diff options
author | Martin Polden <mpolden@mpolden.no> | 2023-07-05 15:38:25 +0200 |
---|---|---|
committer | Martin Polden <mpolden@mpolden.no> | 2023-07-06 13:56:42 +0200 |
commit | e5b89c6a148d80cfef77baa52e383b642648e194 (patch) | |
tree | 5b3a2286703f2a1e63eacedc43c986534043ecf3 /controller-api | |
parent | bd7356f18947ba1b08ef43e82e74018e664c0893 (diff) |
EndpointCertificateMetadata -> EndpointCertificate
Diffstat (limited to 'controller-api')
9 files changed, 70 insertions, 65 deletions
diff --git a/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/application/v4/model/DeploymentData.java b/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/application/v4/model/DeploymentData.java index b23b93cba78..f73aeb89f0e 100644 --- a/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/application/v4/model/DeploymentData.java +++ b/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/application/v4/model/DeploymentData.java @@ -8,7 +8,7 @@ import com.yahoo.config.provision.DockerImage; import com.yahoo.config.provision.zone.ZoneId; import com.yahoo.vespa.athenz.api.AthenzDomain; import com.yahoo.vespa.hosted.controller.api.integration.billing.Quota; -import com.yahoo.vespa.hosted.controller.api.integration.certificates.EndpointCertificateMetadata; +import com.yahoo.vespa.hosted.controller.api.integration.certificates.EndpointCertificate; import com.yahoo.vespa.hosted.controller.api.integration.configserver.ContainerEndpoint; import com.yahoo.vespa.hosted.controller.api.integration.dataplanetoken.DataplaneTokenVersions; import com.yahoo.vespa.hosted.controller.api.integration.secrets.TenantSecretStore; @@ -36,7 +36,7 @@ public class DeploymentData { private final Supplier<InputStream> applicationPackage; private final Version platform; private final Set<ContainerEndpoint> containerEndpoints; - private final Supplier<Optional<EndpointCertificateMetadata>> endpointCertificateMetadata; + private final Supplier<Optional<EndpointCertificate>> endpointCertificate; private final Optional<DockerImage> dockerImageRepo; private final Optional<AthenzDomain> athenzDomain; private final Supplier<Quota> quota; @@ -48,7 +48,7 @@ public class DeploymentData { public DeploymentData(ApplicationId instance, ZoneId zone, Supplier<InputStream> applicationPackage, Version platform, Set<ContainerEndpoint> containerEndpoints, - Supplier<Optional<EndpointCertificateMetadata>> endpointCertificateMetadata, + Supplier<Optional<EndpointCertificate>> endpointCertificate, Optional<DockerImage> dockerImageRepo, Optional<AthenzDomain> athenzDomain, Supplier<Quota> quota, @@ -62,7 +62,7 @@ public class DeploymentData { this.applicationPackage = requireNonNull(applicationPackage); this.platform = requireNonNull(platform); this.containerEndpoints = Set.copyOf(requireNonNull(containerEndpoints)); - this.endpointCertificateMetadata = new Memoized<>(requireNonNull(endpointCertificateMetadata)); + this.endpointCertificate = new Memoized<>(requireNonNull(endpointCertificate)); this.dockerImageRepo = requireNonNull(dockerImageRepo); this.athenzDomain = athenzDomain; this.quota = new Memoized<>(requireNonNull(quota)); @@ -93,8 +93,8 @@ public class DeploymentData { return containerEndpoints; } - public Optional<EndpointCertificateMetadata> endpointCertificateMetadata() { - return endpointCertificateMetadata.get(); + public Optional<EndpointCertificate> endpointCertificate() { + return endpointCertificate.get(); } public Optional<DockerImage> dockerImageRepo() { diff --git a/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/certificates/EndpointCertificateMetadata.java b/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/certificates/EndpointCertificate.java index 02afbb6ace6..53d807b0139 100644 --- a/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/certificates/EndpointCertificateMetadata.java +++ b/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/certificates/EndpointCertificate.java @@ -5,20 +5,18 @@ import java.util.List; import java.util.Optional; /** - * This class is used for metadata about an application's endpoint certificate on the controller. - * <p> - * It has more properties than com.yahoo.config.model.api.EndpointCertificateMetadata. + * This holds information about an application's endpoint certificate. * * @author andreer */ -public record EndpointCertificateMetadata(String keyName, String certName, int version, long lastRequested, - String rootRequestId, // The id of the first request made for this certificate. Should not change. - Optional<String> leafRequestId, // The id of the last known request made for this certificate. Changes on refresh, may be