diff options
author | bjormel <bjormel@yahooinc.com> | 2023-10-26 13:59:28 +0000 |
---|---|---|
committer | bjormel <bjormel@yahooinc.com> | 2023-10-26 13:59:28 +0000 |
commit | 567be9a1f6353cec41c23bfd1fcd46b4b2a4d2d7 (patch) | |
tree | 4664a743e166a5e11aee7b9acd70ad8ee2617612 /controller-server/src/main/java/com/yahoo/vespa/hosted/controller/routing/PreparedEndpoints.java | |
parent | e9058b555d4dfea2f6c872d9a677e8678b569569 (diff) | |
parent | bce3b8e926bf9da880172acbe1ba4b12d5e026d6 (diff) |
Merge branch 'master' into bjormel/aws-main-controllerbjormel/aws-main-controller
Diffstat (limited to 'controller-server/src/main/java/com/yahoo/vespa/hosted/controller/routing/PreparedEndpoints.java')
-rw-r--r-- | controller-server/src/main/java/com/yahoo/vespa/hosted/controller/routing/PreparedEndpoints.java | 18 |
1 files changed, 15 insertions, 3 deletions
diff --git a/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/routing/PreparedEndpoints.java b/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/routing/PreparedEndpoints.java index 62dc8eab1c7..63b17a087f2 100644 --- a/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/routing/PreparedEndpoints.java +++ b/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/routing/PreparedEndpoints.java @@ -1,3 +1,4 @@ +// Copyright Vespa.ai. Licensed under the terms of the Apache 2.0 license. See LICENSE in the project root. package com.yahoo.vespa.hosted.controller.routing; import com.yahoo.vespa.hosted.controller.api.identifiers.DeploymentId; @@ -27,13 +28,13 @@ import java.util.stream.Collectors; public record PreparedEndpoints(DeploymentId deployment, EndpointList endpoints, List<AssignedRotation> rotations, - Optional<EndpointCertificate> certificate) { + EndpointCertificate certificate) { - public PreparedEndpoints(DeploymentId deployment, EndpointList endpoints, List<AssignedRotation> rotations, Optional<EndpointCertificate> certificate) { + public PreparedEndpoints(DeploymentId deployment, EndpointList endpoints, List<AssignedRotation> rotations, EndpointCertificate certificate) { this.deployment = Objects.requireNonNull(deployment); this.endpoints = Objects.requireNonNull(endpoints); this.rotations = List.copyOf(Objects.requireNonNull(rotations)); - this.certificate = Objects.requireNonNull(certificate); + this.certificate = requireMatchingSans(certificate, endpoints); } /** Returns the endpoints contained in this as {@link com.yahoo.vespa.hosted.controller.api.integration.configserver.ContainerEndpoint} */ @@ -100,4 +101,15 @@ public record PreparedEndpoints(DeploymentId deployment, }; } + private static EndpointCertificate requireMatchingSans(EndpointCertificate certificate, EndpointList endpoints) { + Objects.requireNonNull(certificate); + for (var endpoint : endpoints.not().scope(Endpoint.Scope.weighted)) { // Weighted endpoints are not present in certificate + if (!certificate.sanMatches(endpoint.dnsName())) { + throw new IllegalArgumentException(endpoint + " has no matching SAN. Certificate contains " + + certificate.requestedDnsSans()); + } + } + return certificate; + } + } |