blob: 0f39ef7d0f062396999f9e357d0748af6f3fcf01 (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
|
// Copyright Vespa.ai. Licensed under the terms of the Apache 2.0 license. See LICENSE in the project root.
package com.yahoo.vespa.hosted.controller.maintenance;
import com.yahoo.config.provision.ApplicationId;
import com.yahoo.config.provision.InstanceName;
import com.yahoo.vespa.hosted.controller.Controller;
import com.yahoo.vespa.hosted.controller.api.integration.user.RoleMaintainer;
import java.time.Duration;
import java.util.Optional;
import java.util.logging.Logger;
import java.util.stream.Collectors;
/**
* Maintains user management resources.
* For now, ensures there's no discrepnacy between expected tenant/application roles and auth0/athenz roles
*
* @author olaa
*/
public class UserManagementMaintainer extends ControllerMaintainer {
private final RoleMaintainer roleMaintainer;
private static final Logger logger = Logger.getLogger(UserManagementMaintainer.class.getName());
public UserManagementMaintainer(Controller controller, Duration interval, RoleMaintainer roleMaintainer) {
super(controller, interval);
this.roleMaintainer = roleMaintainer;
}
@Override
protected double maintain() {
var tenants = controller().tenants().asList();
var applications = controller().applications().idList()
.stream()
.map(appId -> ApplicationId.from(appId.tenant(), appId.application(), InstanceName.defaultName()))
.toList();
roleMaintainer.deleteLeftoverRoles(tenants, applications);
if (!controller().system().isPublic()) {
roleMaintainer.tenantsToDelete(tenants)
.forEach(tenant -> {
logger.warning(tenant.name() + " has a non-existing Athenz domain. Deleting");
controller().applications().asList(tenant.name())
.forEach(application -> controller().applications().deleteApplication(application.id(), Optional.empty()));
controller().tenants().delete(tenant.name(), Optional.empty(), false);
});
}
return 0.0;
}
}
|
