Move shared tenant-cd-api implementations to new module

Introduce new module tenant-cd-commons. Remove tenant-auth.
Change package name for cloud-tenant-cd to avoid potential package conflict.
Move ApiAuthenticator to hosted-api.

2 files changed, 21 insertions, 35 deletions

diff --git a/hosted-api/src/main/java/ai/vespa/hosted/api/DefaultApiAuthenticator.java b/hosted-api/src/main/java/ai/vespa/hosted/api/DefaultApiAuthenticator.java
new file mode 100644
index 00000000000..cdd9a9a56dc
--- /dev/null
+++ b/hosted-api/src/main/java/ai/vespa/hosted/api/DefaultApiAuthenticator.java
@@ -0,0 +1,21 @@
+// Copyright 2020 Oath Inc. Licensed under the terms of the Apache 2.0 license. See LICENSE in the project root.
+package ai.vespa.hosted.api;
+
+public class DefaultApiAuthenticator implements ai.vespa.hosted.api.ApiAuthenticator {
+
+    /** Returns a controller client using mTLS if a key and certificate pair is provided, or signed requests otherwise. */
+    @Override
+    public ControllerHttpClient controller() {
+        return Properties.apiCertificateFile()
+                         .map(certificateFile -> ControllerHttpClient.withKeyAndCertificate(Properties.apiEndpoint(),
+                                                                                            Properties.apiKeyFile(),
+                                                                                            certificateFile))
+                         .or(() -> Properties.apiKey().map(apiKey -> ControllerHttpClient.withSignatureKey(Properties.apiEndpoint(),
+                                                                                                           apiKey,
+                                                                                                           Properties.application())))
+                         .orElseGet(() -> ControllerHttpClient.withSignatureKey(Properties.apiEndpoint(),
+                                                                                Properties.apiKeyFile(),
+                                                                                Properties.application()));
+    }
+
+}
diff --git a/hosted-api/src/main/java/ai/vespa/hosted/api/EndpointAuthenticator.java b/hosted-api/src/main/java/ai/vespa/hosted/api/EndpointAuthenticator.java
deleted file mode 100644
index 81813335a63..00000000000
--- a/hosted-api/src/main/java/ai/vespa/hosted/api/EndpointAuthenticator.java
+++ /dev/null
@@ -1,35 +0,0 @@
-// Copyright 2020 Oath Inc. Licensed under the terms of the Apache 2.0 license. See LICENSE in the project root.
-package ai.vespa.hosted.api;
-
-import javax.net.ssl.SSLContext;
-import java.net.http.HttpRequest;
-import java.security.NoSuchAlgorithmException;
-import java.util.Optional;
-
-/**
- * Adds environment dependent authentication to HTTP request against Vespa deployments.
- *
- * An implementation typically needs to override either of the methods in this interface,
- * and needs to run in different environments, e.g., local user testing and automatic testing
- * in a deployment pipeline.
- *
- * @author jonmv
- */
-public interface EndpointAuthenticator {
-
-    /** Returns an SSLContext which provides authentication against a Vespa endpoint. */
-    default SSLContext sslContext() {
-        try {
-            return SSLContext.getDefault();
-        }
-        catch (NoSuchAlgorithmException e) {
-            throw new RuntimeException(e);
-        }
-    }
-
-    /** Adds necessary authentication data to the given HTTP request builder, to pass the data plane of a Vespa endpoint. */
-    default HttpRequest.Builder authenticated(HttpRequest.Builder request) {
-        return request;
-    }
-
-}