diff options
| author | Andreas Eriksen <andreer@pvv.ntnu.no> | 2019-08-27 09:37:31 +0200 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2019-08-27 09:37:31 +0200 |
| commit | ca5436591223efba44473340f66a937a703fcc87 (patch) | |
| tree | dceb7fd1c53887baf290a52ffdc969fa50db01b1 /controller-server | |
| parent | 6d6431e7544f31e4aa30e5268894b7e89e309ce2 (diff) | |
Revert "Revert "provision certificates for directly routed zones""
Diffstat (limited to 'controller-server')
2 files changed, 10 insertions, 5 deletions
diff --git a/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/ApplicationController.java b/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/ApplicationController.java index 64f9d042121..6695077d4a9 100644 --- a/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/ApplicationController.java +++ b/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/ApplicationController.java @@ -11,6 +11,7 @@ import com.yahoo.config.provision.ClusterSpec; import com.yahoo.config.provision.Environment; import com.yahoo.config.provision.RegionName; import com.yahoo.config.provision.TenantName; +import com.yahoo.config.provision.zone.ZoneApi; import com.yahoo.config.provision.zone.ZoneId; import com.yahoo.vespa.athenz.api.AthenzDomain; import com.yahoo.vespa.athenz.api.AthenzIdentity; @@ -370,8 +371,13 @@ public class ApplicationController { .forEach(legacyRotations::add); } - // Get application certificate (provisions a new certificate if missing) - applicationCertificate = getApplicationCertificate(application.get()); + if (controller.zoneRegistry().zones().directlyRouted().ids().contains(zone)) { + // Get application certificate (provisions a new certificate if missing) + List<? extends ZoneApi> zones = controller.zoneRegistry().zones().all().zones(); + applicationCertificate = getApplicationCertificate(application.get()); + } else { + applicationCertificate = Optional.empty(); + } // Update application with information from application package if ( ! preferOldestVersion @@ -544,7 +550,6 @@ public class ApplicationController { if(applicationCertificate.isPresent()) return applicationCertificate; - // TODO(tokle): Verify that the application is deploying to a zone where certificate provisioning is enabled boolean provisionCertificate = provisionApplicationCertificate.with(FetchVector.Dimension.APPLICATION_ID, application.id().serializedForm()).value(); if (!provisionCertificate) { diff --git a/controller-server/src/test/java/com/yahoo/vespa/hosted/controller/ControllerTest.java b/controller-server/src/test/java/com/yahoo/vespa/hosted/controller/ControllerTest.java index 6f8a10543e7..15470dab842 100644 --- a/controller-server/src/test/java/com/yahoo/vespa/hosted/controller/ControllerTest.java +++ b/controller-server/src/test/java/com/yahoo/vespa/hosted/controller/ControllerTest.java @@ -706,7 +706,7 @@ public class ControllerTest { } @Test - public void testDeployProvisionsCertificate() { + public void testDeploySelectivelyProvisionsCertificate() { ((InMemoryFlagSource) tester.controller().flagSource()).withBooleanFlag(Flags.PROVISION_APPLICATION_CERTIFICATE.id(), true); Function<Application, Optional<ApplicationCertificate>> certificate = (application) -> tester.controller().curator().readApplicationCertificate(application.id()); @@ -732,7 +732,7 @@ public class ControllerTest { tester.controller().applications().deploy(app2.id(), zone, Optional.of(applicationPackage), DeployOptions.none()); assertTrue("Application deployed and activated", tester.controllerTester().configServer().application(app2.id()).get().activated()); - assertTrue("Provisions certificate in " + Environment.dev, certificate.apply(app2).isPresent()); + assertFalse("Does not provision certificate in " + Environment.dev, certificate.apply(app2).isPresent()); } @Test |