aboutsummaryrefslogtreecommitdiffstats
path: root/controller-api
diff options
context:
space:
mode:
authorAndreas Eriksen <andreer@verizonmedia.com>2021-10-15 11:09:21 +0200
committerGitHub <noreply@github.com>2021-10-15 11:09:21 +0200
commit7c3da58a89d935e996f6b52a352825df707c466b (patch)
tree068f5c5e861605e79a43b77d12c047c0a6601e25 /controller-api
parent912d0cb4a321ebb3eb7a1cd0d73bd3371d9bec22 (diff)
delete unmaintained certificates (guarded by flag) (#19263)
Diffstat (limited to 'controller-api')
-rw-r--r--controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/certificates/EndpointCertificateMock.java35
-rw-r--r--controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/certificates/EndpointCertificateProvider.java4
-rw-r--r--controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/certificates/EndpointCertificateRequestMetadata.java175
3 files changed, 207 insertions, 7 deletions
diff --git a/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/certificates/EndpointCertificateMock.java b/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/certificates/EndpointCertificateMock.java
index 74a7d23c36d..3e484a5669b 100644
--- a/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/certificates/EndpointCertificateMock.java
+++ b/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/certificates/EndpointCertificateMock.java
@@ -9,13 +9,17 @@ import java.util.HashMap;
import java.util.List;
import java.util.Map;
import java.util.Optional;
+import java.util.UUID;
+import java.util.stream.Collectors;
/**
* @author tokle
+ * @author andreer
*/
public class EndpointCertificateMock implements EndpointCertificateProvider {
private final Map<ApplicationId, List<String>> dnsNames = new HashMap<>();
+ private final Map<String, EndpointCertificateMetadata> providerMetadata = new HashMap<>();
public List<String> dnsNamesOf(ApplicationId application) {
return Collections.unmodifiableList(dnsNames.getOrDefault(application, List.of()));
@@ -28,18 +32,39 @@ public class EndpointCertificateMock implements EndpointCertificateProvider {
applicationId.application(), applicationId.instance());
long epochSecond = Instant.now().getEpochSecond();
long inAnHour = epochSecond + 3600;
- return new EndpointCertificateMetadata(endpointCertificatePrefix + "-key", endpointCertificatePrefix + "-cert", 0, 0,
- "mock-id-string", dnsNames, "mockCa", Optional.of(inAnHour), Optional.of(epochSecond));
+ String requestId = UUID.randomUUID().toString();
+ EndpointCertificateMetadata metadata = new EndpointCertificateMetadata(endpointCertificatePrefix + "-key", endpointCertificatePrefix + "-cert", 0, 0,
+ requestId, dnsNames, "mockCa", Optional.of(inAnHour), Optional.of(epochSecond));
+ providerMetadata.put(requestId, metadata);
+ return metadata;
}
@Override
- public List<EndpointCertificateMetadata> listCertificates() {
- return List.of();
+ public List<EndpointCertificateRequestMetadata> listCertificates() {
+
+ return providerMetadata.values().stream()
+ .map(p -> new EndpointCertificateRequestMetadata(
+ p.requestId(),
+ "mock",
+ "mock",
+ "mock",
+ p.requestedDnsSans().stream()
+ .map(san -> new EndpointCertificateRequestMetadata.DnsNameStatus(san, "done"))
+ .collect(Collectors.toUnmodifiableList()),
+ 3600,
+ "ok",
+ "2021-09-28T00:14:31.946562037Z",
+ p.expiry().orElseThrow(),
+ p.issuer(),
+ "rsa_2048"
+ ))
+ .collect(Collectors.toUnmodifiableList());
}
@Override
- public void deleteCertificate(ApplicationId applicationId, EndpointCertificateMetadata endpointCertificateMetadata) {
+ public void deleteCertificate(ApplicationId applicationId, String requestId) {
dnsNames.remove(applicationId);
+ providerMetadata.remove(requestId);
}
}
diff --git a/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/certificates/EndpointCertificateProvider.java b/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/certificates/EndpointCertificateProvider.java
index a4c9d4d8b3a..fbaeb57fec1 100644
--- a/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/certificates/EndpointCertificateProvider.java
+++ b/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/certificates/EndpointCertificateProvider.java
@@ -15,7 +15,7 @@ public interface EndpointCertificateProvider {
EndpointCertificateMetadata requestCaSignedCertificate(ApplicationId applicationId, List<String> dnsNames, Optional<EndpointCertificateMetadata> currentMetadata);
- List<EndpointCertificateMetadata> listCertificates();
+ List<EndpointCertificateRequestMetadata> listCertificates();
- void deleteCertificate(ApplicationId applicationId, EndpointCertificateMetadata endpointCertificateMetadata);
+ void deleteCertificate(ApplicationId applicationId, String requestId);
}
diff --git a/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/certificates/EndpointCertificateRequestMetadata.java b/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/certificates/EndpointCertificateRequestMetadata.java
new file mode 100644
index 00000000000..81e04190244
--- /dev/null
+++ b/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/certificates/EndpointCertificateRequestMetadata.java
@@ -0,0 +1,175 @@
+// Copyright Verizon Media. Licensed under the terms of the Apache 2.0 license. See LICENSE in the project root.
