diff options
author | Morten Tokle <mortent@yahooinc.com> | 2023-06-12 22:45:43 +0200 |
---|---|---|
committer | Morten Tokle <mortent@yahooinc.com> | 2023-06-12 22:45:43 +0200 |
commit | 362ddb0749608a5ace2be1caa5507ca9d3895eaf (patch) | |
tree | eff7d386e26d0d293f123a16139d10b19e84ebd7 /controller-api | |
parent | 5f25e0ba346c04ccc27c60cc410c0ed2fdb6b06b (diff) |
API to generate/list/delete dataplane tokens
Diffstat (limited to 'controller-api')
7 files changed, 84 insertions, 3 deletions
diff --git a/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/dataplanetoken/DataplaneToken.java b/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/dataplanetoken/DataplaneToken.java new file mode 100644 index 00000000000..f0cc87df1fe --- /dev/null +++ b/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/dataplanetoken/DataplaneToken.java @@ -0,0 +1,12 @@ +// Copyright Yahoo. Licensed under the terms of the Apache 2.0 license. See LICENSE in the project root. +package com.yahoo.vespa.hosted.controller.api.integration.dataplanetoken; + +/** + * Represents a generated data plane token. + * + * Note: This _MUST_ not be persisted. + * + * @author mortent + */ +public record DataplaneToken(TokenId tokenId, FingerPrint fingerPrint, String tokenValue) { +} diff --git a/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/dataplanetoken/DataplaneTokenVersions.java b/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/dataplanetoken/DataplaneTokenVersions.java new file mode 100644 index 00000000000..618bfbc8a41 --- /dev/null +++ b/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/dataplanetoken/DataplaneTokenVersions.java @@ -0,0 +1,15 @@ +// Copyright Yahoo. Licensed under the terms of the Apache 2.0 license. See LICENSE in the project root. +package com.yahoo.vespa.hosted.controller.api.integration.dataplanetoken; + +import java.time.Instant; +import java.util.List; + +/** + * List of dataplane token versions of a token id. + * + * @author mortent + */ +public record DataplaneTokenVersions(TokenId tokenId, List<Version> tokenVersions) { + public record Version(FingerPrint fingerPrint, String checkAccessHash, Instant creationTime, String author) { + } +} diff --git a/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/dataplanetoken/FingerPrint.java b/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/dataplanetoken/FingerPrint.java new file mode 100644 index 00000000000..3f019e8ae75 --- /dev/null +++ b/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/dataplanetoken/FingerPrint.java @@ -0,0 +1,23 @@ +// Copyright Yahoo. Licensed under the terms of the Apache 2.0 license. See LICENSE in the project root. +package com.yahoo.vespa.hosted.controller.api.integration.dataplanetoken; + +import ai.vespa.validation.PatternedStringWrapper; + +import java.util.regex.Pattern; + +/** + * A fingerprint to be used in dataplane token apis + */ +public class FingerPrint extends PatternedStringWrapper<FingerPrint> { + + static final Pattern namePattern = Pattern.compile("([a-f0-9]{2}:)+[a-f0-9]{2}"); + + private FingerPrint(String name) { + super(name, namePattern, "fingerPrint"); + } + + public static FingerPrint of(String value) { + return new FingerPrint(value); + } + +} diff --git a/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/dataplanetoken/TokenId.java b/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/dataplanetoken/TokenId.java new file mode 100644 index 00000000000..a1ddd8b4bce --- /dev/null +++ b/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/dataplanetoken/TokenId.java @@ -0,0 +1,23 @@ +// Copyright Yahoo. Licensed under the terms of the Apache 2.0 license. See LICENSE in the project root. +package com.yahoo.vespa.hosted.controller.api.integration.dataplanetoken; + +import ai.vespa.validation.PatternedStringWrapper; + +import java.util.regex.Pattern; + +/** + * A token id to be used in dataplane tokens + */ +public class TokenId extends PatternedStringWrapper<TokenId> { + + static final Pattern namePattern = Pattern.compile("[A-Za-z][A-Za-z0-9_-]{0,59}"); + + private TokenId(String name) { + super(name, namePattern, "tokenId"); + } + + public static TokenId of(String value) { + return new TokenId(value); + } + +} diff --git a/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/role/PathGroup.java b/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/role/PathGroup.java index ccf79e7eca3..1a8f4103659 100644 --- a/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/role/PathGroup.java +++ b/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/role/PathGroup.java @@ -267,7 +267,10 @@ enum PathGroup { "/application/v4/tenant/{tenant}/access/managed/operator"), /** Path used for email verification */ - emailVerification("/user/v1/email/verify"); + emailVerification("/user/v1/email/verify"), + + /** Path used for dataplane token */ + dataplaneToken(Matcher.tenant,"/application/v4/tenant/{tenant}/token", "/application/v4/tenant/{tenant}/token/{ignored}"); final List<String> pathSpecs; final List<Matcher> matchers; diff --git a/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/role/Policy.java b/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/role/Policy.java index 2f8ea368b21..15d8d8dfdbe 100644 --- a/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/role/Policy.java +++ b/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/role/Policy.java @@ -216,7 +216,11 @@ enum Policy { emailVerification(Privilege.grant(Action.create) .on(PathGroup.emailVerification) - .in(SystemName.PublicCd, SystemName.Public)); + .in(SystemName.PublicCd, SystemName.Public)), + + dataplaneToken(Privilege.grant(Action.all()) + .on(PathGroup.dataplaneToken) + .in(SystemName.PublicCd, SystemName.Public)); private final Set<Privilege> privileges; diff --git a/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/role/RoleDefinition.java b/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/role/RoleDefinition.java index e40c99a64be..e3f9ba54e1a 100644 --- a/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/role/RoleDefinition.java +++ b/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/role/RoleDefinition.java @@ -59,7 +59,8 @@ public enum RoleDefinition { Policy.paymentInstrumentRead, Policy.paymentInstrumentDelete, Policy.billingInformationRead, - Policy.secretStoreOperations), + Policy.secretStoreOperations, + Policy.dataplaneToken), /** Developer for manual deployments for a tenant */ hostedDeveloper(Policy.developmentDeployment), |