diff options
5 files changed, 98 insertions, 3 deletions
diff --git a/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/athenz/ZmsClientMock.java b/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/athenz/ZmsClientMock.java index 396be0adf92..d067b7a5054 100644 --- a/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/athenz/ZmsClientMock.java +++ b/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/athenz/ZmsClientMock.java @@ -6,6 +6,7 @@ import com.yahoo.vespa.athenz.api.AthenzGroup; import com.yahoo.vespa.athenz.api.AthenzIdentity; import com.yahoo.vespa.athenz.api.AthenzResourceName; import com.yahoo.vespa.athenz.api.AthenzRole; +import com.yahoo.vespa.athenz.api.AthenzService; import com.yahoo.vespa.athenz.api.AthenzUser; import com.yahoo.vespa.athenz.api.OktaAccessToken; import com.yahoo.vespa.athenz.api.OktaIdentityToken; @@ -168,6 +169,19 @@ public class ZmsClientMock implements ZmsClient { } @Override + public List<AthenzService> listServices(AthenzDomain athenzDomain) { + return List.of(); + } + + @Override + public void createOrUpdateService(AthenzService athenzService) { + } + + @Override + public void deleteService(AthenzService athenzService) { + } + + @Override public void close() {} private static AthenzDomain getTenantDomain(AthenzResourceName resource) { diff --git a/vespa-athenz/src/main/java/com/yahoo/vespa/athenz/client/zms/DefaultZmsClient.java b/vespa-athenz/src/main/java/com/yahoo/vespa/athenz/client/zms/DefaultZmsClient.java index 7503b5a39ed..89b72c249bd 100644 --- a/vespa-athenz/src/main/java/com/yahoo/vespa/athenz/client/zms/DefaultZmsClient.java +++ b/vespa-athenz/src/main/java/com/yahoo/vespa/athenz/client/zms/DefaultZmsClient.java @@ -6,6 +6,7 @@ import com.yahoo.vespa.athenz.api.AthenzGroup; import com.yahoo.vespa.athenz.api.AthenzIdentity; import com.yahoo.vespa.athenz.api.AthenzResourceName; import com.yahoo.vespa.athenz.api.AthenzRole; +import com.yahoo.vespa.athenz.api.AthenzService; import com.yahoo.vespa.athenz.api.AthenzUser; import com.yahoo.vespa.athenz.api.OktaAccessToken; import com.yahoo.vespa.athenz.api.OktaIdentityToken; @@ -18,13 +19,14 @@ import com.yahoo.vespa.athenz.client.zms.bindings.MembershipEntity; import com.yahoo.vespa.athenz.client.zms.bindings.PolicyEntity; import com.yahoo.vespa.athenz.client.zms.bindings.ProviderResourceGroupRolesRequestEntity; import com.yahoo.vespa.athenz.client.zms.bindings.RoleEntity; +import com.yahoo.vespa.athenz.client.zms.bindings.ServiceEntity; +import com.yahoo.vespa.athenz.client.zms.bindings.ServiceListResponseEntity; import com.yahoo.vespa.athenz.client.zms.bindings.TenancyRequestEntity; import com.yahoo.vespa.athenz.identity.ServiceIdentityProvider; import com.yahoo.vespa.athenz.utils.AthenzIdentities; import org.apache.http.Header; import org.apache.http.client.methods.HttpUriRequest; import org.apache.http.client.methods.RequestBuilder; -import org.apache.http.entity.StringEntity; import org.apache.http.message.BasicHeader; import javax.net.ssl.SSLContext; @@ -32,11 +34,9 @@ import java.net.URI; import java.time.Instant; import java.util.Collections; import java.util.List; -import java.util.Objects; import java.util.Optional; import java.util.OptionalInt; import java.util.Set; -import java.util.function.Function; import java.util.function.Supplier; import java.util.stream.Collectors; @@ -261,6 +261,34 @@ public class DefaultZmsClient extends ClientBase implements ZmsClient { .collect(Collectors.toList()); } + @Override + public List<AthenzService> listServices(AthenzDomain athenzDomain) { + URI uri = zmsUrl.resolve(String.format("domain/%s/service", athenzDomain.getName())); + ServiceListResponseEntity execute = execute(RequestBuilder.get(uri).build(), response -> readEntity(response, ServiceListResponseEntity.class)); + + return execute.services.stream() + .map(serviceName -> new AthenzService(athenzDomain, serviceName)) + .collect(Collectors.toList()); + } + + @Override + public void createOrUpdateService(AthenzService athenzService) { + URI uri = zmsUrl.resolve(String.format("domain/%s/service/%s", athenzService.getDomainName(), athenzService.getName())); + + var serviceEntity = new ServiceEntity(athenzService.getFullName()); + + var request = RequestBuilder.put(uri) + .setEntity(toJsonStringEntity(serviceEntity)) + .build(); + execute(request, response -> readEntity(response, Void.class)); + } + + @Override + public void deleteService(AthenzService athenzService) { + URI uri = zmsUrl.resolve(String.format("domain/%s/service/%s", athenzService.getDomainName(), athenzService.getName())); + execute(RequestBuilder.delete(uri).build(), response -> readEntity(response, Void.class)); + } + private static Header createCookieHeaderWithOktaTokens(OktaIdentityToken identityToken, OktaAccessToken accessToken) { return new BasicHeader("Cookie", String.format("okta_at=%s; okta_it=%s", accessToken.token(), identityToken.token())); } diff --git a/vespa-athenz/src/main/java/com/yahoo/vespa/athenz/client/zms/ZmsClient.java b/vespa-athenz/src/main/java/com/yahoo/vespa/athenz/client/zms/ZmsClient.java index 03afc9278cc..2807d20f5c6 100644 --- a/vespa-athenz/src/main/java/com/yahoo/vespa/athenz/client/zms/ZmsClient.java +++ b/vespa-athenz/src/main/java/com/yahoo/vespa/athenz/client/zms/ZmsClient.java @@ -6,6 +6,7 @@ import com.yahoo.vespa.athenz.api.AthenzGroup; import com.yahoo.vespa.athenz.api.AthenzIdentity; import com.yahoo.vespa.athenz.api.AthenzResourceName; import com.yahoo.vespa.athenz.api.AthenzRole; +import com.yahoo.vespa.athenz.api.AthenzService; import com.yahoo.vespa.athenz.api.AthenzUser; import com.yahoo.vespa.athenz.api.OktaAccessToken; import com.yahoo.vespa.athenz.api.OktaIdentityToken; @@ -54,5 +55,11 @@ public interface ZmsClient extends AutoCloseable { List<AthenzIdentity> listMembers(AthenzRole athenzRole); + List<AthenzService> listServices(AthenzDomain athenzDomain); + + void createOrUpdateService(AthenzService athenzService); + + void deleteService(AthenzService athenzService); + void close(); } diff --git a/vespa-athenz/src/main/java/com/yahoo/vespa/athenz/client/zms/bindings/ServiceEntity.java b/vespa-athenz/src/main/java/com/yahoo/vespa/athenz/client/zms/bindings/ServiceEntity.java new file mode 100644 index 00000000000..aebbc408f69 --- /dev/null +++ b/vespa-athenz/src/main/java/com/yahoo/vespa/athenz/client/zms/bindings/ServiceEntity.java @@ -0,0 +1,25 @@ +// Copyright Verizon Media. Licensed under the terms of the Apache 2.0 license. See LICENSE in the project root. +package com.yahoo.vespa.athenz.client.zms.bindings; + +import com.fasterxml.jackson.annotation.JsonCreator; +import com.fasterxml.jackson.annotation.JsonGetter; +import com.fasterxml.jackson.annotation.JsonIgnoreProperties; +import com.fasterxml.jackson.annotation.JsonProperty; + +/** + * @author andreer + */ +@JsonIgnoreProperties(ignoreUnknown = true) +public class ServiceEntity { + public final String name; + + @JsonCreator + public ServiceEntity(@JsonProperty("name") String name) { + this.name = name; + } + + @JsonGetter("name") + public String name() { + return name; + } +} diff --git a/vespa-athenz/src/main/java/com/yahoo/vespa/athenz/client/zms/bindings/ServiceListResponseEntity.java b/vespa-athenz/src/main/java/com/yahoo/vespa/athenz/client/zms/bindings/ServiceListResponseEntity.java new file mode 100644 index 00000000000..2d32af8a841 --- /dev/null +++ b/vespa-athenz/src/main/java/com/yahoo/vespa/athenz/client/zms/bindings/ServiceListResponseEntity.java @@ -0,0 +1,21 @@ +// Copyright Verizon Media. Licensed under the terms of the Apache 2.0 license. See LICENSE in the project root. +package com.yahoo.vespa.athenz.client.zms.bindings; + +import com.fasterxml.jackson.annotation.JsonCreator; +import com.fasterxml.jackson.annotation.JsonIgnoreProperties; +import com.fasterxml.jackson.annotation.JsonProperty; + +import java.util.List; + +/** + * @author andreer + */ +@JsonIgnoreProperties(ignoreUnknown = true) +public class ServiceListResponseEntity { + public final List<String> services; + + @JsonCreator + public ServiceListResponseEntity(@JsonProperty("names") List<String> services) { + this.services = services; + } +} |