diff options
39 files changed, 119 insertions, 213 deletions
diff --git a/controller-api/pom.xml b/controller-api/pom.xml index 53d84b786ae..543ab24999d 100644 --- a/controller-api/pom.xml +++ b/controller-api/pom.xml @@ -39,13 +39,6 @@ <version>${project.version}</version> </dependency> - <dependency> - <groupId>com.yahoo.vespa</groupId> - <artifactId>vespa-athenz</artifactId> - <scope>provided</scope> - <version>${project.version}</version> - </dependency> - <!-- compile --> <dependency> diff --git a/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/application/v4/model/AthenzDomainsResponse.java b/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/application/v4/model/AthenzDomainsResponse.java index 6bf9479d1fc..e5a8e0b4a53 100644 --- a/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/application/v4/model/AthenzDomainsResponse.java +++ b/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/application/v4/model/AthenzDomainsResponse.java @@ -2,7 +2,7 @@ package com.yahoo.vespa.hosted.controller.api.application.v4.model; import com.fasterxml.jackson.annotation.JsonIgnoreProperties; -import com.yahoo.vespa.athenz.api.AthenzDomain; +import com.yahoo.vespa.hosted.controller.api.identifiers.AthenzDomain; import java.util.List; diff --git a/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/application/v4/model/TenantCreateOptions.java b/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/application/v4/model/TenantCreateOptions.java index aaa80ad73a2..69658ca4052 100644 --- a/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/application/v4/model/TenantCreateOptions.java +++ b/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/application/v4/model/TenantCreateOptions.java @@ -3,7 +3,7 @@ package com.yahoo.vespa.hosted.controller.api.application.v4.model; import com.fasterxml.jackson.annotation.JsonIgnoreProperties; import com.fasterxml.jackson.annotation.JsonInclude; -import com.yahoo.vespa.athenz.api.AthenzDomain; +import com.yahoo.vespa.hosted.controller.api.identifiers.AthenzDomain; import com.yahoo.vespa.hosted.controller.api.identifiers.Property; import com.yahoo.vespa.hosted.controller.api.identifiers.PropertyId; import com.yahoo.vespa.hosted.controller.api.identifiers.UserGroup; @@ -37,7 +37,7 @@ public class TenantCreateOptions { public String toString() { StringBuilder sb = new StringBuilder(); sb.append("options: "); - sb.append("athens-domain='").append(this.athensDomain.getName()).append("', "); + sb.append("athens-domain='").append(this.athensDomain).append("', "); sb.append("property='").append(this.property).append("'"); if (this.propertyId != null) { sb.append(", propertyId='").append(this.propertyId).append("'"); diff --git a/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/application/v4/model/TenantMetaData.java b/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/application/v4/model/TenantMetaData.java index da088c76fda..a8544226f39 100644 --- a/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/application/v4/model/TenantMetaData.java +++ b/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/application/v4/model/TenantMetaData.java @@ -4,7 +4,7 @@ package com.yahoo.vespa.hosted.controller.api.application.v4.model; import com.fasterxml.jackson.annotation.JsonIgnoreProperties; import com.fasterxml.jackson.annotation.JsonInclude; import com.fasterxml.jackson.annotation.JsonInclude.Include; -import com.yahoo.vespa.athenz.api.AthenzDomain; +import com.yahoo.vespa.hosted.controller.api.identifiers.AthenzDomain; import com.yahoo.vespa.hosted.controller.api.identifiers.Property; import com.yahoo.vespa.hosted.controller.api.identifiers.UserGroup; diff --git a/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/application/v4/model/TenantMigrateOptions.java b/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/application/v4/model/TenantMigrateOptions.java index 39561c31ed8..7e30ae6c2c2 100644 --- a/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/application/v4/model/TenantMigrateOptions.java +++ b/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/application/v4/model/TenantMigrateOptions.java @@ -3,7 +3,7 @@ package com.yahoo.vespa.hosted.controller.api.application.v4.model; import com.fasterxml.jackson.annotation.JsonIgnoreProperties; import com.fasterxml.jackson.annotation.JsonInclude; -import com.yahoo.vespa.athenz.api.AthenzDomain; +import com.yahoo.vespa.hosted.controller.api.identifiers.AthenzDomain; /** * @author bjorncs diff --git a/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/application/v4/model/TenantUpdateOptions.java b/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/application/v4/model/TenantUpdateOptions.java index f441fdd6ec5..f0d218fa3ad 100644 --- a/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/application/v4/model/TenantUpdateOptions.java +++ b/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/application/v4/model/TenantUpdateOptions.java @@ -5,7 +5,7 @@ import com.fasterxml.jackson.annotation.JsonCreator; import com.fasterxml.jackson.annotation.JsonIgnoreProperties; import com.fasterxml.jackson.annotation.JsonInclude; import com.fasterxml.jackson.annotation.JsonProperty; -import com.yahoo.vespa.athenz.api.AthenzDomain; +import com.yahoo.vespa.hosted.controller.api.identifiers.AthenzDomain; import com.yahoo.vespa.hosted.controller.api.identifiers.Property; import com.yahoo.vespa.hosted.controller.api.identifiers.UserGroup; diff --git a/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/application/v4/model/TenantWithApplications.java b/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/application/v4/model/TenantWithApplications.java index 633547cfaca..e34e9e74065 100644 --- a/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/application/v4/model/TenantWithApplications.java +++ b/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/application/v4/model/TenantWithApplications.java @@ -3,7 +3,7 @@ package com.yahoo.vespa.hosted.controller.api.application.v4.model; import com.fasterxml.jackson.annotation.JsonIgnoreProperties; import com.fasterxml.jackson.annotation.JsonInclude; -import com.yahoo.vespa.athenz.api.AthenzDomain; +import com.yahoo.vespa.hosted.controller.api.identifiers.AthenzDomain; import com.yahoo.vespa.hosted.controller.api.identifiers.Property; import com.yahoo.vespa.hosted.controller.api.identifiers.UserGroup; diff --git a/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/identifiers/AthenzDomain.java b/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/identifiers/AthenzDomain.java new file