diff options
author | Andreas Eriksen <andreer@verizonmedia.com> | 2021-10-15 11:09:21 +0200 |
---|---|---|
committer | GitHub <noreply@github.com> | 2021-10-15 11:09:21 +0200 |
commit | 7c3da58a89d935e996f6b52a352825df707c466b (patch) | |
tree | 068f5c5e861605e79a43b77d12c047c0a6601e25 /controller-api/src/main | |
parent | 912d0cb4a321ebb3eb7a1cd0d73bd3371d9bec22 (diff) |
delete unmaintained certificates (guarded by flag) (#19263)
Diffstat (limited to 'controller-api/src/main')
3 files changed, 207 insertions, 7 deletions
diff --git a/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/certificates/EndpointCertificateMock.java b/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/certificates/EndpointCertificateMock.java index 74a7d23c36d..3e484a5669b 100644 --- a/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/certificates/EndpointCertificateMock.java +++ b/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/certificates/EndpointCertificateMock.java @@ -9,13 +9,17 @@ import java.util.HashMap; import java.util.List; import java.util.Map; import java.util.Optional; +import java.util.UUID; +import java.util.stream.Collectors; /** * @author tokle + * @author andreer */ public class EndpointCertificateMock implements EndpointCertificateProvider { private final Map<ApplicationId, List<String>> dnsNames = new HashMap<>(); + private final Map<String, EndpointCertificateMetadata> providerMetadata = new HashMap<>(); public List<String> dnsNamesOf(ApplicationId application) { return Collections.unmodifiableList(dnsNames.getOrDefault(application, List.of())); @@ -28,18 +32,39 @@ public class EndpointCertificateMock implements EndpointCertificateProvider { applicationId.application(), applicationId.instance()); long epochSecond = Instant.now().getEpochSecond(); long inAnHour = epochSecond + 3600; - return new EndpointCertificateMetadata(endpointCertificatePrefix + "-key", endpointCertificatePrefix + "-cert", 0, 0, - "mock-id-string", dnsNames, "mockCa", Optional.of(inAnHour), Optional.of(epochSecond)); + String requestId = UUID.randomUUID().toString(); + EndpointCertificateMetadata metadata = new EndpointCertificateMetadata(endpointCertificatePrefix + "-key", endpointCertificatePrefix + "-cert", 0, 0, + requestId, dnsNames, "mockCa", Optional.of(inAnHour), Optional.of(epochSecond)); + providerMetadata.put(requestId, metadata); + return metadata; } @Override - public List<EndpointCertificateMetadata> listCertificates() { - return List.of(); + public List<EndpointCertificateRequestMetadata> listCertificates() { + + return providerMetadata.values().stream() + .map(p -> new EndpointCertificateRequestMetadata( + p.requestId(), + "mock", + "mock", + "mock", + p.requestedDnsSans().stream() + .map(san -> new EndpointCertificateRequestMetadata.DnsNameStatus(san, "done")) + .collect(Collectors.toUnmodifiableList()), + 3600, + "ok", + "2021-09-28T00:14:31.946562037Z", + p.expiry().orElseThrow(), + p.issuer(), + "rsa_2048" + )) + .collect(Collectors.toUnmodifiableList()); } @Override - public void deleteCertificate(ApplicationId applicationId, EndpointCertificateMetadata endpointCertificateMetadata) { + public void deleteCertificate(ApplicationId applicationId, String requestId) { dnsNames.remove(applicationId); + providerMetadata.remove(requestId); } } diff --git a/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/certificates/EndpointCertificateProvider.java b/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/certificates/EndpointCertificateProvider.java index a4c9d4d8b3a..fbaeb57fec1 100644 --- a/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/certificates/EndpointCertificateProvider.java +++ b/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/certificates/EndpointCertificateProvider.java @@ -15,7 +15,7 @@ public interface EndpointCertificateProvider { EndpointCertificateMetadata requestCaSignedCertificate(ApplicationId applicationId, List<String> dnsNames, Optional<EndpointCertificateMetadata> currentMetadata); - List<EndpointCertificateMetadata> listCertificates(); + List<EndpointCertificateRequestMetadata> listCertificates(); - void deleteCertificate(ApplicationId applicationId, EndpointCertificateMetadata endpointCertificateMetadata); + void deleteCertificate(ApplicationId applicationId, String requestId); } diff --git a/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/certificates/EndpointCertificateRequestMetadata.java