aboutsummaryrefslogtreecommitdiffstats
path: root/hosted-api
diff options
context:
space:
mode:
authorBjørn Christian Seime <bjorncs@verizonmedia.com>2020-06-26 16:27:31 +0200
committerBjørn Christian Seime <bjorncs@verizonmedia.com>2020-06-26 16:27:31 +0200
commitd9da501de962175b6798cef10c1bdbf7d74e827e (patch)
treed3b847edd091c6adaad5e5f6f56f772325d38f83 /hosted-api
parent5060839763d1f7d1210eafc44b33968b99626a42 (diff)
Move shared tenant-cd-api implementations to new module
Introduce new module tenant-cd-commons. Remove tenant-auth. Change package name for cloud-tenant-cd to avoid potential package conflict. Move ApiAuthenticator to hosted-api.
Diffstat (limited to 'hosted-api')
-rw-r--r--hosted-api/src/main/java/ai/vespa/hosted/api/DefaultApiAuthenticator.java21
-rw-r--r--hosted-api/src/main/java/ai/vespa/hosted/api/EndpointAuthenticator.java35
2 files changed, 21 insertions, 35 deletions
diff --git a/hosted-api/src/main/java/ai/vespa/hosted/api/DefaultApiAuthenticator.java b/hosted-api/src/main/java/ai/vespa/hosted/api/DefaultApiAuthenticator.java
new file mode 100644
index 00000000000..cdd9a9a56dc
--- /dev/null
+++ b/hosted-api/src/main/java/ai/vespa/hosted/api/DefaultApiAuthenticator.java
@@ -0,0 +1,21 @@
+// Copyright 2020 Oath Inc. Licensed under the terms of the Apache 2.0 license. See LICENSE in the project root.
+package ai.vespa.hosted.api;
+
+public class DefaultApiAuthenticator implements ai.vespa.hosted.api.ApiAuthenticator {
+
+ /** Returns a controller client using mTLS if a key and certificate pair is provided, or signed requests otherwise. */
+ @Override
+ public ControllerHttpClient controller() {
+ return Properties.apiCertificateFile()
+ .map(certificateFile -> ControllerHttpClient.withKeyAndCertificate(Properties.apiEndpoint(),
+ Properties.apiKeyFile(),
+ certificateFile))
+ .or(() -> Properties.apiKey().map(apiKey -> ControllerHttpClient.withSignatureKey(Properties.apiEndpoint(),
+ apiKey,
+ Properties.application())))
+ .orElseGet(() -> ControllerHttpClient.withSignatureKey(Properties.apiEndpoint(),
+ Properties.apiKeyFile(),
+ Properties.application()));
+ }
+
+}
diff --git a/hosted-api/src/main/java/ai/vespa/hosted/api/EndpointAuthenticator.java b/hosted-api/src/main/java/ai/vespa/hosted/api/EndpointAuthenticator.java
deleted file mode 100644
index 81813335a63..00000000000
--- a/hosted-api/src/main/java/ai/vespa/hosted/api/EndpointAuthenticator.java
+++ /dev/null
@@ -1,35 +0,0 @@
-// Copyright 2020 Oath Inc. Licensed under the terms of the Apache 2.0 license. See LICENSE in the project root.
-package ai.vespa.hosted.api;
-
-import javax.net.ssl.SSLContext;
-import java.net.http.HttpRequest;
-import java.security.NoSuchAlgorithmException;
-import java.util.Optional;
-
-/**
- * Adds environment dependent authentication to HTTP request against Vespa deployments.
- *
- * An implementation typically needs to override either of the methods in this interface,
- * and needs to run in different environments, e.g., local user testing and automatic testing
- * in a deployment pipeline.
- *
- * @author jonmv
- */
-public interface EndpointAuthenticator {
-
- /** Returns an SSLContext which provides authentication against a Vespa endpoint. */
- default SSLContext sslContext() {
- try {
- return SSLContext.getDefault();
- }
- catch (NoSuchAlgorithmException e) {
- throw new RuntimeException(e);
- }
- }
-
- /** Adds necessary authentication data to the given HTTP request builder, to pass the data plane of a Vespa endpoint. */
- default HttpRequest.Builder authenticated(HttpRequest.Builder request) {
- return request;
- }
-
-}