summaryrefslogtreecommitdiffstats
path: root/controller-api
diff options
context:
space:
mode:
authorMorten Tokle <mortent@oath.com>2019-06-12 14:34:42 +0200
committerMorten Tokle <mortent@verizonmedia.com>2019-06-25 22:35:18 +0200
commit32e6286798fb36f6420fc718427def17dd3a1398 (patch)
tree8ed85a74bc07af871f69a4a2f9c97dc3659b5642 /controller-api
parentf36d37dc06b87de6a039ef4bcbeb2e0da1456dc2 (diff)
Request certificates for whitelisted apps. Send certificate reference with deploy
Diffstat (limited to 'controller-api')
-rw-r--r--controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/certificates/ApplicationCertificate.java31
-rw-r--r--controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/certificates/ApplicationCertificateProvider.java12
-rw-r--r--controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/certificates/CertificateProvider.java14
-rw-r--r--controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/certificates/KeyId.java18
-rw-r--r--controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/certificates/KeyPairProvider.java14
-rw-r--r--controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/certificates/VersionedKeyPair.java28
-rw-r--r--controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/configserver/ConfigServer.java3
7 files changed, 33 insertions, 87 deletions
diff --git a/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/certificates/ApplicationCertificate.java b/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/certificates/ApplicationCertificate.java
index e4d0c8246d9..dbcb44d1711 100644
--- a/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/certificates/ApplicationCertificate.java
+++ b/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/certificates/ApplicationCertificate.java
@@ -1,29 +1,36 @@
// Copyright 2019 Oath Inc. Licensed under the terms of the Apache 2.0 license. See LICENSE in the project root.
package com.yahoo.vespa.hosted.controller.api.integration.certificates;
-import java.security.cert.X509Certificate;
-import java.util.List;
+import java.util.Objects;
/**
- * Represents a certificate chain and a reference to the private key used for generating the certificate
+ * Represents a reference to a certificate and private key.
*
* @author mortent
* @author andreer
*/
public class ApplicationCertificate {
- private final List<X509Certificate> certificateChain;
- private final KeyId keyId;
- public ApplicationCertificate(List<X509Certificate> certificateChain, KeyId keyId) {
- this.certificateChain = certificateChain;
- this.keyId = keyId;
+ private final String secretsKeyNamePrefix;
+
+ public ApplicationCertificate(String secretsKeyNamePrefix) {
+ this.secretsKeyNamePrefix = secretsKeyNamePrefix;
+ }
+
+ public String secretsKeyNamePrefix() {
+ return secretsKeyNamePrefix;
}
- public List<X509Certificate> certificateChain() {
- return certificateChain;
+ @Override
+ public boolean equals(Object o) {
+ if (this == o) return true;
+ if (o == null || getClass() != o.getClass()) return false;
+ ApplicationCertificate that = (ApplicationCertificate) o;
+ return Objects.equals(secretsKeyNamePrefix, that.secretsKeyNamePrefix);
}
- public KeyId keyId() {
- return keyId;
+ @Override
+ public int hashCode() {
+ return Objects.hash(secretsKeyNamePrefix);
}
}
diff --git a/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/certificates/ApplicationCertificateProvider.java b/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/certificates/ApplicationCertificateProvider.java
new file mode 100644
index 00000000000..fa489a6b754
--- /dev/null
+++ b/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/certificates/ApplicationCertificateProvider.java
@@ -0,0 +1,12 @@
+package com.yahoo.vespa.hosted.controller.api.integration.certificates;
+
+import com.yahoo.config.provision.ApplicationId;
+
+/**
+ * Generates a certificate.
+ *
+ * @author andreer
+ */
+public interface ApplicationCertificateProvider {
+ ApplicationCertificate requestCaSignedCertificate(ApplicationId applicationId);
+}
diff --git a/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/certificates/CertificateProvider.java b/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/certificates/CertificateProvider.java
deleted file mode 100644
index d2462eb574f..00000000000
--- a/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/certificates/CertificateProvider.java
+++ /dev/null
@@ -1,14 +0,0 @@
-package com.yahoo.vespa.hosted.controller.api.integration.certificates;
-
-import java.security.KeyPair;
-import java.security.cert.X509Certificate;
-import java.util.List;
-
-/**
- * Generates a certificate.
