Reapply "handler to re-request endpoint certificates"

author: Andreas Eriksen <andreer@verizonmedia.com> 2022-04-06 23:15:57 +0200
committer: GitHub <noreply@github.com> 2022-04-06 23:15:57 +0200
commit: bc65f3e83649ca7d24b20b772beb2c6e0f648e6b (patch)
tree: aa762d3a807379280330671adbd23c0dbff77346 /controller-server
parent: 227412decb6c3933b10c2f851098392bed9375db (diff)
3 files changed, 79 insertions, 2 deletions
diff --git a/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/certificate/EndpointCertificates.java b/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/certificate/EndpointCertificates.java
index 5e19b014083..996b53cc6f5 100644
--- a/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/certificate/EndpointCertificates.java
+++ b/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/certificate/EndpointCertificates.java
@@ -26,7 +26,7 @@ import java.util.stream.Collectors;
 
 /**
  * Looks up stored endpoint certificate metadata, provisions new certificates if none is found,
- * re-provisions if zone is not covered, and uses refreshed certificates if a newer version is available.
+ * and re-provisions the certificate if the deploying-to zone is not covered.
  *
  * See also {@link com.yahoo.vespa.hosted.controller.maintenance.EndpointCertificateMaintainer}, which handles
  * refreshes, deletions and triggers deployments.
diff --git a/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/certificate/EndpointCertificatesHandler.java b/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/certificate/EndpointCertificatesHandler.java
new file mode 100644
index 00000000000..dc59f513509
--- /dev/null
+++ b/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/certificate/EndpointCertificatesHandler.java
@@ -0,0 +1,77 @@
+package com.yahoo.vespa.hosted.controller.certificate;
+
+import com.yahoo.config.provision.ApplicationId;
+import com.yahoo.container.jdisc.HttpRequest;
+import com.yahoo.container.jdisc.HttpResponse;
+import com.yahoo.container.jdisc.ThreadedHttpRequestHandler;
+import com.yahoo.restapi.RestApiException;
+import com.yahoo.restapi.StringResponse;
+import com.yahoo.vespa.hosted.controller.api.integration.ServiceRegistry;
+import com.yahoo.vespa.hosted.controller.api.integration.certificates.EndpointCertificateMetadata;
+import com.yahoo.vespa.hosted.controller.api.integration.certificates.EndpointCertificateProvider;
+import com.yahoo.vespa.hosted.controller.api.integration.certificates.EndpointCertificateRequestMetadata;
+import com.yahoo.vespa.hosted.controller.application.TenantAndApplicationId;
+import com.yahoo.vespa.hosted.controller.persistence.CuratorDb;
+import com.yahoo.vespa.hosted.controller.persistence.EndpointCertificateMetadataSerializer;
+
+import java.util.List;
+import java.util.Optional;
+import java.util.concurrent.Executor;
+import java.util.stream.Collectors;
+
+import static com.yahoo.jdisc.http.HttpRequest.Method.GET;
+import static com.yahoo.jdisc.http.HttpRequest.Method.POST;
+
+/**
+ * List all certificate requests for a system, with their requested DNS names.
+ * Used for debugging, and verifying basic functionality of Cameo client in CD.
+ *
+ * @author andreer
+ */
+
+public class EndpointCertificatesHandler extends ThreadedHttpRequestHandler {
+
+    private final EndpointCertificateProvider endpointCertificateProvider;
+    private final CuratorDb curator;
+
+    public EndpointCertificatesHandler(Executor executor, ServiceRegistry serviceRegistry, CuratorDb curator) {
+        super(executor);
+        this.endpointCertificateProvider = serviceRegistry.endpointCertificateProvider();
+        this.curator = curator;
+    }
+
+    public HttpResponse handle(HttpRequest request) {
+        if (request.getMethod().equals(GET)) return listEndpointCertificates();
+        if (request.getMethod().equals(POST)) return reRequestEndpointCertificateFor(request.getProperty("application"));
+        throw new RestApiException.MethodNotAllowed(request);
+    }
+
+    public HttpResponse listEndpointCertificates() {
+        List<EndpointCertificateRequestMetadata> endpointCertificateMetadata = endpointCertificateProvider.listCertificates();
+
+        String requestsWithNames = endpointCertificateMetadata.stream()
+                .map(metadata -> metadata.requestId() + " : " +
+                        String.join(", ", metadata.dnsNames().stream()
+                                .map(dnsNameStatus -> dnsNameStatus.dnsName)
+                                .collect(Collectors.joining(", "))))
+                .collect(Collectors.joining("\n"));
+
+        return new StringResponse(requestsWithNames);
+    }
+
+    public StringResponse reRequestEndpointCertificateFor(String instanceId) {
+        ApplicationId applicationId = ApplicationId.fromFullString(instanceId);
+
+        try (var lock = curator.lock(TenantAndApplicationId.from(applicationId))) {
+            EndpointCertificateMetadata endpointCertificateMetadata = curator.readEndpointCertificateMetadata(applicationId)
+                    .orElseThrow(() -> new RestApiException.NotFound("No certificate found for application " + applicationId.serializedForm()));
+
+            EndpointCertificateMetadata reRequestedMetadata = endpointCertificateProvider.requestCaSignedCertificate(
+                    applicationId, endpointCertificateMetadata.requestedDnsSans(), Optional.of(endpointCertificateMetadata));
+
+            curator.writeEndpointCertificateMetadata(applicationId, reRequestedMetadata);
+
+            return new StringResponse(EndpointCertificateMetadataSerializer.toSlime(reRequestedMetadata).toString());
+        }
+    }
+}
+\ No newline at end of file
diff --git a/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/maintenance/EndpointCertificateMaintainer.java b/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/maintenance/EndpointCertificateMaintainer.java
index b996901c5d0..15f8d6380c0 100644
--- a/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/maintenance/EndpointCertificateMaintainer.java
+++ b/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/maintenance/EndpointCertificateMaintainer.java
@@ -34,7 +34,7 @@ import java.util.stream.Collectors;
 /**
  * Updates refreshed endpoint certificates and triggers redeployment, and deletes unused certificates.
  * <p>
- * See also EndpointCertificateManager, which provisions, reprovisions and validates certificates on deploy
+ * See also class EndpointCertificates, which provisions, reprovisions and validates certificates on deploy
  *
  * @author andreer
  */
author	Andreas Eriksen <andreer@verizonmedia.com>	2022-04-06 23:15:57 +0200
committer	GitHub <noreply@github.com>	2022-04-06 23:15:57 +0200
commit	bc65f3e83649ca7d24b20b772beb2c6e0f648e6b (patch)
tree	aa762d3a807379280330671adbd23c0dbff77346 /controller-server
parent	227412decb6c3933b10c2f851098392bed9375db (diff)