diff options
author | Andreas Eriksen <andreer@yahooinc.com> | 2023-06-22 11:33:43 +0200 |
---|---|---|
committer | GitHub <noreply@github.com> | 2023-06-22 11:33:43 +0200 |
commit | f403069d4be06425dfc101fc7468c0cb2f7afb4f (patch) | |
tree | 3d28ccd708e024997fb1c1d1f816868f9733ef1c /flags | |
parent | aa981de24a14dba41fcb370d550fdf053b5433f8 (diff) |
randomized endpoint cert pool (#27488)
* randomized endpoint cert pool
* test name format
* recordify EndpointCertificateMetadata
* save randomized id to cert
* assigned randomized endpoint cert to app when flag is set
* remove assigned certs from ready pool
* skip validation of SANs for randomized certs
* remove unused clock
* reminder to assign randomized certs at application level
* remove getters, move comments to record constructor
* camel case field name
* CertPoolMaintainer -> CertificatePoolMaintainer
* fix enum names
* randomIdentifier -> generateRandomId
* Wire maintainer
* Add PooledCertificateSerializer
* Use PooledCertificate
* Remove unused enum
* exclude all cert pool ids from cleanup
* don't set randomizedId in mock
* use SecureRandom for id generation
* fix NodesV2ApiTest
* add cert request method without applicationId
* remove unused import
* assert on generated key names, remove unused clock
* remove unused import
* don't use : in ckms prefix!
* entirely remove application id from cert provider interface
* use correct key prefix in handler too
* Assign certificate to application from pool
* PooledCertificate -> UnassignedCertificate
* Read/write AssignedCertificate everywhere
---------
Co-authored-by: Martin Polden <mpolden@mpolden.no>
Diffstat (limited to 'flags')
-rw-r--r-- | flags/src/main/java/com/yahoo/vespa/flags/Flags.java | 8 |
1 files changed, 7 insertions, 1 deletions
diff --git a/flags/src/main/java/com/yahoo/vespa/flags/Flags.java b/flags/src/main/java/com/yahoo/vespa/flags/Flags.java index 151b31feb63..6ba0f394d38 100644 --- a/flags/src/main/java/com/yahoo/vespa/flags/Flags.java +++ b/flags/src/main/java/com/yahoo/vespa/flags/Flags.java @@ -379,7 +379,7 @@ public class Flags { ); public static final UnboundBooleanFlag ENABLE_CROWDSTRIKE = defineFeatureFlag( - "enable-crowdstrike", true, List.of("andreer"), "2023-04-13", "2023-07-13", + "enable-crowdstrike", true, List.of("andreer"), "2023-04-13", "2023-07-25", "Whether to enable CrowdStrike.", "Takes effect on next host admin tick", HOSTNAME); @@ -401,6 +401,12 @@ public class Flags { "Takes effect on application deployment", APPLICATION_ID); + public static final UnboundIntFlag CERT_POOL_SIZE = defineIntFlag( + "cert-pool-size", 0, List.of("andreer"), "2023-06-19", "2023-07-25", + "Target number of preprovisioned endpoints certificates to maintain", + "Takes effect on next run of CertPoolMaintainer" + ); + public static final UnboundBooleanFlag ENABLE_THE_ONE_THAT_SHOULD_NOT_BE_NAMED = defineFeatureFlag( "enable-the-one-that-should-not-be-named", false, List.of("hmusum"), "2023-05-08", "2023-08-15", "Whether to enable the one program that should not be named", |