diff options
author | Morten Tokle <mortent@verizonmedia.com> | 2021-03-25 10:09:05 +0100 |
---|---|---|
committer | Morten Tokle <mortent@verizonmedia.com> | 2021-03-25 10:09:05 +0100 |
commit | 42b41fa23d421f8957ada3002e6ca82572e08ae7 (patch) | |
tree | 0524dab68ed098c3c8b8d2035113a0a72182e450 /config-model | |
parent | 77429da3edf53f376c53a66e387c550dc42cb3ec (diff) |
New syntax for cloud secret store
Diffstat (limited to 'config-model')
4 files changed, 27 insertions, 13 deletions
diff --git a/config-model/src/main/java/com/yahoo/vespa/model/container/xml/ContainerModelBuilder.java b/config-model/src/main/java/com/yahoo/vespa/model/container/xml/ContainerModelBuilder.java index f2e8757c115..aeca5ff62ae 100644 --- a/config-model/src/main/java/com/yahoo/vespa/model/container/xml/ContainerModelBuilder.java +++ b/config-model/src/main/java/com/yahoo/vespa/model/container/xml/ContainerModelBuilder.java @@ -281,19 +281,19 @@ public class ContainerModelBuilder extends ConfigModelBuilder<ContainerModel> { TenantSecretStore::getName, store -> store )); - - for (Element group : XML.getChildren(secretStoreElement, "aws-parameter-store")) { - String name = group.getAttribute("name"); - String region = group.getAttribute("region"); - TenantSecretStore secretStore = secretStoresByName.get(name); + Element store = XML.getChild(secretStoreElement, "store"); + for (Element group : XML.getChildren(store, "aws-parameter-store")) { + String account = group.getAttribute("account"); + String region = group.getAttribute("aws-region"); + TenantSecretStore secretStore = secretStoresByName.get(account); if (secretStore == null) - throw new RuntimeException("No configured secret store named " + name); + throw new RuntimeException("No configured secret store named " + account); if (secretStore.getExternalId().isEmpty()) throw new RuntimeException("No external ID has been set"); - cloudSecretStore.addConfig(name, region, secretStore.getAwsId(), secretStore.getRole(), secretStore.getExternalId().get()); + cloudSecretStore.addConfig(account, region, secretStore.getAwsId(), secretStore.getRole(), secretStore.getExternalId().get()); } cluster.addComponent(cloudSecretStore); diff --git a/config-model/src/main/resources/schema/containercluster.rnc b/config-model/src/main/resources/schema/containercluster.rnc index 9313d91ea55..39df939f78c 100644 --- a/config-model/src/main/resources/schema/containercluster.rnc +++ b/config-model/src/main/resources/schema/containercluster.rnc @@ -91,10 +91,13 @@ SecretStore = element secret-store { attribute name { string } & attribute environment { string "alpha" | string "corp" | string "prod" | string "aws" | string "aws_stage" } } * & - element aws-parameter-store { - attribute name { string } & - attribute region { string } - } * + element store { + attribute id { string } & + element aws-parameter-store { + attribute account { string } & + attribute aws-region { string } + } * + }? } ZooKeeper = element zookeeper { diff --git a/config-model/src/test/java/com/yahoo/vespa/model/container/xml/ContainerModelBuilderTest.java b/config-model/src/test/java/com/yahoo/vespa/model/container/xml/ContainerModelBuilderTest.java index 7082720f721..7f862afa1b0 100644 --- a/config-model/src/test/java/com/yahoo/vespa/model/container/xml/ContainerModelBuilderTest.java +++ b/config-model/src/test/java/com/yahoo/vespa/model/container/xml/ContainerModelBuilderTest.java @@ -728,7 +728,9 @@ public class ContainerModelBuilderTest extends ContainerModelBuilderTestBase { Element clusterElem = DomBuilderTest.parse( "<container version='1.0'>", " <secret-store type='cloud'>", - " <aws-parameter-store name='store1' region='eu-north-1'/>", + " <store id='store'>", + " <aws-parameter-store account='store1' region='eu-north-1'/>", + " </store>", " </secret-store>", "</container>"); try { @@ -749,7 +751,9 @@ public class ContainerModelBuilderTest extends ContainerModelBuilderTestBase { Element clusterElem = DomBuilderTest.parse( "<container version='1.0'>", " <secret-store type='cloud'>", - " <aws-parameter-store name='store1' region='eu-north-1'/>", + " <store id='store'>", + " <aws-parameter-store account='store1' region='eu-north-1'/>", + " </store>", " </secret-store>", "</container>"); diff --git a/config-model/src/test/schema-test-files/services.xml b/config-model/src/test/schema-test-files/services.xml index d37000b1ff7..db1e6c29586 100644 --- a/config-model/src/test/schema-test-files/services.xml +++ b/config-model/src/test/schema-test-files/services.xml @@ -244,4 +244,11 @@ </nodes> </container> + <container id='qrsCluster_2' version='1.0'> + <secret-store type="cloud"> + <store id="foo"> + <aws-parameter-store account="foo" aws-region="us-east-1"/> + </store> + </secret-store> + </container> </services> |