From abe78abeb5e7ed00dc3a743ca77a13e95fa47ce6 Mon Sep 17 00:00:00 2001
From: Valerij Fredriksen <valerijf@yahooinc.com>
Date: Wed, 26 Oct 2022 16:36:10 +0200
Subject: Return enclave information for instance in application/v4

---
 .../vespa/hosted/controller/api/integration/zone/ZoneRegistry.java  | 3 +++
 .../com/yahoo/vespa/hosted/controller/ApplicationController.java    | 2 +-
 .../controller/restapi/application/ApplicationApiHandler.java       | 6 ++++++
 .../yahoo/vespa/hosted/controller/integration/ZoneRegistryMock.java | 5 +++++
 .../controller/restapi/application/ApplicationApiCloudTest.java     | 1 -
 5 files changed, 15 insertions(+), 2 deletions(-)

diff --git a/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/zone/ZoneRegistry.java b/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/zone/ZoneRegistry.java
index fa28840d7ee..d26ebb62181 100644
--- a/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/zone/ZoneRegistry.java
+++ b/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/zone/ZoneRegistry.java
@@ -110,4 +110,7 @@ public interface ZoneRegistry {
     /** IAM tenant developer role ARN */
     Optional<String> tenantDeveloperRoleArn(TenantName tenant);
 
+    /** Returns athenz domain tied to the given cloud account */
+    AthenzDomain cloudAccountAthenzDomain(CloudAccount cloudAccount);
+
 }
diff --git a/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/ApplicationController.java b/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/ApplicationController.java
index 7e284a8aef5..902c1803b6b 100644
--- a/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/ApplicationController.java
+++ b/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/ApplicationController.java
@@ -670,7 +670,7 @@ public class ApplicationController {
         }
     }
 
-    private Optional<CloudAccount> decideCloudAccountOf(DeploymentId deployment, DeploymentSpec spec) {
+    public Optional<CloudAccount> decideCloudAccountOf(DeploymentId deployment, DeploymentSpec spec) {
         ZoneId zoneId = deployment.zoneId();
         Optional<CloudAccount> requestedAccount = spec.instance(deployment.applicationId().instance())
                                                       .flatMap(instanceSpec -> instanceSpec.cloudAccount(zoneId.environment(),
diff --git a/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/restapi/application/ApplicationApiHandler.java b/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/restapi/application/ApplicationApiHandler.java
index 35483309cae..161e4b30dd9 100644
--- a/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/restapi/application/ApplicationApiHandler.java
+++ b/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/restapi/application/ApplicationApiHandler.java
@@ -1814,6 +1814,12 @@ public class ApplicationApiHandler extends AuditLoggingRequestHandler {
 
         application.projectId().ifPresent(i -> response.setString("screwdriverId", String.valueOf(i)));
 
+        controller.applications().decideCloudAccountOf(deploymentId, application.deploymentSpec()).ifPresent(cloudAccount -> {
+            Cursor enclave = response.setObject("enclave");
+            enclave.setString("cloudAccount", cloudAccount.value());
+            enclave.setString("athensDomain", controller.zoneRegistry().cloudAccountAthenzDomain(cloudAccount).value());
+        });
+
         var instance = application.instances().get(deploymentId.applicationId().instance());
         if (instance != null) {
             if (!instance.rotations().isEmpty() && deployment.zone().environment() == Environment.prod)
diff --git a/controller-server/src/test/java/com/yahoo/vespa/hosted/controller/integration/ZoneRegistryMock.java b/controller-server/src/test/java/com/yahoo/vespa/hosted/controller/integration/ZoneRegistryMock.java
index a3ea56ccc72..dd0f2ca028c 100644
--- a/controller-server/src/test/java/com/yahoo/vespa/hosted/controller/integration/ZoneRegistryMock.java
+++ b/controller-server/src/test/java/com/yahoo/vespa/hosted/controller/integration/ZoneRegistryMock.java
@@ -254,6 +254,11 @@ public class ZoneRegistryMock extends AbstractComponent implements ZoneRegistry
 
     @Override public Optional<String> tenantDeveloperRoleArn(TenantName tenant) { return Optional.empty(); }
 
+    @Override
+    public AthenzDomain cloudAccountAthenzDomain(CloudAccount cloudAccount) {
+        return AthenzDomain.from("vespa.enclave");
+    }
+
     @Override
     public boolean hasZone(ZoneId zoneId) {
         return zones.stream().anyMatch(zone -> zone.getId().equals(zoneId));
diff --git a/controller-server/src/test/java/com/yahoo/vespa/hosted/controller/restapi/application/ApplicationApiCloudTest.java b/controller-server/src/test/java/com/yahoo/vespa/hosted/controller/restapi/application/ApplicationApiCloudTest.java
index af0a85f1a90..ab671be23eb 100644
--- a/controller-server/src/test/java/com/yahoo/vespa/hosted/controller/restapi/application/ApplicationApiCloudTest.java
+++ b/controller-server/src/test/java/com/yahoo/vespa/hosted/controller/restapi/application/ApplicationApiCloudTest.java
@@ -331,7 +331,6 @@ public class ApplicationApiCloudTest extends ControllerContainerCloudTest {
                 "\"error-code\":\"BAD_REQUEST\"," +
                 "\"message\":\"Invalid application id\"" +
                 "}", 400);
-
     }
 
     @Test
-- 
cgit v1.2.3