Merge pull request #4361 from vespa-engine/revert-4349-mortent/remove-keyservice

Revert "Replace usage of KeyService with SecretStore"
author: Arnstein Ressem <aressem@gmail.com> 2017-12-05 20:58:28 +0100
committer: GitHub <noreply@github.com> 2017-12-05 20:58:28 +0100
commit: 40c4c765975f11b03da614c91a7e22c35e1d19bf (patch)
tree: 3953ad5636e2566cb48067a2b71e678badb0b10a
parent: fa22b79f210ed7d8b585abb2ac0fb3c7b9f8e65c (diff)
parent: e7263ed38db652f573fa1148c4b9f8d34b4be02f (diff)
6 files changed, 52 insertions, 16 deletions
diff --git a/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/security/KeyService.java b/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/security/KeyService.java
new file mode 100644
index 00000000000..61cd738314a
--- /dev/null
+++ b/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/security/KeyService.java
@@ -0,0 +1,18 @@
+// Copyright 2017 Yahoo Holdings. Licensed under the terms of the Apache 2.0 license. See LICENSE in the project root.
+package com.yahoo.vespa.hosted.controller.api.integration.security;
+
+/**
+ * A service for retrieving secrets, such as API keys, private keys and passwords.
+ *
+ * @author mpolden
+ * @author bjorncs
+ */
+public interface KeyService {
+
+    String getSecret(String key);
+
+    default String getSecret(String key, int version) {
+        throw new UnsupportedOperationException("KeyService implementation does not support versioned secrets");
+    }
+
+}
diff --git a/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/security/KeyServiceMock.java b/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/security/KeyServiceMock.java
new file mode 100644
index 00000000000..46fa2a593c5
--- /dev/null
+++ b/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/security/KeyServiceMock.java
@@ -0,0 +1,13 @@
+package com.yahoo.vespa.hosted.controller.api.integration.security;
+
+/**
+ * @author mpolden
+ */
+public class KeyServiceMock implements KeyService {
+
+    @Override
+    public String getSecret(String key) {
+        return "fake-secret-for-" + key;
+    }
+
+}
diff --git a/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/security/package-info.java b/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/security/package-info.java
new file mode 100644
index 00000000000..296eebf8ea5
--- /dev/null
+++ b/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/security/package-info.java
@@ -0,0 +1,5 @@
+// Copyright 2017 Yahoo Holdings. Licensed under the terms of the Apache 2.0 license. See LICENSE in the project root.
+@ExportPackage
+package com.yahoo.vespa.hosted.controller.api.integration.security;
+
+import com.yahoo.osgi.annotation.ExportPackage;
diff --git a/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/athenz/impl/AthenzClientFactoryImpl.java b/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/athenz/impl/AthenzClientFactoryImpl.java
index 44493d6818a..1c32b35f599 100644
--- a/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/athenz/impl/AthenzClientFactoryImpl.java
+++ b/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/athenz/impl/AthenzClientFactoryImpl.java
@@ -10,7 +10,7 @@ import com.yahoo.athenz.auth.token.PrincipalToken;
 import com.yahoo.athenz.auth.util.Crypto;
 import com.yahoo.athenz.zms.ZMSClient;
 import com.yahoo.athenz.zts.ZTSClient;
-import com.yahoo.jdisc.http.SecretStore;
+import com.yahoo.vespa.hosted.controller.api.integration.security.KeyService;
 import com.yahoo.vespa.hosted.controller.athenz.AthenzClientFactory;
 import com.yahoo.vespa.hosted.controller.athenz.NToken;
 import com.yahoo.vespa.hosted.controller.athenz.ZmsClient;
@@ -27,13 +27,13 @@ import static com.yahoo.vespa.hosted.controller.athenz.AthenzUtils.USER_PRINCIPA
  */
 public class AthenzClientFactoryImpl implements AthenzClientFactory {
 
-    private final SecretStore secretStore;
+    private final KeyService secretService;
     private final AthenzConfig config;
     private final AthenzPrincipalAuthority athenzPrincipalAuthority;
 
     @Inject
-    public AthenzClientFactoryImpl(SecretStore secretStore, AthenzConfig config) {
-        this.secretStore = secretStore;
+    public AthenzClientFactoryImpl(KeyService secretService, AthenzConfig config) {
+        this.secretService = secretService;
         this.config = config;
         this.athenzPrincipalAuthority = new AthenzPrincipalAuthority(config.principalHeaderName());
     }
@@ -82,7 +82,7 @@ public class AthenzClientFactoryImpl implements AthenzClientFactory {
 
     private PrivateKey getServicePrivateKey() {
         AthenzConfig.Service service = config.service();
-        String privateKey = secretStore.getSecret(service.privateKeySecretName(), service.privateKeyVersion()).trim();
+        String privateKey = secretService.getSecret(service.privateKeySecretName(), service.privateKeyVersion()).trim();
         return Crypto.loadPrivateKey(privateKey);
     }
 