- *
- * @author andreer
- */
-public interface CertificateProvider {
- List<X509Certificate> requestCaSignedCertificate(KeyPair keyPair, List<String> domains);
-}
diff --git a/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/certificates/KeyId.java b/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/certificates/KeyId.java
deleted file mode 100644
index 3ab22d4a5b7..00000000000
--- a/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/certificates/KeyId.java
+++ /dev/null
@@ -1,18 +0,0 @@
-// Copyright 2019 Oath Inc. Licensed under the terms of the Apache 2.0 license. See LICENSE in the project root.
-package com.yahoo.vespa.hosted.controller.api.integration.certificates;
-
-/**
- * Identifier for a key pair. Used for persisting/retrieving a key pair.
- *
- * @author mortent
- * @author andreer
- */
-public class KeyId {
- private final String name;
- private final int version;
-
- public KeyId(String name, int version) {
- this.name = name;
- this.version = version;
- }
-}
diff --git a/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/certificates/KeyPairProvider.java b/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/certificates/KeyPairProvider.java
deleted file mode 100644
index a872bf63343..00000000000
--- a/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/certificates/KeyPairProvider.java
+++ /dev/null
@@ -1,14 +0,0 @@
-// Copyright 2019 Oath Inc. Licensed under the terms of the Apache 2.0 license. See LICENSE in the project root.
-package com.yahoo.vespa.hosted.controller.api.integration.certificates;
-
-import com.yahoo.config.provision.ApplicationId;
-
-/**
- * Provides a key pair. Generates and persists the key pair if not found.
- *
- * @author mortent
- * @author andreer
- */
-public interface KeyPairProvider {
- VersionedKeyPair getKeyPair(ApplicationId applicationId);
-}
diff --git a/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/certificates/VersionedKeyPair.java b/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/certificates/VersionedKeyPair.java
deleted file mode 100644
index c95303b9497..00000000000
--- a/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/certificates/VersionedKeyPair.java
+++ /dev/null
@@ -1,28 +0,0 @@
-// Copyright 2019 Oath Inc. Licensed under the terms of the Apache 2.0 license. See LICENSE in the project root.
-package com.yahoo.vespa.hosted.controller.api.integration.certificates;
-
-import java.security.KeyPair;
-
-/**
- * Represents a key pair and an unique persistence identifier
- *
- * @author mortent
- * @author andreer
- */
-public class VersionedKeyPair {
- private final KeyId keyId;
- private final KeyPair keyPair;
-
- public VersionedKeyPair(KeyId keyId, KeyPair keyPair) {
- this.keyId = keyId;
- this.keyPair = keyPair;
- }
-
- public KeyId keyId() {
- return keyId;
- }
-
- public KeyPair keyPair() {
- return keyPair;
- }
-}
diff --git a/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/configserver/ConfigServer.java b/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/configserver/ConfigServer.java
index 20469e6449a..ba00203ec34 100644
--- a/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/configserver/ConfigServer.java
+++ b/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/configserver/ConfigServer.java
@@ -8,6 +8,7 @@ import com.yahoo.vespa.hosted.controller.api.application.v4.model.DeployOptions;
import com.yahoo.vespa.hosted.controller.api.application.v4.model.EndpointStatus;
import com.yahoo.vespa.hosted.controller.api.identifiers.DeploymentId;
import com.yahoo.vespa.hosted.controller.api.identifiers.Hostname;
+import com.yahoo.vespa.hosted.controller.api.integration.certificates.ApplicationCertificate;
import com.yahoo.vespa.serviceview.bindings.ApplicationView;
import java.io.IOException;
@@ -29,7 +30,7 @@ public interface ConfigServer {
}
PreparedApplication deploy(DeploymentId deployment, DeployOptions deployOptions, Set<String> rotationNames,
- List<ContainerEndpoint> containerEndpoints, byte[] content);
+ List<ContainerEndpoint> containerEndpoints, ApplicationCertificate applicationCertificate, byte[] content);
void restart(DeploymentId deployment, Optional<Hostname> hostname);