b/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/certificates/EndpointCertificateRequestMetadata.java new file mode 100644 index 00000000000..81e04190244 --- /dev/null +++ b/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/certificates/EndpointCertificateRequestMetadata.java @@ -0,0 +1,175 @@ +// Copyright Verizon Media. Licensed under the terms of the Apache 2.0 license. See LICENSE in the project root. +package com.yahoo.vespa.hosted.controller.api.integration.certificates; + +import java.util.List; +import java.util.Objects; + +/** + * This class is used for metadata about an application's endpoint certificate received from the certificate provider. + * + * @author andreer + */ +public class EndpointCertificateRequestMetadata { + + public EndpointCertificateRequestMetadata(String requestId, + String requestor, + String ticketId, + String athenzDomain, + List<DnsNameStatus> dnsNames, + long durationSec, + String status, + String createTime, + long expiry, + String issuer, + String publicKeyAlgo) { + this.requestId = requestId; + this.requestor = requestor; + this.ticketId = ticketId; + this.athenzDomain = athenzDomain; + this.dnsNames = dnsNames; + this.durationSec = durationSec; + this.status = status; + this.createTime = createTime; + this.expiry = expiry; + this.issuer = issuer; + this.publicKeyAlgo = publicKeyAlgo; + } + + public static class DnsNameStatus { + public final String dnsName; + public final String status; + + public DnsNameStatus(String dnsName, String status) { + this.dnsName = dnsName; + this.status = status; + } + + @Override + public boolean equals(Object o) { + if (this == o) return true; + if (o == null || getClass() != o.getClass()) return false; + DnsNameStatus that = (DnsNameStatus) o; + return dnsName.equals(that.dnsName) && status.equals(that.status); + } + + @Override + public int hashCode() { + return Objects.hash(dnsName, status); + } + + @Override + public String toString() { + return "DnsNameStatus{" + + "dnsName='" + dnsName + '\'' + + ", status='" + status + '\'' + + '}'; + } + } + + private final String requestId; + private final String requestor; + private final String ticketId; + private final String athenzDomain; + private final List<DnsNameStatus> dnsNames; + private final long durationSec; + private final String status; + private final String createTime; // ISO 8601 + private final long expiry; + private final String issuer; + private final String publicKeyAlgo; + + public String requestId() { + return requestId; + } + + public String requestor() { + return requestor; + } + + public String ticketId() { + return ticketId; + } + + public String athenzDomain() { + return athenzDomain; + } + + public List<DnsNameStatus> dnsNames() { + return dnsNames; + } + + public long durationSec() { + return durationSec; + } + + public String status() { + return status; + } + + public String createTime() { + return createTime; + } + + public long expiry() { + return expiry; + } + + public String issuer() { + return issuer; + } + + public String publicKeyAlgo() { + return publicKeyAlgo; + } + + @Override + public boolean equals(Object o) { + if (this == o) return true; + if (o == null || getClass() != o.getClass()) return false; + EndpointCertificateRequestMetadata that = (EndpointCertificateRequestMetadata) o; + return durationSec == that.durationSec && + expiry == that.expiry && + requestId.equals(that.requestId) && + requestor.equals(that.requestor) && + ticketId.equals(that.ticketId) && + athenzDomain.equals(that.athenzDomain) && + dnsNames.equals(that.dnsNames) && + status.equals(that.status) && + createTime.equals(that.createTime) && + issuer.equals(that.issuer) && + publicKeyAlgo.equals(that.publicKeyAlgo); + } + + @Override + public int hashCode() { + return Objects.hash( + requestId, + requestor, + ticketId, + athenzDomain, + dnsNames, + durationSec, + status, + createTime, + expiry, + issuer, + publicKeyAlgo); + } + + @Override + public String toString() { + return "EndpointCertificateRequestMetadata{" + + "requestId='" + requestId + '\'' + + ", requestor='" + requestor + '\'' + + ", ticketId='" + ticketId + '\'' + + ", athenzDomain='" + athenzDomain + '\'' + + ", dnsNames=" + dnsNames + + ", durationSec=" + durationSec + + ", status='" + status + '\'' + + ", createTime='" + createTime + '\'' + + ", expiry=" + expiry + + ", issuer='" + issuer + '\'' + + ", publicKeyAlgo='" + publicKeyAlgo + '\'' + + '}'; + } +} |