Don't inject config instances into jax-rs resources

Injection of config instances is not suppored for jax-rs resources. All dependencies of resources must be components.
author: Bjørn Christian Seime <bjorncs@oath.com> 2017-11-21 18:00:15 +0100
committer: Bjørn Christian Seime <bjorncs@oath.com> 2017-11-21 18:00:15 +0100
commit: 3e3ed3de439fe4014fecc2614e2da7c171384dcc (patch)
tree: 46c6729ca84ba6a509cdc551671f0cbde61ee2cc /athenz-identity-provider-service
parent: 68baa91316a8ad002b64fba44294f1e97bbb04e0 (diff)
7 files changed, 31 insertions, 43 deletions
diff --git a/athenz-identity-provider-service/src/main/java/com/yahoo/vespa/hosted/athenz/instanceproviderservice/ca/CertificateSigner.java b/athenz-identity-provider-service/src/main/java/com/yahoo/vespa/hosted/athenz/instanceproviderservice/ca/CertificateSigner.java
index 742788ab0c2..2dc3f24664c 100644
--- a/athenz-identity-provider-service/src/main/java/com/yahoo/vespa/hosted/athenz/instanceproviderservice/ca/CertificateSigner.java
+++ b/athenz-identity-provider-service/src/main/java/com/yahoo/vespa/hosted/athenz/instanceproviderservice/ca/CertificateSigner.java
@@ -1,9 +1,12 @@
 package com.yahoo.vespa.hosted.athenz.instanceproviderservice.ca;
 
 import com.google.common.collect.ImmutableList;
+import com.google.inject.Inject;
+import com.yahoo.config.provision.Zone;
 import com.yahoo.log.LogLevel;
-import com.yahoo.vespa.hosted.athenz.instanceproviderservice.config.AthenzProviderServiceConfig;
+import com.yahoo.net.HostName;
 import com.yahoo.vespa.hosted.athenz.instanceproviderservice.KeyProvider;
+import com.yahoo.vespa.hosted.athenz.instanceproviderservice.config.AthenzProviderServiceConfig;
 import org.bouncycastle.asn1.ASN1ObjectIdentifier;
 import org.bouncycastle.asn1.DERUTF8String;
 import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers;
@@ -38,6 +41,8 @@ import java.util.logging.Logger;
 import java.util.stream.Collectors;
 import java.util.stream.Stream;
 
+import static com.yahoo.vespa.hosted.athenz.instanceproviderservice.impl.Utils.getZoneConfig;
+
 
 /**
  * Signs Certificate Signing Reqest from tenant nodes. This certificate will be used
@@ -62,10 +67,9 @@ public class CertificateSigner {
     private final X500Name issuer;
     private final Clock clock;
 
-    public CertificateSigner(KeyProvider keyProvider,
-                             AthenzProviderServiceConfig.Zones zoneConfig,
-                             String configServerHostname) {
-        this(keyProvider.getPrivateKey(zoneConfig.secretVersion()), configServerHostname, Clock.systemUTC());
+    @Inject
+    public CertificateSigner(KeyProvider keyProvider, AthenzProviderServiceConfig config, Zone zone) {
+        this(getPrivateKey(keyProvider, config, zone), HostName.getLocalhost(), Clock.systemUTC());
     }
 
     CertificateSigner(PrivateKey caPrivateKey, String configServerHostname, Clock clock) {
@@ -138,4 +142,9 @@ public class CertificateSigner {
             throw new IllegalArgumentException("CSR contains illegal extensions: " + String.join(", ", illegalExt));
         }
     }
+
+    private static PrivateKey getPrivateKey(KeyProvider keyProvider, AthenzProviderServiceConfig config, Zone zone) {
+        AthenzProviderServiceConfig.Zones zoneConfig = getZoneConfig(config, zone);
+        return keyProvider.getPrivateKey(zoneConfig.secretVersion());
+    }
 }
diff --git a/athenz-identity-provider-service/src/main/java/com/yahoo/vespa/hosted/athenz/instanceproviderservice/ca/CertificateSignerResource.java b/athenz-identity-provider-service/src/main/java/com/yahoo/vespa/hosted/athenz/instanceproviderservice/ca/CertificateSignerResource.java
index 1b10b79df27..27a91252d8a 100644
--- a/athenz-identity-provider-service/src/main/java/com/yahoo/vespa/hosted/athenz/instanceproviderservice/ca/CertificateSignerResource.java
+++ b/athenz-identity-provider-service/src/main/java/com/yahoo/vespa/hosted/athenz/instanceproviderservice/ca/CertificateSignerResource.java
@@ -2,14 +2,10 @@
 package com.yahoo.vespa.hosted.athenz.instanceproviderservice.ca;
 
