Allow setting up a secret store from services.xml.

- The actual implementation must be added by a model amender.
author: gjoranv <gv@oath.com> 2018-03-02 19:38:58 +0100
committer: gjoranv <gv@oath.com> 2018-03-08 15:34:57 +0100
commit: f4078d714f25eacda1d1d1112e9a1d9e4d980274 (patch)
tree: 66c12659f4e968645b50d8d0bbcda2793e708b6e /config-model
parent: cef7b3a9660b00a85ea91b7ce57f9e7ab80c1657 (diff)
6 files changed, 88 insertions, 5 deletions
diff --git a/config-model/src/main/java/com/yahoo/vespa/model/container/ContainerCluster.java b/config-model/src/main/java/com/yahoo/vespa/model/container/ContainerCluster.java
index 28a54771c21..4684cf5c2f0 100755
--- a/config-model/src/main/java/com/yahoo/vespa/model/container/ContainerCluster.java
+++ b/config-model/src/main/java/com/yahoo/vespa/model/container/ContainerCluster.java
@@ -158,6 +158,7 @@ public final class ContainerCluster
     private ContainerSearch containerSearch;
     private ContainerDocproc containerDocproc;
     private ContainerDocumentApi containerDocumentApi;
+    private SecretStore secretStore;
 
     private MbusParams mbusParams;
 
@@ -486,6 +487,14 @@ public final class ContainerCluster
         return allServlets().collect(Collectors.toCollection(ArrayList::new));
     }
 
+    public void setSecretStore(SecretStore secretStore) {
+        this.secretStore = secretStore;
+    }
+
+    public Optional<SecretStore> getSecretStore() {
+        return Optional.ofNullable(secretStore);
+    }
+
     public Map<ComponentId, Component<?, ?>> getComponentsMap() {
         return componentGroup.getComponentMap();
     }
diff --git a/config-model/src/main/java/com/yahoo/vespa/model/container/SecretStore.java b/config-model/src/main/java/com/yahoo/vespa/model/container/SecretStore.java
new file mode 100644
index 00000000000..c803168af81
--- /dev/null
+++ b/config-model/src/main/java/com/yahoo/vespa/model/container/SecretStore.java
@@ -0,0 +1,32 @@
+// Copyright 2018 Yahoo Holdings. Licensed under the terms of the Apache 2.0 license. See LICENSE in the project root.
+package com.yahoo.vespa.model.container;
+
+import com.google.common.collect.ImmutableList;
+
+import java.util.ArrayList;
+import java.util.List;
+
+/**
+ * @author gjoranv
+ */
+public class SecretStore {
+    private final List<Group> groups = new ArrayList<>();
+
+    public void addGroup(String name, String environment) {
+        groups.add(new Group(name, environment));
+    }
+
+    public List<Group> getGroups() {
+        return ImmutableList.copyOf(groups);
+    }
+
+    public static class Group {
+        public final String name;
+        public final String environment;
+
+        Group(String name, String environment) {
+            this.name = name;
+            this.environment = environment;
+        }
+    }
+}
diff --git a/config-model/src/main/java/com/yahoo/vespa/model/container/xml/ContainerModelBuilder.java b/config-model/src/main/java/com/yahoo/vespa/model/container/xml/ContainerModelBuilder.java
index 265fd22e30f..4caf0baf012 100644
--- a/config-model/src/main/java/com/yahoo/vespa/model/container/xml/ContainerModelBuilder.java
+++ b/config-model/src/main/java/com/yahoo/vespa/model/container/xml/ContainerModelBuilder.java
@@ -44,6 +44,7 @@ import com.yahoo.vespa.model.container.Container;
 import com.yahoo.vespa.model.container.ContainerCluster;
 import com.yahoo.vespa.model.container.ContainerModel;
 import com.yahoo.vespa.model.container.IdentityProvider;
+import com.yahoo.vespa.model.container.SecretStore;
 import com.yahoo.vespa.model.container.component.Component;
 import com.yahoo.vespa.model.container.component.FileStatusHandlerComponent;
 import com.yahoo.vespa.model.container.component.chain.ProcessingHandler;
@@ -147,8 +148,8 @@ public class ContainerModelBuilder extends ConfigModelBuilder<ContainerModel> {
         DocumentFactoryBuilder.buildDocumentFactories(cluster, spec);
 
         addConfiguredComponents(cluster, spec);
+        addSecretStore(cluster, spec);
         addHandlers(cluster, spec);
-
         addRestApis(spec, cluster);
         addServlets(spec, cluster);
         addProcessing(spec, cluster);
@@ -174,6 +175,17 @@ public class ContainerModelBuilder extends ConfigModelBuilder<ContainerModel> {
         addAthensCopperArgos(cluster, context);  // Must be added after nodes.
     }
 
