diff options
author | gjoranv <gjoranv@gmail.com> | 2018-03-09 13:05:03 +0100 |
---|---|---|
committer | GitHub <noreply@github.com> | 2018-03-09 13:05:03 +0100 |
commit | b65f69139ad8ac5c75974ea36fec0b81fd2e99b2 (patch) | |
tree | a5186c180b58498b9d6e3759211a6f6c98904db8 | |
parent | 561eec383e0171270f7ccdeba8c09735535af7b5 (diff) | |
parent | f4078d714f25eacda1d1d1112e9a1d9e4d980274 (diff) |
Merge pull request #5264 from vespa-engine/gjoranv/secret-store
Gjoranv/secret store
7 files changed, 94 insertions, 10 deletions
diff --git a/config-model/src/main/java/com/yahoo/vespa/model/container/ContainerCluster.java b/config-model/src/main/java/com/yahoo/vespa/model/container/ContainerCluster.java index 28a54771c21..4684cf5c2f0 100755 --- a/config-model/src/main/java/com/yahoo/vespa/model/container/ContainerCluster.java +++ b/config-model/src/main/java/com/yahoo/vespa/model/container/ContainerCluster.java @@ -158,6 +158,7 @@ public final class ContainerCluster private ContainerSearch containerSearch; private ContainerDocproc containerDocproc; private ContainerDocumentApi containerDocumentApi; + private SecretStore secretStore; private MbusParams mbusParams; @@ -486,6 +487,14 @@ public final class ContainerCluster return allServlets().collect(Collectors.toCollection(ArrayList::new)); } + public void setSecretStore(SecretStore secretStore) { + this.secretStore = secretStore; + } + + public Optional<SecretStore> getSecretStore() { + return Optional.ofNullable(secretStore); + } + public Map<ComponentId, Component<?, ?>> getComponentsMap() { return componentGroup.getComponentMap(); } diff --git a/config-model/src/main/java/com/yahoo/vespa/model/container/SecretStore.java b/config-model/src/main/java/com/yahoo/vespa/model/container/SecretStore.java new file mode 100644 index 00000000000..c803168af81 --- /dev/null +++ b/config-model/src/main/java/com/yahoo/vespa/model/container/SecretStore.java @@ -0,0 +1,32 @@ +// Copyright 2018 Yahoo Holdings. Licensed under the terms of the Apache 2.0 license. See LICENSE in the project root. +package com.yahoo.vespa.model.container; + +import com.google.common.collect.ImmutableList; + +import java.util.ArrayList; +import java.util.List; + +/** + * @author gjoranv + */ +public class SecretStore { + private final List<Group> groups = new ArrayList<>(); + + public void addGroup(String name, String environment) { + groups.add(new Group(name, environment)); + } + + public List<Group> getGroups() { + return ImmutableList.copyOf(groups); + } + + public static class Group { + public final String name; + public final String environment; + + Group(String name, String environment) { + this.name = name; + this.environment = environment; + } + } +} diff --git a/config-model/src/main/java/com/yahoo/vespa/model/container/component/SimpleComponent.java b/config-model/src/main/java/com/yahoo/vespa/model/container/component/SimpleComponent.java index c92f7db1b33..c4e988e6749 100644 --- a/config-model/src/main/java/com/yahoo/vespa/model/container/component/SimpleComponent.java +++ b/config-model/src/main/java/com/yahoo/vespa/model/container/component/SimpleComponent.java @@ -17,7 +17,7 @@ public class SimpleComponent extends Component<AbstractConfigProducer<?>, Compon super(model); } - // @Convenience // For a component that uses the class name as id. + // For a component that uses the class name as id, and resides in the container-disc bundle. public SimpleComponent(String className) { this(new ComponentModel(BundleInstantiationSpecification.getFromStrings(className, null, null))); } diff --git a/config-model/src/main/java/com/yahoo/vespa/model/container/xml/ContainerModelBuilder.java b/config-model/src/main/java/com/yahoo/vespa/model/container/xml/ContainerModelBuilder.java index ac49ec53cbf..4caf0baf012 100644 --- a/config-model/src/main/java/com/yahoo/vespa/model/container/xml/ContainerModelBuilder.java +++ b/config-model/src/main/java/com/yahoo/vespa/model/container/xml/ContainerModelBuilder.java @@ -44,6 +44,7 @@ import com.yahoo.vespa.model.container.Container; import com.yahoo.vespa.model.container.ContainerCluster; import com.yahoo.vespa.model.container.ContainerModel; import com.yahoo.vespa.model.container.IdentityProvider; +import com.yahoo.vespa.model.container.SecretStore; import com.yahoo.vespa.model.container.component.Component; import com.yahoo.vespa.model.container.component.FileStatusHandlerComponent; import com.yahoo.vespa.model.container.component.chain.ProcessingHandler; @@ -75,6 +76,7 @@ import java.util.stream.Collectors; /** * @author Tony Vaagenes + * @author gjoranv */ public class ContainerModelBuilder extends ConfigModelBuilder<ContainerModel> { @@ -146,8 +148,8 @@ public class ContainerModelBuilder extends ConfigModelBuilder<ContainerModel> { DocumentFactoryBuilder.buildDocumentFactories(cluster, spec); addConfiguredComponents(cluster, spec); + addSecretStore(cluster, spec); addHandlers(cluster, spec); - addRestApis(spec, cluster); addServlets(spec, cluster); addProcessing(spec, cluster); @@ -170,8 +172,21 @@ public