 import com.google.inject.Inject;
-import com.yahoo.config.provision.Zone;
 import com.yahoo.container.jaxrs.annotation.Component;
 import com.yahoo.log.LogLevel;
-import com.yahoo.net.HostName;
 import com.yahoo.vespa.hosted.athenz.instanceproviderservice.ca.model.CertificateSerializedPayload;
 import com.yahoo.vespa.hosted.athenz.instanceproviderservice.ca.model.CsrSerializedPayload;
-import com.yahoo.vespa.hosted.athenz.instanceproviderservice.config.AthenzProviderServiceConfig;
-import com.yahoo.vespa.hosted.athenz.instanceproviderservice.KeyProvider;
 import org.bouncycastle.pkcs.PKCS10CertificationRequest;
 
 import javax.servlet.http.HttpServletRequest;
@@ -23,8 +19,6 @@ import javax.ws.rs.core.MediaType;
 import java.security.cert.X509Certificate;
 import java.util.logging.Logger;
 
-import static com.yahoo.vespa.hosted.athenz.instanceproviderservice.impl.Utils.getZoneConfig;
-
 /**
  * @author bjorncs
  * @author freva
@@ -37,11 +31,8 @@ public class CertificateSignerResource {
     private final CertificateSigner certificateSigner;
 
     @Inject
-    public CertificateSignerResource(@Component AthenzProviderServiceConfig config,
-                                     @Component Zone zone,
-                                     @Component KeyProvider keyProvider) {
-        AthenzProviderServiceConfig.Zones zoneConfig = getZoneConfig(config, zone);
-        this.certificateSigner = new CertificateSigner(keyProvider, zoneConfig, HostName.getLocalhost());
+    public CertificateSignerResource(@Component CertificateSigner certificateSigner) {
+        this.certificateSigner = certificateSigner;
     }
 
     @POST
diff --git a/athenz-identity-provider-service/src/main/java/com/yahoo/vespa/hosted/athenz/instanceproviderservice/identitydocument/IdentityDocumentGenerator.java b/athenz-identity-provider-service/src/main/java/com/yahoo/vespa/hosted/athenz/instanceproviderservice/identitydocument/IdentityDocumentGenerator.java
index 65ae25cd91e..4dd6881c07e 100644
--- a/athenz-identity-provider-service/src/main/java/com/yahoo/vespa/hosted/athenz/instanceproviderservice/identitydocument/IdentityDocumentGenerator.java
+++ b/athenz-identity-provider-service/src/main/java/com/yahoo/vespa/hosted/athenz/instanceproviderservice/identitydocument/IdentityDocumentGenerator.java
@@ -1,6 +1,7 @@
 // Copyright 2017 Yahoo Holdings. Licensed under the terms of the Apache 2.0 license. See LICENSE in the project root.
 package com.yahoo.vespa.hosted.athenz.instanceproviderservice.identitydocument;
 
+import com.google.inject.Inject;
 import com.yahoo.config.provision.Zone;
 import com.yahoo.vespa.hosted.athenz.instanceproviderservice.KeyProvider;
 import com.yahoo.vespa.hosted.athenz.instanceproviderservice.config.AthenzProviderServiceConfig;
@@ -28,8 +29,12 @@ public class IdentityDocumentGenerator {
     private final String providerDomain;
     private final int signingSecretVersion;
 
