diff options
Diffstat (limited to 'controller-api/src/main/java/com')
5 files changed, 37 insertions, 72 deletions
diff --git a/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/billing/BillStatus.java b/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/billing/BillStatus.java index d6c6262069b..4f35b47219a 100644 --- a/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/billing/BillStatus.java +++ b/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/billing/BillStatus.java @@ -5,12 +5,14 @@ package com.yahoo.vespa.hosted.controller.api.integration.billing; */ public enum BillStatus { OPEN, // All bills start in this state. The bill can be modified and exported/synced to external systems. - FROZEN, // Syncing to external systems is switched off. Reviews should be done in this state. + FROZEN, // Syncing to external systems is switched off. No changes can be made. CLOSED, // End state for a valid bill. VOID; // End state, indicating that the bill is not valid. - private static final String LEGACY_ISSUED = "ISSUED"; // Legacy state, used by historical bills - private static final String LEGACY_EXPORTED = "EXPORTED"; // Legacy state, used by historical bills + // Legacy states, used by historical bills + private static final String LEGACY_ISSUED = "ISSUED"; + private static final String LEGACY_EXPORTED = "EXPORTED"; + private static final String LEGACY_CANCELED = "CANCELED"; private final String value; @@ -24,6 +26,7 @@ public enum BillStatus { public static BillStatus from(String status) { if (LEGACY_ISSUED.equals(status) || LEGACY_EXPORTED.equals(status)) return OPEN; + if (LEGACY_CANCELED.equals(status)) return VOID; return Enum.valueOf(BillStatus.class, status.toUpperCase()); } diff --git a/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/billing/StatusHistory.java b/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/billing/StatusHistory.java index 6335ada1396..f0c7f806c8c 100644 --- a/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/billing/StatusHistory.java +++ b/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/billing/StatusHistory.java @@ -14,6 +14,17 @@ public class StatusHistory { SortedMap<ZonedDateTime, BillStatus> history; public StatusHistory(SortedMap<ZonedDateTime, BillStatus> history) { + // Validate the given history + var iter = history.values().iterator(); + BillStatus next = iter.hasNext() ? iter.next() : null; + while (iter.hasNext()) { + var current = next; + next = iter.next(); + if (! validateStatus(current, next)) { + throw new IllegalArgumentException("Invalid transition from " + current + " to " + next); + } + } + this.history = history; } @@ -32,4 +43,19 @@ public class StatusHistory { return history; } + public void checkValidTransition(BillStatus newStatus) { + if (! validateStatus(current(), newStatus)) { + throw new IllegalArgumentException("Invalid transition from " + current() + " to " + newStatus); + } + } + + private static boolean validateStatus(BillStatus current, BillStatus newStatus) { + return switch(current) { + case OPEN -> true; + case FROZEN -> newStatus != BillStatus.OPEN; // This could be subject to change. + case CLOSED -> newStatus == BillStatus.CLOSED; + case VOID -> newStatus == BillStatus.VOID; + }; + } + } diff --git a/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/role/PathGroup.java b/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/role/PathGroup.java index 52900f83203..2afe7417787 100644 --- a/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/role/PathGroup.java +++ b/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/role/PathGroup.java @@ -72,22 +72,6 @@ enum PathGroup { "/application/v4/tenant/{tenant}/archive-access/aws", "/application/v4/tenant/{tenant}/archive-access/gcp"), - - billingToken(Matcher.tenant, - "/billing/v1/tenant/{tenant}/token"), - - billingInstrument(Matcher.tenant, - "/billing/v1/tenant/{tenant}/instrument/{*}"), - - billingPlan(Matcher.tenant, - "/billing/v1/tenant/{tenant}/plan/{*}"), - - billingCollection(Matcher.tenant, - "/billing/v1/tenant/{tenant}/collection/{*}"), - - billingList(Matcher.tenant, - "/billing/v1/tenant/{tenant}/billing/{*}"), - billing(Matcher.tenant, "/billing/v2/tenant/{tenant}/{*}"), @@ -247,11 +231,6 @@ enum PathGroup { /** Paths used for receiving payment callbacks */ paymentProcessor("/payment/notification"), - /** Paths used for invoice management */ - hostedAccountant("/billing/v1/invoice/{*}", - "/billing/v1/billing", - "/billing/v1/plans"), - /** Path used for listing endpoint