diff options
author | Bjørn Christian Seime <bjorn.christian@seime.no> | 2018-05-16 16:23:26 +0200 |
---|---|---|
committer | GitHub <noreply@github.com> | 2018-05-16 16:23:26 +0200 |
commit | e6073623a9a01859679525d1b38d088bc14ce8f8 (patch) | |
tree | f7482a12743261ddc37a97c414a0ab6deb01d304 /athenz-identity-provider-service | |
parent | 1b79b2d02bf9dc63bd78d0379f15bf4e0e0d0b6b (diff) | |
parent | 2ba4b5890a2b9a4f308d7025370be1a3af4668f0 (diff) |
Merge pull request #5887 from vespa-engine/bjorncs/remove-use-deprecated-types
Bjorncs/remove use deprecated types
Diffstat (limited to 'athenz-identity-provider-service')
7 files changed, 66 insertions, 62 deletions
diff --git a/athenz-identity-provider-service/pom.xml b/athenz-identity-provider-service/pom.xml index 372763fede2..86d4defa861 100644 --- a/athenz-identity-provider-service/pom.xml +++ b/athenz-identity-provider-service/pom.xml @@ -131,12 +131,6 @@ <plugin> <groupId>org.apache.maven.plugins</groupId> <artifactId>maven-compiler-plugin</artifactId> - <configuration> - <compilerArgs> - <arg>-Xlint:-deprecation</arg> - <arg>-Werror</arg> - </compilerArgs> - </configuration> </plugin> </plugins> </build> diff --git a/athenz-identity-provider-service/src/main/java/com/yahoo/vespa/hosted/athenz/instanceproviderservice/identitydocument/IdentityDocumentGenerator.java b/athenz-identity-provider-service/src/main/java/com/yahoo/vespa/hosted/athenz/instanceproviderservice/identitydocument/IdentityDocumentGenerator.java index 55377862cfc..728406c297f 100644 --- a/athenz-identity-provider-service/src/main/java/com/yahoo/vespa/hosted/athenz/instanceproviderservice/identitydocument/IdentityDocumentGenerator.java +++ b/athenz-identity-provider-service/src/main/java/com/yahoo/vespa/hosted/athenz/instanceproviderservice/identitydocument/IdentityDocumentGenerator.java @@ -4,9 +4,11 @@ package com.yahoo.vespa.hosted.athenz.instanceproviderservice.identitydocument; import com.google.inject.Inject; import com.yahoo.config.provision.Zone; import com.yahoo.net.HostName; -import com.yahoo.vespa.athenz.identityprovider.api.bindings.IdentityDocument; -import com.yahoo.vespa.athenz.identityprovider.api.bindings.ProviderUniqueId; -import com.yahoo.vespa.athenz.identityprovider.api.bindings.SignedIdentityDocument; +import com.yahoo.vespa.athenz.api.AthenzService; +import com.yahoo.vespa.athenz.identityprovider.api.EntityBindingsMapper; +import com.yahoo.vespa.athenz.identityprovider.api.IdentityDocument; +import com.yahoo.vespa.athenz.identityprovider.api.SignedIdentityDocument; +import com.yahoo.vespa.athenz.identityprovider.api.VespaUniqueInstanceId; import com.yahoo.vespa.hosted.athenz.instanceproviderservice.KeyProvider; import com.yahoo.vespa.hosted.athenz.instanceproviderservice.config.AthenzProviderServiceConfig; import com.yahoo.vespa.hosted.athenz.instanceproviderservice.impl.Utils; @@ -49,7 +51,7 @@ public class IdentityDocumentGenerator { Node node = nodeRepository.getNode(hostname).orElseThrow(() -> new RuntimeException("Unable to find node " + hostname)); try { IdentityDocument identityDocument = generateIdDocument(node); - String identityDocumentString = Utils.getMapper().writeValueAsString(identityDocument); + String identityDocumentString = Utils.getMapper().writeValueAsString(EntityBindingsMapper.toIdentityDocumentEntity(identityDocument)); String encodedIdentityDocument = Base64.getEncoder().encodeToString(identityDocumentString.getBytes()); @@ -61,12 +63,12 @@ public class IdentityDocumentGenerator { String