mode 100644 index 00000000000..42240a72339 --- /dev/null +++ b/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/identifiers/AthenzDomain.java @@ -0,0 +1,30 @@ +// Copyright 2017 Yahoo Holdings. Licensed under the terms of the Apache 2.0 license. See LICENSE in the project root. +package com.yahoo.vespa.hosted.controller.api.identifiers; + +/** + * @author bjorncs + * @author smorgrav + */ +public class AthenzDomain extends Identifier { + + public AthenzDomain(String id) { + super(id); + } + + public boolean isTopLevelDomain() { + return !id().contains("."); + } + + public AthenzDomain getParent() { + return new AthenzDomain(id().substring(0, lastDot())); + } + + public String getNameSuffix() { + return id().substring(lastDot() + 1); + } + + private int lastDot() { + return id().lastIndexOf('.'); + } + +} diff --git a/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/athenz/AthenzIdentity.java b/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/athenz/AthenzIdentity.java index 747eb439ef5..ef63ef2581f 100644 --- a/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/athenz/AthenzIdentity.java +++ b/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/athenz/AthenzIdentity.java @@ -2,7 +2,7 @@ package com.yahoo.vespa.hosted.controller.api.integration.athenz; -import com.yahoo.vespa.athenz.api.AthenzDomain; +import com.yahoo.vespa.hosted.controller.api.identifiers.AthenzDomain; /** * @author bjorncs @@ -11,6 +11,6 @@ public interface AthenzIdentity { AthenzDomain getDomain(); String getName(); default String getFullName() { - return getDomain().getName() + "." + getName(); + return getDomain().id() + "." + getName(); } } diff --git a/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/athenz/AthenzPrincipal.java b/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/athenz/AthenzPrincipal.java index b24efccd61c..b31cb4a26bb 100644 --- a/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/athenz/AthenzPrincipal.java +++ b/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/athenz/AthenzPrincipal.java @@ -1,7 +1,7 @@ // Copyright 2017 Yahoo Holdings. Licensed under the terms of the Apache 2.0 license. See LICENSE in the project root. package com.yahoo.vespa.hosted.controller.api.integration.athenz; -import com.yahoo.vespa.athenz.api.AthenzDomain; +import com.yahoo.vespa.hosted.controller.api.identifiers.AthenzDomain; import java.security.Principal; import java.util.Objects; diff --git a/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/athenz/AthenzService.java b/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/athenz/AthenzService.java index 8d5d1c23882..24cd7671d96 100644 --- a/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/athenz/AthenzService.java +++ b/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/athenz/AthenzService.java @@ -1,7 +1,7 @@ // Copyright 2017 Yahoo Holdings. Licensed under the terms of the Apache 2.0 license. See LICENSE in the project root. package com.yahoo.vespa.hosted.controller.api.integration.athenz; -import com.yahoo.vespa.athenz.api.AthenzDomain; +import com.yahoo.vespa.hosted.controller.api.identifiers.AthenzDomain; import com.yahoo.vespa.hosted.controller.api.identifiers.ScrewdriverId; import java.util.Objects; diff --git a/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/athenz/AthenzUser.java b/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/athenz/AthenzUser.java index 91d17fcc84a..782876f21f1 100644 --- a/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/athenz/AthenzUser.java +++ b/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/athenz/AthenzUser.java @@ -1,7 +1,7 @@ // Copyright 2017 Yahoo Holdings. Licensed under the terms of the Apache 2.0 license. See LICENSE in the project root. package com.yahoo.vespa.hosted.controller.api.integration.athenz; -import com.yahoo.vespa.athenz.api.AthenzDomain; +import com.yahoo.vespa.hosted.controller.api.identifiers.AthenzDomain; import com.yahoo.vespa.hosted.controller.api.identifiers.UserId; import java.util.Objects; diff --git a/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/athenz/AthenzUtils.java b/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/athenz/AthenzUtils.java index 6984e7da57b..04ec0b61614 100644 --- a/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/athenz/AthenzUtils.java +++ b/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/athenz/AthenzUtils.java @@ -1,7 +1,7 @@ // Copyright 2017 Yahoo Holdings. Licensed under the terms of the Apache 2.0 license. See LICENSE in the project root. package com.yahoo.vespa.hosted.controller.api.integration.athenz; -import com.yahoo.vespa.athenz.api.AthenzDomain; +import com.yahoo.vespa.hosted.controller.api.identifiers.AthenzDomain; import com.yahoo.vespa.hosted.controller.api.identifiers.UserId; import javax.naming.NamingException; diff --git a/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/athenz/ZmsClient.java b/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/athenz/ZmsClient.java index bd38494da5b..d72b8960427 100644 --- a/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/athenz/ZmsClient.java +++ b/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/athenz/ZmsClient.java @@ -2,7 +2,7 @@ package com.yahoo.vespa.hosted.controller.api.integration.athenz; import com.yahoo.vespa.hosted.controller.api.identifiers.ApplicationId; -import com.yahoo.vespa.athenz.api.AthenzDomain; +import com.yahoo.vespa.hosted.controller.api.identifiers.AthenzDomain; import java.util.List; diff --git a/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/athenz/ZtsClient.java b/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/athenz/ZtsClient.java index 92fa214c621..f37c1679d1e 100644 --- a/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/athenz/ZtsClient.java +++ b/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/athenz/ZtsClient.java @@ -1,7 +1,7 @@ // Copyright 2017 Yahoo Holdings. Licensed under the terms of the Apache 2.0 license. See LICENSE in the project root. package com.yahoo.vespa.hosted.controller.api.integration.athenz; -import com.yahoo.vespa.athenz.api.AthenzDomain; +import com.yahoo.vespa.hosted.controller.api.identifiers.AthenzDomain; import java.util.List; diff --git a/controller-api/src/test/java/com/yahoo/vespa/athenz/api/AthenzDomainTest.java b/controller-api/src/test/java/com/yahoo/vespa/athenz/api/AthenzDomainTest.java deleted file mode 100644 index 637a643cf63..00000000000 --- a/controller-api/src/test/java/com/yahoo/vespa/athenz/api/AthenzDomainTest.java +++ /dev/null @@ -1,55 +0,0 @@ -package com.yahoo.vespa.athenz.api; - -import org.hamcrest.CoreMatchers; -import org.junit.Test; - -import java.util.concurrent.Callable; -import java.util.function.Supplier; - -import static org.hamcrest.CoreMatchers.containsString; -import static org.hamcrest.CoreMatchers.startsWith; -import static org.junit.Assert.