certificate request and re-requesting endpoint certificates */ endpointCertificates("/endpointcertificates/"), @@ -322,20 +301,12 @@ enum PathGroup { static Set<PathGroup> operatorRestrictedPaths() { var paths = billingPathsNoToken(); - paths.add(PathGroup.billingToken); paths.add(accessRequestApproval); return paths; } static Set<PathGroup> billingPathsNoToken() { - return EnumSet.of( - PathGroup.billingCollection, - PathGroup.billingInstrument, - PathGroup.billingList, - PathGroup.billingPlan, - PathGroup.billing, - PathGroup.hostedAccountant - ); + return EnumSet.of(PathGroup.billing); } /** Returns whether this group matches path in given context */ diff --git a/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/role/Policy.java b/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/role/Policy.java index 6b5130cf2e5..373af30e475 100644 --- a/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/role/Policy.java +++ b/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/role/Policy.java @@ -26,10 +26,7 @@ enum Policy { .in(SystemName.all()), Privilege.grant(Action.read) .on(PathGroup.billingPathsNoToken()) - .in(SystemName.all()), - Privilege.grant(Action.read) - .on(PathGroup.billingToken) - .in(SystemName.PublicCd)), + .in(SystemName.all())), /** Full access to everything. */ supporter(Privilege.grant(Action.read) @@ -155,40 +152,14 @@ enum Policy { .on(PathGroup.paymentProcessor) .in(SystemName.PublicCd)), - /** Read your own instrument information */ - paymentInstrumentRead(Privilege.grant(Action.read) - .on(PathGroup.billingInstrument) - .in(SystemName.PublicCd, SystemName.Public)), - - /** Ability to update tenant payment instrument */ - paymentInstrumentUpdate(Privilege.grant(Action.update) - .on(PathGroup.billingInstrument) - .in(SystemName.PublicCd, SystemName.Public)), - - /** Ability to remove your own payment instrument */ - paymentInstrumentDelete(Privilege.grant(Action.delete) - .on(PathGroup.billingInstrument) - .in(SystemName.PublicCd, SystemName.Public)), - - /** Get the token to view instrument form */ - paymentInstrumentCreate(Privilege.grant(Action.read) - .on(PathGroup.billingToken) - .in(SystemName.PublicCd, SystemName.Public)), - /** Ability to update tenant payment instrument */ planUpdate(Privilege.grant(Action.update) - .on(PathGroup.billingPlan, PathGroup.billing) - .in(SystemName.PublicCd, SystemName.Public)), - - /** Ability to update tenant collection method */ - collectionMethodUpdate(Privilege.grant(Action.update) - .on(PathGroup.billingCollection) + .on(PathGroup.billing) .in(SystemName.PublicCd, SystemName.Public)), - /** Read the generated bills */ billingInformationRead(Privilege.grant(Action.read) - .on(PathGroup.billingList, PathGroup.billing) + .on(PathGroup.billing) .in(SystemName.PublicCd, SystemName.Public)), accessRequests(Privilege.grant(Action.all()) @@ -197,7 +168,7 @@ enum Policy { /** Invoice management */ hostedAccountant(Privilege.grant(Action.all()) - .on(PathGroup.hostedAccountant, PathGroup.accountant, PathGroup.userSearch) + .on(PathGroup.accountant, PathGroup.userSearch) .in(SystemName.PublicCd, SystemName.Public)), /** Listing endpoint certificates and re-requesting certificates */ diff --git a/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/role/RoleDefinition.java b/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/role/RoleDefinition.java index d57e38df239..31c8560c908 100644 --- a/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/role/RoleDefinition.java +++ b/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/role/RoleDefinition.java @@ -43,8 +43,6 @@ public enum RoleDefinition { Policy.applicationRead, Policy.deploymentRead, Policy.publicRead, - Policy.paymentInstrumentRead, - Policy.paymentInstrumentDelete, Policy.billingInformationRead, Policy.horizonProxyOperations), @@ -56,8 +54,6 @@ public enum RoleDefinition { Policy.developmentDeployment, Policy.keyManagement, Policy.submission, - Policy.paymentInstrumentRead, - Policy.paymentInstrumentDelete, Policy.billingInformationRead, Policy.secretStoreOperations, Policy.dataplaneToken), @@ -72,7 +68,6 @@ public enum RoleDefinition { Policy.tenantArchiveAccessManagement, Policy.applicationManager, Policy.keyRevokal, - Policy.paymentInstrumentRead, Policy.billingInformationRead, Policy.accessRequests ), @@ -99,7 +94,6 @@ public enum RoleDefinition { paymentProcessor(Policy.paymentProcessor), hostedAccountant(Policy.hostedAccountant, - Policy.collectionMethodUpdate, Policy.planUpdate, Policy.tenantUpdate); |