diff options
author | Bjørn Christian Seime <bjorncs@oath.com> | 2018-05-07 12:51:45 +0200 |
---|---|---|
committer | Bjørn Christian Seime <bjorncs@oath.com> | 2018-05-07 13:47:56 +0200 |
commit | bb4d9412d41d307f99c59c34bb5184fe9a1c7953 (patch) | |
tree | 64191795b5c9ac5ba5d1f504d7c7d6a19a921ee3 /node-admin | |
parent | a103f81ffe357db9c6ae2a2f99877d5a2ed5449f (diff) |
Inject SiaIdentityProvider as component in NodeAdminProvider
Diffstat (limited to 'node-admin')
4 files changed, 21 insertions, 22 deletions
diff --git a/node-admin/src/main/java/com/yahoo/vespa/hosted/node/admin/component/DockerAdminComponent.java b/node-admin/src/main/java/com/yahoo/vespa/hosted/node/admin/component/DockerAdminComponent.java index 1ed032aa89d..cf3e124277b 100644 --- a/node-admin/src/main/java/com/yahoo/vespa/hosted/node/admin/component/DockerAdminComponent.java +++ b/node-admin/src/main/java/com/yahoo/vespa/hosted/node/admin/component/DockerAdminComponent.java @@ -3,6 +3,7 @@ package com.yahoo.vespa.hosted.node.admin.component; import com.yahoo.concurrent.classlock.ClassLocking; import com.yahoo.system.ProcessExecuter; +import com.yahoo.vespa.athenz.identity.ServiceIdentityProvider; import com.yahoo.vespa.hosted.dockerapi.Docker; import com.yahoo.vespa.hosted.dockerapi.metrics.MetricReceiverWrapper; import com.yahoo.vespa.hosted.node.admin.config.ConfigServerConfig; @@ -36,33 +37,38 @@ public class DockerAdminComponent implements AdminComponent { private final MetricReceiverWrapper metricReceiver; private final Optional<ClassLocking> classLocking; private final ConfigServerClients configServerClients; + private final ServiceIdentityProvider identityProvider; private Optional<Environment> environment = Optional.empty(); private Optional<NodeAdminStateUpdaterImpl> nodeAdminStateUpdater = Optional.empty(); public DockerAdminComponent(ConfigServerConfig configServerConfig, + ServiceIdentityProvider identityProvider, Docker docker, MetricReceiverWrapper metricReceiver, ClassLocking classLocking, ConfigServerClients configServerClients) { - this(configServerConfig, docker, metricReceiver, Optional.empty(), Optional.of(classLocking), configServerClients); + this(configServerConfig, identityProvider, docker, metricReceiver, Optional.empty(), Optional.of(classLocking), configServerClients); } public DockerAdminComponent(ConfigServerConfig configServerConfig, + ServiceIdentityProvider identityProvider, Docker docker, MetricReceiverWrapper metricReceiver, Environment environment, ConfigServerClients configServerClients) { - this(configServerConfig, docker, metricReceiver, Optional.of(environment), Optional.empty(), configServerClients); + this(configServerConfig, identityProvider, docker, metricReceiver, Optional.of(environment), Optional.empty(), configServerClients); } private DockerAdminComponent(ConfigServerConfig configServerConfig, + ServiceIdentityProvider identityProvider, Docker docker, MetricReceiverWrapper metricReceiver, Optional<Environment> environment, Optional<ClassLocking> classLocking, ConfigServerClients configServerClients) { this.configServerConfig = configServerConfig; + this.identityProvider = identityProvider; this.docker = docker; this.metricReceiver = metricReceiver; this.environment = environment; diff --git a/node-admin/src/main/java/com/yahoo/vespa/hosted/node/admin/configserver/RealConfigServerClients.java b/node-admin/src/main/java/com/yahoo/vespa/hosted/node/admin/configserver/RealConfigServerClients.java index 13af642af4a..a2da5de32df 100644 --- a/node-admin/src/main/java/com/yahoo/vespa/hosted/node/admin/configserver/RealConfigServerClients.java +++ b/node-admin/src/main/java/com/yahoo/vespa/hosted/node/admin/configserver/RealConfigServerClients.java @@ -2,6 +2,8 @@ package com.yahoo.vespa.hosted.node.admin.configserver; import com.yahoo.config.provision.HostName; +import com.yahoo.vespa.athenz.identity.ServiceIdentityProvider; +import com.yahoo.vespa.athenz.identity.SiaIdentityProvider; import com.yahoo.vespa.hosted.node.admin.component.ConfigServerInfo; import com.yahoo.vespa.hosted.node.admin.component.Environment; import com.yahoo.vespa.hosted.node.admin.configserver.noderepository.NodeRepository; @@ -28,10 +30,6 @@ public class RealConfigServerClients implements ConfigServerClients { private final ConcurrentHashMap<HostName, State> states = new ConcurrentHashMap<>(); private final ConfigServerInfo configServerInfo; - public RealConfigServerClients(Environment environment) { - this(environment.getConfigServerInfo()); - } - /** * Create