diff options
Diffstat (limited to 'controller-api')
17 files changed, 62 insertions, 184 deletions
diff --git a/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/application/v4/ApplicationResource.java b/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/application/v4/ApplicationResource.java index e5833682c90..66f6a7d873f 100644 --- a/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/application/v4/ApplicationResource.java +++ b/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/application/v4/ApplicationResource.java @@ -1,7 +1,6 @@ // Copyright 2017 Yahoo Holdings. Licensed under the terms of the Apache 2.0 license. See LICENSE in the project root. package com.yahoo.vespa.hosted.controller.api.application.v4; -import com.yahoo.vespa.hosted.controller.api.application.v4.model.JobStatusList; import com.yahoo.vespa.hosted.controller.api.identifiers.ApplicationId; import com.yahoo.vespa.hosted.controller.api.application.v4.model.ApplicationReference; import com.yahoo.vespa.hosted.controller.api.application.v4.model.InstancesReply; @@ -42,8 +41,4 @@ public interface ApplicationResource { @GET InstancesReply listInstances(@PathParam("applicationId") ApplicationId applicationId); - @Path("{applicationId}/deployment") - @GET - JobStatusList deployment(@PathParam("applicationId") ApplicationId applicationId); - } diff --git a/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/application/v4/model/JobStatus.java b/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/application/v4/model/JobStatus.java deleted file mode 100644 index cce8a8c88fc..00000000000 --- a/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/application/v4/model/JobStatus.java +++ /dev/null @@ -1,16 +0,0 @@ -// Copyright 2017 Yahoo Holdings. Licensed under the terms of the Apache 2.0 license. See LICENSE in the project root. -package com.yahoo.vespa.hosted.controller.api.application.v4.model; - -import com.fasterxml.jackson.annotation.JsonIgnoreProperties; - -/** - * @author bratseth - */ -@JsonIgnoreProperties(ignoreUnknown = true) -public class JobStatus { - - public String jobType; - public long lastCompleted; - public boolean success; - -} diff --git a/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/application/v4/model/JobStatusList.java b/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/application/v4/model/JobStatusList.java deleted file mode 100644 index 30af3291fbd..00000000000 --- a/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/application/v4/model/JobStatusList.java +++ /dev/null @@ -1,14 +0,0 @@ -// Copyright 2017 Yahoo Holdings. Licensed under the terms of the Apache 2.0 license. See LICENSE in the project root. -package com.yahoo.vespa.hosted.controller.api.application.v4.model; - -import com.fasterxml.jackson.annotation.JsonIgnoreProperties; - -import java.util.List; - -/** - * @author bratseth - */ -@JsonIgnoreProperties(ignoreUnknown = true) -public class JobStatusList { - public List<JobStatus> jobs; -} diff --git a/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/BuildService.java b/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/BuildService.java deleted file mode 100644 index 0f5b7f154e1..00000000000 --- a/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/BuildService.java +++ /dev/null @@ -1,84 +0,0 @@ -// Copyright 2017 Yahoo Holdings. Licensed under the terms of the Apache 2.0 license. See LICENSE in the project root. -package com.yahoo.vespa.hosted.controller.api.integration; - -import com.yahoo.config.provision.ApplicationId; - -import java.util.Objects; - -/** - * @author jonmv - */ -// TODO jonmv: Remove this. -public interface BuildService { - - /** - * Enqueues a job defined by buildJob in an external build system. - * - * Implementations should throw an exception if the triggering fails. - */ - void trigger(BuildJob buildJob); - - /** - * Returns the state of the given job in the build service. - */ - JobState stateOf(BuildJob buildJob); - - enum JobState { - - /** Job is not running, and may be triggered. */ - idle, - - /** Job is already running, and will be queued if triggered now. */ - running, - - /** Job is running and queued and will automatically be started again after it finishes its current run. */ - queued, - - /** Job is disabled, i.e., it can not be triggered. */ - disabled - - } - - - class BuildJob { - - private final ApplicationId applicationId; - private final long projectId; - private final String jobName; - - protected BuildJob(ApplicationId applicationId, long projectId, String jobName) { - this.applicationId = applicationId; - this.projectId = projectId; - this.jobName = jobName; - } - - public static BuildJob of(ApplicationId applicationId, long projectId, String jobName) { - return new BuildJob(applicationId, projectId, jobName); - } - - public ApplicationId applicationId() { return applicationId; } - public long projectId() { return projectId; } - public String jobName() { return jobName; } - - @Override - public boolean equals(Object o) { - if (this == o) return true; - if (!