diff options
author | Morten Tokle <mortent@yahooinc.com> | 2023-09-08 11:58:35 +0200 |
---|---|---|
committer | Morten Tokle <mortent@yahooinc.com> | 2023-09-08 11:58:35 +0200 |
commit | baf05b2bafc89c4993040da6f8ee15d5d35edb2e (patch) | |
tree | da3fd22da9c005d499ff9520acf37ca9cd0f266f /config-model/src/main | |
parent | 124f4892ae45f19d49b3ca9adaa779c0f2851bfd (diff) |
Add token endpoints to proxy config
Diffstat (limited to 'config-model/src/main')
-rw-r--r-- | config-model/src/main/java/com/yahoo/vespa/model/container/DataplaneProxy.java | 7 | ||||
-rw-r--r-- | config-model/src/main/java/com/yahoo/vespa/model/container/xml/ContainerModelBuilder.java | 12 |
2 files changed, 16 insertions, 3 deletions
diff --git a/config-model/src/main/java/com/yahoo/vespa/model/container/DataplaneProxy.java b/config-model/src/main/java/com/yahoo/vespa/model/container/DataplaneProxy.java index 13aa65909bd..3361793ec1a 100644 --- a/config-model/src/main/java/com/yahoo/vespa/model/container/DataplaneProxy.java +++ b/config-model/src/main/java/com/yahoo/vespa/model/container/DataplaneProxy.java @@ -5,19 +5,23 @@ import com.yahoo.cloud.config.DataplaneProxyConfig; import com.yahoo.container.jdisc.DataplaneProxyConfigurator; import com.yahoo.vespa.model.container.component.SimpleComponent; +import java.util.Set; + public class DataplaneProxy extends SimpleComponent implements DataplaneProxyConfig.Producer { private final int mtlsPort; private final int tokenPort; private final String serverCertificate; private final String serverKey; + private final Set<String> tokenEndpoints; - public DataplaneProxy(int mtlsPort, int tokenPort, String serverCertificate, String serverKey) { + public DataplaneProxy(int mtlsPort, int tokenPort, String serverCertificate, String serverKey, Set<String> tokenEndpoints) { super(DataplaneProxyConfigurator.class.getName()); this.mtlsPort = mtlsPort; this.tokenPort = tokenPort; this.serverCertificate = serverCertificate; this.serverKey = serverKey; + this.tokenEndpoints = tokenEndpoints; } @Override @@ -26,6 +30,7 @@ public class DataplaneProxy extends SimpleComponent implements DataplaneProxyCon builder.tokenPort(tokenPort); builder.serverCertificate(serverCertificate); builder.serverKey(serverKey); + builder.tokenEndpoints(tokenEndpoints); } } diff --git a/config-model/src/main/java/com/yahoo/vespa/model/container/xml/ContainerModelBuilder.java b/config-model/src/main/java/com/yahoo/vespa/model/container/xml/ContainerModelBuilder.java index 459c54a2805..2baf8f053c9 100644 --- a/config-model/src/main/java/com/yahoo/vespa/model/container/xml/ContainerModelBuilder.java +++ b/config-model/src/main/java/com/yahoo/vespa/model/container/xml/ContainerModelBuilder.java @@ -627,9 +627,16 @@ public class ContainerModelBuilder extends ConfigModelBuilder<ContainerModel> { private void addCloudTokenSupport(DeployState state, ApplicationContainerCluster cluster) { var server = cluster.getHttp().getHttpServer().get(); + Set<String> tokenEndpoints = state.getEndpoints().stream() + .filter(endpoint -> endpoint.authMethod() == ApplicationClusterEndpoint.AuthMethod.token) + .map(ContainerEndpoint::names) + .flatMap(Collection::stream) + .collect(Collectors.toSet()); + boolean enableTokenSupport = state.isHosted() && state.zone().system().isPublic() && state.featureFlags().enableDataplaneProxy() - && cluster.getClients().stream().anyMatch(c -> !c.tokens().isEmpty()); + && cluster.getClients().stream().anyMatch(c -> !c.tokens().isEmpty()) + && ! tokenEndpoints.isEmpty(); if (!enableTokenSupport) return; var endpointCert = state.endpointCertificateSecrets().orElseThrow(); int tokenPort = getTokenDataplanePort(state).orElseThrow(); @@ -641,7 +648,8 @@ public class ContainerModelBuilder extends ConfigModelBuilder<ContainerModel> { getMtlsDataplanePort(state), tokenPort, endpointCert.certificate(), - endpointCert.key()); + endpointCert.key(), + tokenEndpoints); cluster.addComponent(dataplaneProxy); // Setup dedicated connector |