diff options
3 files changed, 18 insertions, 6 deletions
diff --git a/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/athenz/AccessControlService.java b/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/athenz/AccessControlService.java index 14adc29468e..78c67236f78 100644 --- a/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/athenz/AccessControlService.java +++ b/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/athenz/AccessControlService.java @@ -7,6 +7,11 @@ import com.yahoo.vespa.athenz.api.AthenzUser; import java.time.Instant; import java.util.Collection; +/** + * Manage operator data plane access control + * + * @author mortent + */ public interface AccessControlService { boolean approveDataPlaneAccess(AthenzUser user, Instant expiry); Collection<AthenzUser> listMembers(); diff --git a/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/athenz/AthenzAccessControlService.java b/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/athenz/AthenzAccessControlService.java index f6d2b333cc3..1472f03ebca 100644 --- a/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/athenz/AthenzAccessControlService.java +++ b/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/athenz/AthenzAccessControlService.java @@ -35,6 +35,6 @@ public class AthenzAccessControlService implements AccessControlService { @Override public Collection<AthenzUser> listMembers() { - return null; + throw new UnsupportedOperationException("Not implemented"); } } diff --git a/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/restapi/controller/ControllerApiHandler.java b/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/restapi/controller/ControllerApiHandler.java index 9222f83ae1d..cba89fe39cf 100644 --- a/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/restapi/controller/ControllerApiHandler.java +++ b/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/restapi/controller/ControllerApiHandler.java @@ -36,6 +36,7 @@ import java.security.cert.X509Certificate; import java.time.Instant; import java.util.Optional; import java.util.Scanner; +import java.util.function.Function; import java.util.logging.Level; /** @@ -99,8 +100,8 @@ public class ControllerApiHandler extends AuditLoggingRequestHandler { AthenzUser athenzUser = AthenzUser.fromUserId(user); byte[] jsonBytes = toJsonBytes(request.getData()); Inspector inspector = SlimeUtils.jsonToSlime(jsonBytes).get(); - ApplicationId applicationId = ApplicationId.fromSerializedForm(inspector.field("applicationId").asString()); - ZoneId zone = ZoneId.from(inspector.field("zone").asString()); + ApplicationId applicationId = requireField(inspector, "applicationId", ApplicationId::fromSerializedForm); + ZoneId zone = requireField(inspector, "zone", ZoneId::from); if(controller.supportAccess().allowDataplaneMembership(athenzUser, new DeploymentId(applicationId, zone))) { return new AccessRequestResponse(controller.serviceRegistry().accessControlService().listMembers()); } else { @@ -114,9 +115,9 @@ public class ControllerApiHandler extends AuditLoggingRequestHandler { byte[] jsonBytes = toJsonBytes(request.getData()); Inspector requestObject = SlimeUtils.jsonToSlime(jsonBytes).get(); - X509Certificate certificate = X509CertificateUtils.fromPem(requestObject.field("certificate").asString()); - ApplicationId applicationId = ApplicationId.fromSerializedForm(requestObject.field("applicationId").asString()); - ZoneId zone = ZoneId.from(requestObject.field("zone").asString()); + X509Certificate certificate = requireField(requestObject, "certificate", X509CertificateUtils::fromPem); + ApplicationId applicationId = requireField(requestObject, "applicationId", ApplicationId::fromSerializedForm); + ZoneId zone = requireField(requestObject, "zone", ZoneId::from); DeploymentId deployment = new DeploymentId(applicationId, zone); // Register grant @@ -131,6 +132,12 @@ public class ControllerApiHandler extends AuditLoggingRequestHandler { return new MessageResponse(String.format("Operator %s granted access and job %s triggered", principal.getName(), jobName)); } + private <T> T requireField(Inspector inspector, String field, Function<String, T> mapper) { + return SlimeUtils.optionalString(inspector.field(field)) + .map(mapper::apply) + .orElseThrow(() -> new IllegalArgumentException("Expected field \"" + field + "\" in request")); + } + private HttpResponse delete(HttpRequest request) { Path path = new Path(request.getUri()); if (path.matches("/controller/v1/jobs/upgrader/confidence/{version}")) return removeConfidenceOverride(path.get("version")); |