randomized endpoint cert pool (#27488)

* randomized endpoint cert pool * test name format * recordify EndpointCertificateMetadata * save randomized id to cert * assigned randomized endpoint cert to app when flag is set * remove assigned certs from ready pool * skip validation of SANs for randomized certs * remove unused clock * reminder to assign randomized certs at application level * remove getters, move comments to record constructor * camel case field name * CertPoolMaintainer -> CertificatePoolMaintainer * fix enum names * randomIdentifier -> generateRandomId * Wire maintainer * Add PooledCertificateSerializer * Use PooledCertificate * Remove unused enum * exclude all cert pool ids from cleanup * don't set randomizedId in mock * use SecureRandom for id generation * fix NodesV2ApiTest * add cert request method without applicationId * remove unused import * assert on generated key names, remove unused clock * remove unused import * don't use : in ckms prefix! * entirely remove application id from cert provider interface * use correct key prefix in handler too * Assign certificate to application from pool * PooledCertificate -> UnassignedCertificate * Read/write AssignedCertificate everywhere --------- Co-authored-by: Martin Polden <mpolden@mpolden.no>
author: Andreas Eriksen <andreer@yahooinc.com> 2023-06-22 11:33:43 +0200
committer: GitHub <noreply@github.com> 2023-06-22 11:33:43 +0200
commit: f403069d4be06425dfc101fc7468c0cb2f7afb4f (patch)
tree: 3d28ccd708e024997fb1c1d1f816868f9733ef1c /flags
parent: aa981de24a14dba41fcb370d550fdf053b5433f8 (diff)
1 files changed, 7 insertions, 1 deletions
diff --git a/flags/src/main/java/com/yahoo/vespa/flags/Flags.java b/flags/src/main/java/com/yahoo/vespa/flags/Flags.java
index 151b31feb63..6ba0f394d38 100644
--- a/flags/src/main/java/com/yahoo/vespa/flags/Flags.java
+++ b/flags/src/main/java/com/yahoo/vespa/flags/Flags.java
@@ -379,7 +379,7 @@ public class Flags {
     );
 
     public static final UnboundBooleanFlag ENABLE_CROWDSTRIKE = defineFeatureFlag(
-            "enable-crowdstrike", true, List.of("andreer"), "2023-04-13", "2023-07-13",
+            "enable-crowdstrike", true, List.of("andreer"), "2023-04-13", "2023-07-25",
             "Whether to enable CrowdStrike.", "Takes effect on next host admin tick",
             HOSTNAME);
 
@@ -401,6 +401,12 @@ public class Flags {
             "Takes effect on application deployment",
             APPLICATION_ID);
 
+    public static final UnboundIntFlag CERT_POOL_SIZE = defineIntFlag(
+            "cert-pool-size", 0, List.of("andreer"), "2023-06-19", "2023-07-25",
+            "Target number of preprovisioned endpoints certificates to maintain",
+            "Takes effect on next run of CertPoolMaintainer"
+    );
+
     public static final UnboundBooleanFlag ENABLE_THE_ONE_THAT_SHOULD_NOT_BE_NAMED = defineFeatureFlag(
             "enable-the-one-that-should-not-be-named", false, List.of("hmusum"), "2023-05-08", "2023-08-15",
             "Whether to enable the one program that should not be named",
author	Andreas Eriksen <andreer@yahooinc.com>	2023-06-22 11:33:43 +0200
committer	GitHub <noreply@github.com>	2023-06-22 11:33:43 +0200
commit	f403069d4be06425dfc101fc7468c0cb2f7afb4f (patch)
tree	3d28ccd708e024997fb1c1d1f816868f9733ef1c /flags
parent	aa981de24a14dba41fcb370d550fdf053b5433f8 (diff)