config server clients against a real (remote) config server. * @@ -39,9 +37,9 @@ public class RealConfigServerClients implements ConfigServerClients { * and kept up to date. On failure, this constructor will throw an exception and * the caller may retry later. */ - public RealConfigServerClients(ConfigServerInfo info) { + public RealConfigServerClients(SiaIdentityProvider identityProvider, ConfigServerInfo info) { this.configServerInfo = info; - updater = SslConnectionSocketFactoryUpdater.createAndRefreshKeyStoreIfNeeded(info); + updater = SslConnectionSocketFactoryUpdater.createAndRefreshKeyStoreIfNeeded(identityProvider, info.getAthenzIdentity().get()); configServerApi = ConfigServerApiImpl.create(info, updater); diff --git a/node-admin/src/main/java/com/yahoo/vespa/hosted/node/admin/configserver/SslConnectionSocketFactoryUpdater.java b/node-admin/src/main/java/com/yahoo/vespa/hosted/node/admin/configserver/SslConnectionSocketFactoryUpdater.java index 007e361ee55..b07ee37209c 100644 --- a/node-admin/src/main/java/com/yahoo/vespa/hosted/node/admin/configserver/SslConnectionSocketFactoryUpdater.java +++ b/node-admin/src/main/java/com/yahoo/vespa/hosted/node/admin/configserver/SslConnectionSocketFactoryUpdater.java @@ -3,6 +3,7 @@ package com.yahoo.vespa.hosted.node.admin.configserver; import com.yahoo.vespa.athenz.api.AthenzIdentity; import com.yahoo.vespa.athenz.api.AthenzService; +import com.yahoo.vespa.athenz.identity.ServiceIdentityProvider; import com.yahoo.vespa.athenz.identity.SiaIdentityProvider; import com.yahoo.vespa.athenz.tls.AthenzIdentityVerifier; import com.yahoo.vespa.athenz.tls.SslContextBuilder; @@ -41,18 +42,9 @@ public class SslConnectionSocketFactoryUpdater implements AutoCloseable { * @throws RuntimeException if e.g. key store options have been specified, but was unable * create a create a key store with a valid certificate */ - public static SslConnectionSocketFactoryUpdater createAndRefreshKeyStoreIfNeeded(ConfigServerInfo configServerInfo) { - SiaIdentityProvider siaIdentityProvider = configServerInfo.getSiaConfig() - .map(siaConfig -> - new SiaIdentityProvider( - (AthenzService) AthenzIdentities.from(siaConfig.hostIdentityName()), - Paths.get(siaConfig.credentialsPath()), - new File(siaConfig.trustStoreFile()))) - .orElse(null); - HostnameVerifier configServerHostnameVerifier = configServerInfo.getSiaConfig() - .map(siaConfig -> createHostnameVerifier(AthenzIdentities.from(siaConfig.configserverIdentityName()))) - .orElseGet(SSLConnectionSocketFactory::getDefaultHostnameVerifier); - return new SslConnectionSocketFactoryUpdater(siaIdentityProvider, configServerHostnameVerifier); + public static SslConnectionSocketFactoryUpdater createAndRefreshKeyStoreIfNeeded(SiaIdentityProvider identityProvider, + AthenzIdentity configserverIdentity) { + return new SslConnectionSocketFactoryUpdater(identityProvider, createHostnameVerifier(configserverIdentity)); } SslConnectionSocketFactoryUpdater(SiaIdentityProvider siaIdentityProvider, diff --git a/node-admin/src/main/java/com/yahoo/vespa/hosted/node/admin/provider/NodeAdminProvider.java b/node-admin/src/main/java/com/yahoo/vespa/hosted/node/admin/provider/NodeAdminProvider.java index f9d0736fe21..ac1b1cbb600 100644 --- a/node-admin/src/main/java/com/yahoo/vespa/hosted/node/admin/provider/NodeAdminProvider.java +++ b/node-admin/src/main/java/com/yahoo/vespa/hosted/node/admin/provider/NodeAdminProvider.java @@ -4,6 +4,7 @@ package com.yahoo.vespa.hosted.node.admin.provider; import com.google.inject.Inject; import com.yahoo.concurrent.classlock.ClassLocking; import com.yahoo.container.di.componentgraph.Provider; +import com.yahoo.vespa.athenz.identity.SiaIdentityProvider; import com.yahoo.vespa.hosted.dockerapi.Docker; import com.yahoo.vespa.hosted.dockerapi.metrics.MetricReceiverWrapper; import com.yahoo.vespa.hosted.node.admin.component.ConfigServerInfo; @@ -17,13 +18,15 @@ public class NodeAdminProvider implements Provider<NodeAdminStateUpdater> { @Inject public NodeAdminProvider(ConfigServerConfig configServerConfig, + SiaIdentityProvider identityProvider, Docker docker, MetricReceiverWrapper metricReceiver, ClassLocking classLocking) { - ConfigServerClients clients = new RealConfigServerClients( - new ConfigServerInfo(configServerConfig)); + ConfigServerClients clients = + new RealConfigServerClients(identityProvider, new ConfigServerInfo(configServerConfig)); dockerAdmin = new DockerAdminComponent(configServerConfig, + identityProvider, docker, metricReceiver, classLocking, |