-    public IdentityDocumentGenerator(AthenzProviderServiceConfig config, AthenzProviderServiceConfig.Zones zoneConfig,
-                                     NodeRepository nodeRepository, Zone zone, KeyProvider keyProvider) {
+    @Inject
+    public IdentityDocumentGenerator(AthenzProviderServiceConfig config,
+                                     NodeRepository nodeRepository,
+                                     Zone zone,
+                                     KeyProvider keyProvider) {
+        AthenzProviderServiceConfig.Zones zoneConfig = Utils.getZoneConfig(config, zone);
         this.nodeRepository = nodeRepository;
         this.zone = zone;
         this.keyProvider = keyProvider;
diff --git a/athenz-identity-provider-service/src/main/java/com/yahoo/vespa/hosted/athenz/instanceproviderservice/identitydocument/IdentityDocumentResource.java b/athenz-identity-provider-service/src/main/java/com/yahoo/vespa/hosted/athenz/instanceproviderservice/identitydocument/IdentityDocumentResource.java
index b36e81bec2e..b3e5aee97b3 100644
--- a/athenz-identity-provider-service/src/main/java/com/yahoo/vespa/hosted/athenz/instanceproviderservice/identitydocument/IdentityDocumentResource.java
+++ b/athenz-identity-provider-service/src/main/java/com/yahoo/vespa/hosted/athenz/instanceproviderservice/identitydocument/IdentityDocumentResource.java
@@ -2,12 +2,8 @@
 package com.yahoo.vespa.hosted.athenz.instanceproviderservice.identitydocument;
 
 import com.google.inject.Inject;
-import com.yahoo.config.provision.Zone;
 import com.yahoo.container.jaxrs.annotation.Component;
 import com.yahoo.log.LogLevel;
-import com.yahoo.vespa.hosted.athenz.instanceproviderservice.KeyProvider;
-import com.yahoo.vespa.hosted.athenz.instanceproviderservice.config.AthenzProviderServiceConfig;
-import com.yahoo.vespa.hosted.provision.NodeRepository;
 
 import javax.ws.rs.BadRequestException;
 import javax.ws.rs.GET;
@@ -18,8 +14,6 @@ import javax.ws.rs.QueryParam;
 import javax.ws.rs.core.MediaType;
 import java.util.logging.Logger;
 
-import static com.yahoo.vespa.hosted.athenz.instanceproviderservice.impl.Utils.getZoneConfig;
-
 /**
  * @author bjorncs
  */
@@ -31,13 +25,8 @@ public class IdentityDocumentResource {
     private final IdentityDocumentGenerator identityDocumentGenerator;
 
     @Inject
-    public IdentityDocumentResource(@Component AthenzProviderServiceConfig config,
-                                    @Component Zone zone,
-                                    @Component NodeRepository nodeRepository,
-                                    @Component KeyProvider keyProvider) {
-        AthenzProviderServiceConfig.Zones zoneConfig = getZoneConfig(config, zone);
-        this.identityDocumentGenerator =
-                new IdentityDocumentGenerator(config, zoneConfig, nodeRepository, zone, keyProvider);
+    public IdentityDocumentResource(@Component IdentityDocumentGenerator identityDocumentGenerator) {
+        this.identityDocumentGenerator = identityDocumentGenerator;
     }
 
     @GET
diff --git a/athenz-identity-provider-service/src/main/java/com/yahoo/vespa/hosted/athenz/instanceproviderservice/instanceconfirmation/InstanceConfirmationResource.java b/athenz-identity-provider-service/src/main/java/com/yahoo/vespa/hosted/athenz/instanceproviderservice/instanceconfirmation/InstanceConfirmationResource.java
index b132c45120e..5c93bf423d3 100644
--- a/athenz-identity-provider-service/src/main/java/com/yahoo/vespa/hosted/athenz/instanceproviderservice/instanceconfirmation/InstanceConfirmationResource.java
+++ b/athenz-identity-provider-service/src/main/java/com/yahoo/vespa/hosted/athenz/instanceproviderservice/instanceconfirmation/InstanceConfirmationResource.java
@@ -2,10 +2,8 @@
 package com.yahoo.vespa.hosted.athenz.instanceproviderservice.instanceconfirmation;
 
 import com.google.inject.Inject;
-import com.yahoo.config.model.api.SuperModelProvider;
 import com.yahoo.container.jaxrs.annotation.Component;
 import com.yahoo.log.LogLevel;
-import com.yahoo.vespa.hosted.athenz.instanceproviderservice.KeyProvider;
 
 import javax.ws.rs.Consumes;
 import javax.ws.rs.ForbiddenException;
@@ -26,9 +24,8 @@ public class InstanceConfirmationResource {
     private final InstanceValidator instanceValidator;
 
     @Inject
-    public InstanceConfirmationResource(@Component KeyProvider keyProvider,
-                                        @Component SuperModelProvider superModelProvider) {
-        this.instanceValidator = new InstanceValidator(keyProvider, superModelProvider);
+    public InstanceConfirmationResource(@Component InstanceValidator instanceValidator) {
+        this.instanceValidator = instanceValidator;
     }
 