*; - -/** - * @author bjorncs - */ -public class AthenzDomainTest { - - @Test - public void domain_can_be_constructed_from_valid_string() { - new AthenzDomain("home.john.my-app"); - } - - @Test - public void invalid_domain_throws_exception() { - assertInvalid(() -> new AthenzDomain("endswithdot.")); - assertInvalid(() -> new AthenzDomain(".startswithdot")); - } - - @Test - public void parent_domain_is_without_name_suffix() { - assertEquals(new AthenzDomain("home.john"), new AthenzDomain("home.john.myapp").getParent()); - } - - @Test - public void domain_name_suffix_is_the_suffix_after_last_dot() { - assertEquals("myapp", new AthenzDomain("home.john.myapp").getNameSuffix()); - } - - @Test - public void domain_without_dot_is_toplevel() { - assertTrue(new AthenzDomain("toplevel").isTopLevelDomain()); - assertFalse(new AthenzDomain("not.toplevel").isTopLevelDomain()); - } - - private static void assertInvalid(Supplier<AthenzDomain> domainCreator) { - try { - AthenzDomain domain = domainCreator.get(); - fail("Expected IllegalArgumentException for domain: " + domain.getName()); - } catch (IllegalArgumentException e) { - assertThat(e.getMessage(), startsWith("Not a valid domain name")); - } - } - - -}
\ No newline at end of file diff --git a/controller-api/src/test/java/com/yahoo/vespa/hosted/controller/api/identifiers/IdentifierTest.java b/controller-api/src/test/java/com/yahoo/vespa/hosted/controller/api/identifiers/IdentifierTest.java index 0511ab44a8b..0ba607a235b 100644 --- a/controller-api/src/test/java/com/yahoo/vespa/hosted/controller/api/identifiers/IdentifierTest.java +++ b/controller-api/src/test/java/com/yahoo/vespa/hosted/controller/api/identifiers/IdentifierTest.java @@ -116,6 +116,22 @@ public class IdentifierTest { } @Test + public void athenz_parent_domain_is_without_name_suffix() { + assertEquals(new AthenzDomain("home.john"), new AthenzDomain("home.john.myapp").getParent()); + } + + @Test + public void athenz_domain_name_is_last_suffix() { + assertEquals("myapp", new AthenzDomain("home.john.myapp").getNameSuffix()); + } + + @Test + public void domain_without_dot_is_toplevel() { + assertTrue(new AthenzDomain("toplevel").isTopLevelDomain()); + assertFalse(new AthenzDomain("not.toplevel").isTopLevelDomain()); + } + + @Test public void dns_names_has_no_underscore() { assertEquals("a-b-c", new ApplicationId("a_b_c").toDns()); } diff --git a/controller-api/src/test/java/com/yahoo/vespa/hosted/controller/api/integration/athenz/AthenzUtilsTest.java b/controller-api/src/test/java/com/yahoo/vespa/hosted/controller/api/integration/athenz/AthenzUtilsTest.java index f257255a07e..f2db74a4c3d 100644 --- a/controller-api/src/test/java/com/yahoo/vespa/hosted/controller/api/integration/athenz/AthenzUtilsTest.java +++ b/controller-api/src/test/java/com/yahoo/vespa/hosted/controller/api/integration/athenz/AthenzUtilsTest.java @@ -1,6 +1,6 @@ package com.yahoo.vespa.hosted.controller.api.integration.athenz; -import com.yahoo.vespa.athenz.api.AthenzDomain; +import com.yahoo.vespa.hosted.controller.api.identifiers.AthenzDomain; import org.junit.Test; import static org.junit.Assert.assertEquals; diff --git a/controller-server/pom.xml b/controller-server/pom.xml index c1664981657..b033286b82a 100644 --- a/controller-server/pom.xml +++ b/controller-server/pom.xml @@ -69,13 +69,6 @@ </dependency> <dependency> - <groupId>com.yahoo.vespa</groupId> - <artifactId>vespa-athenz</artifactId> - <version>${project.version}</version> - <scope>provided</scope> - </dependency> - - <dependency> <groupId>com.google.guava</groupId> <artifactId>guava</artifactId> <scope>provided</scope> diff --git a/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/Controller.java b/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/Controller.java index 0e13f4181c4..24b85ce55af 100644 --- a/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/Controller.java +++ b/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/Controller.java @@ -7,9 +7,9 @@ import com.yahoo.component.AbstractComponent; import com.yahoo.component.Version; import com.yahoo.component.Vtag; import com.yahoo.config.provision.SystemName; -import com.yahoo.vespa.athenz.api.AthenzDomain; import com.yahoo.vespa.hosted.controller.api.integration.noderepository.NodeRepositoryClientInterface; import com.yahoo.vespa.hosted.controller.api.integration.zone.ZoneId; +import com.yahoo.vespa.hosted.controller.api.identifiers.AthenzDomain; import com.yahoo.vespa.hosted.controller.api.identifiers.DeploymentId; import com.yahoo.vespa.hosted.controller.api.identifiers.Property; import com.yahoo.vespa.hosted.controller.api.identifiers.PropertyId; diff --git a/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/TenantController.java b/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/TenantController.java index 16775358458..a52098a4a0f 100644 --- a/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/TenantController.java +++ b/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/TenantController.java @@ -5,7 +5,7 @@ import com.yahoo.config.provision.TenantName; import com.yahoo.vespa.curator.Lock; import com.yahoo.vespa.hosted.controller.api.Tenant; import com.yahoo.vespa.hosted.controller.api.identifiers.ApplicationId; -import com.yahoo.vespa.athenz.api.AthenzDomain; +import com.yahoo.vespa.hosted.controller.api.identifiers.AthenzDomain; import com.yahoo.vespa.hosted.controller.api.identifiers.Property; import com.yahoo.vespa.hosted.controller.api.identifiers.PropertyId; import com.yahoo.vespa.hosted.controller.api.identifiers.TenantId; @@ -108,7 +108,7 @@ public class TenantController { AthenzDomain domain = tenant.getAthensDomain().get(); Optional<Tenant> existingTenantWithDomain = tenantHaving(domain); if (existingTenantWithDomain.isPresent()) - throw new IllegalArgumentException("Could not create " + tenant + ": The Athens domain '" + domain.getName() + + throw new IllegalArgumentException("Could not create " + tenant + ": The Athens domain '" + domain + "' is already connected to " + existingTenantWithDomain.get()); ZmsClient zmsClient = athenzClientFactory.createZmsClientWithAuthorizedServiceToken(token.get()); try { zmsClient.deleteTenant(domain); } catch (ZmsException ignored) { } @@ -200,7 +200,7 @@ public class TenantController { try (Lock lock = lock(tenantId)) { Tenant existing = tenant(tenantId).orElseThrow(() -> new NotExistsException(tenantId)); if (existing.isAthensTenant()) return existing; // nothing to do - log.info("Starting migration of " + existing + " to Athenz domain " + tenantDomain.getName()); + log.info("Starting migration of " + existing + " to Athenz domain " + tenantDomain.id()); if (tenantHaving(tenantDomain).isPresent()) throw new IllegalArgumentException("Could not migrate " + existing + " to " + tenantDomain + ": " + "This domain is already used by " + tenantHaving(tenantDomain).get()); diff --git a/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/api/Tenant.java b/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/api/Tenant.java index 9b0cf96bb89..9b8643c7167 100644 --- a/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/api/Tenant.java +++ b/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/api/Tenant.java @@ -2,7 +2,7 @@ package com.yahoo.vespa.hosted.controller.api; import com.yahoo.vespa.hosted.controller.api.application.v4.model.TenantType; -import com.yahoo.vespa.athenz.api.AthenzDomain; +import com.yahoo.vespa.hosted.controller.api.identifiers.AthenzDomain; import com.yahoo.vespa.hosted.controller.api.identifiers.Property; import com.yahoo.vespa.hosted.controller.api.identifiers.PropertyId; import com.yahoo.vespa.hosted.controller.api.identifiers.TenantId; diff --git a/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/athenz/filter/NTokenValidator.java b/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/athenz/filter/NTokenValidator.java index 3169d295359..69f59ebabe2 100644 --- a/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/athenz/filter/NTokenValidator.java +++ b/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/athenz/filter/NTokenValidator.java @@ -3,7 +3,7 @@ package com.yahoo.vespa.hosted.controller.athenz.filter; import com.yahoo.athenz.auth.token.PrincipalToken; import com.yahoo.log.LogLevel; -import com.yahoo.vespa.athenz.api.AthenzDomain; +import com.yahoo.vespa.hosted.controller.api.identifiers.AthenzDomain; import com.yahoo.vespa.hosted.controller.api.integration.athenz.AthenzPrincipal; import com.yahoo.vespa.hosted.controller.api.integration.athenz.AthenzUtils; import com.yahoo.vespa.hosted.controller.api.integration.athenz.InvalidTokenException; diff --git a/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/athenz/impl/AthenzClientFactoryImpl.java b/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/athenz/impl/AthenzClientFactoryImpl.java index 266b4a0bd2e..a91604f937b 100644 --- a/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/athenz/impl/AthenzClientFactoryImpl.java +++ b/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/athenz/impl/AthenzClientFactoryImpl.java @@ -65,7 +65,7 @@ public class AthenzClientFactoryImpl implements AthenzClientFactory { config.domain() + "." + service.name(), service.publicKeyId(), getServicePrivateKey()); Principal dualPrincipal = SimplePrincipal.create( - USER_PRINCIPAL_DOMAIN.getName(), signedToken.getName(), signedToken.getSignedToken(), athenzPrincipalAuthority); + USER_PRINCIPAL_DOMAIN.id(), signedToken.getName(), signedToken.getSignedToken(), athenzPrincipalAuthority); return new ZmsClientImpl(new ZMSClient(config.zmsUrl(), dualPrincipal), config); } diff --git a/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/athenz/impl/ZmsClientImpl.java b/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/athenz/impl/ZmsClientImpl.java index d54dbb2aed0..d3fac257583 100644 --- a/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/athenz/impl/ZmsClientImpl.java +++ b/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/athenz/impl/ZmsClientImpl.java @@ -12,7 +12,7 @@ import com.yahoo.athenz.zms.ZMSClient; import com.yahoo.athenz.zms.ZMSClientException; import com.yahoo.log.LogLevel; import com.yahoo.vespa.hosted.controller.api.identifiers.ApplicationId; -import com.yahoo.vespa.athenz.api.AthenzDomain; +import com.yahoo.vespa.hosted.controller.api.identifiers.AthenzDomain; import com.yahoo.vespa.hosted.controller.api.integration.athenz.ApplicationAction; import com.yahoo.vespa.hosted.controller.api.integration.athenz.AthenzIdentity; import com.yahoo.vespa.hosted.controller.api.integration.athenz.AthenzPublicKey; @@ -48,17 +48,17 @@ public class ZmsClientImpl implements ZmsClient { log("putTenancy(tenantDomain=%s, service=%s)", tenantDomain, service); runOrThrow(() -> { Tenancy tenancy = new Tenancy() - .setDomain(tenantDomain.getName()) + .setDomain(tenantDomain.id()) .setService(service.getFullName()) .setResourceGroups(Collections.emptyList()); - zmsClient.putTenancy(tenantDomain.getName(), service.getFullName(), /*auditref*/null, tenancy); + zmsClient.putTenancy(tenantDomain.id(), service.getFullName(), /*auditref*/null, tenancy); }); } @Override public void deleteTenant(AthenzDomain tenantDomain) { log("deleteTenancy(tenantDomain=%s, service=%s)", tenantDomain, service); - runOrThrow(() -> zmsClient.deleteTenancy(tenantDomain.getName(), service.getFullName(), /*auditref*/null)); + runOrThrow(() -> zmsClient.deleteTenancy(tenantDomain.id(), service.getFullName(), /*auditref*/null)); } @Override @@ -66,16 +66,16 @@ public class ZmsClientImpl implements ZmsClient { List<TenantRoleAction> tenantRoleActions = createTenantRoleActions(); log("putProviderResourceGroupRoles(" + "tenantDomain=%s, providerDomain=%s, service=%s, resourceGroup=%s, roleActions=%s)", - tenantDomain, service.getDomain().getName(), service.getName(), applicationName, tenantRoleActions); + tenantDomain, service.getDomain().id(), service.getName(), applicationName, tenantRoleActions); runOrThrow(() -> { ProviderResourceGroupRoles resourceGroupRoles = new ProviderResourceGroupRoles() - .setDomain(service.getDomain().getName()) + .setDomain(service.getDomain().id()) .setService(service.getName()) - .setTenant(tenantDomain.getName()) + .setTenant(tenantDomain.id()) .setResourceGroup(applicationName.id()) .setRoles(tenantRoleActions); zmsClient.putProviderResourceGroupRoles( - tenantDomain.getName(), service.getDomain().getName(), service.getName(), + tenantDomain.id(), service.getDomain().id(), service.getName(), applicationName.id(), /*auditref*/null, resourceGroupRoles); }); } @@ -83,10 +83,10 @@ public class ZmsClientImpl implements ZmsClient { @Override public void deleteApplication(AthenzDomain tenantDomain, ApplicationId