class ContainerModelBuilder extends ConfigModelBuilder<ContainerModel> { addServerProviders(spec, cluster); addLegacyFilters(spec, cluster); // TODO: Remove for Vespa 7 - // Athenz copper argos - // NOTE: Must be done after addNodes() + addAthensCopperArgos(cluster, context); // Must be added after nodes. + } + + private void addSecretStore(ContainerCluster cluster, Element spec) { + Element secretStoreElement = XML.getChild(spec, "secret-store"); + if (secretStoreElement != null) { + SecretStore secretStore = new SecretStore(); + for (Element group : XML.getChildren(secretStoreElement, "group")) { + secretStore.addGroup(group.getAttribute("name"), group.getAttribute("environment")); + } + cluster.setSecretStore(secretStore); + } + } + + private void addAthensCopperArgos(ContainerCluster cluster, ConfigModelContext context) { app.getDeployment().map(DeploymentSpec::fromXml) .ifPresent(deploymentSpec -> { addIdentityProvider(cluster, @@ -182,8 +197,6 @@ public class ContainerModelBuilder extends ConfigModelBuilder<ContainerModel> { addRotationProperties(cluster, context.getDeployState().zone(), context.getDeployState().getRotations(), deploymentSpec); }); - - //TODO: overview handler, see DomQrserverClusterBuilder } private void addRotationProperties(ContainerCluster cluster, Zone zone, Set<Rotation> rotations, DeploymentSpec spec) { diff --git a/config-model/src/main/resources/schema/containercluster.rnc b/config-model/src/main/resources/schema/containercluster.rnc index 95ac198adc4..dae7f063154 100644 --- a/config-model/src/main/resources/schema/containercluster.rnc +++ b/config-model/src/main/resources/schema/containercluster.rnc @@ -25,6 +25,7 @@ ContainerServices = Http? & HttpFilter? & AccessLog* & + SecretStore? & GenericConfig* Components = element components { @@ -75,6 +76,14 @@ AccessLog = element accesslog { attribute rotationScheme { string "date" | string "sequence" }? } +SecretStore = element secret-store { + attribute type { string "oath-ckms" } & + element group { + attribute name { string } & + attribute environment { string "alpha" | string "corp" | string "prod" | string "aws" | string "aws_stage" } + } + +} + # REST-API: RestApi = element rest-api { diff --git a/config-model/src/test/java/com/yahoo/vespa/model/container/xml/ContainerModelBuilderTest.java b/config-model/src/test/java/com/yahoo/vespa/model/container/xml/ContainerModelBuilderTest.java index d1eefb51641..0fbe44742de 100644 --- a/config-model/src/test/java/com/yahoo/vespa/model/container/xml/ContainerModelBuilderTest.java +++ b/config-model/src/test/java/com/yahoo/vespa/model/container/xml/ContainerModelBuilderTest.java @@ -32,6 +32,7 @@ import com.yahoo.vespa.model.AbstractService; import com.yahoo.vespa.model.VespaModel; import com.yahoo.vespa.model.container.Container; import com.yahoo.vespa.model.container.ContainerCluster; +import com.yahoo.vespa.model.container.SecretStore; import com.yahoo.vespa.model.container.component.Component; import com.yahoo.vespa.model.container.component.HttpFilter; import com.yahoo.vespa.model.content.utils.ContentClusterUtils; @@ -607,6 +608,20 @@ public class ContainerModelBuilderTest extends ContainerModelBuilderTestBase { assertEquals("filedistribution/" + hostname, config.filedistributor().configid()); } + @Test + public void secret_store_can_be_set_up() throws IOException, SAXException { + Element clusterElem = DomBuilderTest.parse( + "<jdisc version='1.0'>", + " <secret-store>", + " <group name='group1' environment='env1'/>", + " </secret-store>", + "</jdisc>"); + createModel(root, clusterElem); + SecretStore secretStore = getContainerCluster("jdisc").getSecretStore().get(); + assertEquals("group1", secretStore.getGroups().get(0).name); + assertEquals("env1", secretStore.getGroups().get(0).environment); + } + private Element generateContainerElementWithRenderer(String rendererId) { return DomBuilderTest.parse( "<jdisc id='default' version='1.0'>", diff --git a/config-model/src/test/schema-test-files/services.xml b/config-model/src/test/schema-test-files/services.xml index af316c2e3a7..e740e7d86b0 100644 --- a/config-model/src/test/schema-test-files/services.xml +++ b/config-model/src/test/schema-test-files/services.xml @@ -35,16 +35,22 @@ </config> <jdisc id='qrsCluster_1' version='1.0'> + <secret-store type="oath-ckms"> + <!-- NOTE: when removing (or adding) an environment, the rnc schema must also be updated! --> + <group name="foo" environment="alpha" /> + <group name="foo" environment="corp" /> + <group name="foo" environment="prod" /> + <group name="foo" environment="aws" /> + <group name="foo" environment="aws_stage" /> + </secret-store> + <rest-api path="jersey1"> <components bundle="my-bundle" /> <components bundle="other-bundle"> <package>com.yahoo.foo</package> <package>com.yahoo.bar</package> </components> -<!-- - <inject component="foo-component" for-name="com.yahoo.Foo" /> - <inject component="bar-component" for-name="com.yahoo.Bar" /> ---> + </rest-api> <rest-api path="jersey/2"> <components bundle="my-bundle" /> |