Example 6 with AthenzDomain
use of com.yahoo.vespa.athenz.api.AthenzDomain in project vespa by vespa-engine.
the class ApplicationApiHandler method updateTenant.
private HttpResponse updateTenant(String tenantName, HttpRequest request) {
Optional<Tenant> existingTenant = controller.tenants().tenant(new TenantId(tenantName));
if (!existingTenant.isPresent())
return ErrorResponse.notFoundError("Tenant '" + tenantName + "' does not exist");
;
Inspector requestData = toSlime(request.getData()).get();
Tenant updatedTenant;
switch(existingTenant.get().tenantType()) {
case USER:
{
throw new BadRequestException("Cannot set property or OpsDB user group for user tenant");
}
case ATHENS:
{
updatedTenant = Tenant.createAthensTenant(new TenantId(tenantName), new AthenzDomain(mandatory("athensDomain", requestData).asString()), new Property(mandatory("property", requestData).asString()), optional("propertyId", requestData).map(PropertyId::new));
controller.tenants().updateTenant(updatedTenant, getUserPrincipal(request).getNToken());
break;
}
default:
{
throw new BadRequestException("Unknown tenant type: " + existingTenant.get().tenantType());
}
}
return tenant(updatedTenant, request, true);
}
Also used :
TenantId(com.yahoo.vespa.hosted.controller.api.identifiers.TenantId)
Tenant(com.yahoo.vespa.hosted.controller.api.Tenant)
AthenzDomain(com.yahoo.vespa.athenz.api.AthenzDomain)
Inspector(com.yahoo.slime.Inspector)
BadRequestException(javax.ws.rs.BadRequestException)
Property(com.yahoo.vespa.hosted.controller.api.identifiers.Property)
Example 7 with AthenzDomain
use of com.yahoo.vespa.athenz.api.AthenzDomain in project vespa by vespa-engine.
the class ApplicationApiHandler method verifyApplicationIdentityConfiguration.
private void verifyApplicationIdentityConfiguration(String tenantName, Optional<ApplicationPackage> applicationPackage) {
// Validate that domain in identity configuration (deployment.xml) is same as tenant domain
applicationPackage.map(ApplicationPackage::deploymentSpec).flatMap(DeploymentSpec::athenzDomain).ifPresent(identityDomain -> {
Tenant tenant = controller.tenants().tenant(new TenantId(tenantName)).orElseThrow(() -> new IllegalArgumentException("Tenant does not exist"));
AthenzDomain tenantDomain = tenant.getAthensDomain().orElseThrow(() -> new IllegalArgumentException("Identity provider only available to Athenz onboarded tenants"));
if (!Objects.equals(tenantDomain.getName(), identityDomain.value())) {
throw new ForbiddenException(String.format("Athenz domain in deployment.xml: [%s] must match tenant domain: [%s]", identityDomain.value(), tenantDomain.getName()));
}
});
}
Also used :
TenantId(com.yahoo.vespa.hosted.controller.api.identifiers.TenantId)
ForbiddenException(javax.ws.rs.ForbiddenException)
Tenant(com.yahoo.vespa.hosted.controller.api.Tenant)
AthenzDomain(com.yahoo.vespa.athenz.api.AthenzDomain)
ApplicationPackage(com.yahoo.vespa.hosted.controller.application.ApplicationPackage)
Example 8 with AthenzDomain
use of com.yahoo.vespa.athenz.api.AthenzDomain in project vespa by vespa-engine.
the class TenantController method internalCreateTenant.
