diff options
author | Ola Aunrønning <olaa@verizonmedia.com> | 2021-03-02 17:35:20 +0100 |
---|---|---|
committer | Ola Aunrønning <olaa@verizonmedia.com> | 2021-03-04 13:31:52 +0100 |
commit | 301f68c3b48b5ecbb94e0671fd710d0672afb046 (patch) | |
tree | 4b09f3fd36690c0ea4a90657dafd34b52bb4af1a /jdisc-cloud-aws/src/main/java/com/yahoo/jdisc/cloud/aws/AwsParameterStoreValidationHandler.java | |
parent | 65b1933e6b2c1b5a2b2c678490590c2ad1af3cc2 (diff) |
Add cloud secret store config
Diffstat (limited to 'jdisc-cloud-aws/src/main/java/com/yahoo/jdisc/cloud/aws/AwsParameterStoreValidationHandler.java')
-rw-r--r-- | jdisc-cloud-aws/src/main/java/com/yahoo/jdisc/cloud/aws/AwsParameterStoreValidationHandler.java | 21 |
1 files changed, 17 insertions, 4 deletions
diff --git a/jdisc-cloud-aws/src/main/java/com/yahoo/jdisc/cloud/aws/AwsParameterStoreValidationHandler.java b/jdisc-cloud-aws/src/main/java/com/yahoo/jdisc/cloud/aws/AwsParameterStoreValidationHandler.java index 91b643066fb..5d5cad2f75d 100644 --- a/jdisc-cloud-aws/src/main/java/com/yahoo/jdisc/cloud/aws/AwsParameterStoreValidationHandler.java +++ b/jdisc-cloud-aws/src/main/java/com/yahoo/jdisc/cloud/aws/AwsParameterStoreValidationHandler.java @@ -2,6 +2,7 @@ package com.yahoo.jdisc.cloud.aws; import com.google.inject.Inject; +import com.yahoo.cloud.config.SecretStoreConfig; import com.yahoo.container.jdisc.HttpRequest; import com.yahoo.container.jdisc.HttpResponse; import com.yahoo.container.jdisc.LoggingRequestHandler; @@ -28,16 +29,18 @@ public class AwsParameterStoreValidationHandler extends LoggingRequestHandler { private static final Logger log = Logger.getLogger(AwsParameterStoreValidationHandler.class.getName()); private final VespaAwsCredentialsProvider credentialsProvider; + private final SecretStoreConfig secretStoreConfig; @Inject - public AwsParameterStoreValidationHandler(Context ctx) { - this(ctx, new VespaAwsCredentialsProvider()); + public AwsParameterStoreValidationHandler(Context ctx, SecretStoreConfig secretStoreConfig) { + this(ctx, secretStoreConfig, new VespaAwsCredentialsProvider()); } - public AwsParameterStoreValidationHandler(Context ctx, VespaAwsCredentialsProvider credentialsProvider) { + public AwsParameterStoreValidationHandler(Context ctx, SecretStoreConfig secretStoreConfig, VespaAwsCredentialsProvider credentialsProvider) { super(ctx); this.credentialsProvider = credentialsProvider; + this.secretStoreConfig = secretStoreConfig; } @@ -64,7 +67,8 @@ public class AwsParameterStoreValidationHandler extends LoggingRequestHandler { try { var arn = "arn:aws:iam::" + settings.awsId + ":role/" + settings.role; - var store = new AwsParameterStore(this.credentialsProvider, arn, settings.externalId); + var region = getRegion(settings); + var store = new AwsParameterStore(this.credentialsProvider, arn, settings.externalId, region); store.getSecret("vespa-secret"); root.setString("status", "ok"); } catch (RuntimeException e) { @@ -86,6 +90,15 @@ public class AwsParameterStoreValidationHandler extends LoggingRequestHandler { } } + private String getRegion(AwsSettings settings) { + return secretStoreConfig.groups() + .stream() + .filter(group -> group.name().equals(settings.name)) + .map(SecretStoreConfig.Groups::region) + .findFirst() + .orElseThrow(() -> new RuntimeException("No secret store named '" + settings.name + "' configured in services.xml")); + } + private static class AwsSettings { String name; String role; |