+package com.yahoo.vespa.hosted.controller.api.integration.certificates;
+
+import java.util.List;
+import java.util.Objects;
+
+/**
+ * This class is used for metadata about an application's endpoint certificate received from the certificate provider.
+ *
+ * @author andreer
+ */
+public class EndpointCertificateRequestMetadata {
+
+ public EndpointCertificateRequestMetadata(String requestId,
+ String requestor,
+ String ticketId,
+ String athenzDomain,
+ List<DnsNameStatus> dnsNames,
+ long durationSec,
+ String status,
+ String createTime,
+ long expiry,
+ String issuer,
+ String publicKeyAlgo) {
+ this.requestId = requestId;
+ this.requestor = requestor;
+ this.ticketId = ticketId;
+ this.athenzDomain = athenzDomain;
+ this.dnsNames = dnsNames;
+ this.durationSec = durationSec;
+ this.status = status;
+ this.createTime = createTime;
+ this.expiry = expiry;
+ this.issuer = issuer;
+ this.publicKeyAlgo = publicKeyAlgo;
+ }
+
+ public static class DnsNameStatus {
+ public final String dnsName;
+ public final String status;
+
+ public DnsNameStatus(String dnsName, String status) {
+ this.dnsName = dnsName;
+ this.status = status;
+ }
+
+ @Override
+ public boolean equals(Object o) {
+ if (this == o) return true;
+ if (o == null || getClass() != o.getClass()) return false;
+ DnsNameStatus that = (DnsNameStatus) o;
+ return dnsName.equals(that.dnsName) && status.equals(that.status);
+ }
+
+ @Override
+ public int hashCode() {
+ return Objects.hash(dnsName, status);
+ }
+
+ @Override
+ public String toString() {
+ return "DnsNameStatus{" +
+ "dnsName='" + dnsName + '\'' +
+ ", status='" + status + '\'' +
+ '}';
+ }
+ }
+
+ private final String requestId;
+ private final String requestor;
+ private final String ticketId;
+ private final String athenzDomain;
+ private final List<DnsNameStatus> dnsNames;
+ private final long durationSec;
+ private final String status;
+ private final String createTime; // ISO 8601
+ private final long expiry;
+ private final String issuer;
+ private final String publicKeyAlgo;
+
+ public String requestId() {
+ return requestId;
+ }
+
+ public String requestor() {
+ return requestor;
+ }
+
+ public String ticketId() {
+ return ticketId;
+ }
+
+ public String athenzDomain() {
+ return athenzDomain;
+ }
+
+ public List<DnsNameStatus> dnsNames() {
+ return dnsNames;
+ }
+
+ public long durationSec() {
+ return durationSec;
+ }
+
+ public String status() {
+ return status;
+ }
+
+ public String createTime() {
+ return createTime;
+ }
+
+ public long expiry() {
+ return expiry;
+ }
+
+ public String issuer() {
+ return issuer;
+ }
+
+ public String publicKeyAlgo() {
+ return publicKeyAlgo;
+ }
+
+ @Override
+ public boolean equals(Object o) {
+ if (this == o) return true;
+ if (o == null || getClass() != o.getClass()) return false;
+ EndpointCertificateRequestMetadata that = (EndpointCertificateRequestMetadata) o;
+ return durationSec == that.durationSec &&
+ expiry == that.expiry &&
+ requestId.equals(that.requestId) &&
+ requestor.equals(that.requestor) &&
+ ticketId.equals(that.ticketId) &&
+ athenzDomain.equals(that.athenzDomain) &&
+ dnsNames.equals(that.dnsNames) &&
+ status.equals(that.status) &&
+ createTime.equals(that.createTime) &&
+ issuer.equals(that.issuer) &&
+ publicKeyAlgo.equals(that.publicKeyAlgo);
+ }
+
+ @Override
+ public int hashCode() {
+ return Objects.hash(
+ requestId,
+ requestor,
+ ticketId,
+ athenzDomain,
+ dnsNames,
+ durationSec,
+ status,
+ createTime,
+ expiry,
+ issuer,
+ publicKeyAlgo);
+ }
+
+ @Override
+ public String toString() {
+ return "EndpointCertificateRequestMetadata{" +
+ "requestId='" + requestId + '\'' +
+ ", requestor='" + requestor + '\'' +
+ ", ticketId='" + ticketId + '\'' +
+ ", athenzDomain='" + athenzDomain + '\'' +
+ ", dnsNames=" + dnsNames +
+ ", durationSec=" + durationSec +
+ ", status='" + status + '\'' +
+ ", createTime='" + createTime + '\'' +
+ ", expiry=" + expiry +
+ ", issuer='" + issuer + '\'' +
+ ", publicKeyAlgo='" + publicKeyAlgo + '\'' +
+ '}';
+ }
+}