outdated! - List<String> requestedDnsSans, String issuer, Optional<Long> expiry, - Optional<Long> lastRefreshed, Optional<String> randomizedId) { +public record EndpointCertificate(String keyName, String certName, int version, long lastRequested, + String rootRequestId, // The id of the first request made for this certificate. Should not change. + Optional<String> leafRequestId, // The id of the last known request made for this certificate. Changes on refresh, may be outdated! + List<String> requestedDnsSans, String issuer, Optional<Long> expiry, + Optional<Long> lastRefreshed, Optional<String> randomizedId) { - public EndpointCertificateMetadata withRandomizedId(String randomizedId) { - return new EndpointCertificateMetadata( + public EndpointCertificate withRandomizedId(String randomizedId) { + return new EndpointCertificate( this.keyName, this.certName, this.version, @@ -32,8 +30,8 @@ public record EndpointCertificateMetadata(String keyName, String certName, int v Optional.of(randomizedId)); } - public EndpointCertificateMetadata withKeyName(String keyName) { - return new EndpointCertificateMetadata( + public EndpointCertificate withKeyName(String keyName) { + return new EndpointCertificate( keyName, this.certName, this.version, @@ -47,8 +45,8 @@ public record EndpointCertificateMetadata(String keyName, String certName, int v this.randomizedId); } - public EndpointCertificateMetadata withCertName(String certName) { - return new EndpointCertificateMetadata( + public EndpointCertificate withCertName(String certName) { + return new EndpointCertificate( this.keyName, certName, this.version, @@ -62,8 +60,8 @@ public record EndpointCertificateMetadata(String keyName, String certName, int v this.randomizedId); } - public EndpointCertificateMetadata withVersion(int version) { - return new EndpointCertificateMetadata( + public EndpointCertificate withVersion(int version) { + return new EndpointCertificate( this.keyName, this.certName, version, @@ -77,8 +75,8 @@ public record EndpointCertificateMetadata(String keyName, String certName, int v this.randomizedId); } - public EndpointCertificateMetadata withLastRequested(long lastRequested) { - return new EndpointCertificateMetadata( + public EndpointCertificate withLastRequested(long lastRequested) { + return new EndpointCertificate( this.keyName, this.certName, this.version, @@ -92,8 +90,8 @@ public record EndpointCertificateMetadata(String keyName, String certName, int v this.randomizedId); } - public EndpointCertificateMetadata withLastRefreshed(long lastRefreshed) { - return new EndpointCertificateMetadata( + public EndpointCertificate withLastRefreshed(long lastRefreshed) { + return new EndpointCertificate( this.keyName, this.certName, this.version, @@ -107,8 +105,8 @@ public record EndpointCertificateMetadata(String keyName, String certName, int v this.randomizedId); } - public EndpointCertificateMetadata withRootRequestId(String rootRequestId) { - return new EndpointCertificateMetadata( + public EndpointCertificate withRootRequestId(String rootRequestId) { + return new EndpointCertificate( this.keyName, this.certName, this.version, @@ -122,8 +120,8 @@ public record EndpointCertificateMetadata(String keyName, String certName, int v this.randomizedId); } - public EndpointCertificateMetadata withLeafRequestId(Optional<String> leafRequestId) { - return new EndpointCertificateMetadata( + public EndpointCertificate withLeafRequestId(Optional<String> leafRequestId) { + return new EndpointCertificate( this.keyName, this.certName, this.version, diff --git a/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/certificates/EndpointCertificateDetails.java b/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/certificates/EndpointCertificateDetails.java index 3f5514dce8c..486a6f5b580 100644 --- a/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/certificates/EndpointCertificateDetails.java +++ b/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/certificates/EndpointCertificateDetails.java @@ -9,23 +9,23 @@ import java.util.List; * @author andreer */ public record EndpointCertificateDetails( - String request_id, + String requestId, String requestor, String status, - String ticket_id, - String athenz_domain, - List<EndpointCertificateRequestMetadata.DnsNameStatus> dnsnames, - String duration_sec, + String ticketId, + String athenzDomain, + List<EndpointCertificateRequestMetadata.DnsNameStatus> dnsNames, + String durationSec, String expiry, - String private_key_kgname, - String private_key_keyname, - String private_key_version, - String cert_key_kgname, - String cert_key_keyname, - String cert_key_version, - String create_time, - boolean expiry_protection, - String public_key_algo, + String privateKeyKgname, + String privateKeyKeyname, + String privateKeyVersion, + String certKeyKgname, + String certKeyKeyname, + String certKeyVersion, + String createTime, + boolean expiryProtection, + String publicKeyAlgo, String issuer, String serial -) { }
