aboutsummaryrefslogtreecommitdiffstats
path: root/controller-api/src/main/java/com/yahoo
diff options
context:
space:
mode:
Diffstat (limited to 'controller-api/src/main/java/com/yahoo')
-rw-r--r--controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/billing/BillStatus.java9
-rw-r--r--controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/billing/StatusHistory.java26
-rw-r--r--controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/role/PathGroup.java31
-rw-r--r--controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/role/Policy.java37
-rw-r--r--controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/role/RoleDefinition.java6
5 files changed, 37 insertions, 72 deletions
diff --git a/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/billing/BillStatus.java b/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/billing/BillStatus.java
index d6c6262069b..4f35b47219a 100644
--- a/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/billing/BillStatus.java
+++ b/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/billing/BillStatus.java
@@ -5,12 +5,14 @@ package com.yahoo.vespa.hosted.controller.api.integration.billing;
*/
public enum BillStatus {
OPEN, // All bills start in this state. The bill can be modified and exported/synced to external systems.
- FROZEN, // Syncing to external systems is switched off. Reviews should be done in this state.
+ FROZEN, // Syncing to external systems is switched off. No changes can be made.
CLOSED, // End state for a valid bill.
VOID; // End state, indicating that the bill is not valid.
- private static final String LEGACY_ISSUED = "ISSUED"; // Legacy state, used by historical bills
- private static final String LEGACY_EXPORTED = "EXPORTED"; // Legacy state, used by historical bills
+ // Legacy states, used by historical bills
+ private static final String LEGACY_ISSUED = "ISSUED";
+ private static final String LEGACY_EXPORTED = "EXPORTED";
+ private static final String LEGACY_CANCELED = "CANCELED";
private final String value;
@@ -24,6 +26,7 @@ public enum BillStatus {
public static BillStatus from(String status) {
if (LEGACY_ISSUED.equals(status) || LEGACY_EXPORTED.equals(status)) return OPEN;
+ if (LEGACY_CANCELED.equals(status)) return VOID;
return Enum.valueOf(BillStatus.class, status.toUpperCase());
}
diff --git a/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/billing/StatusHistory.java b/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/billing/StatusHistory.java
index 6335ada1396..f0c7f806c8c 100644
--- a/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/billing/StatusHistory.java
+++ b/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/billing/StatusHistory.java
@@ -14,6 +14,17 @@ public class StatusHistory {
SortedMap<ZonedDateTime, BillStatus> history;
public StatusHistory(SortedMap<ZonedDateTime, BillStatus> history) {
+ // Validate the given history
+ var iter = history.values().iterator();
+ BillStatus next = iter.hasNext() ? iter.next() : null;
+ while (iter.hasNext()) {
+ var current = next;
+ next = iter.next();
+ if (! validateStatus(current, next)) {
+ throw new IllegalArgumentException("Invalid transition from " + current + " to " + next);
+ }
+ }
+
this.history = history;
}
@@ -32,4 +43,19 @@ public class StatusHistory {
return history;
}
+ public void checkValidTransition(BillStatus newStatus) {
+ if (! validateStatus(current(), newStatus)) {
+ throw new IllegalArgumentException("Invalid transition from " + current() + " to " + newStatus);
+ }
+ }
+
+ private static boolean validateStatus(BillStatus current, BillStatus newStatus) {
+ return switch(current) {
+ case OPEN -> true;
+ case FROZEN -> newStatus != BillStatus.OPEN; // This could be subject to change.
+ case CLOSED -> newStatus == BillStatus.CLOSED;
+ case VOID -> newStatus == BillStatus.VOID;
+ };
+ }
+
}
diff --git a/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/role/PathGroup.java b/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/role/PathGroup.java
index 52900f83203..2afe7417787 100644
--- a/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/role/PathGroup.java
+++ b/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/role/PathGroup.java
@@ -72,22 +72,6 @@ enum PathGroup {
"/application/v4/tenant/{tenant}/archive-access/aws",
"/application/v4/tenant/{tenant}/archive-access/gcp"),
-
- billingToken(Matcher.tenant,
- "/billing/v1/tenant/{tenant}/token"),
-
- billingInstrument(Matcher.tenant,
- "/billing/v1/tenant/{tenant}/instrument/{*}"),
-
- billingPlan(Matcher.tenant,
- "/billing/v1/tenant/{tenant}/plan/{*}"),
-
- billingCollection(Matcher.tenant,
- "/billing/v1/tenant/{tenant}/collection/{*}"),
-
- billingList(Matcher.tenant,
- "/billing/v1/tenant/{tenant}/billing/{*}"),
-
billing(Matcher.tenant,
"/billing/v2/tenant/{tenant}/{*}"),
