1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
|
// Copyright Yahoo. Licensed under the terms of the Apache 2.0 license. See LICENSE in the project root.
package com.yahoo.config.provision;
import ai.vespa.validation.PatternedStringWrapper;
import ai.vespa.validation.Validation;
import java.util.regex.Pattern;
/**
* Identifies an account in a public cloud, such as {@link CloudName#AWS} or {@link CloudName#GCP}.
*
* @author mpolden
*/
public class CloudAccount extends PatternedStringWrapper<CloudAccount> {
private static final String EMPTY = "";
private static final String AWS_ACCOUNT_ID = "[0-9]{12}";
private static final Pattern AWS_ACCOUNT_ID_PATTERN = Pattern.compile(AWS_ACCOUNT_ID);
private static final String GCP_PROJECT_ID = "[a-z][a-z0-9-]{4,28}[a-z0-9]";
private static final Pattern GCP_PROJECT_ID_PATTERN = Pattern.compile(GCP_PROJECT_ID);
/** Empty value. When this is used, either implicitly or explicitly, the zone will use its default account */
public static final CloudAccount empty = new CloudAccount("", EMPTY, "cloud account");
/** Verifies accountId is a valid AWS account ID and return it unaltered, or throw an IllegalArgumentException. */
public static String requireAwsAccountId(String accountId) {
Validation.requireMatch(accountId, "AWS account ID", AWS_ACCOUNT_ID_PATTERN);
return accountId;
}
/** Verifies accountId is a valid GCP project ID and return it unaltered, or throw an IllegalArgumentException. */
public static String requireGcpProjectId(String projectId) {
Validation.requireMatch(projectId, "GCP project ID", GCP_PROJECT_ID_PATTERN);
return projectId;
}
private CloudAccount(String value, String regex, String description) {
super(value, Pattern.compile("^(" + regex + ")$"), description);
}
public boolean isUnspecified() {
return this.equals(empty);
}
/** Returns true if this is an enclave account. */
public boolean isEnclave(Zone zone) {
return !isUnspecified() &&
zone.system().isPublic() &&
!equals(zone.cloud().account());
}
/** Verifies this account is a valid AWS account ID and return this, or throw an IllegalArgumentException. */
public CloudAccount requireAwsAccountId() {
requireAwsAccountId(value());
return this;
}
/** Verifies this account is a valid GCP project ID and return this, or throw an IllegalArgumentException. */
public CloudAccount requireGcpProjectId() {
requireGcpProjectId(value());
return this;
}
public static CloudAccount from(String cloudAccount) {
return switch (cloudAccount) {
// Tenants are allowed to specify "default" in services.xml.
case "", "default" -> empty;
default -> new CloudAccount(cloudAccount, AWS_ACCOUNT_ID + "|" + GCP_PROJECT_ID, "cloud account");
};
}
@Override
public String toString() {
return isUnspecified() ? "unspecified account" : "account '" + value() + "'";
}
}
|
