diff options
| author | Ola Aunronning <olaa@yahooinc.com> | 2023-06-07 13:39:22 +0200 |
|---|---|---|
| committer | Ola Aunronning <olaa@yahooinc.com> | 2023-06-07 13:39:22 +0200 |
| commit | b0d0e1de1d937979cb00054223d1e0220af22f17 (patch) | |
| tree | ac86bf0620714348e812ca5d72badd823978bbec | |
| parent | e8e31b8f7ff1a77a47a8e9cf1bb884123ca2469a (diff) | |
Move DataplaneProxy construction. Include cert/key in config. enableTokenSupport determined by flag. Change port
| -rw-r--r-- | config-model/src/main/java/com/yahoo/vespa/model/container/DataplaneProxy.java | 8 | ||||
| -rw-r--r-- | config-model/src/main/java/com/yahoo/vespa/model/container/xml/ContainerModelBuilder.java | 47 |
2 files changed, 28 insertions, 27 deletions
diff --git a/config-model/src/main/java/com/yahoo/vespa/model/container/DataplaneProxy.java b/config-model/src/main/java/com/yahoo/vespa/model/container/DataplaneProxy.java index a4fc7a59d5a..54915d9daef 100644 --- a/config-model/src/main/java/com/yahoo/vespa/model/container/DataplaneProxy.java +++ b/config-model/src/main/java/com/yahoo/vespa/model/container/DataplaneProxy.java @@ -11,10 +11,14 @@ import java.util.Optional; public class DataplaneProxy extends AbstractService implements DataplaneProxyConfig.Producer { private final Integer port; + private final String serverCertificate; + private final String serverKey; - public DataplaneProxy(TreeConfigProducer<? super DataplaneProxy> parent, Integer port) { + public DataplaneProxy(TreeConfigProducer<? super DataplaneProxy> parent, Integer port, String serverCertificate, String serverKey) { super(parent, "dataplane-proxy"); this.port = port; + this.serverCertificate = serverCertificate; + this.serverKey = serverKey; setProp("clustertype", "hosts"); setProp("clustername", "admin"); } @@ -39,6 +43,8 @@ public class DataplaneProxy extends AbstractService implements DataplaneProxyCon @Override public void getConfig(DataplaneProxyConfig.Builder builder) { builder.port(port); + builder.serverCertificate(serverCertificate); + builder.serverKey(serverKey); } @Override diff --git a/config-model/src/main/java/com/yahoo/vespa/model/container/xml/ContainerModelBuilder.java b/config-model/src/main/java/com/yahoo/vespa/model/container/xml/ContainerModelBuilder.java index 3305e596a87..181a53f9740 100644 --- a/config-model/src/main/java/com/yahoo/vespa/model/container/xml/ContainerModelBuilder.java +++ b/config-model/src/main/java/com/yahoo/vespa/model/container/xml/ContainerModelBuilder.java @@ -461,7 +461,6 @@ public class ContainerModelBuilder extends ConfigModelBuilder<ContainerModel> { addDefaultConnectorHostedFilterBinding(cluster); addAdditionalHostedConnector(deployState, cluster); addCloudDataPlaneFilter(deployState, cluster); - addDataplaneProxy(deployState, cluster); } } @@ -498,28 +497,6 @@ public class ContainerModelBuilder extends ConfigModelBuilder<ContainerModel> { } - private void addDataplaneProxy(DeployState deployState, ApplicationContainerCluster cluster) { - if (!deployState.featureFlags().enableDataplaneProxy()) - return; - - var tokenChain = new HttpFilterChain("cloud-data-plane-token", HttpFilterChain.Type.SYSTEM); - tokenChain.addInnerComponent(new Filter( - new ChainedComponentModel( - new BundleInstantiationSpecification( - new ComponentSpecification("com.yahoo.jdisc.http.filter.security.misc.BlockingRequestFilter"), - null, new ComponentSpecification("jdisc-security-filters")), - Dependencies.emptyDependencies()))); - - cluster.getHttp().getFilterChains().add(tokenChain); - - cluster.getContainers().forEach(container -> { - var hostResource = container.getHostResource(); - var dataplaneProxy = new DataplaneProxy(hostResource.getHost(), getDataplanePort(deployState)); - dataplaneProxy.setHostResource(hostResource); - dataplaneProxy.initService(deployState); - }); - } - protected void addClients(DeployState deployState, Element spec, ApplicationContainerCluster cluster) { if (!deployState.isHosted() || !deployState.zone().system().isPublic()) return; @@ -608,11 +585,30 @@ public class ContainerModelBuilder extends ConfigModelBuilder<ContainerModel> { .orElse(false); // TODO (mortent): Implement token support in model - boolean enableTokenSupport = false; + boolean enableTokenSupport = deployState.featureFlags().enableDataplaneProxy(); // Set up component to generate proxy cert if token support is enabled if (enableTokenSupport) { cluster.addSimpleComponent(DataplaneProxyCredentials.class); + var tokenChain = new HttpFilterChain("cloud-data-plane-token", HttpFilterChain.Type.SYSTEM); + tokenChain.addInnerComponent(new Filter( + new ChainedComponentModel( + new BundleInstantiationSpecification( + new ComponentSpecification("com.yahoo.jdisc.http.filter.security.misc.BlockingRequestFilter"), + null, new ComponentSpecification("jdisc-security-filters")), + Dependencies.emptyDependencies()))); + + cluster.getHttp().getFilterChains().add(tokenChain); + + cluster.getContainers().forEach(container -> { + var hostResource = container.getHostResource(); + var dataplaneProxy = new DataplaneProxy(hostResource.getHost(), + getDataplanePort(deployState), + endpointCertificateSecrets.certificate(), + endpointCertificateSecrets.key()); + dataplaneProxy.setHostResource(hostResource); + dataplaneProxy.initService(deployState); + }); } connectorFactory = authorizeClient ? HostedSslConnectorFactory.withProvidedCertificateAndTruststore( @@ -1389,8 +1385,7 @@ public class ContainerModelBuilder extends ConfigModelBuilder<ContainerModel> { } private static int getDataplanePort(DeployState deployState) { - // TODO: Determine port - return deployState.featureFlags().enableDataplaneProxy() ? 9999 : HOSTED_VESPA_DATAPLANE_PORT; + return deployState.featureFlags().enableDataplaneProxy() ? 8443 : HOSTED_VESPA_DATAPLANE_PORT; } } |