diff options
author | Bjørn Christian Seime <bjorncs@verizonmedia.com> | 2020-06-26 16:27:31 +0200 |
---|---|---|
committer | Bjørn Christian Seime <bjorncs@verizonmedia.com> | 2020-06-26 16:27:31 +0200 |
commit | d9da501de962175b6798cef10c1bdbf7d74e827e (patch) | |
tree | d3b847edd091c6adaad5e5f6f56f772325d38f83 /hosted-api | |
parent | 5060839763d1f7d1210eafc44b33968b99626a42 (diff) |
Move shared tenant-cd-api implementations to new module
Introduce new module tenant-cd-commons. Remove tenant-auth.
Change package name for cloud-tenant-cd to avoid potential package conflict.
Move ApiAuthenticator to hosted-api.
Diffstat (limited to 'hosted-api')
-rw-r--r-- | hosted-api/src/main/java/ai/vespa/hosted/api/DefaultApiAuthenticator.java | 21 | ||||
-rw-r--r-- | hosted-api/src/main/java/ai/vespa/hosted/api/EndpointAuthenticator.java | 35 |
2 files changed, 21 insertions, 35 deletions
diff --git a/hosted-api/src/main/java/ai/vespa/hosted/api/DefaultApiAuthenticator.java b/hosted-api/src/main/java/ai/vespa/hosted/api/DefaultApiAuthenticator.java new file mode 100644 index 00000000000..cdd9a9a56dc --- /dev/null +++ b/hosted-api/src/main/java/ai/vespa/hosted/api/DefaultApiAuthenticator.java @@ -0,0 +1,21 @@ +// Copyright 2020 Oath Inc. Licensed under the terms of the Apache 2.0 license. See LICENSE in the project root. +package ai.vespa.hosted.api; + +public class DefaultApiAuthenticator implements ai.vespa.hosted.api.ApiAuthenticator { + + /** Returns a controller client using mTLS if a key and certificate pair is provided, or signed requests otherwise. */ + @Override + public ControllerHttpClient controller() { + return Properties.apiCertificateFile() + .map(certificateFile -> ControllerHttpClient.withKeyAndCertificate(Properties.apiEndpoint(), + Properties.apiKeyFile(), + certificateFile)) + .or(() -> Properties.apiKey().map(apiKey -> ControllerHttpClient.withSignatureKey(Properties.apiEndpoint(), + apiKey, + Properties.application()))) + .orElseGet(() -> ControllerHttpClient.withSignatureKey(Properties.apiEndpoint(), + Properties.apiKeyFile(), + Properties.application())); + } + +} diff --git a/hosted-api/src/main/java/ai/vespa/hosted/api/EndpointAuthenticator.java b/hosted-api/src/main/java/ai/vespa/hosted/api/EndpointAuthenticator.java deleted file mode 100644 index 81813335a63..00000000000 --- a/hosted-api/src/main/java/ai/vespa/hosted/api/EndpointAuthenticator.java +++ /dev/null @@ -1,35 +0,0 @@ -// Copyright 2020 Oath Inc. Licensed under the terms of the Apache 2.0 license. See LICENSE in the project root. -package ai.vespa.hosted.api; - -import javax.net.ssl.SSLContext; -import java.net.http.HttpRequest; -import java.security.NoSuchAlgorithmException; -import java.util.Optional; - -/** - * Adds environment dependent authentication to HTTP request against Vespa deployments. - * - * An implementation typically needs to override either of the methods in this interface, - * and needs to run in different environments, e.g., local user testing and automatic testing - * in a deployment pipeline. - * - * @author jonmv - */ -public interface EndpointAuthenticator { - - /** Returns an SSLContext which provides authentication against a Vespa endpoint. */ - default SSLContext sslContext() { - try { - return SSLContext.getDefault(); - } - catch (NoSuchAlgorithmException e) { - throw new RuntimeException(e); - } - } - - /** Adds necessary authentication data to the given HTTP request builder, to pass the data plane of a Vespa endpoint. */ - default HttpRequest.Builder authenticated(HttpRequest.Builder request) { - return request; - } - -} |