(o instanceof BuildJob)) return false; - BuildJob job = (BuildJob) o; - return Objects.equals(applicationId, job.applicationId) && - Objects.equals(jobName, job.jobName); - } - - @Override - public int hashCode() { - return Objects.hash(applicationId, jobName); - } - - @Override - public String toString() { - return jobName + " for " + applicationId + " with project " + projectId; - } - - } - -} diff --git a/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/ServiceRegistry.java b/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/ServiceRegistry.java index 578be18c4d7..4eb4f669225 100644 --- a/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/ServiceRegistry.java +++ b/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/ServiceRegistry.java @@ -20,6 +20,7 @@ import com.yahoo.vespa.hosted.controller.api.integration.resource.MeteringClient import com.yahoo.vespa.hosted.controller.api.integration.resource.TenantCost; import com.yahoo.vespa.hosted.controller.api.integration.routing.GlobalRoutingService; import com.yahoo.vespa.hosted.controller.api.integration.routing.RoutingGenerator; +import com.yahoo.vespa.hosted.controller.api.integration.zone.ZoneRegistry; import java.time.Clock; @@ -72,9 +73,8 @@ public interface ServiceRegistry { RunDataStore runDataStore(); - // TODO: No longer used. Remove this once untangled from test code - BuildService buildService(); - TenantCost tenantCost(); + ZoneRegistry zoneRegistry(); + } diff --git a/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/deployment/ApplicationVersion.java b/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/deployment/ApplicationVersion.java index b1dad7d814e..fb9745d90cb 100644 --- a/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/deployment/ApplicationVersion.java +++ b/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/deployment/ApplicationVersion.java @@ -115,15 +115,12 @@ public class ApplicationVersion implements Comparable<ApplicationVersion> { if (!(o instanceof ApplicationVersion)) return false; ApplicationVersion that = (ApplicationVersion) o; return Objects.equals(source, that.source) && - Objects.equals(authorEmail, that.authorEmail) && - Objects.equals(buildNumber, that.buildNumber) && - Objects.equals(compileVersion, that.compileVersion) && - Objects.equals(buildTime, that.buildTime); + Objects.equals(buildNumber, that.buildNumber); } @Override public int hashCode() { - return Objects.hash(source, authorEmail, buildNumber, compileVersion, buildTime); + return Objects.hash(source, buildNumber); } @Override diff --git a/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/deployment/ArtifactRepository.java b/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/deployment/ArtifactRepository.java index 890059b86b2..2beb19536b6 100644 --- a/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/deployment/ArtifactRepository.java +++ b/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/deployment/ArtifactRepository.java @@ -12,6 +12,7 @@ import com.yahoo.config.provision.zone.ZoneId; */ public interface ArtifactRepository { + // TODO unused, remove /** Returns the tenant application package of the given version. */ byte[] getApplicationPackage(ApplicationId application, String applicationVersion); diff --git a/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/deployment/JobType.java b/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/deployment/JobType.java index f301bc038a2..ec742698540 100644 --- a/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/deployment/JobType.java +++ b/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/deployment/JobType.java @@ -20,9 +20,6 @@ import static com.yahoo.config.provision.SystemName.main; /** Job types that exist in the build system */ public enum JobType { // | enum name ------------| job name ------------------| Zone in main system ---------------------------------------| Zone in CD system ------------------------------------------- - component ("component", // TODO jonmv: remove when no longer present in serialized data - Map.of()), - systemTest ("system-test", Map.of(main , ZoneId.from("test", "us-east-1"), cd , ZoneId.from("test", "cd-us-central-1"), @@ -134,7 +131,6 @@ public enum JobType { /** Returns the environment of this job type, or null if it does not have an environment */ public Environment environment() { - if (this == component) return null; return zones.values().iterator().next().environment(); } diff --git a/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/deployment/RunId.java b/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/deployment/RunId.java index 506c0482bca..ebce77f7e40 