diff options
author | Andreas Eriksen <andreer@verizonmedia.com> | 2022-04-06 23:15:57 +0200 |
---|---|---|
committer | GitHub <noreply@github.com> | 2022-04-06 23:15:57 +0200 |
commit | bc65f3e83649ca7d24b20b772beb2c6e0f648e6b (patch) | |
tree | aa762d3a807379280330671adbd23c0dbff77346 /controller-server | |
parent | 227412decb6c3933b10c2f851098392bed9375db (diff) |
Reapply "handler to re-request endpoint certificates"
Diffstat (limited to 'controller-server')
3 files changed, 79 insertions, 2 deletions
diff --git a/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/certificate/EndpointCertificates.java b/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/certificate/EndpointCertificates.java index 5e19b014083..996b53cc6f5 100644 --- a/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/certificate/EndpointCertificates.java +++ b/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/certificate/EndpointCertificates.java @@ -26,7 +26,7 @@ import java.util.stream.Collectors; /** * Looks up stored endpoint certificate metadata, provisions new certificates if none is found, - * re-provisions if zone is not covered, and uses refreshed certificates if a newer version is available. + * and re-provisions the certificate if the deploying-to zone is not covered. * * See also {@link com.yahoo.vespa.hosted.controller.maintenance.EndpointCertificateMaintainer}, which handles * refreshes, deletions and triggers deployments. diff --git a/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/certificate/EndpointCertificatesHandler.java b/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/certificate/EndpointCertificatesHandler.java new file mode 100644 index 00000000000..dc59f513509 --- /dev/null +++ b/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/certificate/EndpointCertificatesHandler.java @@ -0,0 +1,77 @@ +package com.yahoo.vespa.hosted.controller.certificate; + +import com.yahoo.config.provision.ApplicationId; +import com.yahoo.container.jdisc.HttpRequest; +import com.yahoo.container.jdisc.HttpResponse; +import com.yahoo.container.jdisc.ThreadedHttpRequestHandler; +import com.yahoo.restapi.RestApiException; +import com.yahoo.restapi.StringResponse; +import com.yahoo.vespa.hosted.controller.api.integration.ServiceRegistry; +import com.yahoo.vespa.hosted.controller.api.integration.certificates.EndpointCertificateMetadata; +import com.yahoo.vespa.hosted.controller.api.integration.certificates.EndpointCertificateProvider; +import com.yahoo.vespa.hosted.controller.api.integration.certificates.EndpointCertificateRequestMetadata; +import com.yahoo.vespa.hosted.controller.application.TenantAndApplicationId; +import com.yahoo.vespa.hosted.controller.persistence.CuratorDb; +import com.yahoo.vespa.hosted.controller.persistence.EndpointCertificateMetadataSerializer; + +import java.util.List; +import java.util.Optional; +import java.util.concurrent.Executor; +import java.util.stream.Collectors; + +import static com.yahoo.jdisc.http.HttpRequest.Method.GET; +import static com.yahoo.jdisc.http.HttpRequest.Method.POST; + +/** + * List all certificate requests for a system, with their requested DNS names. + * Used for debugging, and verifying basic functionality of Cameo client in CD. + * + * @author andreer + */ + +public class EndpointCertificatesHandler extends ThreadedHttpRequestHandler { + + private final EndpointCertificateProvider endpointCertificateProvider; + private final CuratorDb curator; + + public EndpointCertificatesHandler(Executor executor, ServiceRegistry serviceRegistry, CuratorDb curator) { + super(executor); + this.endpointCertificateProvider = serviceRegistry.endpointCertificateProvider(); + this.curator = curator; + } + + public HttpResponse handle(HttpRequest request) { + if (request.getMethod().equals(GET)) return listEndpointCertificates(); + if (request.getMethod().equals(POST)) return reRequestEndpointCertificateFor(request.getProperty("application")); + throw new RestApiException.MethodNotAllowed(request); + } + + public HttpResponse listEndpointCertificates() { + List<EndpointCertificateRequestMetadata> endpointCertificateMetadata = endpointCertificateProvider.listCertificates(); + + String requestsWithNames = endpointCertificateMetadata.stream() + .map(metadata -> metadata.requestId() + " : " + + String.join(", ", metadata.dnsNames().stream() + .map(dnsNameStatus -> dnsNameStatus.dnsName) + .collect(Collectors.joining(", ")))) + .collect(Collectors.joining("\n")); + + return new StringResponse(requestsWithNames); + } + + public StringResponse reRequestEndpointCertificateFor(String instanceId) { + ApplicationId applicationId = ApplicationId.fromFullString(instanceId); + + try (var lock = curator.lock(TenantAndApplicationId.from(applicationId))) { + EndpointCertificateMetadata endpointCertificateMetadata = curator.readEndpointCertificateMetadata(applicationId) + .orElseThrow(() -> new RestApiException.NotFound("No certificate found for application " + applicationId.serializedForm())); + + EndpointCertificateMetadata reRequestedMetadata = endpointCertificateProvider.requestCaSignedCertificate( + applicationId, endpointCertificateMetadata.requestedDnsSans(), Optional.of(endpointCertificateMetadata)); + + curator.writeEndpointCertificateMetadata(applicationId, reRequestedMetadata); + + return new StringResponse(EndpointCertificateMetadataSerializer.toSlime(reRequestedMetadata).toString()); + } + } +}
\ No newline at end of file diff --git a/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/maintenance/EndpointCertificateMaintainer.java b/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/maintenance/EndpointCertificateMaintainer.java index b996901c5d0..15f8d6380c0 100644 --- a/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/maintenance/EndpointCertificateMaintainer.java +++ b/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/maintenance/EndpointCertificateMaintainer.java @@ -34,7 +34,7 @@ import java.util.stream.Collectors; /** * Updates refreshed endpoint certificates and triggers redeployment, and deletes unused certificates. * <p> - * See also EndpointCertificateManager, which provisions, reprovisions and validates certificates on deploy + * See also class EndpointCertificates, which provisions, reprovisions and validates certificates on deploy * * @author andreer */ |