Merge pull request #12294 from vespa-engine/andreer/endpoint-cert-updates

make it possible to request an updated endpoint cert
author: Andreas Eriksen <andreer@verizonmedia.com> 2020-02-21 09:40:26 +0100
committer: GitHub <noreply@github.com> 2020-02-21 09:40:26 +0100
commit: f4fcb9465c3a3191b1d41531c93f29cae878c2da (patch)
tree: 1144d2fa05023ee0c520f25ee9cbd41da16cf279 /controller-api
parent: 7bf3943209a62678db8a007045505565f2815f7b (diff)
parent: 6cac8f95ca72bb0914b68bf7060e76ca8cf7eee2 (diff)
3 files changed, 20 insertions, 14 deletions
diff --git a/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/certificates/EndpointCertificateMetadata.java b/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/certificates/EndpointCertificateMetadata.java
index 0aa0df8ae2b..171c5caa756 100644
--- a/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/certificates/EndpointCertificateMetadata.java
+++ b/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/certificates/EndpointCertificateMetadata.java
@@ -18,25 +18,23 @@ public class EndpointCertificateMetadata {
     private final int version;
     private final Optional<String> request_id;
     private final Optional<List<String>> requestedDnsSans;
+    private final Optional<String> issuer;
 
     public EndpointCertificateMetadata(String keyName, String certName, int version) {
-        this.keyName = keyName;
-        this.certName = certName;
-        this.version = version;
-        this.request_id = Optional.empty();
-        this.requestedDnsSans = Optional.empty();
+        this(keyName, certName, version, Optional.empty(), Optional.empty(), Optional.empty());
+    }
+
+    public EndpointCertificateMetadata(String keyName, String certName, int version, String request_id, List<String> requestedDnsSans) {
+        this(keyName, certName, version, Optional.of(request_id), Optional.of(requestedDnsSans), Optional.empty());
     }
 
-    public EndpointCertificateMetadata(String keyName, String certName, int version, Optional<String> request_id, Optional<List<String>> requestedDnsSans) {
+    public EndpointCertificateMetadata(String keyName, String certName, int version, Optional<String> request_id, Optional<List<String>> requestedDnsSans, Optional<String> issuer) {
         this.keyName = keyName;
         this.certName = certName;
         this.version = version;
         this.request_id = request_id;
         this.requestedDnsSans = requestedDnsSans;
-    }
-
-    public EndpointCertificateMetadata(String keyName, String certName, int version, String request_id, List<String> requestedDnsSans) {
-        this(keyName, certName, version, Optional.of(request_id), Optional.of(requestedDnsSans));
+        this.issuer = issuer;
     }
 
     public String keyName() {
@@ -59,6 +57,10 @@ public class EndpointCertificateMetadata {
         return requestedDnsSans;
     }
 
+    public Optional<String> issuer() {
+        return issuer;
+    }
+
     @Override
     public String toString() {
         return "EndpointCertificateMetadata{" +
@@ -67,6 +69,7 @@ public class EndpointCertificateMetadata {
                 ", version=" + version +
                 ", request_id=" + request_id +
                 ", requestedDnsSans=" + requestedDnsSans +
+                ", issuer=" + issuer +
                 '}';
     }
 
@@ -79,11 +82,12 @@ public class EndpointCertificateMetadata {
                 keyName.equals(that.keyName) &&
                 certName.equals(that.certName) &&
                 request_id.equals(that.request_id) &&
-                requestedDnsSans.equals(that.requestedDnsSans);
+                requestedDnsSans.equals(that.requestedDnsSans) &&
+                issuer.equals(that.issuer);
     }
 
     @Override
     public int hashCode() {
-        return Objects.hash(keyName, certName, version, request_id, requestedDnsSans);
+        return Objects.hash(keyName, certName, version, request_id, requestedDnsSans, issuer);
     }
 }
diff --git a/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/certificates/EndpointCertificateMock.java b/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/certificates/EndpointCertificateMock.java
index 8e81400f3c8..c38ea158507 100644
--- a/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/certificates/EndpointCertificateMock.java
+++ b/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/certificates/EndpointCertificateMock.java
@@ -7,6 +7,7 @@ import java.util.Collections;
 import java.util.HashMap;
 import java.util.List;
 import java.util.Map;
+import java.util.Optional;
 import java.util.UUID;
 
 /**
@@ -21,7 +22,7 @@ public class EndpointCertificateMock implements EndpointCertificateProvider {
     }
 
     @Override
-    public EndpointCertificateMetadata requestCaSignedCertificate(ApplicationId applicationId, List<String> dnsNames) {
+    public EndpointCertificateMetadata requestCaSignedCertificate(ApplicationId applicationId, List<String> dnsNames, Optional<EndpointCertificateMetadata> currentMetadata) {
         this.dnsNames.put(applicationId, dnsNames);
         String endpointCertificatePrefix = String.format("vespa.tls.%s.%s@%s", applicationId.tenant(),
                 applicationId.application(),
diff --git a/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/certificates/EndpointCertificateProvider.java b/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/certificates/EndpointCertificateProvider.java
index 97d2bdb3343..9c5c25c1c71 100644
--- a/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/certificates/EndpointCertificateProvider.java
+++ b/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/certificates/EndpointCertificateProvider.java
@@ -4,6 +4,7 @@ package com.yahoo.vespa.hosted.controller.api.integration.certificates;
 import com.yahoo.config.provision.ApplicationId;
 
 import java.util.List;
+import java.util.Optional;
 
 /**
  * Generates an endpoint certificate for an application instance.
@@ -12,7 +13,7 @@ import java.util.List;
  */
 public interface EndpointCertificateProvider  {
 
-    EndpointCertificateMetadata requestCaSignedCertificate(ApplicationId applicationId, List<String> dnsNames);
+    EndpointCertificateMetadata requestCaSignedCertificate(ApplicationId applicationId, List<String> dnsNames, Optional<EndpointCertificateMetadata> currentMetadata);
 
     List<EndpointCertificateMetadata> listCertificates();
 }
author	Andreas Eriksen <andreer@verizonmedia.com>	2020-02-21 09:40:26 +0100
committer	GitHub <noreply@github.com>	2020-02-21 09:40:26 +0100
commit	f4fcb9465c3a3191b1d41531c93f29cae878c2da (patch)
tree	1144d2fa05023ee0c520f25ee9cbd41da16cf279 /controller-api
parent	7bf3943209a62678db8a007045505565f2815f7b (diff)
parent	6cac8f95ca72bb0914b68bf7060e76ca8cf7eee2 (diff)