diff options
author | Andreas Eriksen <andreer@verizonmedia.com> | 2020-06-19 10:21:12 +0200 |
---|---|---|
committer | GitHub <noreply@github.com> | 2020-06-19 10:21:12 +0200 |
commit | b70147cbdc3139ae9ea43b8341b79b3e1cbbdd1b (patch) | |
tree | e8ec6008b195aabe349006ca22298d607a43a7c1 | |
parent | 415131f99177117537b4bdead03ff4bbb5651349 (diff) |
andreer/verify cameo client in cd (#13600)
* add policy and pathgroup for endpoint certificate request api
* remove unused imports
* suppress warning for @Beta api
3 files changed, 10 insertions, 5 deletions
diff --git a/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/role/PathGroup.java b/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/role/PathGroup.java index 68dff26529f..2fdf442dbe0 100644 --- a/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/role/PathGroup.java +++ b/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/role/PathGroup.java @@ -219,8 +219,10 @@ enum PathGroup { /** Paths used for invoice management */ hostedAccountant(PathPrefix.api, "/billing/v1/invoice/{*}", - "/billing/v1/billing"); + "/billing/v1/billing"), + /** Path used for listing endpoint certificate request info */ + endpointCertificateRequestInfo(PathPrefix.none, "/certificateRequests/"); final List<String> pathSpecs; final PathPrefix prefix; diff --git a/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/role/Policy.java b/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/role/Policy.java index 9a5a0ad0e77..83adba6f59b 100644 --- a/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/role/Policy.java +++ b/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/role/Policy.java @@ -166,7 +166,12 @@ enum Policy { /** Invoice management */ hostedAccountant(Privilege.grant(Action.all()) .on(PathGroup.hostedAccountant) - .in(SystemName.PublicCd)); + .in(SystemName.PublicCd)), + + /** Listing endpoint certificate request info */ + endpointCertificateRequestInfo(Privilege.grant(Action.read) + .on(PathGroup.endpointCertificateRequestInfo) + .in(SystemName.all())); private final Set<Privilege> privileges; diff --git a/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/certificate/EndpointCertificateManager.java b/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/certificate/EndpointCertificateManager.java index 64549825b04..425364f6741 100644 --- a/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/certificate/EndpointCertificateManager.java +++ b/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/certificate/EndpointCertificateManager.java @@ -6,7 +6,6 @@ import com.google.common.io.BaseEncoding; import com.yahoo.config.application.api.DeploymentInstanceSpec; import com.yahoo.config.provision.ApplicationId; import com.yahoo.config.provision.ClusterSpec; -import com.yahoo.config.provision.Environment; import com.yahoo.config.provision.SystemName; import com.yahoo.config.provision.zone.RoutingMethod; import com.yahoo.config.provision.zone.ZoneApi; @@ -51,7 +50,6 @@ import java.util.concurrent.Executors; import java.util.concurrent.TimeUnit; import java.util.logging.Logger; import java.util.stream.Collectors; -import java.util.stream.Stream; /** * Looks up stored endpoint certificate metadata, provisions new certificates if none is found, @@ -323,10 +321,10 @@ public class EndpointCertificateManager { } /** Create a common name based on a hash of the ApplicationId. This should always be less than 64 characters long. */ + @SuppressWarnings("UnstableApiUsage") private static String commonNameHashOf(ApplicationId application, SystemName system) { var hashCode = Hashing.sha1().hashString(application.serializedForm(), Charset.defaultCharset()); var base32encoded = BaseEncoding.base32().omitPadding().lowerCase().encode(hashCode.asBytes()); return 'v' + base32encoded + Endpoint.dnsSuffix(system); } - } |