     @POST
diff --git a/athenz-identity-provider-service/src/main/java/com/yahoo/vespa/hosted/athenz/instanceproviderservice/instanceconfirmation/InstanceValidator.java b/athenz-identity-provider-service/src/main/java/com/yahoo/vespa/hosted/athenz/instanceproviderservice/instanceconfirmation/InstanceValidator.java
index 122142608ab..69c5d961b7e 100644
--- a/athenz-identity-provider-service/src/main/java/com/yahoo/vespa/hosted/athenz/instanceproviderservice/instanceconfirmation/InstanceValidator.java
+++ b/athenz-identity-provider-service/src/main/java/com/yahoo/vespa/hosted/athenz/instanceproviderservice/instanceconfirmation/InstanceValidator.java
@@ -1,6 +1,7 @@
 // Copyright 2017 Yahoo Holdings. Licensed under the terms of the Apache 2.0 license. See LICENSE in the project root.
 package com.yahoo.vespa.hosted.athenz.instanceproviderservice.instanceconfirmation;
 
+import com.google.inject.Inject;
 import com.yahoo.config.model.api.ApplicationInfo;
 import com.yahoo.config.model.api.ServiceInfo;
 import com.yahoo.config.model.api.SuperModelProvider;
@@ -33,6 +34,7 @@ public class InstanceValidator {
     private final KeyProvider keyProvider;
     private final SuperModelProvider superModelProvider;
 
+    @Inject
     public InstanceValidator(KeyProvider keyProvider, SuperModelProvider superModelProvider) {
         this.keyProvider = keyProvider;
         this.superModelProvider = superModelProvider;
diff --git a/athenz-identity-provider-service/src/test/java/com/yahoo/vespa/hosted/athenz/instanceproviderservice/identitydocument/IdentityDocumentGeneratorTest.java b/athenz-identity-provider-service/src/test/java/com/yahoo/vespa/hosted/athenz/instanceproviderservice/identitydocument/IdentityDocumentGeneratorTest.java
index 268f6c3d108..0c12e137e27 100644
--- a/athenz-identity-provider-service/src/test/java/com/yahoo/vespa/hosted/athenz/instanceproviderservice/identitydocument/IdentityDocumentGeneratorTest.java
+++ b/athenz-identity-provider-service/src/test/java/com/yahoo/vespa/hosted/athenz/instanceproviderservice/identitydocument/IdentityDocumentGeneratorTest.java
@@ -27,7 +27,6 @@ import java.util.HashSet;
 import java.util.Optional;
 
 import static com.yahoo.vespa.hosted.athenz.instanceproviderservice.TestUtils.getAthenzProviderConfig;
-import static com.yahoo.vespa.hosted.athenz.instanceproviderservice.impl.Utils.getZoneConfig;
 import static org.junit.Assert.assertEquals;
 import static org.junit.Assert.assertTrue;
 import static org.mockito.Matchers.eq;
@@ -65,12 +64,8 @@ public class IdentityDocumentGeneratorTest {
 
         String dnsSuffix = "vespa.dns.suffix";
         AthenzProviderServiceConfig config = getAthenzProviderConfig("domain", "service", dnsSuffix, ZONE);
-        IdentityDocumentGenerator identityDocumentGenerator = new IdentityDocumentGenerator(
-                config,
-                getZoneConfig(config, ZONE),
-                nodeRepository,
-                ZONE,
-                keyProvider);
+        IdentityDocumentGenerator identityDocumentGenerator =
+                new IdentityDocumentGenerator(config, nodeRepository, ZONE, keyProvider);
         SignedIdentityDocument signedIdentityDocument = identityDocumentGenerator.generateSignedIdentityDocument(hostname);
 
         // Verify attributes
author	Bjørn Christian Seime <bjorncs@oath.com>	2017-11-21 18:00:15 +0100
committer	Bjørn Christian Seime <bjorncs@oath.com>	2017-11-21 18:00:15 +0100
commit	3e3ed3de439fe4014fecc2614e2da7c171384dcc (patch)
tree	46c6729ca84ba6a509cdc551671f0cbde61ee2cc /athenz-identity-provider-service
parent	68baa91316a8ad002b64fba44294f1e97bbb04e0 (diff)