applicationName) { log("deleteProviderResourceGroupRoles(tenantDomain=%s, providerDomain=%s, service=%s, resourceGroup=%s)", - tenantDomain, service.getDomain().getName(), service.getName(), applicationName); + tenantDomain, service.getDomain().id(), service.getName(), applicationName); runOrThrow(() -> { zmsClient.deleteProviderResourceGroupRoles( - tenantDomain.getName(), service.getDomain().getName(), service.getName(), applicationName.id(), /*auditref*/null); + tenantDomain.id(), service.getDomain().id(), service.getName(), applicationName.id(), /*auditref*/null); }); } @@ -110,7 +110,7 @@ public class ZmsClientImpl implements ZmsClient { public boolean isDomainAdmin(AthenzIdentity identity, AthenzDomain domain) { log("getMembership(domain=%s, role=%s, principal=%s)", domain, "admin", identity); return getOrThrow( - () -> zmsClient.getMembership(domain.getName(), "admin", identity.getFullName()).getIsMember()); + () -> zmsClient.getMembership(domain.id(), "admin", identity.getFullName()).getIsMember()); } @Override @@ -127,18 +127,18 @@ public class ZmsClientImpl implements ZmsClient { @Override public AthenzPublicKey getPublicKey(AthenzService service, String keyId) { - log("getPublicKeyEntry(domain=%s, service=%s, keyId=%s)", service.getDomain().getName(), service.getName(), keyId); + log("getPublicKeyEntry(domain=%s, service=%s, keyId=%s)", service.getDomain().id(), service.getName(), keyId); return getOrThrow(() -> { - PublicKeyEntry entry = zmsClient.getPublicKeyEntry(service.getDomain().getName(), service.getName(), keyId); + PublicKeyEntry entry = zmsClient.getPublicKeyEntry(service.getDomain().id(), service.getName(), keyId); return fromYbase64EncodedKey(entry.getKey(), keyId); }); } @Override public List<AthenzPublicKey> getPublicKeys(AthenzService service) { - log("getServiceIdentity(domain=%s, service=%s)", service.getDomain().getName(), service.getName()); + log("getServiceIdentity(domain=%s, service=%s)", service.getDomain().id(), service.getName()); return getOrThrow(() -> { - ServiceIdentity serviceIdentity = zmsClient.getServiceIdentity(service.getDomain().getName(), service.getName()); + ServiceIdentity serviceIdentity = zmsClient.getServiceIdentity(service.getDomain().id(), service.getName()); return toAthenzPublicKeys(serviceIdentity.getPublicKeys()); }); } @@ -198,7 +198,7 @@ public class ZmsClientImpl implements ZmsClient { private String resourceStringPrefix(AthenzDomain tenantDomain) { return String.format("%s:service.%s.tenant.%s", - service.getDomain().getName(), service.getName(), tenantDomain.getName()); + service.getDomain().id(), service.getName(), tenantDomain.id()); } private String tenantResourceString(AthenzDomain tenantDomain) { diff --git a/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/athenz/impl/ZtsClientImpl.java b/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/athenz/impl/ZtsClientImpl.java index 4c6f717549d..a29f2e81fba 100644 --- a/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/athenz/impl/ZtsClientImpl.java +++ b/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/athenz/impl/ZtsClientImpl.java @@ -8,7 +8,7 @@ import com.yahoo.athenz.zts.TenantDomains; import com.yahoo.athenz.zts.ZTSClient; import com.yahoo.athenz.zts.ZTSClientException; import com.yahoo.log.LogLevel; -import com.yahoo.vespa.athenz.api.AthenzDomain; +import com.yahoo.vespa.hosted.controller.api.identifiers.AthenzDomain; import com.yahoo.vespa.hosted.controller.api.integration.athenz.AthenzIdentity; import com.yahoo.vespa.hosted.controller.api.integration.athenz.AthenzIdentityCertificate; import com.yahoo.vespa.hosted.controller.api.integration.athenz.AthenzRoleCertificate; @@ -52,9 +52,9 @@ public class ZtsClientImpl implements ZtsClient { return getOrThrow(() -> { log.log(LogLevel.DEBUG, String.format( "getTenantDomains(domain=%s, identity=%s, rolename=admin, service=%s)", - service.getDomain().getName(), identity.getFullName(), service.getFullName())); + service.getDomain().id(), identity.getFullName(), service.getFullName())); TenantDomains domains = ztsClient.getTenantDomains( - service.getDomain().getName(), identity.getFullName(), "admin", service.getName()); + service.getDomain().id(), identity.getFullName(), "admin", service.getName()); return domains.getTenantDomainNames().stream() .map(AthenzDomain::new) .collect(toList()); @@ -68,13 +68,13 @@ public class ZtsClientImpl implements ZtsClient { String.format("postInstanceRefreshRequest(service=%s)", service.getFullName())); InstanceRefreshRequest req = ZTSClient.generateInstanceRefreshRequest( - service.getDomain().getName(), + service.getDomain().id(), service.getName(), privateKey, certificateDnsDomain, (int) certExpiry.getSeconds()); X509Certificate certificate = Crypto.loadX509Certificate( - ztsClient.postInstanceRefreshRequest(service.getDomain().getName(), service.getName(), req) + ztsClient.postInstanceRefreshRequest(service.getDomain().id(), service.getName(), req) .getCertificate()); return new AthenzIdentityCertificate(certificate, privateKey); }); @@ -85,18 +85,18 @@ public class ZtsClientImpl implements ZtsClient { return getOrThrow(() -> { log.log(LogLevel.DEBUG, String.format("postRoleCertificateRequest(service=%s, roleDomain=%s, roleName=%s)", - service.getFullName(), roleDomain.getName(), roleName)); + service.getFullName(), roleDomain.id(), roleName)); RoleCertificateRequest req = ZTSClient.generateRoleCertificateRequest( - service.getDomain().getName(), + service.getDomain().id(), service.getName(), - roleDomain.getName(), + roleDomain.id(), roleName, privateKey, certificateDnsDomain, (int)certExpiry.getSeconds()); X509Certificate roleCertificate = Crypto.loadX509Certificate( - ztsClient.postRoleCertificateRequest(roleDomain.getName(), roleName, req) + ztsClient.postRoleCertificateRequest(roleDomain.id(), roleName, req) .getToken()); return new AthenzRoleCertificate(roleCertificate, privateKey); }); diff --git a/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/athenz/mock/AthenzDbMock.java b/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/athenz/mock/AthenzDbMock.java index a265d92dde2..c633d780e30 100644 --- a/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/athenz/mock/AthenzDbMock.java +++ b/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/athenz/mock/AthenzDbMock.java @@ -2,7 +2,7 @@ package com.yahoo.vespa.hosted.controller.athenz.mock; import com.yahoo.vespa.hosted.controller.api.identifiers.ApplicationId; -import com.yahoo.vespa.athenz.api.AthenzDomain; +import com.yahoo.vespa.hosted.controller.api.identifiers.AthenzDomain; import com.yahoo.vespa.hosted.controller.api.integration.athenz.ApplicationAction; import