private void internalCreateTenant(Tenant tenant, Optional<NToken> token) {
TenantId.validate(tenant.getId().id());
if (tenant(tenant.getId()).isPresent())
throw new IllegalArgumentException("Tenant '" + tenant.getId() + "' already exists");
if (tenant(dashToUnderscore(tenant.getId())).isPresent())
throw new IllegalArgumentException("Could not create " + tenant + ": Tenant " + dashToUnderscore(tenant.getId()) + " already exists");
if (tenant.isAthensTenant() && !token.isPresent())
throw new IllegalArgumentException("Could not create " + tenant + ": No NToken provided");
if (tenant.isAthensTenant()) {
AthenzDomain domain = tenant.getAthensDomain().get();
Optional<Tenant> existingTenantWithDomain = tenantHaving(domain);
if (existingTenantWithDomain.isPresent())
throw new IllegalArgumentException("Could not create " + tenant + ": The Athens domain '" + domain.getName() + "' is already connected to " + existingTenantWithDomain.get());
athenzClientFactory.createZmsClientWithAuthorizedServiceToken(token.get()).createTenant(domain);
}
db.createTenant(tenant);
log.info("Created " + tenant);
}
Also used :
Tenant(com.yahoo.vespa.hosted.controller.api.Tenant)
AthenzDomain(com.yahoo.vespa.athenz.api.AthenzDomain)
Example 9 with AthenzDomain
use of com.yahoo.vespa.athenz.api.AthenzDomain in project vespa by vespa-engine.
the class ApplicationApiHandler method athenzDomains.
private HttpResponse athenzDomains(HttpRequest request) {
Slime slime = new Slime();
Cursor response = slime.setObject();
Cursor array = response.setArray("data");
for (AthenzDomain athenzDomain : controller.getDomainList(request.getProperty("prefix"))) {
array.addString(athenzDomain.getName());
}
return new SlimeJsonResponse(slime);
}
Also used :
SlimeJsonResponse(com.yahoo.vespa.hosted.controller.restapi.SlimeJsonResponse)
AthenzDomain(com.yahoo.vespa.athenz.api.AthenzDomain)
Slime(com.yahoo.slime.Slime)
Cursor(com.yahoo.slime.Cursor)
Example 10 with AthenzDomain
use of com.yahoo.vespa.athenz.api.AthenzDomain in project vespa by vespa-engine.
the class ContainerControllerTester method createApplication.
public Application createApplication(String athensDomain, String tenant, String application) {
AthenzDomain domain1 = addTenantAthenzDomain(athensDomain, "mytenant");
controller().tenants().createAthenzTenant(Tenant.createAthensTenant(new TenantId(tenant), domain1, new Property("property1"), Optional.of(new PropertyId("1234"))), TestIdentities.userNToken);
ApplicationId app = ApplicationId.from(tenant, application, "default");
return controller().applications().createApplication(app, Optional.of(TestIdentities.userNToken));
}
Also used :
TenantId(com.yahoo.vespa.hosted.controller.api.identifiers.TenantId)
AthenzDomain(com.yahoo.vespa.athenz.api.AthenzDomain)
ApplicationId(com.yahoo.config.provision.ApplicationId)
Property(com.yahoo.vespa.hosted.controller.api.identifiers.Property)
PropertyId(com.yahoo.vespa.hosted.controller.api.identifiers.PropertyId)
Aggregations
AthenzDomain (com.yahoo.vespa.athenz.api.AthenzDomain)15
Tenant (com.yahoo.vespa.hosted.controller.api.Tenant)5
TenantId (com.yahoo.vespa.hosted.controller.api.identifiers.TenantId)4
AthenzDbMock (com.yahoo.vespa.hosted.controller.athenz.mock.AthenzDbMock)3
Test (org.junit.Test)3
ApplicationId (com.yahoo.config.provision.ApplicationId)2
Inspector (com.yahoo.slime.Inspector)2
Property (com.yahoo.vespa.hosted.controller.api.identifiers.Property)2
UserId (com.yahoo.vespa.hosted.controller.api.identifiers.UserId)2
AthenzClientFactoryMock (com.yahoo.vespa.hosted.controller.athenz.mock.AthenzClientFactoryMock)2
ContainerTester (com.yahoo.vespa.hosted.controller.restapi.ContainerTester)2
ControllerContainerTest (com.yahoo.vespa.hosted.controller.restapi.ControllerContainerTest)2
File (java.io.File)2
HttpEntity (org.apache.http.HttpEntity)2
PrincipalToken (com.yahoo.athenz.auth.token.PrincipalToken)1
Cursor (com.yahoo.slime.Cursor)1
Slime (com.yahoo.slime.Slime)1
AthenzIdentity (com.yahoo.vespa.athenz.api.AthenzIdentity)1
AthenzPrincipal (com.yahoo.vespa.athenz.api.AthenzPrincipal)1
AthenzService (com.yahoo.vespa.athenz.api.AthenzService)1