signature = Base64.getEncoder().encodeToString(sigGenerator.sign()); return new SignedIdentityDocument( - encodedIdentityDocument, + identityDocument, signature, SignedIdentityDocument.DEFAULT_KEY_VERSION, - identityDocument.providerUniqueId.toVespaUniqueInstanceId().asDottedString(), + identityDocument.providerUniqueId(), toZoneDnsSuffix(zone, zoneConfig.certDnsSuffix()), - zoneConfig.domain() + "." + zoneConfig.serviceName(), + new AthenzService(zoneConfig.domain(), zoneConfig.serviceName()), URI.create(zoneConfig.ztsUrl()), SignedIdentityDocument.DEFAULT_DOCUMENT_VERSION); } catch (Exception e) { @@ -76,14 +78,14 @@ public class IdentityDocumentGenerator { private IdentityDocument generateIdDocument(Node node) { Allocation allocation = node.allocation().orElseThrow(() -> new RuntimeException("No allocation for node " + node.hostname())); - ProviderUniqueId providerUniqueId = new ProviderUniqueId( - allocation.owner().tenant().value(), + VespaUniqueInstanceId providerUniqueId = new VespaUniqueInstanceId( + allocation.membership().index(), + allocation.membership().cluster().id().value(), + allocation.owner().instance().value(), allocation.owner().application().value(), - zone.environment().value(), + allocation.owner().tenant().value(), zone.region().value(), - allocation.owner().instance().value(), - allocation.membership().cluster().id().value(), - allocation.membership().index()); + zone.environment().value()); // TODO: Hack to allow access from docker containers to non-ipv6 services. // Remove when yca-bridge is no longer needed diff --git a/athenz-identity-provider-service/src/main/java/com/yahoo/vespa/hosted/athenz/instanceproviderservice/identitydocument/IdentityDocumentResource.java b/athenz-identity-provider-service/src/main/java/com/yahoo/vespa/hosted/athenz/instanceproviderservice/identitydocument/IdentityDocumentResource.java index 24efde665aa..93668006e26 100644 --- a/athenz-identity-provider-service/src/main/java/com/yahoo/vespa/hosted/athenz/instanceproviderservice/identitydocument/IdentityDocumentResource.java +++ b/athenz-identity-provider-service/src/main/java/com/yahoo/vespa/hosted/athenz/instanceproviderservice/identitydocument/IdentityDocumentResource.java @@ -5,8 +5,9 @@ import com.google.inject.Inject; import com.yahoo.container.jaxrs.annotation.Component; import com.yahoo.jdisc.http.servlet.ServletRequest; import com.yahoo.log.LogLevel; +import com.yahoo.vespa.athenz.identityprovider.api.EntityBindingsMapper; import com.yahoo.vespa.athenz.identityprovider.api.bindings.IdentityDocumentApi; -import com.yahoo.vespa.athenz.identityprovider.api.bindings.SignedIdentityDocument; +import com.yahoo.vespa.athenz.identityprovider.api.bindings.SignedIdentityDocumentEntity; import com.yahoo.vespa.hosted.provision.restapi.v2.filter.NodePrincipal; import javax.servlet.http.HttpServletRequest; @@ -48,7 +49,7 @@ public class IdentityDocumentResource implements IdentityDocumentApi { @Deprecated @Override // TODO Make this method private when the rest api is not longer in use - public SignedIdentityDocument getIdentityDocument(@QueryParam("hostname") String hostname) { + public SignedIdentityDocumentEntity getIdentityDocument(@QueryParam("hostname") String hostname) { if (hostname == null) { throw new BadRequestException("The 'hostname' query parameter is missing"); } @@ -66,7 +67,7 @@ public class IdentityDocumentResource implements IdentityDocumentApi { throw new ForbiddenException(); } try { - return identityDocumentGenerator.generateSignedIdentityDocument(hostname); + return