Merge pull request #4349 from vespa-engine/mortent/remove-keyservice

Replace usage of KeyService with SecretStore
author: Morten Tokle <morten.tokle@gmail.com> 2017-12-05 12:37:20 +0100
committer: GitHub <noreply@github.com> 2017-12-05 12:37:20 +0100
commit: c70fff7c21674730fd50332956f212ee1b801d84 (patch)
tree: 37adde60bdd1a9a90dd07ba69ffb06f932057bed
parent: 1f0e8ca070cd02bc7f8adbad11e56fa8e7e538af (diff)
parent: ffbfeaac2e7d7a5d49f8766f3d3c8a6b3efd59d9 (diff)
6 files changed, 16 insertions, 52 deletions
diff --git a/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/security/KeyService.java b/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/security/KeyService.java
deleted file mode 100644
index 61cd738314a..00000000000
--- a/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/security/KeyService.java
+++ /dev/null
@@ -1,18 +0,0 @@
-// Copyright 2017 Yahoo Holdings. Licensed under the terms of the Apache 2.0 license. See LICENSE in the project root.
-package com.yahoo.vespa.hosted.controller.api.integration.security;
-
-/**
- * A service for retrieving secrets, such as API keys, private keys and passwords.
- *
- * @author mpolden
- * @author bjorncs
- */
-public interface KeyService {
-
-    String getSecret(String key);
-
-    default String getSecret(String key, int version) {
-        throw new UnsupportedOperationException("KeyService implementation does not support versioned secrets");
-    }
-
-}
diff --git a/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/security/KeyServiceMock.java b/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/security/KeyServiceMock.java
deleted file mode 100644
index 46fa2a593c5..00000000000
--- a/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/security/KeyServiceMock.java
+++ /dev/null
@@ -1,13 +0,0 @@
-package com.yahoo.vespa.hosted.controller.api.integration.security;
-
-/**
- * @author mpolden
- */
-public class KeyServiceMock implements KeyService {
-
-    @Override
-    public String getSecret(String key) {
-        return "fake-secret-for-" + key;
-    }
-
-}
diff --git a/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/security/package-info.java b/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/security/package-info.java
deleted file mode 100644
index 296eebf8ea5..00000000000
--- a/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/security/package-info.java
+++ /dev/null
@@ -1,5 +0,0 @@
-// Copyright 2017 Yahoo Holdings. Licensed under the terms of the Apache 2.0 license. See LICENSE in the project root.
-@ExportPackage
-package com.yahoo.vespa.hosted.controller.api.integration.security;
-
-import com.yahoo.osgi.annotation.ExportPackage;
diff --git a/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/athenz/impl/AthenzClientFactoryImpl.java b/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/athenz/impl/AthenzClientFactoryImpl.java
index 1c32b35f599..44493d6818a 100644
--- a/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/athenz/impl/AthenzClientFactoryImpl.java
+++ b/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/athenz/impl/AthenzClientFactoryImpl.java
@@ -10,7 +10,7 @@ import com.yahoo.athenz.auth.token.PrincipalToken;
 import com.yahoo.athenz.auth.util.Crypto;
 import com.yahoo.athenz.zms.ZMSClient;
 import com.yahoo.athenz.zts.ZTSClient;
-import com.yahoo.vespa.hosted.controller.api.integration.security.KeyService;
+import com.yahoo.jdisc.http.SecretStore;
 import com.yahoo.vespa.hosted.controller.athenz.AthenzClientFactory;
 import com.yahoo.vespa.hosted.controller.athenz.NToken;
 import com.yahoo.vespa.hosted.controller.athenz.ZmsClient;
@@ -27,13 +27,13 @@ import static com.yahoo.vespa.hosted.controller.athenz.AthenzUtils.USER_PRINCIPA
  */
 public class AthenzClientFactoryImpl implements AthenzClientFactory {
 
-    private final KeyService secretService;
+    private final SecretStore secretStore;
     private final AthenzConfig config;
     private final AthenzPrincipalAuthority athenzPrincipalAuthority;
 
     @Inject
-    public AthenzClientFactoryImpl(KeyService secretService, AthenzConfig config) {
-        this.secretService = secretService;
+    public AthenzClientFactoryImpl(SecretStore secretStore, AthenzConfig config) {
+        this.secretStore = secretStore;
         this.config = config;
         this.athenzPrincipalAuthority = new AthenzPrincipalAuthority(config.principalHeaderName());
     }
@@ -82,7 +82,7 @@ public class AthenzClientFactoryImpl implements AthenzClientFactory {
 
     private PrivateKey getServicePrivateKey() {
         AthenzConfig.Service service = config.service();
-        String privateKey = secretService.getSecret(service.privateKeySecretName(), service.privateKeyVersion()).trim();
+        String privateKey = secretStore.getSecret(service.privateKeySecretName(), service.privateKeyVersion()).trim();
         return Crypto.loadPrivateKey(privateKey);
     }
 
