aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat
-rw-r--r--controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/athenz/AccessControlService.java5
-rw-r--r--controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/athenz/AthenzAccessControlService.java2
-rw-r--r--controller-server/src/main/java/com/yahoo/vespa/hosted/controller/restapi/controller/ControllerApiHandler.java17
3 files changed, 18 insertions, 6 deletions
diff --git a/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/athenz/AccessControlService.java b/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/athenz/AccessControlService.java
index 14adc29468e..78c67236f78 100644
--- a/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/athenz/AccessControlService.java
+++ b/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/athenz/AccessControlService.java
@@ -7,6 +7,11 @@ import com.yahoo.vespa.athenz.api.AthenzUser;
import java.time.Instant;
import java.util.Collection;
+/**
+ * Manage operator data plane access control
+ *
+ * @author mortent
+ */
public interface AccessControlService {
boolean approveDataPlaneAccess(AthenzUser user, Instant expiry);
Collection<AthenzUser> listMembers();
diff --git a/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/athenz/AthenzAccessControlService.java b/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/athenz/AthenzAccessControlService.java
index f6d2b333cc3..1472f03ebca 100644
--- a/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/athenz/AthenzAccessControlService.java
+++ b/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/athenz/AthenzAccessControlService.java
@@ -35,6 +35,6 @@ public class AthenzAccessControlService implements AccessControlService {
@Override
public Collection<AthenzUser> listMembers() {
- return null;
+ throw new UnsupportedOperationException("Not implemented");
}
}
diff --git a/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/restapi/controller/ControllerApiHandler.java b/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/restapi/controller/ControllerApiHandler.java
index 9222f83ae1d..cba89fe39cf 100644
--- a/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/restapi/controller/ControllerApiHandler.java
+++ b/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/restapi/controller/ControllerApiHandler.java
@@ -36,6 +36,7 @@ import java.security.cert.X509Certificate;
import java.time.Instant;
import java.util.Optional;
import java.util.Scanner;
+import java.util.function.Function;
import java.util.logging.Level;
/**
@@ -99,8 +100,8 @@ public class ControllerApiHandler extends AuditLoggingRequestHandler {
AthenzUser athenzUser = AthenzUser.fromUserId(user);
byte[] jsonBytes = toJsonBytes(request.getData());
Inspector inspector = SlimeUtils.jsonToSlime(jsonBytes).get();
- ApplicationId applicationId = ApplicationId.fromSerializedForm(inspector.field("applicationId").asString());
- ZoneId zone = ZoneId.from(inspector.field("zone").asString());
+ ApplicationId applicationId = requireField(inspector, "applicationId", ApplicationId::fromSerializedForm);
+ ZoneId zone = requireField(inspector, "zone", ZoneId::from);
if(controller.supportAccess().allowDataplaneMembership(athenzUser, new DeploymentId(applicationId, zone))) {
return new AccessRequestResponse(controller.serviceRegistry().accessControlService().listMembers());
} else {
@@ -114,9 +115,9 @@ public class ControllerApiHandler extends AuditLoggingRequestHandler {
byte[] jsonBytes = toJsonBytes(request.getData());
Inspector requestObject = SlimeUtils.jsonToSlime(jsonBytes).get();
- X509Certificate certificate = X509CertificateUtils.fromPem(requestObject.field("certificate").asString());
- ApplicationId applicationId = ApplicationId.fromSerializedForm(requestObject.field("applicationId").asString());
- ZoneId zone = ZoneId.from(requestObject.field("zone").asString());
+ X509Certificate certificate = requireField(requestObject, "certificate", X509CertificateUtils::fromPem);
+ ApplicationId applicationId = requireField(requestObject, "applicationId", ApplicationId::fromSerializedForm);
+ ZoneId zone = requireField(requestObject, "zone", ZoneId::from);
DeploymentId deployment = new DeploymentId(applicationId, zone);
// Register grant
@@ -131,6 +132,12 @@ public class ControllerApiHandler extends AuditLoggingRequestHandler {
return new MessageResponse(String.format("Operator %s granted access and job %s triggered", principal.getName(), jobName));
}
+ private <T> T requireField(Inspector inspector, String field, Function<String, T> mapper) {
+ return SlimeUtils.optionalString(inspector.field(field))
+ .map(mapper::apply)
+ .orElseThrow(() -> new IllegalArgumentException("Expected field \"" + field + "\" in request"));
+ }
+
private HttpResponse delete(HttpRequest request) {
Path path = new Path(request.getUri());
if (path.matches("/controller/v1/jobs/upgrader/confidence/{version}")) return removeConfidenceOverride(path.get("version"));