collectors; */ public class UserManagementMaintainer extends ControllerMaintainer { - private final UserManagement userManagement; - + private final RoleMaintainer roleMaintainer; private static final Logger logger = Logger.getLogger(UserManagementMaintainer.class.getName()); - public UserManagementMaintainer(Controller controller, Duration interval, UserManagement userManagement) { + public UserManagementMaintainer(Controller controller, Duration interval, RoleMaintainer roleMaintainer) { super(controller, interval, UserManagementMaintainer.class.getSimpleName(), SystemName.allOf(SystemName::isPublic)); - this.userManagement = userManagement; - + this.roleMaintainer = roleMaintainer; } @Override protected double maintain() { - findLeftoverRoles().forEach(role -> { - logger.warning(String.format("Found unexpected %s - Deleting", role.toString())); - userManagement.deleteRole(role); - }); - return 1.0; - } - - // protected for testing - protected List<Role> findLeftoverRoles() { - var tenantRoles = controller().tenants().asList() + var tenants = controller().tenants().asList(); + var applications = controller().applications().idList() .stream() - .flatMap(tenant -> Roles.tenantRoles(tenant.name()).stream()) + .map(appId -> ApplicationId.from(appId.tenant(), appId.application(), InstanceName.defaultName())) .collect(Collectors.toList()); + roleMaintainer.deleteLeftoverRoles(tenants, applications); - var applicationRoles = controller().applications().asList() - .stream() - .map(Application::id) - .flatMap(applicationId -> Roles.applicationRoles(applicationId.tenant(), applicationId.application()).stream()) - .collect(Collectors.toList()); + if (!controller().system().isPublic()) { + roleMaintainer.tenantsToDelete(tenants) + .forEach(tenant -> { + // TODO: controller().tenants().delete(tenant.name()); + logger.fine("Want to delete tenant " + tenant.name()); + }); + } - return userManagement.listRoles().stream() - .peek(role -> logger.fine(role::toString)) - .filter(role -> role instanceof TenantRole || role instanceof ApplicationRole) - .filter(role -> !tenantRoles.contains(role) && !applicationRoles.contains(role)) - .collect(Collectors.toList()); + return 1.0; } } diff --git a/controller-server/src/test/java/com/yahoo/vespa/hosted/controller/integration/ServiceRegistryMock.java b/controller-server/src/test/java/com/yahoo/vespa/hosted/controller/integration/ServiceRegistryMock.java index 43ef9daa178..b1311b8081c 100644 --- a/controller-server/src/test/java/com/yahoo/vespa/hosted/controller/integration/ServiceRegistryMock.java +++ b/controller-server/src/test/java/com/yahoo/vespa/hosted/controller/integration/ServiceRegistryMock.java @@ -44,6 +44,8 @@ import com.yahoo.vespa.hosted.controller.api.integration.stubs.MockMailer; import com.yahoo.vespa.hosted.controller.api.integration.stubs.MockMeteringClient; import com.yahoo.vespa.hosted.controller.api.integration.stubs.MockRunDataStore; import com.yahoo.vespa.hosted.controller.api.integration.stubs.MockTesterCloud; +import com.yahoo.vespa.hosted.controller.api.integration.user.RoleMaintainer; +import com.yahoo.vespa.hosted.controller.api.integration.user.RoleMaintainerMock; import com.yahoo.vespa.hosted.controller.api.integration.vcmr.MockChangeRequestClient; /** @@ -86,6 +88,7 @@ public class ServiceRegistryMock extends AbstractComponent implements ServiceReg private final PlanRegistry planRegistry = new PlanRegistryMock(); private final ResourceDatabaseClient resourceDb = new ResourceDatabaseClientMock(planRegistry); private final BillingDatabaseClient billingDb = new BillingDatabaseClientMock(clock, planRegistry); + private final RoleMaintainer roleMaintainer = new RoleMaintainerMock(); public ServiceRegistryMock(SystemName system) { this.zoneRegistryMock = new ZoneRegistryMock(system); @@ -267,6 +270,11 @@ public class ServiceRegistryMock extends AbstractComponent implements ServiceReg return billingDb; } + @Override + public RoleMaintainer roleMaintainer() { + return roleMaintainer; + } + public ConfigServerMock configServerMock() { return configServerMock; } diff --git a/controller-server/src/test/java/com/yahoo/vespa/hosted/controller/maintenance/UserManagementMaintainerTest.java b/controller-server/src/test/java/com/yahoo/vespa/hosted/controller/maintenance/UserManagementMaintainerTest.java deleted file mode 100644 index 52cb3ce121f..00000000000 --- a/controller-server/src/test/java/com/yahoo/vespa/hosted/controller/maintenance/UserManagementMaintainerTest.java +++ /dev/null @@ -1,47 +0,0 @@ -// Copyright Yahoo. Licensed under the terms of the Apache 2.0 license. See LICENSE in the project root. -package com.yahoo.vespa.hosted.controller.maintenance; - -import com.yahoo.config.provision.ApplicationName; -import com.yahoo.config.provision.TenantName; -import com.yahoo.vespa.hosted.controller.ControllerTester; -import com.yahoo.vespa.hosted.controller.api.integration.stubs.MockUserManagement; -import com.yahoo.vespa.hosted.controller.api.integration.user.Roles; -import com.yahoo.vespa.hosted.controller.api.integration.user.UserManagement; -import com.yahoo.vespa.hosted.controller.api.role.Role; -import org.junit.Test; - -import java.time.Duration; - -import static org.junit.Assert.*; - -/** - * @author olaa - */ -public class UserManagementMaintainerTest { - - private final ControllerTester tester = new ControllerTester(); - private final UserManagement userManagement = new MockUserManagement(); - private final UserManagementMaintainer userManagementMaintainer = new UserManagementMaintainer(tester.controller(), Duration.ofMinutes(1), userManagement); - - private final TenantName tenant = TenantName.from("tenant1"); - private final ApplicationName app = ApplicationName.from("app1"); - private final TenantName deletedTenant = TenantName.from("deleted-tenant"); - - @Test - public void finds_superfluous_roles() { - tester.createTenant(tenant.value()); - tester.createApplication(tenant.value(), app.value()); - - Roles.tenantRoles(tenant).forEach(userManagement::createRole); - Roles.applicationRoles(tenant, app).forEach(userManagement::createRole); - Roles.tenantRoles(deletedTenant).forEach(userManagement::createRole); - userManagement.createRole(Role.hostedSupporter()); - - var expectedRoles = Roles.tenantRoles(deletedTenant); - var actualRoles = userManagementMaintainer.findLeftoverRoles(); - - assertEquals(expectedRoles.size(), actualRoles.size()); - assertTrue(expectedRoles.containsAll(actualRoles) && actualRoles.containsAll(expectedRoles)); - } - -} diff --git a/eval/src/vespa/eval/eval/llvm/compile_cache.cpp b/eval/src/vespa/eval/eval/llvm/compile_cache.cpp index a439520677a..43ed724e010 100644 --- a/eval/src/vespa/eval/eval/llvm/compile_cache.cpp +++ b/eval/src/vespa/eval/eval/llvm/compile_cache.cpp @@ -4,8 +4,7 @@ #include <vespa/eval/eval/key_gen.h> #include <thread> -namespace vespalib { -namespace eval { +namespace vespalib::eval { std::mutex CompileCache::_lock{}; CompileCache::Map CompileCache::_cached{}; @@ -148,5 +147,4 @@ CompileCache::CompileTask::run() result->cond.notify_all(); } -} // namespace vespalib::eval -} // namespace vespalib +} diff --git a/fnet/src/tests/info/info.cpp b/fnet/src/tests/info/info.cpp index f2299df839e..4271546e647 100644 --- a/fnet/src/tests/info/info.cpp +++ b/fnet/src/tests/info/info.cpp @@ -77,10 +77,10 @@ TEST("size of important objects") #else constexpr size_t MUTEX_SIZE = 40u; #endif - EXPECT_EQUAL(MUTEX_SIZE + 128u, sizeof(FNET_IOComponent)); + EXPECT_EQUAL(MUTEX_SIZE + sizeof(std::string) + 112u, sizeof(FNET_IOComponent)); EXPECT_EQUAL(32u, sizeof(FNET_Channel)); EXPECT_EQUAL(40u, sizeof(FNET_PacketQueue_NoLock)); - EXPECT_EQUAL(MUTEX_SIZE + 432u, sizeof(FNET_Connection)); + EXPECT_EQUAL(MUTEX_SIZE + sizeof(std::string) + 416u, sizeof(FNET_Connection)); EXPECT_EQUAL(48u, sizeof(std::condition_variable)); EXPECT_EQUAL(56u, sizeof(FNET_DataBuffer)); EXPECT_EQUAL(8u, sizeof(FNET_Context)); diff --git a/fnet/src/vespa/fnet/connection.h b/fnet/src/vespa/fnet/connection.h index 6efb147d37f..e86b670b7e5 100644 --- a/fnet/src/vespa/fnet/connection.h +++ b/fnet/src/vespa/fnet/connection.h @@ -53,7 +53,7 @@ public: class FNET_Connection : public FNET_IOComponent { public: - enum State { + enum State : uint8_t { FNET_CONNECTING, FNET_CONNECTED, FNET_CLOSING, @@ -118,9 +118,6 @@ private: static std::atomic<uint64_t> _num_connections; // total number of connections - FNET_Connection(const FNET_Connection &); - FNET_Connection &operator=(const FNET_Connection &); - /** * Get next ID that may be used for multiplexing on this connection. @@ -245,6 +242,8 @@ private: */ vespalib::string GetPeerSpec() const; public: + FNET_Connection(const FNET_Connection &) = delete; + FNET_Connection &operator=(const FNET_Connection &) = delete; /** * Construct a connection in server aspect. diff --git a/fnet/src/vespa/fnet/frt/reflection.cpp b/fnet/src/vespa/fnet/frt/reflection.cpp index 0719c8b4c71..211e681df94 100644 --- a/fnet/src/vespa/fnet/frt/reflection.cpp +++ b/fnet/src/vespa/fnet/frt/reflection.cpp @@ -9,42 +9,30 @@ FRT_Method::FRT_Method(const char * name, const char * paramSpec, const char * r FRT_METHOD_PT method, FRT_Invokable * handler) : _hashNext(nullptr), _listNext(nullptr), - _name(strdup(name)), - _paramSpec(strdup(paramSpec)), - _returnSpec(strdup(returnSpec)), + _name(name), + _paramSpec(paramSpec), + _returnSpec(returnSpec), _method(method), _handler(handler), - _docLen(0), - _doc(nullptr) + _doc() { - assert(_name != nullptr); - assert(_paramSpec != nullptr); - assert(_returnSpec != nullptr); } -FRT_Method::~FRT_Method() { - free(_name); - free(_paramSpec); - free(_returnSpec); - free(_doc); -} +FRT_Method::~FRT_Method() = default; void FRT_Method::SetDocumentation(FRT_Values *values) { - free(_doc); - _docLen = values->GetLength(); - _doc = (char *) malloc(_docLen); - assert(_doc != nullptr); + _doc.resize(values->GetLength()); - FNET_DataBuffer buf(_doc, _docLen); + FNET_DataBuffer buf(&_doc[0], _doc.size()); values->EncodeCopy(&buf); } void FRT_Method::GetDocumentation(FRT_Values *values) { - FNET_DataBuffer buf(_doc, _docLen); - buf.FreeToData(_docLen); - values->DecodeCopy(&buf, _docLen); + FNET_DataBuffer buf(&_doc[0], _doc.size()); + buf.FreeToData(_doc.size()); + values->DecodeCopy(&buf, _doc.size()); } FRT_ReflectionManager::FRT_ReflectionManager() diff --git a/fnet/src/vespa/fnet/frt/reflection.h b/fnet/src/vespa/fnet/frt/reflection.h index c867bbb45ec..6267cafeeb1 100644 --- a/fnet/src/vespa/fnet/frt/reflection.h +++ b/fnet/src/vespa/fnet/frt/reflection.h @@ -3,7 +3,8 @@ #pragma once #include "invokable.h" -#include <cstdint> +#include <string> +#include <vector> class FRT_Values; class FRT_Supervisor; @@ -14,20 +15,18 @@ class FRT_Method friend class FRT_ReflectionManager; private: - FRT_Method *_hashNext; // list of methods in hash bucket - FRT_Method *_listNext; // list of all methods - char *_name; // method name - char *_paramSpec; // method parameter spec - char *_returnSpec; // method return spec - FRT_METHOD_PT _method; // method pointer - FRT_Invokable *_handler; // method handler - uint32_t _docLen; // method documentation length - char *_doc; // method documentation - - FRT_Method(const FRT_Method &); - FRT_Method &operator=(const FRT_Method &); + FRT_Method *_hashNext; // list of methods in hash bucket + FRT_Method *_listNext; // list of all methods + std::string _name; // method name + std::string _paramSpec; // method parameter spec + std::string _returnSpec; // method return spec + FRT_METHOD_PT _method; // method pointer + FRT_Invokable *_handler; // method handler + std::vector<char> _doc; // method documentation public: + FRT_Method(const FRT_Method &) = delete; + FRT_Method &operator=(const FRT_Method &) = delete; FRT_Method(const char *name, const char *paramSpec, const char *returnSpec, @@ -37,9 +36,9 @@ public: ~FRT_Method(); FRT_Method *GetNext() { return _listNext; } - const char *GetName() { return _name; } - const char *GetParamSpec() { return _paramSpec; } - const char *GetReturnSpec() { return _returnSpec; } + const char *GetName() { return _name.c_str(); } + const char *GetParamSpec() { return _paramSpec.c_str(); } + const char *GetReturnSpec() { return _returnSpec.c_str(); } FRT_METHOD_PT GetMethod() { return _method; } FRT_Invokable *GetHandler() { return _handler; } void SetDocumentation(FRT_Values *values); diff --git a/fnet/src/vespa/fnet/iocomponent.cpp b/fnet/src/vespa/fnet/iocomponent.cpp index eeda3e12bea..f08718c0c5c 100644 --- a/fnet/src/vespa/fnet/iocomponent.cpp +++ b/fnet/src/vespa/fnet/iocomponent.cpp @@ -12,23 +12,20 @@ FNET_IOComponent::FNET_IOComponent(FNET_TransportThread *owner, : _ioc_next(nullptr), _ioc_prev(nullptr), _ioc_owner(owner), - _ioc_socket_fd(socket_fd), _ioc_selector(nullptr), - _ioc_spec(nullptr), + _ioc_spec(spec), _flags(shouldTimeOut), + _ioc_socket_fd(socket_fd), + _ioc_refcnt(1), _ioc_timestamp(vespalib::steady_clock::now()), _ioc_lock(), - _ioc_cond(), - _ioc_refcnt(1) + _ioc_cond() { - _ioc_spec = strdup(spec); - assert(_ioc_spec != nullptr); } FNET_IOComponent::~FNET_IOComponent() { - free(_ioc_spec); assert(_ioc_selector == nullptr); } diff --git a/fnet/src/vespa/fnet/iocomponent.h b/fnet/src/vespa/fnet/iocomponent.h index 9220b6dfe8f..b4f061e5bc0 100644 --- a/fnet/src/vespa/fnet/iocomponent.h +++ b/fnet/src/vespa/fnet/iocomponent.h @@ -21,9 +21,6 @@ class FNET_IOComponent { friend class FNET_TransportThread; - FNET_IOComponent(const FNET_IOComponent &); - FNET_IOComponent &operator=(const FNET_IOComponent &); - using Selector = vespalib::Selector<FNET_IOComponent>; struct Flags { @@ -44,16 +41,18 @@ protected: FNET_IOComponent *_ioc_next; // next in list FNET_IOComponent *_ioc_prev; // prev in list FNET_TransportThread *_ioc_owner; // owner(TransportThread) ref. - int _ioc_socket_fd; // source of events. Selector *_ioc_selector; // attached event selector - char *_ioc_spec; // connect/listen spec + std::string _ioc_spec; // connect/listen spec Flags _flags; // Compressed representation of boolean flags; + int _ioc_socket_fd; // source of events. + uint32_t _ioc_refcnt; // reference counter vespalib::steady_time _ioc_timestamp; // last I/O activity std::mutex _ioc_lock; // synchronization std::condition_variable _ioc_cond; // synchronization - uint32_t _ioc_refcnt; // reference counter public: + FNET_IOComponent(const FNET_IOComponent &) = delete; + FNET_IOComponent &operator=(const FNET_IOComponent &) = delete; /** * Construct an IOComponent with the given owner. The socket that @@ -80,7 +79,7 @@ public: /** * @return connect/listen spec **/ - const char *GetSpec() const { return _ioc_spec; } + const char *GetSpec() const { return _ioc_spec.c_str(); } /* * Get a guard to gain exclusive access. diff --git a/vespa-athenz/src/main/java/com/yahoo/vespa/athenz/client/zms/DefaultZmsClient.java b/vespa-athenz/src/main/java/com/yahoo/vespa/athenz/client/zms/DefaultZmsClient.java index 4a3dc30d7ed..ce12637ccb0 100644 --- a/vespa-athenz/src/main/java/com/yahoo/vespa/athenz/client/zms/DefaultZmsClient.java +++ b/vespa-athenz/src/main/java/com/yahoo/vespa/athenz/client/zms/DefaultZmsClient.java @@ -385,6 +385,13 @@ public class DefaultZmsClient extends ClientBase implements ZmsClient { return Set.copyOf(listResponse.entity); } + @Override + public void deleteRole(AthenzRole role) { + URI uri = zmsUrl.resolve(String.format("domain/%s/role/%s", role.domain().getName(), role.roleName())); + HttpUriRequest request = RequestBuilder.delete(uri).build(); + execute(request, response -> readEntity(response, Void.class)); + } + private static Header createCookieHeaderWithOktaTokens(OktaIdentityToken identityToken, OktaAccessToken accessToken) { return new BasicHeader("Cookie", String.format("okta_at=%s; okta_it=%s", accessToken.token(), identityToken.token())); } diff --git a/vespa-athenz/src/main/java/com/yahoo/vespa/athenz/client/zms/ZmsClient.java b/vespa-athenz/src/main/java/com/yahoo/vespa/athenz/client/zms/ZmsClient.java index 823b5843115..aa038b5bb23 100644 --- a/vespa-athenz/src/main/java/com/yahoo/vespa/athenz/client/zms/ZmsClient.java +++ b/vespa-athenz/src/main/java/com/yahoo/vespa/athenz/client/zms/ZmsClient.java @@ -79,5 +79,7 @@ public interface ZmsClient extends AutoCloseable { Set<String> listPolicies(AthenzDomain domain); + void deleteRole(AthenzRole athenzRole); + void close(); } |