@@ -247,11 +231,6 @@ enum PathGroup {
/** Paths used for receiving payment callbacks */
paymentProcessor("/payment/notification"),
- /** Paths used for invoice management */
- hostedAccountant("/billing/v1/invoice/{*}",
- "/billing/v1/billing",
- "/billing/v1/plans"),
-
/** Path used for listing endpoint certificate request and re-requesting endpoint certificates */
endpointCertificates("/endpointcertificates/"),
@@ -322,20 +301,12 @@ enum PathGroup {
static Set<PathGroup> operatorRestrictedPaths() {
var paths = billingPathsNoToken();
- paths.add(PathGroup.billingToken);
paths.add(accessRequestApproval);
return paths;
}
static Set<PathGroup> billingPathsNoToken() {
- return EnumSet.of(
- PathGroup.billingCollection,
- PathGroup.billingInstrument,
- PathGroup.billingList,
- PathGroup.billingPlan,
- PathGroup.billing,
- PathGroup.hostedAccountant
- );
+ return EnumSet.of(PathGroup.billing);
}
/** Returns whether this group matches path in given context */
diff --git a/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/role/Policy.java b/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/role/Policy.java
index 6b5130cf2e5..373af30e475 100644
--- a/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/role/Policy.java
+++ b/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/role/Policy.java
@@ -26,10 +26,7 @@ enum Policy {
.in(SystemName.all()),
Privilege.grant(Action.read)
.on(PathGroup.billingPathsNoToken())
- .in(SystemName.all()),
- Privilege.grant(Action.read)
- .on(PathGroup.billingToken)
- .in(SystemName.PublicCd)),
+ .in(SystemName.all())),
/** Full access to everything. */
supporter(Privilege.grant(Action.read)
@@ -155,40 +152,14 @@ enum Policy {
.on(PathGroup.paymentProcessor)
.in(SystemName.PublicCd)),
- /** Read your own instrument information */
- paymentInstrumentRead(Privilege.grant(Action.read)
- .on(PathGroup.billingInstrument)
- .in(SystemName.PublicCd, SystemName.Public)),
-
- /** Ability to update tenant payment instrument */
- paymentInstrumentUpdate(Privilege.grant(Action.update)
- .on(PathGroup.billingInstrument)
- .in(SystemName.PublicCd, SystemName.Public)),
-
- /** Ability to remove your own payment instrument */
- paymentInstrumentDelete(Privilege.grant(Action.delete)
- .on(PathGroup.billingInstrument)
- .in(SystemName.PublicCd, SystemName.Public)),
-
- /** Get the token to view instrument form */
- paymentInstrumentCreate(Privilege.grant(Action.read)
- .on(PathGroup.billingToken)
- .in(SystemName.PublicCd, SystemName.Public)),
-
/** Ability to update tenant payment instrument */
planUpdate(Privilege.grant(Action.update)
- .on(PathGroup.billingPlan, PathGroup.billing)
- .in(SystemName.PublicCd, SystemName.Public)),
-
- /** Ability to update tenant collection method */
- collectionMethodUpdate(Privilege.grant(Action.update)
- .on(PathGroup.billingCollection)
+ .on(PathGroup.billing)
.in(SystemName.PublicCd, SystemName.Public)),
-
/** Read the generated bills */
billingInformationRead(Privilege.grant(Action.read)
- .on(PathGroup.billingList, PathGroup.billing)
+ .on(PathGroup.billing)
.in(SystemName.PublicCd, SystemName.Public)),
accessRequests(Privilege.grant(Action.all())
@@ -197,7 +168,7 @@ enum Policy {
/** Invoice management */
hostedAccountant(Privilege.grant(Action.all())
- .on(PathGroup.hostedAccountant, PathGroup.accountant, PathGroup.userSearch)
+ .on(PathGroup.accountant, PathGroup.userSearch)
.in(SystemName.PublicCd, SystemName.Public)),
/** Listing endpoint certificates and re-requesting certificates */
diff --git a/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/role/RoleDefinition.java b/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/role/RoleDefinition.java
index d57e38df239..31c8560c908 100644
--- a/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/role/RoleDefinition.java
+++ b/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/role/RoleDefinition.java
@@ -43,8 +43,6 @@ public enum RoleDefinition {
Policy.applicationRead,
Policy.deploymentRead,
Policy.publicRead,
- Policy.paymentInstrumentRead,
- Policy.paymentInstrumentDelete,
Policy.billingInformationRead,
Policy.horizonProxyOperations),
@@ -56,8 +54,6 @@ public enum RoleDefinition {
Policy.developmentDeployment,
Policy.keyManagement,
Policy.submission,
- Policy.paymentInstrumentRead,
- Policy.paymentInstrumentDelete,
Policy.billingInformationRead,
Policy.secretStoreOperations,
Policy.dataplaneToken),
@@ -72,7 +68,6 @@ public enum RoleDefinition {
Policy.tenantArchiveAccessManagement,
Policy.applicationManager,
Policy.keyRevokal,
- Policy.paymentInstrumentRead,
Policy.billingInformationRead,
Policy.accessRequests
),
@@ -99,7 +94,6 @@ public enum RoleDefinition {
paymentProcessor(Policy.paymentProcessor),
hostedAccountant(Policy.hostedAccountant,
- Policy.collectionMethodUpdate,
Policy.planUpdate,
Policy.tenantUpdate);