API to generate/list/delete dataplane tokens

author: Morten Tokle <mortent@yahooinc.com> 2023-06-12 22:45:43 +0200
committer: Morten Tokle <mortent@yahooinc.com> 2023-06-12 22:45:43 +0200
commit: 362ddb0749608a5ace2be1caa5507ca9d3895eaf (patch)
tree: eff7d386e26d0d293f123a16139d10b19e84ebd7 /controller-api
parent: 5f25e0ba346c04ccc27c60cc410c0ed2fdb6b06b (diff)
7 files changed, 84 insertions, 3 deletions
diff --git a/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/dataplanetoken/DataplaneToken.java b/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/dataplanetoken/DataplaneToken.java
new file mode 100644
index 00000000000..f0cc87df1fe
--- /dev/null
+++ b/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/dataplanetoken/DataplaneToken.java
@@ -0,0 +1,12 @@
+// Copyright Yahoo. Licensed under the terms of the Apache 2.0 license. See LICENSE in the project root.
+package com.yahoo.vespa.hosted.controller.api.integration.dataplanetoken;
+
+/**
+ * Represents a generated data plane token.
+ *
+ * Note: This _MUST_ not be persisted.
+ *
+ * @author mortent
+ */
+public record DataplaneToken(TokenId tokenId, FingerPrint fingerPrint, String tokenValue) {
+}
diff --git a/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/dataplanetoken/DataplaneTokenVersions.java b/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/dataplanetoken/DataplaneTokenVersions.java
new file mode 100644
index 00000000000..618bfbc8a41
--- /dev/null
+++ b/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/dataplanetoken/DataplaneTokenVersions.java
@@ -0,0 +1,15 @@
+// Copyright Yahoo. Licensed under the terms of the Apache 2.0 license. See LICENSE in the project root.
+package com.yahoo.vespa.hosted.controller.api.integration.dataplanetoken;
+
+import java.time.Instant;
+import java.util.List;
+
+/**
+ * List of dataplane token versions of a token id.
+ *
+ * @author mortent
+ */
+public record DataplaneTokenVersions(TokenId tokenId, List<Version> tokenVersions) {
+    public record Version(FingerPrint fingerPrint, String checkAccessHash, Instant creationTime, String author) {
+    }
+}
diff --git a/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/dataplanetoken/FingerPrint.java b/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/dataplanetoken/FingerPrint.java
new file mode 100644
index 00000000000..3f019e8ae75
--- /dev/null
+++ b/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/dataplanetoken/FingerPrint.java
@@ -0,0 +1,23 @@
+// Copyright Yahoo. Licensed under the terms of the Apache 2.0 license. See LICENSE in the project root.
+package com.yahoo.vespa.hosted.controller.api.integration.dataplanetoken;
+
+import ai.vespa.validation.PatternedStringWrapper;
+
+import java.util.regex.Pattern;
+
+/**
+ * A fingerprint to be used in dataplane token apis
+ */
+public class FingerPrint extends PatternedStringWrapper<FingerPrint> {
+
+    static final Pattern namePattern = Pattern.compile("([a-f0-9]{2}:)+[a-f0-9]{2}");
+
+    private FingerPrint(String name) {
+        super(name, namePattern, "fingerPrint");
+    }
+
+    public static FingerPrint of(String value) {
+        return new FingerPrint(value);
+    }
+
+}
diff --git a/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/dataplanetoken/TokenId.java b/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/dataplanetoken/TokenId.java
new file mode 100644
index 00000000000..a1ddd8b4bce
--- /dev/null
+++ b/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/dataplanetoken/TokenId.java
@@ -0,0 +1,23 @@
+// Copyright Yahoo. Licensed under the terms of the Apache 2.0 license. See LICENSE in the project root.
+package com.yahoo.vespa.hosted.controller.api.integration.dataplanetoken;
+
+import ai.vespa.validation.PatternedStringWrapper;
+
+import java.util.regex.Pattern;
+
+/**
+ * A token id to be used in dataplane tokens
+ */
+public class TokenId extends PatternedStringWrapper<TokenId> {
+
+    static final Pattern namePattern = Pattern.compile("[A-Za-z][A-Za-z0-9_-]{0,59}");
+
+    private TokenId(String name) {
+        super(name, namePattern, "tokenId");
+    }
+
+    public static TokenId of(String value) {
+        return new TokenId(value);
+    }
+
+}
diff --git a/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/role/PathGroup.java b/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/role/PathGroup.java
index ccf79e7eca3..1a8f4103659 100644
--- a/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/role/PathGroup.java
+++ b/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/role/PathGroup.java
@@ -267,7 +267,10 @@ enum PathGroup {
             "/application/v4/tenant/{tenant}/access/managed/operator"),
 
     /** Path used for email verification */
-    emailVerification("/user/v1/email/verify");
+    emailVerification("/user/v1/email/verify"),
+
+    /** Path used for dataplane token */
+    dataplaneToken(Matcher.tenant,"/application/v4/tenant/{tenant}/token", "/application/v4/tenant/{tenant}/token/{ignored}");
 
     final List<String> pathSpecs;
     final List<Matcher> matchers;
diff --git a/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/role/Policy.java b/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/role/Policy.java
index 2f8ea368b21..15d8d8dfdbe 100644
--- a/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/role/Policy.java
+++ b/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/role/Policy.java
@@ -216,7 +216,11 @@ enum Policy {
 
     emailVerification(Privilege.grant(Action.create)
                         .on(PathGroup.emailVerification)
-                        .in(SystemName.PublicCd, SystemName.Public));
+                        .in(SystemName.PublicCd, SystemName.Public)),
+
+    dataplaneToken(Privilege.grant(Action.all())
+                           .on(PathGroup.dataplaneToken)
+                           .in(SystemName.PublicCd, SystemName.Public));
 
     private final Set<Privilege> privileges;
 
diff --git a/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/role/RoleDefinition.java b/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/role/RoleDefinition.java
index e40c99a64be..e3f9ba54e1a 100644
--- a/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/role/RoleDefinition.java
+++ b/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/role/RoleDefinition.java
@@ -59,7 +59,8 @@ public enum RoleDefinition {
               Policy.paymentInstrumentRead,
               Policy.paymentInstrumentDelete,
               Policy.billingInformationRead,
-              Policy.secretStoreOperations),
+              Policy.secretStoreOperations,
+              Policy.dataplaneToken),
 
     /** Developer for manual deployments for a tenant */
     hostedDeveloper(Policy.developmentDeployment),
author	Morten Tokle <mortent@yahooinc.com>	2023-06-12 22:45:43 +0200
committer	Morten Tokle <mortent@yahooinc.com>	2023-06-12 22:45:43 +0200
commit	362ddb0749608a5ace2be1caa5507ca9d3895eaf (patch)
tree	eff7d386e26d0d293f123a16139d10b19e84ebd7 /controller-api
parent	5f25e0ba346c04ccc27c60cc410c0ed2fdb6b06b (diff)