aboutsummaryrefslogtreecommitdiffstats
path: root/config-model/src/main/java/com/yahoo/vespa/model/application/validation/EndpointCertificateSecretsValidator.java
diff options
context:
space:
mode:
authorandreer <andreer@verizonmedia.com>2020-01-17 16:59:39 +0100
committerandreer <andreer@verizonmedia.com>2020-01-17 16:59:39 +0100
commite66e0ba2ccd2b973a13eff8645af66073eba31ed (patch)
tree561e155af40992cab549d8a760207af2ff84e9cc /config-model/src/main/java/com/yahoo/vespa/model/application/validation/EndpointCertificateSecretsValidator.java
parent0d7939b7036d2b0f8960f43edcafe6eff5051f7a (diff)
accept and store json endpoint cert metadata on deploy
also refactor from tlsSecretKeys -> several "endpoint certificate" classes
Diffstat (limited to 'config-model/src/main/java/com/yahoo/vespa/model/application/validation/EndpointCertificateSecretsValidator.java')
-rw-r--r--config-model/src/main/java/com/yahoo/vespa/model/application/validation/EndpointCertificateSecretsValidator.java18
1 files changed, 18 insertions, 0 deletions
diff --git a/config-model/src/main/java/com/yahoo/vespa/model/application/validation/EndpointCertificateSecretsValidator.java b/config-model/src/main/java/com/yahoo/vespa/model/application/validation/EndpointCertificateSecretsValidator.java
new file mode 100644
index 00000000000..f00ad0f0dbb
--- /dev/null
+++ b/config-model/src/main/java/com/yahoo/vespa/model/application/validation/EndpointCertificateSecretsValidator.java
@@ -0,0 +1,18 @@
+// Copyright 2020 Oath Inc. Licensed under the terms of the Apache 2.0 license. See LICENSE in the project root.
+package com.yahoo.vespa.model.application.validation;
+
+import com.yahoo.config.model.api.EndpointCertificateSecrets;
+import com.yahoo.config.model.deploy.DeployState;
+import com.yahoo.config.provision.CertificateNotReadyException;
+import com.yahoo.vespa.model.VespaModel;
+
+public class EndpointCertificateSecretsValidator extends Validator {
+
+ /** This check is delayed until validation to allow node provisioning to complete while we are waiting for cert */
+ @Override
+ public void validate(VespaModel model, DeployState deployState) {
+ if (deployState.endpointCertificateSecrets().isPresent() && deployState.endpointCertificateSecrets().get() == EndpointCertificateSecrets.MISSING) {
+ throw new CertificateNotReadyException("TLS enabled, but could not retrieve certificate yet");
+ }
+ }
+}