Search in sources :

Example 6 with AthenzDomain

use of com.yahoo.vespa.athenz.api.AthenzDomain in project vespa by vespa-engine.

the class ApplicationApiHandler method updateTenant.

private HttpResponse updateTenant(String tenantName, HttpRequest request) {
    Optional<Tenant> existingTenant = controller.tenants().tenant(new TenantId(tenantName));
    if (!existingTenant.isPresent())
        return ErrorResponse.notFoundError("Tenant '" + tenantName + "' does not exist");
    ;
    Inspector requestData = toSlime(request.getData()).get();
    Tenant updatedTenant;
    switch(existingTenant.get().tenantType()) {
        case USER:
            {
                throw new BadRequestException("Cannot set property or OpsDB user group for user tenant");
            }
        case ATHENS:
            {
                updatedTenant = Tenant.createAthensTenant(new TenantId(tenantName), new AthenzDomain(mandatory("athensDomain", requestData).asString()), new Property(mandatory("property", requestData).asString()), optional("propertyId", requestData).map(PropertyId::new));
                controller.tenants().updateTenant(updatedTenant, getUserPrincipal(request).getNToken());
                break;
            }
        default:
            {
                throw new BadRequestException("Unknown tenant type: " + existingTenant.get().tenantType());
            }
    }
    return tenant(updatedTenant, request, true);
}
Also used : TenantId(com.yahoo.vespa.hosted.controller.api.identifiers.TenantId) Tenant(com.yahoo.vespa.hosted.controller.api.Tenant) AthenzDomain(com.yahoo.vespa.athenz.api.AthenzDomain) Inspector(com.yahoo.slime.Inspector) BadRequestException(javax.ws.rs.BadRequestException) Property(com.yahoo.vespa.hosted.controller.api.identifiers.Property)

Example 7 with AthenzDomain

use of com.yahoo.vespa.athenz.api.AthenzDomain in project vespa by vespa-engine.

the class ApplicationApiHandler method verifyApplicationIdentityConfiguration.

private void verifyApplicationIdentityConfiguration(String tenantName, Optional<ApplicationPackage> applicationPackage) {
    // Validate that domain in identity configuration (deployment.xml) is same as tenant domain
    applicationPackage.map(ApplicationPackage::deploymentSpec).flatMap(DeploymentSpec::athenzDomain).ifPresent(identityDomain -> {
        Tenant tenant = controller.tenants().tenant(new TenantId(tenantName)).orElseThrow(() -> new IllegalArgumentException("Tenant does not exist"));
        AthenzDomain tenantDomain = tenant.getAthensDomain().orElseThrow(() -> new IllegalArgumentException("Identity provider only available to Athenz onboarded tenants"));
        if (!Objects.equals(tenantDomain.getName(), identityDomain.value())) {
            throw new ForbiddenException(String.format("Athenz domain in deployment.xml: [%s] must match tenant domain: [%s]", identityDomain.value(), tenantDomain.getName()));
        }
    });
}
Also used : TenantId(com.yahoo.vespa.hosted.controller.api.identifiers.TenantId) ForbiddenException(javax.ws.rs.ForbiddenException) Tenant(com.yahoo.vespa.hosted.controller.api.Tenant) AthenzDomain(com.yahoo.vespa.athenz.api.AthenzDomain) ApplicationPackage(com.yahoo.vespa.hosted.controller.application.ApplicationPackage)

Example 8 with AthenzDomain

use of com.yahoo.vespa.athenz.api.AthenzDomain in project vespa by vespa-engine.

the class TenantController method internalCreateTenant.

private void internalCreateTenant(Tenant tenant, Optional<NToken> token) {
    TenantId.validate(tenant.getId().id());
    if (tenant(tenant.getId()).isPresent())
        throw new IllegalArgumentException("Tenant '" + tenant.getId() + "' already exists");
    if (tenant(dashToUnderscore(tenant.getId())).isPresent())
        throw new IllegalArgumentException("Could not create " + tenant + ": Tenant " + dashToUnderscore(tenant.getId()) + " already exists");
    if (tenant.isAthensTenant() && !token.isPresent())
        throw new IllegalArgumentException("Could not create " + tenant + ": No NToken provided");
    if (tenant.isAthensTenant()) {
        AthenzDomain domain = tenant.getAthensDomain().get();
        Optional<Tenant> existingTenantWithDomain = tenantHaving(domain);
        if (existingTenantWithDomain.isPresent())
            throw new IllegalArgumentException("Could not create " + tenant + ": The Athens domain '" + domain.getName() + "' is already connected to " + existingTenantWithDomain.get());
        athenzClientFactory.createZmsClientWithAuthorizedServiceToken(token.get()).createTenant(domain);
    }
    db.createTenant(tenant);
    log.info("Created " + tenant);
}
Also used : Tenant(com.yahoo.vespa.hosted.controller.api.Tenant) AthenzDomain(com.yahoo.vespa.athenz.api.AthenzDomain)