100644 --- a/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/deployment/RunId.java +++ b/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/deployment/RunId.java @@ -6,7 +6,7 @@ import com.yahoo.config.provision.ApplicationId; import java.util.Objects; /** - * Immutable ID of a job run by a {@link com.yahoo.vespa.hosted.controller.api.integration.BuildService}. + * Immutable ID of a deployment job. * * @author jonmv */ diff --git a/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/stubs/MockBuildService.java b/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/stubs/MockBuildService.java deleted file mode 100644 index 2a8b06888b0..00000000000 --- a/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/stubs/MockBuildService.java +++ /dev/null @@ -1,47 +0,0 @@ -// Copyright 2017 Yahoo Holdings. Licensed under the terms of the Apache 2.0 license. See LICENSE in the project root. -package com.yahoo.vespa.hosted.controller.api.integration.stubs; - -import com.yahoo.component.AbstractComponent; -import com.yahoo.config.provision.ApplicationId; -import com.yahoo.vespa.hosted.controller.api.integration.BuildService; - -import java.util.ArrayList; -import java.util.Collections; -import java.util.List; - -import static com.yahoo.vespa.hosted.controller.api.integration.BuildService.JobState.idle; -import static com.yahoo.vespa.hosted.controller.api.integration.BuildService.JobState.running; - -/** - * @author jonmv - */ -public class MockBuildService extends AbstractComponent implements BuildService { - - private final List<BuildJob> jobs = Collections.synchronizedList(new ArrayList<>()); - - @Override - public void trigger(BuildJob buildJob) { - jobs.add(buildJob); - } - - @Override - public JobState stateOf(BuildJob buildJob) { - return jobs.contains(buildJob) ? running : idle; - } - - /** List all running jobs. */ - public List<BuildJob> jobs() { - return new ArrayList<>(jobs); - } - - /** Clears all running jobs. */ - public void clear() { - jobs.clear(); - } - - /** Removes the given job for the given project and returns whether it was found. */ - public boolean remove(BuildJob buildJob) { - return jobs.remove(buildJob); - } - -} diff --git a/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/stubs/MockUserManagement.java b/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/stubs/MockUserManagement.java index 03eda33233d..ee7337b524d 100644 --- a/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/stubs/MockUserManagement.java +++ b/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/stubs/MockUserManagement.java @@ -6,6 +6,7 @@ import com.yahoo.vespa.hosted.controller.api.integration.user.UserManagement; import com.yahoo.vespa.hosted.controller.api.role.Role; import java.util.Collection; +import java.util.Collections; import java.util.HashMap; import java.util.HashSet; import java.util.List; @@ -42,11 +43,25 @@ public class MockUserManagement implements UserManagement { } @Override + public void addToRoles(UserId user, Collection<Role> roles) { + for (Role role : roles) { + addUsers(role, Collections.singletonList(user)); + } + } + + @Override public void removeUsers(Role role, Collection<UserId> users) { memberships.get(role).removeIf(user -> users.contains(new UserId(user.email()))); } @Override + public void removeFromRoles(UserId user, Collection<Role> roles) { + for (Role role : roles) { + removeUsers(role, Collections.singletonList(user)); + } + } + + @Override public List<User> listUsers(Role role) { return List.copyOf(memberships.get(role)); } diff --git a/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/user/UserManagement.java b/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/user/UserManagement.java index f56a9f66288..922f0f11244 100644 --- a/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/user/UserManagement.java +++ b/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/user/UserManagement.java @@ -21,9 +21,15 @@ public interface UserManagement { /** Ensures the given users exist, and are part of the given role, or throws if the role does not exist. */ void addUsers(Role role, Collection<UserId> users); + /** Ensures the given user exist, and are part of the given roles, or throws if the roles does not exist. */ + void addToRoles(UserId user, Collection<Role> roles); + /** Ensures none of the given users are part of the given role, or throws if the role does not exist. */ void removeUsers(Role role, Collection<UserId> users); + /** Ensures the given users are not part of the given role, or throws if the roles does not exist. */ + void removeFromRoles(UserId user, Collection<Role> roles); + /** Returns all users in the given role, or throws if the role does not exist. */ List<User> listUsers(Role role); diff --git a/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/role/PathGroup.java