From e31e567d8e14a5e260416742168dd48c0b091bfe Mon Sep 17 00:00:00 2001 From: Ola Aunrønning Date: Tue, 1 Mar 2022 13:36:59 +0100 Subject: Synchronize athenz instances on request approval --- .../api/integration/athenz/AthenzAccessControlService.java | 5 ++++- .../api/integration/athenz/AthenzInstanceSynchronizer.java | 13 +++++++++++++ .../integration/athenz/AthenzInstanceSynchronizerMock.java | 10 ++++++++++ 3 files changed, 27 insertions(+), 1 deletion(-) create mode 100644 controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/athenz/AthenzInstanceSynchronizer.java create mode 100644 controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/athenz/AthenzInstanceSynchronizerMock.java (limited to 'controller-api/src') diff --git a/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/athenz/AthenzAccessControlService.java b/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/athenz/AthenzAccessControlService.java index 0568678219e..a3f789149cf 100644 --- a/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/athenz/AthenzAccessControlService.java +++ b/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/athenz/AthenzAccessControlService.java @@ -26,11 +26,13 @@ public class AthenzAccessControlService implements AccessControlService { private final AthenzRole dataPlaneAccessRole; private final AthenzGroup vespaTeam; private final ZmsClient vespaZmsClient; //TODO: Merge ZMS clients + private final AthenzInstanceSynchronizer athenzInstanceSynchronizer; - public AthenzAccessControlService(ZmsClient zmsClient, AthenzDomain domain, ZmsClient vespaZmsClient) { + public AthenzAccessControlService(ZmsClient zmsClient, AthenzDomain domain, ZmsClient vespaZmsClient, AthenzInstanceSynchronizer athenzInstanceSynchronizer) { this.zmsClient = zmsClient; this.vespaZmsClient = vespaZmsClient; + this.athenzInstanceSynchronizer = athenzInstanceSynchronizer; this.dataPlaneAccessRole = new AthenzRole(domain, DATAPLANE_ACCESS_ROLENAME); this.vespaTeam = new AthenzGroup(domain, ALLOWED_OPERATOR_GROUPNAME); } @@ -87,6 +89,7 @@ public class AthenzAccessControlService implements AccessControlService { vespaZmsClient.addRoleMember(role, vespaTeam, Optional.empty()); } vespaZmsClient.approvePendingRoleMembership(role, vespaTeam, expiry, Optional.empty(), Optional.of(oAuthCredentials)); + athenzInstanceSynchronizer.synchronizeInstances(); return true; } diff --git a/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/athenz/AthenzInstanceSynchronizer.java b/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/athenz/AthenzInstanceSynchronizer.java new file mode 100644 index 00000000000..fb2375d3ea2 --- /dev/null +++ b/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/athenz/AthenzInstanceSynchronizer.java @@ -0,0 +1,13 @@ +// Copyright Yahoo. Licensed under the terms of the Apache 2.0 license. See LICENSE in the project root. +package com.yahoo.vespa.hosted.controller.api.integration.athenz; + +/** + * @author olaa + * + * Responsible for synchronizing misc roles and their pending memberships between separate Athenz instances + */ +public interface AthenzInstanceSynchronizer { + + void synchronizeInstances(); + +} diff --git a/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/athenz/AthenzInstanceSynchronizerMock.java b/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/athenz/AthenzInstanceSynchronizerMock.java new file mode 100644 index 00000000000..484fb3d6dd2 --- /dev/null +++ b/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/athenz/AthenzInstanceSynchronizerMock.java @@ -0,0 +1,10 @@ +// Copyright Yahoo. Licensed under the terms of the Apache 2.0 license. See LICENSE in the project root. +package com.yahoo.vespa.hosted.controller.api.integration.athenz; + +/** + * @author olaa + */ +public class AthenzInstanceSynchronizerMock implements AthenzInstanceSynchronizer { + @Override + public void synchronizeInstances() {} +} -- cgit v1.2.3