com.yahoo.vespa.hosted.controller.api.integration.athenz.AthenzIdentity; diff --git a/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/athenz/mock/ZmsClientMock.java b/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/athenz/mock/ZmsClientMock.java index e43f17fa12b..4b50a34094a 100644 --- a/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/athenz/mock/ZmsClientMock.java +++ b/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/athenz/mock/ZmsClientMock.java @@ -2,7 +2,7 @@ package com.yahoo.vespa.hosted.controller.athenz.mock; import com.yahoo.vespa.hosted.controller.api.identifiers.ApplicationId; -import com.yahoo.vespa.athenz.api.AthenzDomain; +import com.yahoo.vespa.hosted.controller.api.identifiers.AthenzDomain; import com.yahoo.vespa.hosted.controller.api.integration.athenz.ApplicationAction; import com.yahoo.vespa.hosted.controller.api.integration.athenz.AthenzIdentity; import com.yahoo.vespa.hosted.controller.api.integration.athenz.AthenzPublicKey; diff --git a/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/athenz/mock/ZtsClientMock.java b/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/athenz/mock/ZtsClientMock.java index 4bdaadd5155..d778fb550ed 100644 --- a/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/athenz/mock/ZtsClientMock.java +++ b/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/athenz/mock/ZtsClientMock.java @@ -2,7 +2,7 @@ package com.yahoo.vespa.hosted.controller.athenz.mock; import com.yahoo.athenz.auth.util.Crypto; -import com.yahoo.vespa.athenz.api.AthenzDomain; +import com.yahoo.vespa.hosted.controller.api.identifiers.AthenzDomain; import com.yahoo.vespa.hosted.controller.api.integration.athenz.AthenzIdentity; import com.yahoo.vespa.hosted.controller.api.integration.athenz.AthenzIdentityCertificate; import com.yahoo.vespa.hosted.controller.api.integration.athenz.AthenzRoleCertificate; @@ -58,10 +58,10 @@ public class ZtsClientMock implements ZtsClient { @Override public AthenzRoleCertificate getRoleCertificate(AthenzDomain roleDomain, String roleName) { log.log(Level.INFO, - String.format("getRoleCertificate(roleDomain=%s, roleName=%s)", roleDomain.getName(), roleDomain)); + String.format("getRoleCertificate(roleDomain=%s, roleName=%s)", roleDomain.id(), roleDomain)); try { KeyPair keyPair = createKeyPair(); - String subject = String.format("CN=%s:role.%s", roleDomain.getName(), roleName); + String subject = String.format("CN=%s:role.%s", roleDomain.id(), roleName); return new AthenzRoleCertificate(createCertificate(keyPair, subject), keyPair.getPrivate()); } catch (NoSuchAlgorithmException | OperatorCreationException | IOException e) { throw new RuntimeException(e); diff --git a/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/restapi/application/ApplicationApiHandler.java b/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/restapi/application/ApplicationApiHandler.java index bad3ca30496..9c61a010082 100644 --- a/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/restapi/application/ApplicationApiHandler.java +++ b/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/restapi/application/ApplicationApiHandler.java @@ -37,7 +37,7 @@ import com.yahoo.vespa.hosted.controller.api.application.v4.model.ScrewdriverBui import com.yahoo.vespa.hosted.controller.api.application.v4.model.configserverbindings.RefeedAction; import com.yahoo.vespa.hosted.controller.api.application.v4.model.configserverbindings.RestartAction; import com.yahoo.vespa.hosted.controller.api.application.v4.model.configserverbindings.ServiceInfo; -import com.yahoo.vespa.athenz.api.AthenzDomain; +import com.yahoo.vespa.hosted.controller.api.identifiers.AthenzDomain; import com.yahoo.vespa.hosted.controller.api.identifiers.DeploymentId; import com.yahoo.vespa.hosted.controller.api.identifiers.GitBranch; import com.yahoo.vespa.hosted.controller.api.identifiers.GitCommit; @@ -287,7 +287,7 @@ public class ApplicationApiHandler extends LoggingRequestHandler { Cursor response = slime.setObject(); Cursor array = response.setArray("data"); for (AthenzDomain athenzDomain : controller.getDomainList(request.getProperty("prefix"))) { - array.addString(athenzDomain.getName()); + array.addString(athenzDomain.id()); } return new SlimeJsonResponse(slime); } @@ -881,7 +881,7 @@ public class ApplicationApiHandler extends LoggingRequestHandler { private void toSlime(Cursor object, Tenant tenant, HttpRequest request, boolean listApplications) { object.setString("tenant", tenant.getId().id()); object.setString("type", tenant.tenantType().name()); - tenant.getAthensDomain().ifPresent(a -> object.setString("athensDomain", a.getName())); + tenant.getAthensDomain().ifPresent(a -> object.setString("athensDomain", a.id())); tenant.getProperty().ifPresent(p -> object.setString("property", p.id())); tenant.getPropertyId().ifPresent(p -> object.setString("propertyId", p.toString())); tenant.getUserGroup().ifPresent(g -> object.setString("userGroup", g.id())); @@ -920,7 +920,7 @@ public class ApplicationApiHandler extends LoggingRequestHandler { object.setString("tenant", tenant.getId().id()); Cursor metaData = object.setObject("metaData"); metaData.setString("type", tenant.tenantType().name()); - tenant.getAthensDomain().ifPresent(a -> metaData.setString("athensDomain", a.getName())); + tenant.getAthensDomain().ifPresent(a -> metaData.setString("athensDomain", a.id())); tenant.getProperty().ifPresent(p -> metaData.setString("property", p.id())); tenant.getUserGroup().ifPresent(g -> metaData.setString("userGroup", g.id())); object.setString("url", withPath("/application/v4/tenant/" + tenant.getId().id(), requestURI).toString()); @@ -1001,7 +1001,7 @@ public class ApplicationApiHandler extends LoggingRequestHandler { AthenzIdentity identity = authorizer.getIdentity(request); if ( ! authorizer.isAthenzDomainAdmin(identity, tenantDomain)) { throw new ForbiddenException( - String.format("The user '%s' is not admin in Athenz domain '%s'", identity.getFullName(), tenantDomain.getName())); + String.format("The user '%s' is not admin in Athenz domain '%s'", identity.getFullName(), tenantDomain.id())); } } diff --git a/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/restapi/application/Authorizer.java b/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/restapi/application/Authorizer.java index 85d966ead34..77ce49eaf47 100644 --- a/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/restapi/application/Authorizer.java +++ b/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/restapi/application/Authorizer.java @@ -5,7 +5,7 @@ import com.yahoo.config.provision.Environment; import com.yahoo.container.jdisc.HttpRequest; import com.yahoo.vespa.hosted.controller.Controller; import com.yahoo.vespa.hosted.controller.api.Tenant; -import com.yahoo.vespa.athenz.api.AthenzDomain; +import com.yahoo.vespa.hosted.controller.api.identifiers.AthenzDomain; import com.yahoo.vespa.hosted.controller.api.identifiers.TenantId; import com.yahoo.vespa.hosted.controller.api.identifiers.UserGroup; import com.yahoo.vespa.hosted.controller.api.identifiers.UserId; diff --git a/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/restapi/application/DeployAuthorizer.java b/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/restapi/application/DeployAuthorizer.java index 36c3dcdf514..c7e03048ec8 100644 --- a/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/restapi/application/DeployAuthorizer.java +++ b/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/restapi/application/DeployAuthorizer.java @@ -4,7 +4,7 @@ package com.yahoo.vespa.hosted.controller.restapi.application; import com.yahoo.config.provision.ApplicationId; import com.yahoo.config.provision.Environment; import com.yahoo.vespa.hosted.controller.api.Tenant; -import com.yahoo.vespa.athenz.api.AthenzDomain; +import com.yahoo.vespa.hosted.controller.api.identifiers.AthenzDomain; import com.yahoo.vespa.hosted.controller.api.integration.zone.ZoneRegistry; import com.yahoo.vespa.hosted.controller.application.ApplicationPackage; import com.yahoo.vespa.hosted.controller.api.integration.athenz.ApplicationAction; @@ -45,12 +45,12 @@ public class DeployAuthorizer { // Validate that domain in identity configuration (deployment.xml) is same as tenant domain applicationPackage.deploymentSpec().athenzDomain().ifPresent(identityDomain -> { AthenzDomain tenantDomain = tenant.getAthensDomain().orElseThrow(() -> new IllegalArgumentException("Identity provider only available to Athenz onboarded tenants")); - if (! Objects.equals(tenantDomain.getName(), identityDomain.value())) { + if (! Objects.equals(tenantDomain.id(), identityDomain.value())) { throw new ForbiddenException( String.format( "Athenz domain in deployment.xml: [%s] must match tenant domain: [%s]", identityDomain.value(), - tenantDomain.getName() + tenantDomain.id() )); } }); @@ -75,7 +75,7 @@ public class DeployAuthorizer { if (!principalDomain.equals(AthenzUtils.SCREWDRIVER_DOMAIN)) { throw loggedForbiddenException( "Principal '%s' is not a Screwdriver principal. Excepted principal with Athenz domain '%s', got '%s'.", - principal.getName(), AthenzUtils.SCREWDRIVER_DOMAIN.getName(), principalDomain.getName()); + principal.getName(), AthenzUtils.SCREWDRIVER_DOMAIN.id(), principalDomain.id()); } // NOTE: no fine-grained deploy authorization for non-Athenz tenants @@ -86,7 +86,7 @@ public class DeployAuthorizer { "Screwdriver principal '%1$s' does not have deploy access to '%2$s'. " + "Either the application has not been created at " + zoneRegistry.getDashboardUri() + " or " + "'%1$s' is not added to the application's deployer role in Athenz domain '%3$s'.", - athenzPrincipal.getIdentity().getFullName(), applicationId, tenantDomain.getName()); + athenzPrincipal.getIdentity().getFullName(), applicationId, tenantDomain.id()); } } } diff --git a/controller-server/src/test/java/com/yahoo/vespa/hosted/controller/ControllerTest.java b/controller-server/src/test/java/com/yahoo/vespa/hosted/controller/ControllerTest.java index 0fa0189f506..17801bde546 100644 --- a/controller-server/src/test/java/com/yahoo/vespa/hosted/controller/ControllerTest.java +++ b/controller-server/src/test/java/com/yahoo/vespa/hosted/controller/ControllerTest.java @@ -15,7 +15,7 @@ import com.yahoo.vespa.config.SlimeUtils; import com.yahoo.vespa.hosted.controller.api.Tenant; import com.yahoo.vespa.hosted.controller.api.application.v4.model.DeployOptions; import com.yahoo.vespa.hosted.controller.api.application.v4.model.EndpointStatus; -import com.yahoo.vespa.athenz.api.AthenzDomain; +import com.yahoo.vespa.hosted.controller.api.identifiers.AthenzDomain; import com.yahoo.vespa.hosted.controller.api.identifiers.DeploymentId; import com.yahoo.vespa.hosted.controller.api.identifiers.Property; import com.yahoo.vespa.hosted.controller.api.identifiers.PropertyId; diff --git a/controller-server/src/test/java/com/yahoo/vespa/hosted/controller/ControllerTester.java b/controller-server/src/test/java/com/yahoo/vespa/hosted/controller/ControllerTester.java index b1486c8ec00..06bde36afc6 100644 --- a/controller-server/src/test/java/com/yahoo/vespa/hosted/controller/ControllerTester.java +++ b/controller-server/src/test/java/com/yahoo/vespa/hosted/controller/ControllerTester.java @@ -16,7 +16,7 @@ import com.yahoo.vespa.hosted.controller.api.Tenant; import com.yahoo.vespa.hosted.controller.api.application.v4.model.DeployOptions; import com.yahoo.vespa.hosted.controller.api.application.v4.model.GitRevision; import com.yahoo.vespa.hosted.controller.api.application.v4.model.ScrewdriverBuildJob; -import com.yahoo.vespa.athenz.api.AthenzDomain; +import com.yahoo.vespa.hosted.controller.api.identifiers.AthenzDomain; import com.yahoo.vespa.hosted.controller.api.identifiers.GitBranch; import com.yahoo.vespa.hosted.controller.api.identifiers.GitCommit; import com.yahoo.vespa.hosted.controller.api.identifiers.GitRepository; diff --git a/controller-server/src/test/java/com/yahoo/vespa/hosted/controller/athenz/filter/NTokenValidatorTest.java b/controller-server/src/test/java/com/yahoo/vespa/hosted/controller/athenz/filter/NTokenValidatorTest.java index 51b7eb5e228..907fabe9d75 100644 --- a/controller-server/src/test/java/com/yahoo/vespa/hosted/controller/athenz/filter/NTokenValidatorTest.java +++ b/controller-server/src/test/java/com/yahoo/vespa/hosted/controller/athenz/filter/NTokenValidatorTest.java @@ -87,7 +87,7 @@ public class NTokenValidatorTest { } private static NToken createNToken(AthenzIdentity identity, Instant issueTime, PrivateKey privateKey, String keyId) { - PrincipalToken token = new PrincipalToken.Builder("U1", identity.getDomain().getName(), identity.getName()) + PrincipalToken token = new PrincipalToken.Builder("U1", identity.getDomain().id(), identity.getName()) .keyId(keyId) .salt("1234") .host("host") diff --git a/controller-server/src/test/java/com/yahoo/vespa/hosted/controller/restapi/ContainerControllerTester.java b/controller-server/src/test/java/com/yahoo/vespa/hosted/controller/restapi/ContainerControllerTester.java index ab1dde996e6..f252acd44ca 100644 --- a/controller-server/src/test/java/com/yahoo/vespa/hosted/controller/restapi/ContainerControllerTester.java +++ b/controller-server/src/test/java/com/yahoo/vespa/hosted/controller/restapi/ContainerControllerTester.java @@ -12,7 +12,7 @@ import com.yahoo.vespa.hosted.controller.api.Tenant; import com.yahoo.vespa.hosted.controller.api.application.v4.model.DeployOptions; import com.yahoo.vespa.hosted.controller.api.application.v4.model.GitRevision; import com.yahoo.vespa.hosted.controller.api.application.v4.model.ScrewdriverBuildJob; -import com.yahoo.vespa.athenz.api.AthenzDomain; +import com.yahoo.vespa.hosted.controller.api.identifiers.AthenzDomain; import com.yahoo.vespa.hosted.controller.api.identifiers.GitBranch; import com.yahoo.vespa.hosted.controller.api.identifiers.GitCommit; import com.yahoo.vespa.hosted.controller.api.identifiers.GitRepository; diff --git a/controller-server/src/test/java/com/yahoo/vespa/hosted/controller/restapi/application/ApplicationApiTest.java b/controller-server/src/test/java/com/yahoo/vespa/hosted/controller/restapi/application/ApplicationApiTest.java index caf7b95d687..1e594c8b5ea 100644 --- a/controller-server/src/test/java/com/yahoo/vespa/hosted/controller/restapi/application/ApplicationApiTest.java +++ b/controller-server/src/test/java/com/yahoo/vespa/hosted/controller/restapi/application/ApplicationApiTest.java @@ -7,7 +7,7 @@ import com.yahoo.config.provision.ClusterSpec; import com.yahoo.config.provision.Environment; import com.yahoo.vespa.hosted.controller.Application; import com.yahoo.vespa.hosted.controller.ConfigServerClientMock; -import com.yahoo.vespa.athenz.api.AthenzDomain; +import com.yahoo.vespa.hosted.controller.api.identifiers.AthenzDomain; import com.yahoo.vespa.hosted.controller.api.identifiers.PropertyId; import com.yahoo.vespa.hosted.controller.api.identifiers.ScrewdriverId; import com.yahoo.vespa.hosted.controller.api.identifiers.UserId; @@ -655,7 +655,7 @@ public class ApplicationApiTest extends ControllerContainerTest { long screwdriverProjectId = 123; createAthenzDomainWithAdmin(ATHENZ_TENANT_DOMAIN, USER_ID); - Application application = controllerTester.createApplication(ATHENZ_TENANT_DOMAIN.getName(), "tenant1", "application1"); + Application application = controllerTester.createApplication(ATHENZ_TENANT_DOMAIN.id(), "tenant1", "application1"); ScrewdriverId screwdriverId = new ScrewdriverId(Long.toString(screwdriverProjectId)); controllerTester.authorize(ATHENZ_TENANT_DOMAIN, screwdriverId, ApplicationAction.deploy, application); @@ -682,7 +682,7 @@ public class ApplicationApiTest extends ControllerContainerTest { createAthenzDomainWithAdmin(ATHENZ_TENANT_DOMAIN, USER_ID); - Application application = controllerTester.createApplication(ATHENZ_TENANT_DOMAIN.getName(), "tenant1", "application1"); + Application application = controllerTester.createApplication(ATHENZ_TENANT_DOMAIN.id(), "tenant1", "application1"); controllerTester.authorize(ATHENZ_TENANT_DOMAIN, screwdriverId, ApplicationAction.deploy, application); // Allow systemtest to succeed by notifying completion of system test @@ -763,7 +763,7 @@ public class ApplicationApiTest extends ControllerContainerTest { data, method); request.getHeaders().put("Content-Type", contentType); if (identity != null) { - request.getHeaders().put("Athenz-Identity-Domain", identity.getDomain().getName()); + request.getHeaders().put("Athenz-Identity-Domain", identity.getDomain().id()); request.getHeaders().put("Athenz-Identity-Name", identity.getName()); } return request; diff --git a/controller-server/src/test/java/com/yahoo/vespa/hosted/controller/restapi/application/MockAuthorizer.java b/controller-server/src/test/java/com/yahoo/vespa/hosted/controller/restapi/application/MockAuthorizer.java index 1875fd7ef1d..988304be600 100644 --- a/controller-server/src/test/java/com/yahoo/vespa/hosted/controller/restapi/application/MockAuthorizer.java +++ b/controller-server/src/test/java/com/yahoo/vespa/hosted/controller/restapi/application/MockAuthorizer.java @@ -4,7 +4,7 @@ package com.yahoo.vespa.hosted.controller.restapi.application; import com.yahoo.container.jdisc.HttpRequest; import com.yahoo.vespa.hosted.controller.Controller; import com.yahoo.vespa.hosted.controller.TestIdentities; -import com.yahoo.vespa.athenz.api.AthenzDomain; +import com.yahoo.vespa.hosted.controller.api.identifiers.AthenzDomain; import com.yahoo.vespa.hosted.controller.api.integration.entity.EntityService; import com.yahoo.vespa.hosted.controller.api.integration.athenz.AthenzClientFactory; import com.yahoo.vespa.hosted.controller.api.integration.athenz.AthenzPrincipal; diff --git a/vespa-athenz/src/main/java/com/yahoo/vespa/athenz/api/AthenzDomain.java b/vespa-athenz/src/main/java/com/yahoo/vespa/athenz/api/AthenzDomain.java deleted file mode 100644 index 72d7785c282..00000000000 --- a/vespa-athenz/src/main/java/com/yahoo/vespa/athenz/api/AthenzDomain.java +++ /dev/null @@ -1,71 +0,0 @@ -// Copyright 2018 Yahoo Holdings. Licensed under the terms of the Apache 2.0 license. See LICENSE in the project root. -package com.yahoo.vespa.athenz.api; - -import com.fasterxml.jackson.annotation.JsonCreator; -import com.fasterxml.jackson.annotation.JsonValue; - -import java.util.Objects; -import java.util.regex.Pattern; - -/** - * @author bjorncs - */ -public class AthenzDomain { - - private static final Pattern NAME_PATTERN = Pattern.compile("[a-zA-Z0-9_][a-zA-Z0-9_\\-.]*[a-zA-Z0-9_]"); - - private final String name; - - @JsonCreator - public AthenzDomain(String name) { - validateName(name); - this.name = name; - } - - private static void validateName(String name) { - if (!NAME_PATTERN.matcher(name).matches()) { - throw new IllegalArgumentException("Not a valid domain name: '" + name + "'"); - } - } - - @JsonValue - public String getName() { - return name; - } - - public boolean isTopLevelDomain() { - return !name.contains("."); - } - - public AthenzDomain getParent() { - return new AthenzDomain(name.substring(0, lastDot())); - } - - public String getNameSuffix() { - return name.substring(lastDot() + 1); - } - - private int lastDot() { - return name.lastIndexOf('.'); - } - - @Override - public String toString() { - return "AthenzDomain{" + - "name='" + name + '\'' + - '}'; - } - - @Override - public boolean equals(Object o) { - if (this == o) return true; - if (o == null || getClass() != o.getClass()) return false; - AthenzDomain that = (AthenzDomain) o; - return Objects.equals(name, that.name); - } - - @Override - public int hashCode() { - return Objects.hash(name); - } -} |