\ No newline at end of file +) { } diff --git a/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/certificates/EndpointCertificateException.java b/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/certificates/EndpointCertificateException.java index a446a5382fb..7f4f22ced40 100644 --- a/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/certificates/EndpointCertificateException.java +++ b/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/certificates/EndpointCertificateException.java @@ -1,6 +1,9 @@ // Copyright Yahoo. Licensed under the terms of the Apache 2.0 license. See LICENSE in the project root. package com.yahoo.vespa.hosted.controller.api.integration.certificates; +/** + * @author andreer + */ public class EndpointCertificateException extends RuntimeException { private final Type type; diff --git a/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/certificates/EndpointCertificateProvider.java b/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/certificates/EndpointCertificateProvider.java index 7c5268ea353..cf86dcd2e4f 100644 --- a/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/certificates/EndpointCertificateProvider.java +++ b/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/certificates/EndpointCertificateProvider.java @@ -11,7 +11,7 @@ import java.util.Optional; */ public interface EndpointCertificateProvider { - EndpointCertificateMetadata requestCaSignedCertificate(String endpointCertificatePrefix, List<String> dnsNames, Optional<EndpointCertificateMetadata> currentMetadata, String algo, boolean useAlternativeProvider); + EndpointCertificate requestCaSignedCertificate(String endpointCertificatePrefix, List<String> dnsNames, Optional<EndpointCertificate> currentCert, String algo, boolean useAlternativeProvider); List<EndpointCertificateRequestMetadata> listCertificates(); diff --git a/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/certificates/EndpointCertificateMock.java b/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/certificates/EndpointCertificateProviderMock.java index a0448e41b68..53a6bad2032 100644 --- a/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/certificates/EndpointCertificateMock.java +++ b/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/certificates/EndpointCertificateProviderMock.java @@ -13,35 +13,35 @@ import java.util.UUID; * @author tokle * @author andreer */ -public class EndpointCertificateMock implements EndpointCertificateProvider { +public class EndpointCertificateProviderMock implements EndpointCertificateProvider { private final Map<String, List<String>> dnsNames = new HashMap<>(); - private final Map<String, EndpointCertificateMetadata> providerMetadata = new HashMap<>(); + private final Map<String, EndpointCertificate> certificates = new HashMap<>(); public List<String> dnsNamesOf(String rootRequestId) { return Collections.unmodifiableList(dnsNames.getOrDefault(rootRequestId, List.of())); } @Override - public EndpointCertificateMetadata requestCaSignedCertificate(String key, List<String> dnsNames, Optional<EndpointCertificateMetadata> currentMetadata, String algo, boolean useAlternativeProvider) { + public EndpointCertificate requestCaSignedCertificate(String key, List<String> dnsNames, Optional<EndpointCertificate> currentCert, String algo, boolean useAlternativeProvider) { String endpointCertificatePrefix = "vespa.tls.%s".formatted(key); long epochSecond = Instant.now().getEpochSecond(); long inAnHour = epochSecond + 3600; String requestId = UUID.randomUUID().toString(); this.dnsNames.put(requestId, dnsNames); - int version = currentMetadata.map(c -> currentMetadata.get().version()+1).orElse(0); - EndpointCertificateMetadata metadata = new EndpointCertificateMetadata(endpointCertificatePrefix + "-key", endpointCertificatePrefix + "-cert", version, 0, - currentMetadata.map(EndpointCertificateMetadata::rootRequestId).orElse(requestId), Optional.of(requestId), dnsNames, "mockCa", Optional.of(inAnHour), Optional.of(epochSecond), Optional.empty()); - currentMetadata.ifPresent(c -> providerMetadata.remove(c.leafRequestId().orElseThrow())); - providerMetadata.put(requestId, metadata); - return metadata; + int version = currentCert.map(c -> currentCert.get().version() + 1).orElse(0); + EndpointCertificate cert = new EndpointCertificate(endpointCertificatePrefix + "-key", endpointCertificatePrefix + "-cert", version, 0, + currentCert.map(EndpointCertificate::rootRequestId).orElse(requestId), Optional.of(requestId), dnsNames, "mockCa", Optional.of(inAnHour), Optional.of(epochSecond), Optional.empty()); + currentCert.ifPresent(c -> certificates.remove(c.leafRequestId().orElseThrow())); + certificates.put(requestId, cert); + return cert; } @Override public List<EndpointCertificateRequestMetadata> listCertificates() { - return providerMetadata.values().stream() - .map(p -> new EndpointCertificateRequestMetadata( + return certificates.values().stream() + .map(p -> new EndpointCertificateRequestMetadata( p.leafRequestId().orElse(p.rootRequestId()), "requestor", "ticketId", @@ -56,20 +56,20 @@ public class EndpointCertificateMock implements EndpointCertificateProvider { p.issuer(), "rsa_2048" )) - .toList(); + .toList(); } @Override public void deleteCertificate(String requestId) { dnsNames.remove(requestId); - providerMetadata.remove(requestId); + certificates.remove(requestId); } @Override public EndpointCertificateDetails certificateDetails(String requestId) { - var metadata = providerMetadata.get(requestId); + var metadata = certificates.get(requestId); - if(metadata==null) throw new RuntimeException("Unknown certificate request"); + if (metadata==null) throw new IllegalArgumentException("Unknown certificate request"); return new EndpointCertificateDetails(requestId, "requestor", @@ -91,4 +91,5 @@ public class EndpointCertificateMock implements EndpointCertificateProvider { "issuer", "serial"); } + } diff --git a/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/certificates/EndpointCertificateValidator.java b/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/certificates/EndpointCertificateValidator.java index 0952fe587f9..b6bc8b9f129 100644 --- a/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/certificates/EndpointCertificateValidator.java +++ b/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/certificates/EndpointCertificateValidator.java @@ -5,6 +5,9 @@ import com.yahoo.config.provision.zone.ZoneId; import java.util.List; +/** + * @author andreer + */ public interface EndpointCertificateValidator { - void validate(EndpointCertificateMetadata endpointCertificateMetadata, String serializedInstanceId, ZoneId zone, List<String> requiredNamesForZone); + void validate(EndpointCertificate endpointCertificate, String serializedInstanceId, ZoneId zone, List<String> requiredNamesForZone); } diff --git a/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/certificates/EndpointCertificateValidatorImpl.java b/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/certificates/EndpointCertificateValidatorImpl.java index cff61f1a50a..e09e2d096c2 100644 --- a/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/certificates/EndpointCertificateValidatorImpl.java +++ b/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/certificates/EndpointCertificateValidatorImpl.java @@ -31,9 +31,9 @@ public class EndpointCertificateValidatorImpl implements EndpointCertificateVali } @Override - public void validate(EndpointCertificateMetadata endpointCertificateMetadata, String serializedInstanceId, ZoneId zone, List<String> requiredNamesForZone) { + public void validate(EndpointCertificate endpointCertificate, String serializedInstanceId, ZoneId zone, List<String> requiredNamesForZone) { try { - var pemEncodedEndpointCertificate = secretStore.getSecret(endpointCertificateMetadata.certName(), endpointCertificateMetadata.version()); + var pemEncodedEndpointCertificate = secretStore.getSecret(endpointCertificate.certName(), endpointCertificate.version()); if (pemEncodedEndpointCertificate == null) throw new EndpointCertificateException(EndpointCertificateException.Type.CERT_NOT_AVAILABLE, "Secret store returned null for certificate"); diff --git a/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/certificates/EndpointCertificateValidatorMock.java b/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/certificates/EndpointCertificateValidatorMock.java index 6bdf9037dc1..428058315c9 100644 --- a/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/certificates/EndpointCertificateValidatorMock.java +++ b/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/certificates/EndpointCertificateValidatorMock.java @@ -12,7 +12,7 @@ public class EndpointCertificateValidatorMock implements EndpointCertificateVali @Override public void validate( - EndpointCertificateMetadata endpointCertificateMetadata, + EndpointCertificate endpointCertificate, String serializedApplicationId, ZoneId zone, List<String> requiredNamesForZone) { |