diff --git a/controller-server/src/main/java/com/yahoo/vespa/hosted/restapi/impl/StatusPageResource.java b/controller-server/src/main/java/com/yahoo/vespa/hosted/restapi/impl/StatusPageResource.java
index f5852b9dfcf..67c69ddc887 100644
--- a/controller-server/src/main/java/com/yahoo/vespa/hosted/restapi/impl/StatusPageResource.java
+++ b/controller-server/src/main/java/com/yahoo/vespa/hosted/restapi/impl/StatusPageResource.java
@@ -4,7 +4,7 @@ package com.yahoo.vespa.hosted.restapi.impl;
 import com.fasterxml.jackson.databind.JsonNode;
 import com.google.inject.Inject;
 import com.yahoo.container.jaxrs.annotation.Component;
-import com.yahoo.vespa.hosted.controller.api.integration.security.KeyService;
+import com.yahoo.jdisc.http.SecretStore;
 
 import javax.ws.rs.Path;
 import javax.ws.rs.Produces;
@@ -24,20 +24,20 @@ import javax.ws.rs.core.UriBuilder;
 public class StatusPageResource implements com.yahoo.vespa.hosted.controller.api.statuspage.StatusPageResource {
 
     private final Client client;
-    private final KeyService keyService;
+    private final SecretStore secretStore;
 
     @Inject
-    public StatusPageResource(@Component KeyService keyService) {
-        this(keyService, ClientBuilder.newClient());
+    public StatusPageResource(@Component SecretStore secretStore) {
+        this(secretStore, ClientBuilder.newClient());
     }
 
-    protected StatusPageResource(KeyService keyService, Client client) {
-        this.keyService = keyService;
+    protected StatusPageResource(SecretStore secretStore, Client client) {
+        this.secretStore = secretStore;
         this.client = client;
     }
 
     protected UriBuilder statusPageURL(String page, String since) {
-        String[] secrets = keyService.getSecret("vespa_hosted.controller.statuspage_api_key").split(":");
+        String[] secrets = secretStore.getSecret("vespa_hosted.controller.statuspage_api_key").split(":");
         UriBuilder uriBuilder = UriBuilder.fromUri("https://" + secrets[0] + ".statuspage.io/api/v2/" + page + ".json?api_key=" + secrets[1]);
         if (since != null) {
             uriBuilder.queryParam("since", since);
diff --git a/controller-server/src/test/java/com/yahoo/vespa/hosted/restapi/impl/StatusPageResourceTest.java b/controller-server/src/test/java/com/yahoo/vespa/hosted/restapi/impl/StatusPageResourceTest.java
index 4e2e4bb15b4..2351b26f337 100644
--- a/controller-server/src/test/java/com/yahoo/vespa/hosted/restapi/impl/StatusPageResourceTest.java
+++ b/controller-server/src/test/java/com/yahoo/vespa/hosted/restapi/impl/StatusPageResourceTest.java
@@ -3,7 +3,7 @@ package com.yahoo.vespa.hosted.restapi.impl;
 
 import com.fasterxml.jackson.databind.JsonNode;
 import com.fasterxml.jackson.databind.ObjectMapper;
-import com.yahoo.vespa.hosted.controller.api.integration.security.KeyService;
+import com.yahoo.jdisc.http.SecretStore;
 import org.junit.Before;
 import org.junit.Test;
 import org.mockito.Mockito;
@@ -30,15 +30,15 @@ public class StatusPageResourceTest {
         Client mockClient = Mockito.mock(Client.class);
         WebTarget mockTarget = Mockito.mock(WebTarget.class);
         Invocation.Builder mockRequest = Mockito.mock(Invocation.Builder.class);
-        KeyService keyService = Mockito.mock(KeyService.class);
+        SecretStore secretStore = Mockito.mock(SecretStore.class);
 
         Mockito.when(mockClient.target(Mockito.any(UriBuilder.class))).thenReturn(mockTarget);
         Mockito.when(mockTarget.request()).thenReturn(mockRequest);
         Mockito.when(mockRequest.get(JsonNode.class)).thenReturn(
             new ObjectMapper().readTree("{\"page\":{\"name\":\"Vespa\"}}"));
-        Mockito.when(keyService.getSecret(Mockito.any(String.class))).thenReturn("testpage:testkey");
+        Mockito.when(secretStore.getSecret(Mockito.any(String.class))).thenReturn("testpage:testkey");
 
-        statusPage = new StatusPageResource(keyService, mockClient);
+        statusPage = new StatusPageResource(secretStore, mockClient);
     }
author	Morten Tokle <morten.tokle@gmail.com>	2017-12-05 12:37:20 +0100
committer	GitHub <noreply@github.com>	2017-12-05 12:37:20 +0100
commit	c70fff7c21674730fd50332956f212ee1b801d84 (patch)
tree	37adde60bdd1a9a90dd07ba69ffb06f932057bed
parent	1f0e8ca070cd02bc7f8adbad11e56fa8e7e538af (diff)
parent	ffbfeaac2e7d7a5d49f8766f3d3c8a6b3efd59d9 (diff)