+    private void addSecretStore(ContainerCluster cluster, Element spec) {
+        Element secretStoreElement = XML.getChild(spec, "secret-store");
+        if (secretStoreElement != null) {
+            SecretStore secretStore = new SecretStore();
+            for (Element group : XML.getChildren(secretStoreElement, "group")) {
+                secretStore.addGroup(group.getAttribute("name"), group.getAttribute("environment"));
+            }
+            cluster.setSecretStore(secretStore);
+        }
+    }
+
     private void addAthensCopperArgos(ContainerCluster cluster, ConfigModelContext context) {
         app.getDeployment().map(DeploymentSpec::fromXml)
                 .ifPresent(deploymentSpec -> {
diff --git a/config-model/src/main/resources/schema/containercluster.rnc b/config-model/src/main/resources/schema/containercluster.rnc
index 95ac198adc4..dae7f063154 100644
--- a/config-model/src/main/resources/schema/containercluster.rnc
+++ b/config-model/src/main/resources/schema/containercluster.rnc
@@ -25,6 +25,7 @@ ContainerServices =
     Http? &
     HttpFilter? &
     AccessLog* &
+    SecretStore? &
     GenericConfig*
 
 Components = element components {
@@ -75,6 +76,14 @@ AccessLog = element accesslog {
     attribute rotationScheme { string "date" | string "sequence" }?
 }
 
+SecretStore = element secret-store {
+    attribute type { string "oath-ckms" } &
+    element group {
+      attribute name { string } &
+      attribute environment { string "alpha" | string "corp" | string "prod" | string "aws" | string "aws_stage" }
+    } +
+}
+
 # REST-API:
 
 RestApi = element rest-api {
diff --git a/config-model/src/test/java/com/yahoo/vespa/model/container/xml/ContainerModelBuilderTest.java b/config-model/src/test/java/com/yahoo/vespa/model/container/xml/ContainerModelBuilderTest.java
index d1eefb51641..0fbe44742de 100644
--- a/config-model/src/test/java/com/yahoo/vespa/model/container/xml/ContainerModelBuilderTest.java
+++ b/config-model/src/test/java/com/yahoo/vespa/model/container/xml/ContainerModelBuilderTest.java
@@ -32,6 +32,7 @@ import com.yahoo.vespa.model.AbstractService;
 import com.yahoo.vespa.model.VespaModel;
 import com.yahoo.vespa.model.container.Container;
 import com.yahoo.vespa.model.container.ContainerCluster;
+import com.yahoo.vespa.model.container.SecretStore;
 import com.yahoo.vespa.model.container.component.Component;
 import com.yahoo.vespa.model.container.component.HttpFilter;
 import com.yahoo.vespa.model.content.utils.ContentClusterUtils;
@@ -607,6 +608,20 @@ public class ContainerModelBuilderTest extends ContainerModelBuilderTestBase {
         assertEquals("filedistribution/" + hostname, config.filedistributor().configid());
     }
 
+    @Test
+    public void secret_store_can_be_set_up() throws IOException, SAXException {
+        Element clusterElem = DomBuilderTest.parse(
+                "<jdisc version='1.0'>",
+                "  <secret-store>",
+                "    <group name='group1' environment='env1'/>",
+                "  </secret-store>",
+                "</jdisc>");
+        createModel(root, clusterElem);
+        SecretStore secretStore = getContainerCluster("jdisc").getSecretStore().get();
+        assertEquals("group1", secretStore.getGroups().get(0).name);
+        assertEquals("env1", secretStore.getGroups().get(0).environment);
+    }
+
     private Element generateContainerElementWithRenderer(String rendererId) {
         return DomBuilderTest.parse(
                 "<jdisc id='default' version='1.0'>",
diff --git a/config-model/src/test/schema-test-files/services.xml b/config-model/src/test/schema-test-files/services.xml
index af316c2e3a7..e740e7d86b0 100644
--- a/config-model/src/test/schema-test-files/services.xml
+++ b/config-model/src/test/schema-test-files/services.xml
@@ -35,16 +35,22 @@
   </config>
 
   <jdisc id='qrsCluster_1' version='1.0'>
+    <secret-store type="oath-ckms">
+      <!-- NOTE: when removing (or adding) an environment, the rnc schema must also be updated! -->
+      <group name="foo" environment="alpha" />
+      <group name="foo" environment="corp" />
+      <group name="foo" environment="prod" />
+      <group name="foo" environment="aws" />
+      <group name="foo" environment="aws_stage" />
+    </secret-store>
+
     <rest-api path="jersey1">
       <components bundle="my-bundle" />
       <components bundle="other-bundle">
         <package>com.yahoo.foo</package>
         <package>com.yahoo.bar</package>
       </components>
-<!--
-      <inject component="foo-component" for-name="com.yahoo.Foo" />
-      <inject component="bar-component" for-name="com.yahoo.Bar" />
--->
+
     </rest-api>
     <rest-api path="jersey/2">
       <components bundle="my-bundle" />
author	gjoranv <gv@oath.com>	2018-03-02 19:38:58 +0100
committer	gjoranv <gv@oath.com>	2018-03-08 15:34:57 +0100
commit	f4078d714f25eacda1d1d1112e9a1d9e4d980274 (patch)
tree	66c12659f4e968645b50d8d0bbcda2793e708b6e /config-model
parent	cef7b3a9660b00a85ea91b7ce57f9e7ab80c1657 (diff)