From ef74aeff20de66d8d0adfd5d522ba4f090675168 Mon Sep 17 00:00:00 2001
From: Øyvind Grønnesby <oyving@verizonmedia.com>
Date: Thu, 25 Feb 2021 11:23:08 +0100
Subject: Make the secret store a field on the tenant object

---
 .../restapi/application/ApplicationApiHandler.java |  8 +++++++
 .../controller/restapi/user/UserApiTest.java       | 16 +++++++++++++
 .../restapi/user/responses/tenant-with-keys.json   |  1 +
 .../user/responses/tenant-with-secrets.json        | 26 ++++++++++++++++++++++
 .../responses/tenant-without-applications.json     |  1 +
 5 files changed, 52 insertions(+)
 create mode 100644 controller-server/src/test/java/com/yahoo/vespa/hosted/controller/restapi/user/responses/tenant-with-secrets.json

diff --git a/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/restapi/application/ApplicationApiHandler.java b/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/restapi/application/ApplicationApiHandler.java
index d435ad2da77..a1b7807e43f 100644
--- a/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/restapi/application/ApplicationApiHandler.java
+++ b/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/restapi/application/ApplicationApiHandler.java
@@ -1961,6 +1961,14 @@ public class ApplicationApiHandler extends LoggingRequestHandler {
                     keyObject.setString("user", user.getName());
                 });
 
+                Cursor secretStore = object.setArray("secretStores");
+                cloudTenant.tenantSecretStores().forEach(store -> {
+                    Cursor storeObject = secretStore.addObject();
+                    storeObject.setString("name", store.getName());
+                    storeObject.setString("awsId", store.getAwsId());
+                    storeObject.setString("role", store.getRole());
+                });
+
                 var tenantQuota = controller.serviceRegistry().billingController().getQuota(tenant.name());
                 var usedQuota = applications.stream()
                         .map(com.yahoo.vespa.hosted.controller.Application::quotaUsage)
diff --git a/controller-server/src/test/java/com/yahoo/vespa/hosted/controller/restapi/user/UserApiTest.java b/controller-server/src/test/java/com/yahoo/vespa/hosted/controller/restapi/user/UserApiTest.java
index 3357e5ca8a4..422364de5c1 100644
--- a/controller-server/src/test/java/com/yahoo/vespa/hosted/controller/restapi/user/UserApiTest.java
+++ b/controller-server/src/test/java/com/yahoo/vespa/hosted/controller/restapi/user/UserApiTest.java
@@ -20,6 +20,7 @@ import java.util.Set;
 
 import static com.yahoo.application.container.handler.Request.Method.DELETE;
 import static com.yahoo.application.container.handler.Request.Method.POST;
+import static com.yahoo.application.container.handler.Request.Method.PUT;
 import static org.junit.Assert.assertEquals;
 
 /**
@@ -172,6 +173,21 @@ public class UserApiTest extends ControllerContainerCloudTest {
                                       .data("{\"key\":\"" + pemPublicKey + "\"}"),
                               new File("second-developer-key.json"));
 
+        // PUT in a new secret store for the tenant
+        tester.assertResponse(request("/application/v4/tenant/my-tenant/secret-store/", PUT)
+                        .principal("developer@tenant")
+                        .roles(Set.of(Role.administrator(id.tenant())))
+                        .data("{\"name\":\"secret-foo\",\"awsId\":\"123\",\"role\":\"secret-role\",\"externalId\":\"abc\"}"),
+                "{\"message\":\"Configured secret store: TenantSecretStore{name='secret-foo', awsId='123', role='secret-role'}\"}",
+                200);
+
+        // GET a tenant with secret stores configured
+        tester.assertResponse(request("/application/v4/tenant/my-tenant")
+                        .principal("developer@tenant")
+                        .roles(Set.of(Role.reader(id.tenant())))
+                        .data("{\"name\":\"secret-foo\",\"awsId\":\"123\",\"role\":\"secret-role\",\"externalId\":\"abc\"}"),
+                new File("tenant-with-secrets.json"));
+
         // DELETE an application is available to developers.
         tester.assertResponse(request("/application/v4/tenant/my-tenant/application/my-app", DELETE)
                              .roles(Set.of(Role.developer(id.tenant()))),
diff --git a/controller-server/src/test/java/com/yahoo/vespa/hosted/controller/restapi/user/responses/tenant-with-keys.json b/controller-server/src/test/java/com/yahoo/vespa/hosted/controller/restapi/user/responses/tenant-with-keys.json
index 9323067904c..f94dc7c562b 100644
--- a/controller-server/src/test/java/com/yahoo/vespa/hosted/controller/restapi/user/responses/tenant-with-keys.json
+++ b/controller-server/src/test/java/com/yahoo/vespa/hosted/controller/restapi/user/responses/tenant-with-keys.json
@@ -10,6 +10,7 @@
       "key": "-----BEGIN PUBLIC KEY-----\nMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEFELzPyinTfQ/sZnTmRp5E4Ve/sbE\npDhJeqczkyFcT2PysJ5sZwm7rKPEeXDOhzTPCyRvbUqc2SGdWbKUGGa/Yw==\n-----END PUBLIC KEY-----\n",
       "user": "developer@tenant"
     }],
+  "secretStores": [],
   "quota": {
     "budget": null,
     "budgetUsed": 0.0,
diff --git a/controller-server/src/test/java/com/yahoo/vespa/hosted/controller/restapi/user/responses/tenant-with-secrets.json b/controller-server/src/test/java/com/yahoo/vespa/hosted/controller/restapi/user/responses/tenant-with-secrets.json
new file mode 100644
index 00000000000..25891755323
--- /dev/null
+++ b/controller-server/src/test/java/com/yahoo/vespa/hosted/controller/restapi/user/responses/tenant-with-secrets.json
@@ -0,0 +1,26 @@
+{
+  "tenant": "my-tenant",
+  "type": "CLOUD",
+  "pemDeveloperKeys": [
+    {
+      "key": "-----BEGIN PUBLIC KEY-----\nMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEFELzPyinTfQ/sZnTmRp5E4Ve/sbE\npDhJeqczkyFcT2PysJ5sZwm7rKPEeXDOhzTPCyRvbUqc2SGdWbKUGGa/Yw==\n-----END PUBLIC KEY-----\n",
+      "user": "developer@tenant"
+    }
+  ],
+  "secretStores": [
+    {
+      "name": "secret-foo",
+      "awsId": "123",
+      "role": "secret-role"
+    }
+  ],
+  "quota": {
+    "budget": null,
+    "budgetUsed": 0.0,
+    "clusterSize": 5
+  },
+  "applications": [],
+  "metaData": {
+    "createdAtMillis": "(ignore)"
+  }
+}
diff --git a/controller-server/src/test/java/com/yahoo/vespa/hosted/controller/restapi/user/responses/tenant-without-applications.json b/controller-server/src/test/java/com/yahoo/vespa/hosted/controller/restapi/user/responses/tenant-without-applications.json
index eaabb9fe3e1..5965d4b5b00 100644
--- a/controller-server/src/test/java/com/yahoo/vespa/hosted/controller/restapi/user/responses/tenant-without-applications.json
+++ b/controller-server/src/test/java/com/yahoo/vespa/hosted/controller/restapi/user/responses/tenant-without-applications.json
@@ -3,6 +3,7 @@
   "type": "CLOUD",
   "creator": "administrator@tenant",
   "pemDeveloperKeys": [],
+  "secretStores": [],
   "quota": {
     "budget": null,
     "budgetUsed": 0.0,
-- 
cgit v1.2.3