diff options
author | Morten Tokle <morten.tokle@gmail.com> | 2017-12-05 12:37:20 +0100 |
---|---|---|
committer | GitHub <noreply@github.com> | 2017-12-05 12:37:20 +0100 |
commit | c70fff7c21674730fd50332956f212ee1b801d84 (patch) | |
tree | 37adde60bdd1a9a90dd07ba69ffb06f932057bed | |
parent | 1f0e8ca070cd02bc7f8adbad11e56fa8e7e538af (diff) | |
parent | ffbfeaac2e7d7a5d49f8766f3d3c8a6b3efd59d9 (diff) |
Merge pull request #4349 from vespa-engine/mortent/remove-keyservice
Replace usage of KeyService with SecretStore
6 files changed, 16 insertions, 52 deletions
diff --git a/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/security/KeyService.java b/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/security/KeyService.java deleted file mode 100644 index 61cd738314a..00000000000 --- a/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/security/KeyService.java +++ /dev/null @@ -1,18 +0,0 @@ -// Copyright 2017 Yahoo Holdings. Licensed under the terms of the Apache 2.0 license. See LICENSE in the project root. -package com.yahoo.vespa.hosted.controller.api.integration.security; - -/** - * A service for retrieving secrets, such as API keys, private keys and passwords. - * - * @author mpolden - * @author bjorncs - */ -public interface KeyService { - - String getSecret(String key); - - default String getSecret(String key, int version) { - throw new UnsupportedOperationException("KeyService implementation does not support versioned secrets"); - } - -} diff --git a/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/security/KeyServiceMock.java b/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/security/KeyServiceMock.java deleted file mode 100644 index 46fa2a593c5..00000000000 --- a/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/security/KeyServiceMock.java +++ /dev/null @@ -1,13 +0,0 @@ -package com.yahoo.vespa.hosted.controller.api.integration.security; - -/** - * @author mpolden - */ -public class KeyServiceMock implements KeyService { - - @Override - public String getSecret(String key) { - return "fake-secret-for-" + key; - } - -} diff --git a/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/security/package-info.java b/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/security/package-info.java deleted file mode 100644 index 296eebf8ea5..00000000000 --- a/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/security/package-info.java +++ /dev/null @@ -1,5 +0,0 @@ -// Copyright 2017 Yahoo Holdings. Licensed under the terms of the Apache 2.0 license. See LICENSE in the project root. -@ExportPackage -package com.yahoo.vespa.hosted.controller.api.integration.security; - -import com.yahoo.osgi.annotation.ExportPackage; diff --git a/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/athenz/impl/AthenzClientFactoryImpl.java b/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/athenz/impl/AthenzClientFactoryImpl.java index 1c32b35f599..44493d6818a 100644 --- a/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/athenz/impl/AthenzClientFactoryImpl.java +++ b/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/athenz/impl/AthenzClientFactoryImpl.java @@ -10,7 +10,7 @@ import com.yahoo.athenz.auth.token.PrincipalToken; import com.yahoo.athenz.auth.util.Crypto; import com.yahoo.athenz.zms.ZMSClient; import com.yahoo.athenz.zts.ZTSClient; -import com.yahoo.vespa.hosted.controller.api.integration.security.KeyService; +import com.yahoo.jdisc.http.SecretStore; import com.yahoo.vespa.hosted.controller.athenz.AthenzClientFactory; import com.yahoo.vespa.hosted.controller.athenz.NToken; import com.yahoo.vespa.hosted.controller.athenz.ZmsClient; @@ -27,13 +27,13 @@ import static com.yahoo.vespa.hosted.controller.athenz.AthenzUtils.USER_PRINCIPA */ public class AthenzClientFactoryImpl implements AthenzClientFactory { - private final KeyService secretService; + private final SecretStore secretStore; private final AthenzConfig config; private final AthenzPrincipalAuthority athenzPrincipalAuthority; @Inject - public AthenzClientFactoryImpl(KeyService secretService, AthenzConfig config) { - this.secretService = secretService; + public AthenzClientFactoryImpl(SecretStore secretStore, AthenzConfig config) { + this.secretStore = secretStore; this.config = config; this.athenzPrincipalAuthority = new AthenzPrincipalAuthority(config.principalHeaderName()); } @@ -82,7 +82,7 @@ public class AthenzClientFactoryImpl implements AthenzClientFactory { private PrivateKey getServicePrivateKey() { AthenzConfig.Service service = config.service(); - String privateKey = secretService.getSecret(service.privateKeySecretName(), service.privateKeyVersion()).trim(); + String privateKey = secretStore.getSecret(service.privateKeySecretName(), service.privateKeyVersion()).trim(); return Crypto.loadPrivateKey(privateKey); } diff --git a/controller-server/src/main/java/com/yahoo/vespa/hosted/restapi/impl/StatusPageResource.java b/controller-server/src/main/java/com/yahoo/vespa/hosted/restapi/impl/StatusPageResource.java index f5852b9dfcf..67c69ddc887 100644 --- a/controller-server/src/main/java/com/yahoo/vespa/hosted/restapi/impl/StatusPageResource.java +++ b/controller-server/src/main/java/com/yahoo/vespa/hosted/restapi/impl/StatusPageResource.java @@ -4,7 +4,7 @@ package com.yahoo.vespa.hosted.restapi.impl; import com.fasterxml.jackson.databind.JsonNode; import com.google.inject.Inject; import com.yahoo.container.jaxrs.annotation.Component; -import com.yahoo.vespa.hosted.controller.api.integration.security.KeyService; +import com.yahoo.jdisc.http.SecretStore; import javax.ws.rs.Path; import javax.ws.rs.Produces; @@ -24,20 +24,20 @@ import javax.ws.rs.core.UriBuilder; public class StatusPageResource implements com.yahoo.vespa.hosted.controller.api.statuspage.StatusPageResource { private final Client client; - private final KeyService keyService; + private final SecretStore secretStore; @Inject - public StatusPageResource(@Component KeyService keyService) { - this(keyService, ClientBuilder.newClient()); + public StatusPageResource(@Component SecretStore secretStore) { + this(secretStore, ClientBuilder.newClient()); } - protected StatusPageResource(KeyService keyService, Client client) { - this.keyService = keyService; + protected StatusPageResource(SecretStore secretStore, Client client) { + this.secretStore = secretStore; this.client = client; } protected UriBuilder statusPageURL(String page, String since) { - String[] secrets = keyService.getSecret("vespa_hosted.controller.statuspage_api_key").split(":"); + String[] secrets = secretStore.getSecret("vespa_hosted.controller.statuspage_api_key").split(":"); UriBuilder uriBuilder = UriBuilder.fromUri("https://" + secrets[0] + ".statuspage.io/api/v2/" + page + ".json?api_key=" + secrets[1]); if (since != null) { uriBuilder.queryParam("since", since); diff --git a/controller-server/src/test/java/com/yahoo/vespa/hosted/restapi/impl/StatusPageResourceTest.java b/controller-server/src/test/java/com/yahoo/vespa/hosted/restapi/impl/StatusPageResourceTest.java index 4e2e4bb15b4..2351b26f337 100644 --- a/controller-server/src/test/java/com/yahoo/vespa/hosted/restapi/impl/StatusPageResourceTest.java +++ b/controller-server/src/test/java/com/yahoo/vespa/hosted/restapi/impl/StatusPageResourceTest.java @@ -3,7 +3,7 @@ package com.yahoo.vespa.hosted.restapi.impl; import com.fasterxml.jackson.databind.JsonNode; import com.fasterxml.jackson.databind.ObjectMapper; -import com.yahoo.vespa.hosted.controller.api.integration.security.KeyService; +import com.yahoo.jdisc.http.SecretStore; import org.junit.Before; import org.junit.Test; import org.mockito.Mockito; @@ -30,15 +30,15 @@ public class StatusPageResourceTest { Client mockClient = Mockito.mock(Client.class); WebTarget mockTarget = Mockito.mock(WebTarget.class); Invocation.Builder mockRequest = Mockito.mock(Invocation.Builder.class); - KeyService keyService = Mockito.mock(KeyService.class); + SecretStore secretStore = Mockito.mock(SecretStore.class); Mockito.when(mockClient.target(Mockito.any(UriBuilder.class))).thenReturn(mockTarget); Mockito.when(mockTarget.request()).thenReturn(mockRequest); Mockito.when(mockRequest.get(JsonNode.class)).thenReturn( new ObjectMapper().readTree("{\"page\":{\"name\":\"Vespa\"}}")); - Mockito.when(keyService.getSecret(Mockito.any(String.class))).thenReturn("testpage:testkey"); + Mockito.when(secretStore.getSecret(Mockito.any(String.class))).thenReturn("testpage:testkey"); - statusPage = new StatusPageResource(keyService, mockClient); + statusPage = new StatusPageResource(secretStore, mockClient); } |