Example 9 with AthenzDomain

use of com.yahoo.vespa.athenz.api.AthenzDomain in project vespa by vespa-engine.

the class ApplicationApiHandler method athenzDomains.

private HttpResponse athenzDomains(HttpRequest request) {
    Slime slime = new Slime();
    Cursor response = slime.setObject();
    Cursor array = response.setArray("data");
    for (AthenzDomain athenzDomain : controller.getDomainList(request.getProperty("prefix"))) {
        array.addString(athenzDomain.getName());
    }
    return new SlimeJsonResponse(slime);
}
Also used : SlimeJsonResponse(com.yahoo.vespa.hosted.controller.restapi.SlimeJsonResponse) AthenzDomain(com.yahoo.vespa.athenz.api.AthenzDomain) Slime(com.yahoo.slime.Slime) Cursor(com.yahoo.slime.Cursor)

Example 10 with AthenzDomain

use of com.yahoo.vespa.athenz.api.AthenzDomain in project vespa by vespa-engine.

the class ContainerControllerTester method createApplication.

public Application createApplication(String athensDomain, String tenant, String application) {
    AthenzDomain domain1 = addTenantAthenzDomain(athensDomain, "mytenant");
    controller().tenants().createAthenzTenant(Tenant.createAthensTenant(new TenantId(tenant), domain1, new Property("property1"), Optional.of(new PropertyId("1234"))), TestIdentities.userNToken);
    ApplicationId app = ApplicationId.from(tenant, application, "default");
    return controller().applications().createApplication(app, Optional.of(TestIdentities.userNToken));
}
Also used : TenantId(com.yahoo.vespa.hosted.controller.api.identifiers.TenantId) AthenzDomain(com.yahoo.vespa.athenz.api.AthenzDomain) ApplicationId(com.yahoo.config.provision.ApplicationId) Property(com.yahoo.vespa.hosted.controller.api.identifiers.Property) PropertyId(com.yahoo.vespa.hosted.controller.api.identifiers.PropertyId)

Aggregations

AthenzDomain (com.yahoo.vespa.athenz.api.AthenzDomain)15 Tenant (com.yahoo.vespa.hosted.controller.api.Tenant)5 TenantId (com.yahoo.vespa.hosted.controller.api.identifiers.TenantId)4 AthenzDbMock (com.yahoo.vespa.hosted.controller.athenz.mock.AthenzDbMock)3 Test (org.junit.Test)3 ApplicationId (com.yahoo.config.provision.ApplicationId)2 Inspector (com.yahoo.slime.Inspector)2 Property (com.yahoo.vespa.hosted.controller.api.identifiers.Property)2 UserId (com.yahoo.vespa.hosted.controller.api.identifiers.UserId)2 AthenzClientFactoryMock (com.yahoo.vespa.hosted.controller.athenz.mock.AthenzClientFactoryMock)2 ContainerTester (com.yahoo.vespa.hosted.controller.restapi.ContainerTester)2 ControllerContainerTest (com.yahoo.vespa.hosted.controller.restapi.ControllerContainerTest)2 File (java.io.File)2 HttpEntity (org.apache.http.HttpEntity)2 PrincipalToken (com.yahoo.athenz.auth.token.PrincipalToken)1 Cursor (com.yahoo.slime.Cursor)1 Slime (com.yahoo.slime.Slime)1 AthenzIdentity (com.yahoo.vespa.athenz.api.AthenzIdentity)1 AthenzPrincipal (com.yahoo.vespa.athenz.api.AthenzPrincipal)1 AthenzService (com.yahoo.vespa.athenz.api.AthenzService)1