EntityBindingsMapper.toSignedIdentityDocumentEntity(identityDocumentGenerator.generateSignedIdentityDocument(hostname)); } catch (Exception e) { String message = String.format("Unable to generate identity doument for '%s': %s", hostname, e.getMessage()); log.log(LogLevel.ERROR, message, e); @@ -78,7 +79,7 @@ public class IdentityDocumentResource implements IdentityDocumentApi { @Produces(MediaType.APPLICATION_JSON) @Path("/node/{host}") @Override - public SignedIdentityDocument getNodeIdentityDocument(@PathParam("host") String host) { + public SignedIdentityDocumentEntity getNodeIdentityDocument(@PathParam("host") String host) { return getIdentityDocument(host); } @@ -86,7 +87,7 @@ public class IdentityDocumentResource implements IdentityDocumentApi { @Produces(MediaType.APPLICATION_JSON) @Path("/tenant/{host}") @Override - public SignedIdentityDocument getTenantIdentityDocument(@PathParam("host") String host) { + public SignedIdentityDocumentEntity getTenantIdentityDocument(@PathParam("host") String host) { return getIdentityDocument(host); } diff --git a/athenz-identity-provider-service/src/main/java/com/yahoo/vespa/hosted/athenz/instanceproviderservice/instanceconfirmation/InstanceConfirmation.java b/athenz-identity-provider-service/src/main/java/com/yahoo/vespa/hosted/athenz/instanceproviderservice/instanceconfirmation/InstanceConfirmation.java index 6e895711531..4f70a7b9a10 100644 --- a/athenz-identity-provider-service/src/main/java/com/yahoo/vespa/hosted/athenz/instanceproviderservice/instanceconfirmation/InstanceConfirmation.java +++ b/athenz-identity-provider-service/src/main/java/com/yahoo/vespa/hosted/athenz/instanceproviderservice/instanceconfirmation/InstanceConfirmation.java @@ -13,8 +13,8 @@ import com.fasterxml.jackson.databind.JsonSerializer; import com.fasterxml.jackson.databind.SerializerProvider; import com.fasterxml.jackson.databind.annotation.JsonDeserialize; import com.fasterxml.jackson.databind.annotation.JsonSerialize; +import com.yahoo.vespa.athenz.identityprovider.api.bindings.SignedIdentityDocumentEntity; import com.yahoo.vespa.hosted.athenz.instanceproviderservice.impl.Utils; -import com.yahoo.vespa.athenz.identityprovider.api.bindings.SignedIdentityDocument; import java.io.IOException; import java.util.HashMap; @@ -33,7 +33,7 @@ public class InstanceConfirmation { @JsonProperty("service") public final String service; @JsonProperty("attestationData") @JsonSerialize(using = SignedIdentitySerializer.class) - public final SignedIdentityDocument signedIdentityDocument; + public final SignedIdentityDocumentEntity signedIdentityDocument; @JsonUnwrapped public final Map<String, Object> attributes = new HashMap<>(); // optional attributes that Athenz may provide @JsonCreator @@ -41,7 +41,7 @@ public class InstanceConfirmation { @JsonProperty("domain") String domain, @JsonProperty("service") String service, @JsonProperty("attestationData") @JsonDeserialize(using = SignedIdentityDeserializer.class) - SignedIdentityDocument signedIdentityDocument) { + SignedIdentityDocumentEntity signedIdentityDocument) { this.provider = provider; this.domain = domain; this.service = service; @@ -81,19 +81,19 @@ public class InstanceConfirmation { return Objects.hash(provider, domain, service, signedIdentityDocument, attributes); } - public static class SignedIdentityDeserializer extends JsonDeserializer<SignedIdentityDocument> { + public static class SignedIdentityDeserializer extends JsonDeserializer<SignedIdentityDocumentEntity> { @Override - public SignedIdentityDocument deserialize( + public SignedIdentityDocumentEntity deserialize( JsonParser jsonParser, DeserializationContext deserializationContext) throws IOException { String value = jsonParser.getValueAsString(); - return Utils.getMapper().readValue(value, SignedIdentityDocument.class); + return Utils.getMapper().readValue(value, SignedIdentityDocumentEntity.class); } } - public static class SignedIdentitySerializer extends JsonSerializer<SignedIdentityDocument> { + public static class SignedIdentitySerializer extends JsonSerializer<SignedIdentityDocumentEntity> { @Override public void serialize( - SignedIdentityDocument document, JsonGenerator gen, SerializerProvider serializers) throws IOException { + SignedIdentityDocumentEntity document, JsonGenerator gen, SerializerProvider serializers) throws IOException { gen.writeString(Utils.getMapper().writeValueAsString(document)); } } diff --git a/athenz-identity-provider-service/src/main/java/com/yahoo/vespa/hosted/athenz/instanceproviderservice/instanceconfirmation/InstanceValidator.java b/athenz-identity-provider-service/src/main/java/com/yahoo/vespa/hosted/athenz/instanceproviderservice/instanceconfirmation/InstanceValidator.java index ca513ede320..5f330dc01bf 100644 --- a/athenz-identity-provider-service/src/main/java/com/yahoo/vespa/hosted/athenz/instanceproviderservice/instanceconfirmation/InstanceValidator.java +++ b/athenz-identity-provider-service/src/main/java/com/yahoo/vespa/hosted/athenz/instanceproviderservice/instanceconfirmation/InstanceValidator.java @@ -7,9 +7,11 @@ import com.yahoo.config.model.api.ServiceInfo; import com.yahoo.config.model.api.SuperModelProvider; import com.yahoo.config.provision.ApplicationId; import com.yahoo.log.LogLevel; +import com.yahoo.vespa.athenz.identityprovider.api.EntityBindingsMapper; +import com.yahoo.vespa.athenz.identityprovider.api.SignedIdentityDocument; +import com.yahoo.vespa.athenz.identityprovider.api.VespaUniqueInstanceId; +import com.yahoo.vespa.athenz.identityprovider.api.bindings.SignedIdentityDocumentEntity; import com.yahoo.vespa.hosted.athenz.instanceproviderservice.KeyProvider; -import com.yahoo.vespa.athenz.identityprovider.api.bindings.ProviderUniqueId; -import com.yahoo.vespa.athenz.identityprovider.api.bindings.SignedIdentityDocument; import java.security.InvalidKeyException; import java.security.NoSuchAlgorithmException; @@ -41,10 +43,10 @@ public class InstanceValidator { } public boolean isValidInstance(InstanceConfirmation instanceConfirmation) { - SignedIdentityDocument signedIdentityDocument = instanceConfirmation.signedIdentityDocument; - ProviderUniqueId providerUniqueId = signedIdentityDocument.identityDocument.providerUniqueId; + SignedIdentityDocument signedIdentityDocument = EntityBindingsMapper.toSignedIdentityDocument(instanceConfirmation.signedIdentityDocument); + VespaUniqueInstanceId providerUniqueId = signedIdentityDocument.providerUniqueId(); ApplicationId applicationId = ApplicationId.from( - providerUniqueId.tenant, providerUniqueId.application, providerUniqueId.instance); + providerUniqueId.tenant(), providerUniqueId.application(), providerUniqueId.instance()); if (! isSameIdentityAsInServicesXml(applicationId, instanceConfirmation.domain, instanceConfirmation.service)) { return false; @@ -60,7 +62,7 @@ public class InstanceValidator { } boolean isInstanceSignatureValid(InstanceConfirmation instanceConfirmation) { - SignedIdentityDocument signedIdentityDocument = instanceConfirmation.signedIdentityDocument; + SignedIdentityDocumentEntity signedIdentityDocument = instanceConfirmation.signedIdentityDocument; PublicKey publicKey = keyProvider.getPublicKey(signedIdentityDocument.signingKeyVersion); return isSignatureValid(publicKey, signedIdentityDocument.rawIdentityDocument, signedIdentityDocument.signature); diff --git a/athenz-identity-provider-service/src/test/java/com/yahoo/vespa/hosted/athenz/instanceproviderservice/identitydocument/IdentityDocumentGeneratorTest.java b/athenz-identity-provider-service/src/test/java/com/yahoo/vespa/hosted/athenz/instanceproviderservice/identitydocument/IdentityDocumentGeneratorTest.java index 8b4c06c2867..d7b061ca2f1 100644 --- a/athenz-identity-provider-service/src/test/java/com/yahoo/vespa/hosted/athenz/instanceproviderservice/identitydocument/IdentityDocumentGeneratorTest.java +++ b/athenz-identity-provider-service/src/test/java/com/yahoo/vespa/hosted/athenz/instanceproviderservice/identitydocument/IdentityDocumentGeneratorTest.java @@ -14,8 +14,10 @@ import com.yahoo.config.provision.RegionName; import com.yahoo.config.provision.SystemName; import com.yahoo.config.provision.TenantName; import com.yahoo.config.provision.Zone; -import com.yahoo.vespa.athenz.identityprovider.api.bindings.ProviderUniqueId; -import com.yahoo.vespa.athenz.identityprovider.api.bindings.SignedIdentityDocument; +import com.yahoo.vespa.athenz.identityprovider.api.EntityBindingsMapper; +import com.yahoo.vespa.athenz.identityprovider.api.SignedIdentityDocument; +import com.yahoo.vespa.athenz.identityprovider.api.VespaUniqueInstanceId; +import com.yahoo.vespa.athenz.identityprovider.api.bindings.SignedIdentityDocumentEntity; import com.yahoo.vespa.hosted.athenz.instanceproviderservice.AutoGeneratedKeyProvider; import com.yahoo.vespa.hosted.athenz.instanceproviderservice.config.AthenzProviderServiceConfig; import com.yahoo.vespa.hosted.athenz.instanceproviderservice.instanceconfirmation.InstanceValidator; @@ -82,24 +84,26 @@ public class IdentityDocumentGeneratorTest { SignedIdentityDocument signedIdentityDocument = identityDocumentGenerator.generateSignedIdentityDocument(containerHostname); // Verify attributes - assertEquals(containerHostname, signedIdentityDocument.identityDocument.instanceHostname); + assertEquals(containerHostname, signedIdentityDocument.identityDocument().instanceHostname()); String environment = "dev"; String region = "us-north-1"; String expectedZoneDnsSuffix = environment + "-" + region + "." + dnsSuffix; - assertEquals(expectedZoneDnsSuffix, signedIdentityDocument.dnsSuffix); + assertEquals(expectedZoneDnsSuffix, signedIdentityDocument.dnsSuffix()); - ProviderUniqueId expectedProviderUniqueId = - new ProviderUniqueId("tenant", "application", environment, region, "default", "default", 0); - assertEquals(expectedProviderUniqueId, signedIdentityDocument.identityDocument.providerUniqueId); + VespaUniqueInstanceId expectedProviderUniqueId = + new VespaUniqueInstanceId(0, "default", "default", "application", "tenant", region, environment); + assertEquals(expectedProviderUniqueId, signedIdentityDocument.providerUniqueId()); // Validate that both parent and container ips are present - assertThat(signedIdentityDocument.identityDocument.ipAddresses, Matchers.containsInAnyOrder("127.0.0.1", "::1")); + assertThat(signedIdentityDocument.identityDocument().ipAddresses(), Matchers.containsInAnyOrder("127.0.0.1", "::1")); + + SignedIdentityDocumentEntity signedIdentityDocumentEntity = EntityBindingsMapper.toSignedIdentityDocumentEntity(signedIdentityDocument); // Validate signature assertTrue("Message", InstanceValidator.isSignatureValid(keyProvider.getPublicKey(0), - signedIdentityDocument.rawIdentityDocument, - signedIdentityDocument.signature)); + signedIdentityDocumentEntity.rawIdentityDocument, + signedIdentityDocument.signature())); } } diff --git a/athenz-identity-provider-service/src/test/java/com/yahoo/vespa/hosted/athenz/instanceproviderservice/instanceconfirmation/InstanceValidatorTest.java b/athenz-identity-provider-service/src/test/java/com/yahoo/vespa/hosted/athenz/instanceproviderservice/instanceconfirmation/InstanceValidatorTest.java index 1400dd3e338..54786c86cd3 100644 --- a/athenz-identity-provider-service/src/test/java/com/yahoo/vespa/hosted/athenz/instanceproviderservice/instanceconfirmation/InstanceValidatorTest.java +++ b/athenz-identity-provider-service/src/test/java/com/yahoo/vespa/hosted/athenz/instanceproviderservice/instanceconfirmation/InstanceValidatorTest.java @@ -10,9 +10,10 @@ import com.yahoo.config.model.api.ServiceInfo; import com.yahoo.config.model.api.SuperModel; import com.yahoo.config.model.api.SuperModelProvider; import com.yahoo.config.provision.ApplicationId; -import com.yahoo.vespa.athenz.identityprovider.api.bindings.IdentityDocument; -import com.yahoo.vespa.athenz.identityprovider.api.bindings.ProviderUniqueId; -import com.yahoo.vespa.athenz.identityprovider.api.bindings.SignedIdentityDocument; +import com.yahoo.vespa.athenz.identityprovider.api.EntityBindingsMapper; +import com.yahoo.vespa.athenz.identityprovider.api.bindings.IdentityDocumentEntity; +import com.yahoo.vespa.athenz.identityprovider.api.bindings.SignedIdentityDocumentEntity; +import com.yahoo.vespa.athenz.identityprovider.api.bindings.VespaUniqueInstanceIdEntity; import com.yahoo.vespa.hosted.athenz.instanceproviderservice.AutoGeneratedKeyProvider; import com.yahoo.vespa.hosted.athenz.instanceproviderservice.KeyProvider; import com.yahoo.vespa.hosted.athenz.instanceproviderservice.impl.Utils; @@ -117,9 +118,9 @@ public class InstanceValidatorTest { private static InstanceConfirmation createInstanceConfirmation(PrivateKey privateKey, ApplicationId applicationId, String domain, String service) { - IdentityDocument identityDocument = new IdentityDocument( - new ProviderUniqueId(applicationId.tenant().value(), applicationId.application().value(), - "environment", "region", applicationId.instance().value(), "cluster-id", 0), + IdentityDocumentEntity identityDocument = new IdentityDocumentEntity( + new VespaUniqueInstanceIdEntity(applicationId.tenant().value(), applicationId.application().value(), + "environment", "region", applicationId.instance().value(), "cluster-id", 0), "hostname", "instance-hostname", Instant.now(), @@ -135,14 +136,14 @@ public class InstanceValidatorTest { return new InstanceConfirmation( "provider", domain, service, - new SignedIdentityDocument(encodedIdentityDocument, - Base64.getEncoder().encodeToString(sigGenerator.sign()), - 0, - identityDocument.providerUniqueId.toVespaUniqueInstanceId().asDottedString(), - "dnssuffix", - "service", - URI.create("http://localhost/zts"), - 1)); + new SignedIdentityDocumentEntity(encodedIdentityDocument, + Base64.getEncoder().encodeToString(sigGenerator.sign()), + 0, + EntityBindingsMapper.toVespaUniqueInstanceId(identityDocument.providerUniqueId).asDottedString(), + "dnssuffix", + "service", + URI.create("http://localhost/zts"), + 1)); } catch (Exception e) { throw new RuntimeException(e); } |