diff options
author | Martin Polden <mpolden@mpolden.no> | 2023-07-06 14:46:07 +0200 |
---|---|---|
committer | Martin Polden <mpolden@mpolden.no> | 2023-07-06 15:04:03 +0200 |
commit | 35cde94db752bfba089c3ced946eb3ec31476f71 (patch) | |
tree | 05ff8bf87df8b29d89a503d1554765962b3891ba | |
parent | 2a1142cbeda0361761a16b4c5293de67f67edee1 (diff) |
Re-assign existing certificate from pool
2 files changed, 11 insertions, 1 deletions
diff --git a/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/certificate/EndpointCertificates.java b/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/certificate/EndpointCertificates.java index 5d0ee7b74c5..052d70e92bc 100644 --- a/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/certificate/EndpointCertificates.java +++ b/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/certificate/EndpointCertificates.java @@ -115,8 +115,9 @@ public class EndpointCertificates { // certificate because application endpoints can span instances Optional<InstanceName> instanceName = zone.environment().isManuallyDeployed() ? Optional.of(instance.name()) : Optional.empty(); TenantAndApplicationId application = TenantAndApplicationId.from(instance.id()); + // Re-use existing certificate if it contains a randomized ID Optional<AssignedCertificate> assignedCertificate = curator.readAssignedCertificate(application, instanceName); - if (assignedCertificate.isPresent()) { + if (assignedCertificate.isPresent() && assignedCertificate.get().certificate().randomizedId().isPresent()) { AssignedCertificate updated = assignedCertificate.get().with(assignedCertificate.get().certificate().withLastRequested(clock.instant().getEpochSecond())); curator.writeAssignedCertificate(updated); return updated.certificate(); diff --git a/controller-server/src/test/java/com/yahoo/vespa/hosted/controller/certificate/EndpointCertificatesTest.java b/controller-server/src/test/java/com/yahoo/vespa/hosted/controller/certificate/EndpointCertificatesTest.java index 9c84ab48229..f151b90d760 100644 --- a/controller-server/src/test/java/com/yahoo/vespa/hosted/controller/certificate/EndpointCertificatesTest.java +++ b/controller-server/src/test/java/com/yahoo/vespa/hosted/controller/certificate/EndpointCertificatesTest.java @@ -45,6 +45,7 @@ import java.util.Set; import java.util.stream.Stream; import static org.junit.jupiter.api.Assertions.assertEquals; +import static org.junit.jupiter.api.Assertions.assertFalse; import static org.junit.jupiter.api.Assertions.assertNotEquals; import static org.junit.jupiter.api.Assertions.assertTrue; import static org.junit.jupiter.api.Assertions.fail; @@ -290,6 +291,12 @@ public class EndpointCertificatesTest { @Test public void assign_certificate_from_pool() { + // Initial certificate is requested directly from provider + Optional<EndpointCertificate> certFromProvider = endpointCertificates.get(instance, prodZone, DeploymentSpec.empty); + assertTrue(certFromProvider.isPresent()); + assertFalse(certFromProvider.get().randomizedId().isPresent()); + + // Pooled certificates become available tester.flagSource().withBooleanFlag(Flags.RANDOMIZED_ENDPOINT_NAMES.id(), true); try { addCertificateToPool("pool-cert-1", UnassignedCertificate.State.requested); @@ -297,6 +304,8 @@ public class EndpointCertificatesTest { fail("Expected exception as certificate is not ready"); } catch (IllegalArgumentException ignored) {} + // Certificate is assigned from pool instead. The previously assigned certificate will eventually be cleaned up + // by EndpointCertificateMaintainer { // prod String certId = "pool-cert-1"; addCertificateToPool(certId, UnassignedCertificate.State.ready); |