use of com.yahoo.vespa.athenz.api.AthenzDomain in project vespa by vespa-engine.
the class ApplicationApiHandler method updateTenant.
private HttpResponse updateTenant(String tenantName, HttpRequest request) {
Optional<Tenant> existingTenant = controller.tenants().tenant(new TenantId(tenantName));
if (!existingTenant.isPresent())
return ErrorResponse.notFoundError("Tenant '" + tenantName + "' does not exist");
;
Inspector requestData = toSlime(request.getData()).get();
Tenant updatedTenant;
switch(existingTenant.get().tenantType()) {
case USER:
{
throw new BadRequestException("Cannot set property or OpsDB user group for user tenant");
}
case ATHENS:
{
updatedTenant = Tenant.createAthensTenant(new TenantId(tenantName), new AthenzDomain(mandatory("athensDomain", requestData).asString()), new Property(mandatory("property", requestData).asString()), optional("propertyId", requestData).map(PropertyId::new));
controller.tenants().updateTenant(updatedTenant, getUserPrincipal(request).getNToken());
break;
}
default:
{
throw new BadRequestException("Unknown tenant type: " + existingTenant.get().tenantType());
}
}
return tenant(updatedTenant, request, true);
}
use of com.yahoo.vespa.athenz.api.AthenzDomain in project vespa by vespa-engine.
the class ApplicationApiHandler method verifyApplicationIdentityConfiguration.
private void verifyApplicationIdentityConfiguration(String tenantName, Optional<ApplicationPackage> applicationPackage) {
// Validate that domain in identity configuration (deployment.xml) is same as tenant domain
applicationPackage.map(ApplicationPackage::deploymentSpec).flatMap(DeploymentSpec::athenzDomain).ifPresent(identityDomain -> {
Tenant tenant = controller.tenants().tenant(new TenantId(tenantName)).orElseThrow(() -> new IllegalArgumentException("Tenant does not exist"));
AthenzDomain tenantDomain = tenant.getAthensDomain().orElseThrow(() -> new IllegalArgumentException("Identity provider only available to Athenz onboarded tenants"));
if (!Objects.equals(tenantDomain.getName(), identityDomain.value())) {
throw new ForbiddenException(String.format("Athenz domain in deployment.xml: [%s] must match tenant domain: [%s]", identityDomain.value(), tenantDomain.getName()));
}
});
}
use of com.yahoo.vespa.athenz.api.AthenzDomain in project vespa by vespa-engine.
the class TenantController method internalCreateTenant.
private void internalCreateTenant(Tenant tenant, Optional<NToken> token) {
TenantId.validate(tenant.getId().id());
if (tenant(tenant.getId()).isPresent())
throw new IllegalArgumentException("Tenant '" + tenant.getId() + "' already exists");
if (tenant(dashToUnderscore(tenant.getId())).isPresent())
throw new IllegalArgumentException("Could not create " + tenant + ": Tenant " + dashToUnderscore(tenant.getId()) + " already exists");
if (tenant.isAthensTenant() && !token.isPresent())
throw new IllegalArgumentException("Could not create " + tenant + ": No NToken provided");
if (tenant.isAthensTenant()) {
AthenzDomain domain = tenant.getAthensDomain().get();
Optional<Tenant> existingTenantWithDomain = tenantHaving(domain);
if (existingTenantWithDomain.isPresent())
throw new IllegalArgumentException("Could not create " + tenant + ": The Athens domain '" + domain.getName() + "' is already connected to " + existingTenantWithDomain.get());
athenzClientFactory.createZmsClientWithAuthorizedServiceToken(token.get()).createTenant(domain);
}
db.createTenant(tenant);
log.info("Created " + tenant);
}
use of com.yahoo.vespa.athenz.api.AthenzDomain in project vespa by vespa-engine.
the class ApplicationApiHandler method athenzDomains.
private HttpResponse athenzDomains(HttpRequest request) {
Slime slime = new Slime();
Cursor response = slime.setObject();
Cursor array = response.setArray("data");
for (AthenzDomain athenzDomain : controller.getDomainList(request.getProperty("prefix"))) {
array.addString(athenzDomain.getName());
}
return new SlimeJsonResponse(slime);
}
use of com.yahoo.vespa.athenz.api.AthenzDomain in project vespa by vespa-engine.
the class ContainerControllerTester method createApplication.
public Application createApplication(String athensDomain, String tenant, String application) {
AthenzDomain domain1 = addTenantAthenzDomain(athensDomain, "mytenant");
controller().tenants().createAthenzTenant(Tenant.createAthensTenant(new TenantId(tenant), domain1, new Property("property1"), Optional.of(new PropertyId("1234"))), TestIdentities.userNToken);
ApplicationId app = ApplicationId.from(tenant, application, "default");
return controller().applications().createApplication(app, Optional.of(TestIdentities.userNToken));
}
Aggregations