From 056a751f9cd04016f7bcf3549c527115b838d21d Mon Sep 17 00:00:00 2001 From: Ola Aunrønning Date: Thu, 18 Feb 2021 15:27:42 +0100 Subject: Set up parameter validation handler based on feature flag value --- .../src/main/java/com/yahoo/config/model/api/ModelContext.java | 1 + .../yahoo/vespa/model/container/xml/ContainerModelBuilder.java | 2 +- .../com/yahoo/vespa/config/server/deploy/ModelContextImpl.java | 10 ++++++++++ 3 files changed, 12 insertions(+), 1 deletion(-) diff --git a/config-model-api/src/main/java/com/yahoo/config/model/api/ModelContext.java b/config-model-api/src/main/java/com/yahoo/config/model/api/ModelContext.java index 42ecf7e6bf3..e20a7603494 100644 --- a/config-model-api/src/main/java/com/yahoo/config/model/api/ModelContext.java +++ b/config-model-api/src/main/java/com/yahoo/config/model/api/ModelContext.java @@ -88,6 +88,7 @@ public interface ModelContext { @ModelFeatureFlag(owners = {"baldersheim", "geirst", "toregge"}) default double maxDeadBytesRatio() { return 0.2; } @ModelFeatureFlag(owners = {"hmusum"}) default int clusterControllerMaxHeapSizeInMb() { return 512; } @ModelFeatureFlag(owners = {"bjorncs", "tokle"}) default List allowedAthenzProxyIdentities() { return List.of(); } + @ModelFeatureFlag(owners = {"tokle"}) default boolean tenantIamRole() { return false; } } /** Warning: As elsewhere in this package, do not make backwards incompatible changes that will break old config models! */ diff --git a/config-model/src/main/java/com/yahoo/vespa/model/container/xml/ContainerModelBuilder.java b/config-model/src/main/java/com/yahoo/vespa/model/container/xml/ContainerModelBuilder.java index d41d8920585..784e5e77eb5 100644 --- a/config-model/src/main/java/com/yahoo/vespa/model/container/xml/ContainerModelBuilder.java +++ b/config-model/src/main/java/com/yahoo/vespa/model/container/xml/ContainerModelBuilder.java @@ -214,7 +214,7 @@ public class ContainerModelBuilder extends ConfigModelBuilder { private void addParameterStoreValidationHandler(ApplicationContainerCluster cluster, DeployState deployState) { - if (deployState.zone().system() == SystemName.PublicCd) { + if (deployState.featureFlags().tenantIamRole()) { BindingPattern bindingPattern = SystemBindingPattern.fromHttpPath("/validate-secret-store"); Handler> handler = new Handler<>( new ComponentModel("com.yahoo.jdisc.cloud.aws.AwsParameterStoreValidationHandler", null, null, null)); diff --git a/configserver/src/main/java/com/yahoo/vespa/config/server/deploy/ModelContextImpl.java b/configserver/src/main/java/com/yahoo/vespa/config/server/deploy/ModelContextImpl.java index 4dd384bf649..0241d885b49 100644 --- a/configserver/src/main/java/com/yahoo/vespa/config/server/deploy/ModelContextImpl.java +++ b/configserver/src/main/java/com/yahoo/vespa/config/server/deploy/ModelContextImpl.java @@ -21,6 +21,7 @@ import com.yahoo.config.provision.ApplicationId; import com.yahoo.config.provision.AthenzDomain; import com.yahoo.config.provision.DockerImage; import com.yahoo.config.provision.HostName; +import com.yahoo.config.provision.TenantName; import com.yahoo.config.provision.Zone; import com.yahoo.vespa.flags.FetchVector; import com.yahoo.vespa.flags.FlagSource; @@ -166,6 +167,7 @@ public class ModelContextImpl implements ModelContext { private final double maxDeadBytesRatio; private final int clusterControllerMaxHeapSizeInMb; private final List allowedAthenzProxyIdentities; + private final boolean tenantIamRole; public FeatureFlags(FlagSource source, ApplicationId appId) { this.defaultTermwiseLimit = flagValue(source, appId, Flags.DEFAULT_TERM_WISE_LIMIT); @@ -187,6 +189,7 @@ public class ModelContextImpl implements ModelContext { this.maxDeadBytesRatio = flagValue(source, appId, Flags.MAX_DEAD_BYTES_RATIO); this.clusterControllerMaxHeapSizeInMb = flagValue(source, appId, Flags.CLUSTER_CONTROLLER_MAX_HEAP_SIZE_IN_MB); this.allowedAthenzProxyIdentities = flagValue(source, appId, Flags.ALLOWED_ATHENZ_PROXY_IDENTITIES); + this.tenantIamRole = flagValue(source, appId.tenant(), Flags.TENANT_IAM_ROLE); } @Override public double defaultTermwiseLimit() { return defaultTermwiseLimit; } @@ -208,6 +211,7 @@ public class ModelContextImpl implements ModelContext { @Override public double maxDeadBytesRatio() { return maxDeadBytesRatio; } @Override public int clusterControllerMaxHeapSizeInMb() { return clusterControllerMaxHeapSizeInMb; } @Override public List allowedAthenzProxyIdentities() { return allowedAthenzProxyIdentities; } + @Override public boolean tenantIamRole() { return tenantIamRole; } private static V flagValue(FlagSource source, ApplicationId appId, UnboundFlag flag) { return flag.bindTo(source) @@ -215,6 +219,12 @@ public class ModelContextImpl implements ModelContext { .boxedValue(); } + private static V flagValue(FlagSource source, TenantName tenant, UnboundFlag flag) { + return flag.bindTo(source) + .with(FetchVector.Dimension.TENANT_ID, tenant.value()) + .boxedValue(); + } + } public static class Properties implements ModelContext.Properties { -- cgit v1.2.3