b/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/role/PathGroup.java index 89f0a3c3382..9db896bbb88 100644 --- a/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/role/PathGroup.java +++ b/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/role/PathGroup.java @@ -19,6 +19,10 @@ import java.util.Set; */ enum PathGroup { + /** Paths exclusive to operators (including read), used for system management. */ + classifiedOperator(Optional.of("/api"), + "/configserver/v1/{*}"), + /** Paths used for system management by operators. */ operator("/controller/v1/{*}", "/flags/v1/{*}", @@ -174,7 +178,10 @@ enum PathGroup { /** Paths providing public information. */ publicInfo(Optional.of("/api"), "/badge/v1/{*}", - "/zone/v1/{*}"); + "/zone/v1/{*}"), + + /** Paths used for deploying system-wide feature flags. */ + systemFlags("/system-flags/v1/{*}"); final List<String> pathSpecs; final String prefix; @@ -228,6 +235,10 @@ enum PathGroup { return EnumSet.allOf(PathGroup.class); } + static Set<PathGroup> allExcept(PathGroup... pathGroups) { + return EnumSet.complementOf(EnumSet.copyOf(List.of(pathGroups))); + } + /** Returns whether this group matches path in given context */ boolean matches(URI uri, Context context) { return get(uri).map(p -> { diff --git a/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/role/Policy.java b/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/role/Policy.java index db7dd5909b3..51f29626acf 100644 --- a/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/role/Policy.java +++ b/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/role/Policy.java @@ -115,13 +115,18 @@ enum Policy { /** Read access to all information in select systems. */ classifiedRead(Privilege.grant(Action.read) - .on(PathGroup.all()) + .on(PathGroup.allExcept(PathGroup.classifiedOperator)) .in(SystemName.main, SystemName.cd, SystemName.dev)), /** Read access to public info. */ publicRead(Privilege.grant(Action.read) .on(PathGroup.publicInfo) - .in(SystemName.all())); + .in(SystemName.all())), + + /** Access to /system-flags/v1. */ + systemFlagsDeployment(Privilege.grant(Action.all()) + .on(PathGroup.systemFlags) + .in(SystemName.all())); private final Set<Privilege> privileges; diff --git a/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/role/Role.java b/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/role/Role.java index 03f5a949c99..e1497bd686e 100644 --- a/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/role/Role.java +++ b/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/role/Role.java @@ -5,7 +5,6 @@ import com.yahoo.config.provision.ApplicationName; import com.yahoo.config.provision.InstanceName; import com.yahoo.config.provision.TenantName; -import java.net.URI; import java.util.Objects; /** @@ -109,6 +108,9 @@ public abstract class Role { return new ApplicationRole(RoleDefinition.buildService, tenant, application); } + /** Returns the role for system flag deployer */ + public static UnboundRole systemFlagsDeployer() { return new UnboundRole(RoleDefinition.systemFlagsDeployer); } + /** Returns the role definition of this bound role. */ public RoleDefinition definition() { return roleDefinition; } diff --git a/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/role/RoleDefinition.java b/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/role/RoleDefinition.java index 9797a3813ed..a261f5c7e8f 100644 --- a/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/role/RoleDefinition.java +++ b/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/role/RoleDefinition.java @@ -113,7 +113,9 @@ public enum RoleDefinition { Policy.applicationDelete, Policy.applicationOperations, Policy.keyManagement, - Policy.developmentDeployment); + Policy.developmentDeployment), + + systemFlagsDeployer(hostedOperator, Policy.systemFlagsDeployment); private final Set<RoleDefinition> parents; private final Set<Policy> policies; diff --git a/controller-api/src/test/java/com/yahoo/vespa/hosted/controller/api/role/RoleTest.java b/controller-api/src/test/java/com/yahoo/vespa/hosted/controller/api/role/RoleTest.java index fcac8c1efd2..6dd815f4f51 100644 --- a/controller-api/src/test/java/com/yahoo/vespa/hosted/controller/api/role/RoleTest.java +++ b/controller-api/src/test/java/com/yahoo/vespa/hosted/controller/api/role/RoleTest.java @@ -126,4 +126,13 @@ public class RoleTest { assertFalse(tenantAdmin1.implies(applicationHeadless11)); assertFalse(applicationHeadless11.implies(applicationHeadless12)); } + + @Test + public void system_flags() { + URI uri = URI.create("/system-flags/v1/deploy"); + Action action = Action.update; + assertTrue(mainEnforcer.allows(Role.systemFlagsDeployer(), action, uri)); + assertTrue(mainEnforcer.allows(Role.hostedOperator(), action, uri)); + assertFalse(mainEnforcer.allows(Role.everyone(), action, uri)); + } } |