diff options
9 files changed, 56 insertions, 18 deletions
diff --git a/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/restapi/application/ApplicationApiHandler.java b/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/restapi/application/ApplicationApiHandler.java index 1e9fe91fff9..a0a715a76d4 100644 --- a/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/restapi/application/ApplicationApiHandler.java +++ b/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/restapi/application/ApplicationApiHandler.java @@ -1889,6 +1889,7 @@ public class ApplicationApiHandler extends AuditLoggingRequestHandler { object.setString("scope", endpointScopeString(endpoint.scope())); object.setString("routingMethod", routingMethodString(endpoint.routingMethod())); object.setBool("legacy", endpoint.legacy()); + object.setString("authMethod", endpoint.isTokenEndpoint() ? "token" : "mtls"); } private void toSlime(Cursor response, DeploymentId deploymentId, Deployment deployment, HttpRequest request) { diff --git a/controller-server/src/test/java/com/yahoo/vespa/hosted/controller/restapi/application/ApplicationApiCloudTest.java b/controller-server/src/test/java/com/yahoo/vespa/hosted/controller/restapi/application/ApplicationApiCloudTest.java index 841e46ad881..b4f386a06b5 100644 --- a/controller-server/src/test/java/com/yahoo/vespa/hosted/controller/restapi/application/ApplicationApiCloudTest.java +++ b/controller-server/src/test/java/com/yahoo/vespa/hosted/controller/restapi/application/ApplicationApiCloudTest.java @@ -498,6 +498,25 @@ public class ApplicationApiCloudTest extends ControllerContainerCloudTest { 400); } + @Test + void dataplane_token_endpoint_test() { + ControllerTester wrapped = new ControllerTester(tester); + wrapped.upgradeSystem(Version.fromString("7.1")); + new DeploymentTester(wrapped).newDeploymentContext(ApplicationId.from(tenantName, applicationName, InstanceName.defaultName())) + .submit() + .deploy(); + + tester.assertResponse(request("/application/v4/tenant/scoober/application/albums/environment/prod/region/aws-us-east-1c/instance/default", GET) + .roles(Role.reader(tenantName)), + new File("deployment-cloud.json")); + + tester.assertResponse(request("/application/v4/tenant/scoober/archive-access/aws", DELETE).roles(Role.administrator(tenantName)), + "{\"message\":\"AWS archive access role removed for tenant scoober.\"}", 200); + tester.assertResponse(request("/application/v4/tenant/scoober", GET).roles(Role.reader(tenantName)), + (response) -> assertFalse(response.getBodyAsString().contains("archiveAccessRole")), + 200); + } + private ApplicationPackageBuilder prodBuilder() { return new ApplicationPackageBuilder() .withoutAthenzIdentity() diff --git a/controller-server/src/test/java/com/yahoo/vespa/hosted/controller/restapi/application/responses/deployment-cloud.json b/controller-server/src/test/java/com/yahoo/vespa/hosted/controller/restapi/application/responses/deployment-cloud.json index bb4136ed0ba..b576b32dd0c 100644 --- a/controller-server/src/test/java/com/yahoo/vespa/hosted/controller/restapi/application/responses/deployment-cloud.json +++ b/controller-server/src/test/java/com/yahoo/vespa/hosted/controller/restapi/application/responses/deployment-cloud.json @@ -12,7 +12,8 @@ "url": "https://albums.scoober.aws-us-east-1c.z.vespa-app.cloud/", "scope": "zone", "routingMethod": "exclusive", - "legacy": false + "legacy": false, + "authMethod": "mtls" } ], "clusters": "http://localhost:8080/application/v4/tenant/scoober/application/albums/instance/default/environment/prod/region/aws-us-east-1c/clusters", diff --git a/controller-server/src/test/java/com/yahoo/vespa/hosted/controller/restapi/application/responses/deployment-with-routing-policy.json b/controller-server/src/test/java/com/yahoo/vespa/hosted/controller/restapi/application/responses/deployment-with-routing-policy.json index b0a8ceeeff0..9694df32e9f 100644 --- a/controller-server/src/test/java/com/yahoo/vespa/hosted/controller/restapi/application/responses/deployment-with-routing-policy.json +++ b/controller-server/src/test/java/com/yahoo/vespa/hosted/controller/restapi/application/responses/deployment-with-routing-policy.json @@ -11,7 +11,8 @@ "url": "https://instance1.application1.tenant1.us-west-1.vespa.oath.cloud/", "scope": "zone", "routingMethod": "exclusive", - "legacy": false + "legacy": false, + "authMethod": "mtls" } ], "clusters": "http://localhost:8080/application/v4/tenant/tenant1/application/application1/instance/instance1/environment/prod/region/us-west-1/clusters", diff --git a/controller-server/src/test/java/com/yahoo/vespa/hosted/controller/restapi/application/responses/deployment-without-shared-endpoints.json b/controller-server/src/test/java/com/yahoo/vespa/hosted/controller/restapi/application/responses/deployment-without-shared-endpoints.json index b0a8ceeeff0..9694df32e9f 100644 --- a/controller-server/src/test/java/com/yahoo/vespa/hosted/controller/restapi/application/responses/deployment-without-shared-endpoints.json +++ b/controller-server/src/test/java/com/yahoo/vespa/hosted/controller/restapi/application/responses/deployment-without-shared-endpoints.json @@ -11,7 +11,8 @@ "url": "https://instance1.application1.tenant1.us-west-1.vespa.oath.cloud/", "scope": "zone", "routingMethod": "exclusive", - "legacy": false + "legacy": false, + "authMethod": "mtls" } ], "clusters": "http://localhost:8080/application/v4/tenant/tenant1/application/application1/instance/instance1/environment/prod/region/us-west-1/clusters", diff --git a/controller-server/src/test/java/com/yahoo/vespa/hosted/controller/restapi/application/responses/deployment.json b/controller-server/src/test/java/com/yahoo/vespa/hosted/controller/restapi/application/responses/deployment.json index cc42b3e006c..e52085072c7 100644 --- a/controller-server/src/test/java/com/yahoo/vespa/hosted/controller/restapi/application/responses/deployment.json +++ b/controller-server/src/test/java/com/yahoo/vespa/hosted/controller/restapi/application/responses/deployment.json @@ -11,7 +11,8 @@ "url": "https://instance1.application1.tenant1.us-central-1.vespa.oath.cloud/", "scope": "zone", "routingMethod": "sharedLayer4", - "legacy": false + "legacy": false, + "authMethod": "mtls" }, { "cluster": "foo", @@ -19,7 +20,8 @@ "url": "https://instance1.application1.tenant1.global.vespa.oath.cloud/", "scope": "global", "routingMethod": "sharedLayer4", - "legacy": false + "legacy": false, + "authMethod": "mtls" }, { "cluster": "foo", @@ -27,7 +29,8 @@ "url": "https://a0.application1.tenant1.a.vespa.oath.cloud/", "scope": "application", "routingMethod": "sharedLayer4", - "legacy": false + "legacy": false, + "authMethod": "mtls" } ], "clusters": "http://localhost:8080/application/v4/tenant/tenant1/application/application1/instance/instance1/environment/prod/region/us-central-1/clusters", diff --git a/controller-server/src/test/java/com/yahoo/vespa/hosted/controller/restapi/application/responses/instance1-recursive.json b/controller-server/src/test/java/com/yahoo/vespa/hosted/controller/restapi/application/responses/instance1-recursive.json index f37112ea887..32b091a92ca 100644 --- a/controller-server/src/test/java/com/yahoo/vespa/hosted/controller/restapi/application/responses/instance1-recursive.json +++ b/controller-server/src/test/java/com/yahoo/vespa/hosted/controller/restapi/application/responses/instance1-recursive.json @@ -54,7 +54,8 @@ "url": "https://instance1.application1.tenant1.us-east-1.dev.vespa.oath.cloud/", "scope": "zone", "routingMethod": "sharedLayer4", - "legacy": false + "legacy": false, + "authMethod": "mtls" } ], "clusters": "http://localhost:8080/application/v4/tenant/tenant1/application/application1/instance/instance1/environment/dev/region/us-east-1/clusters", @@ -98,7 +99,8 @@ "url": "https://instance1.application1.tenant1.us-central-1.vespa.oath.cloud/", "scope": "zone", "routingMethod": "sharedLayer4", - "legacy": false + "legacy": false, + "authMethod": "mtls" }, { "cluster": "foo", @@ -106,7 +108,8 @@ "url": "https://instance1.application1.tenant1.global.vespa.oath.cloud/", "scope": "global", "routingMethod": "sharedLayer4", - "legacy": false + "legacy": false, + "authMethod": "mtls" }, { "cluster": "foo", @@ -114,7 +117,8 @@ "url": "https://a0.application1.tenant1.a.vespa.oath.cloud/", "scope": "application", "routingMethod": "sharedLayer4", - "legacy": false + "legacy": false, + "authMethod": "mtls" } ], "clusters": "http://localhost:8080/application/v4/tenant/tenant1/application/application1/instance/instance1/environment/prod/region/us-central-1/clusters", diff --git a/controller-server/src/test/java/com/yahoo/vespa/hosted/controller/restapi/application/responses/recursive-root.json b/controller-server/src/test/java/com/yahoo/vespa/hosted/controller/restapi/application/responses/recursive-root.json index 4458040858b..6dc58cc2800 100644 --- a/controller-server/src/test/java/com/yahoo/vespa/hosted/controller/restapi/application/responses/recursive-root.json +++ b/controller-server/src/test/java/com/yahoo/vespa/hosted/controller/restapi/application/responses/recursive-root.json @@ -61,7 +61,8 @@ "url": "https://instance1.application1.tenant1.us-east-1.dev.vespa.oath.cloud/", "scope": "zone", "routingMethod": "sharedLayer4", - "legacy": false + "legacy": false, + "authMethod": "mtls" } ], "clusters": "http://localhost:8080/application/v4/tenant/tenant1/application/application1/instance/instance1/environment/dev/region/us-east-1/clusters", @@ -105,7 +106,8 @@ "url": "https://instance1.application1.tenant1.us-central-1.vespa.oath.cloud/", "scope": "zone", "routingMethod": "sharedLayer4", - "legacy": false + "legacy": false, + "authMethod": "mtls" }, { "cluster": "foo", @@ -113,7 +115,8 @@ "url": "https://instance1.application1.tenant1.global.vespa.oath.cloud/", "scope": "global", "routingMethod": "sharedLayer4", - "legacy": false + "legacy": false, + "authMethod": "mtls" }, { "cluster": "foo", @@ -121,7 +124,8 @@ "url": "https://a0.application1.tenant1.a.vespa.oath.cloud/", "scope": "application", "routingMethod": "sharedLayer4", - "legacy": false + "legacy": false, + "authMethod": "mtls" } ], "clusters": "http://localhost:8080/application/v4/tenant/tenant1/application/application1/instance/instance1/environment/prod/region/us-central-1/clusters", diff --git a/controller-server/src/test/java/com/yahoo/vespa/hosted/controller/restapi/application/responses/tenant1-recursive.json b/controller-server/src/test/java/com/yahoo/vespa/hosted/controller/restapi/application/responses/tenant1-recursive.json index ea025b60d1b..210a637ece8 100644 --- a/controller-server/src/test/java/com/yahoo/vespa/hosted/controller/restapi/application/responses/tenant1-recursive.json +++ b/controller-server/src/test/java/com/yahoo/vespa/hosted/controller/restapi/application/responses/tenant1-recursive.json @@ -60,7 +60,8 @@ "url": "https://instance1.application1.tenant1.us-east-1.dev.vespa.oath.cloud/", "scope": "zone", "routingMethod": "sharedLayer4", - "legacy": false + "legacy": false, + "authMethod": "mtls" } ], "clusters": "http://localhost:8080/application/v4/tenant/tenant1/application/application1/instance/instance1/environment/dev/region/us-east-1/clusters", @@ -104,7 +105,8 @@ "url": "https://instance1.application1.tenant1.us-central-1.vespa.oath.cloud/", "scope": "zone", "routingMethod": "sharedLayer4", - "legacy": false + "legacy": false, + "authMethod": "mtls" }, { "cluster": "foo", @@ -112,7 +114,8 @@ "url": "https://instance1.application1.tenant1.global.vespa.oath.cloud/", "scope": "global", "routingMethod": "sharedLayer4", - "legacy": false + "legacy": false, + "authMethod": "mtls" }, { "cluster": "foo", @@ -120,7 +123,8 @@ "url": "https://a0.application1.tenant1.a.vespa.oath.cloud/", "scope": "application", "routingMethod": "sharedLayer4", - "legacy": false + "legacy": false, + "authMethod": "mtls" } ], "clusters": "http://localhost:8080/application/v4/tenant/tenant1/application/application1/instance/instance1/environment/prod/region/us-central-1/clusters", |