diff --git a/controller-server/src/main/java/com/yahoo/vespa/hosted/restapi/impl/StatusPageResource.java b/controller-server/src/main/java/com/yahoo/vespa/hosted/restapi/impl/StatusPageResource.java
index 67c69ddc887..f5852b9dfcf 100644
--- a/controller-server/src/main/java/com/yahoo/vespa/hosted/restapi/impl/StatusPageResource.java
+++ b/controller-server/src/main/java/com/yahoo/vespa/hosted/restapi/impl/StatusPageResource.java
@@ -4,7 +4,7 @@ package com.yahoo.vespa.hosted.restapi.impl;
 import com.fasterxml.jackson.databind.JsonNode;
 import com.google.inject.Inject;
 import com.yahoo.container.jaxrs.annotation.Component;
-import com.yahoo.jdisc.http.SecretStore;
+import com.yahoo.vespa.hosted.controller.api.integration.security.KeyService;
 
 import javax.ws.rs.Path;
 import javax.ws.rs.Produces;
@@ -24,20 +24,20 @@ import javax.ws.rs.core.UriBuilder;
 public class StatusPageResource implements com.yahoo.vespa.hosted.controller.api.statuspage.StatusPageResource {
 
     private final Client client;
-    private final SecretStore secretStore;
+    private final KeyService keyService;
 
     @Inject
-    public StatusPageResource(@Component SecretStore secretStore) {
-        this(secretStore, ClientBuilder.newClient());
+    public StatusPageResource(@Component KeyService keyService) {
+        this(keyService, ClientBuilder.newClient());
     }
 
-    protected StatusPageResource(SecretStore secretStore, Client client) {
-        this.secretStore = secretStore;
+    protected StatusPageResource(KeyService keyService, Client client) {
+        this.keyService = keyService;
         this.client = client;
     }
 
     protected UriBuilder statusPageURL(String page, String since) {
-        String[] secrets = secretStore.getSecret("vespa_hosted.controller.statuspage_api_key").split(":");
+        String[] secrets = keyService.getSecret("vespa_hosted.controller.statuspage_api_key").split(":");
         UriBuilder uriBuilder = UriBuilder.fromUri("https://" + secrets[0] + ".statuspage.io/api/v2/" + page + ".json?api_key=" + secrets[1]);
         if (since != null) {
             uriBuilder.queryParam("since", since);
diff --git a/controller-server/src/test/java/com/yahoo/vespa/hosted/restapi/impl/StatusPageResourceTest.java b/controller-server/src/test/java/com/yahoo/vespa/hosted/restapi/impl/StatusPageResourceTest.java
index 2351b26f337..4e2e4bb15b4 100644
--- a/controller-server/src/test/java/com/yahoo/vespa/hosted/restapi/impl/StatusPageResourceTest.java
+++ b/controller-server/src/test/java/com/yahoo/vespa/hosted/restapi/impl/StatusPageResourceTest.java
@@ -3,7 +3,7 @@ package com.yahoo.vespa.hosted.restapi.impl;
 
 import com.fasterxml.jackson.databind.JsonNode;
 import com.fasterxml.jackson.databind.ObjectMapper;
-import com.yahoo.jdisc.http.SecretStore;
+import com.yahoo.vespa.hosted.controller.api.integration.security.KeyService;
 import org.junit.Before;
 import org.junit.Test;
 import org.mockito.Mockito;
@@ -30,15 +30,15 @@ public class StatusPageResourceTest {
         Client mockClient = Mockito.mock(Client.class);
         WebTarget mockTarget = Mockito.mock(WebTarget.class);
         Invocation.Builder mockRequest = Mockito.mock(Invocation.Builder.class);
-        SecretStore secretStore = Mockito.mock(SecretStore.class);
+        KeyService keyService = Mockito.mock(KeyService.class);
 
         Mockito.when(mockClient.target(Mockito.any(UriBuilder.class))).thenReturn(mockTarget);
         Mockito.when(mockTarget.request()).thenReturn(mockRequest);
         Mockito.when(mockRequest.get(JsonNode.class)).thenReturn(
             new ObjectMapper().readTree("{\"page\":{\"name\":\"Vespa\"}}"));
-        Mockito.when(secretStore.getSecret(Mockito.any(String.class))).thenReturn("testpage:testkey");
+        Mockito.when(keyService.getSecret(Mockito.any(String.class))).thenReturn("testpage:testkey");
 
-        statusPage = new StatusPageResource(secretStore, mockClient);
+        statusPage = new StatusPageResource(keyService, mockClient);
     }
author	Arnstein Ressem <aressem@gmail.com>	2017-12-05 20:58:28 +0100
committer	GitHub <noreply@github.com>	2017-12-05 20:58:28 +0100
commit	40c4c765975f11b03da614c91a7e22c35e1d19bf (patch)
tree	3953ad5636e2566cb48067a2b71e678badb0b10a
parent	fa22b79f210ed7d8b585abb2ac0fb3c7b9f8e65c (diff)
parent	e7263ed38db652f573fa1148c4b9f8d34b4be02f (diff)