Separate API and deployment authenticators

2 files changed, 21 insertions, 15 deletions

diff --git a/tenant-auth/src/main/java/ai/vespa/hosted/auth/ApiAuthenticator.java b/tenant-auth/src/main/java/ai/vespa/hosted/auth/ApiAuthenticator.java
new file mode 100644
index 00000000000..2b5bbb188dc
--- /dev/null
+++ b/tenant-auth/src/main/java/ai/vespa/hosted/auth/ApiAuthenticator.java
@@ -0,0 +1,16 @@
+package ai.vespa.hosted.auth;
+
+import ai.vespa.hosted.api.ControllerHttpClient;
+import ai.vespa.hosted.api.Properties;
+
+public class ApiAuthenticator implements ai.vespa.hosted.api.ApiAuthenticator {
+
+    /** Returns an authenticating controller client, using private key signatures for authentication. */
+    @Override
+    public ControllerHttpClient controller() {
+        return ControllerHttpClient.withSignatureKey(Properties.endpoint(),
+                                                     Properties.privateKeyFile(),
+                                                     Properties.application());
+    }
+
+}
diff --git a/tenant-auth/src/main/java/ai/vespa/hosted/auth/Authenticator.java b/tenant-auth/src/main/java/ai/vespa/hosted/auth/EndpointAuthenticator.java
index f2de1f1e210..abb4197bda1 100644
--- a/tenant-auth/src/main/java/ai/vespa/hosted/auth/Authenticator.java
+++ b/tenant-auth/src/main/java/ai/vespa/hosted/auth/EndpointAuthenticator.java
@@ -1,8 +1,6 @@
 package ai.vespa.hosted.auth;
 
-import ai.vespa.hosted.api.ControllerHttpClient;
-import ai.vespa.hosted.api.Properties;
-import com.yahoo.config.provision.ApplicationId;
+import com.yahoo.config.provision.SystemName;
 import com.yahoo.security.KeyUtils;
 import com.yahoo.security.SslContextBuilder;
 import com.yahoo.security.X509CertificateUtils;
@@ -10,11 +8,9 @@ import com.yahoo.security.X509CertificateUtils;
 import javax.net.ssl.SSLContext;
 import java.io.IOException;
 import java.io.UncheckedIOException;
-import java.net.URI;
 import java.net.http.HttpRequest;
 import java.nio.file.Files;
 import java.nio.file.Path;
-import java.nio.file.Paths;
 import java.security.NoSuchAlgorithmException;
 import java.security.PrivateKey;
 import java.security.cert.X509Certificate;
@@ -22,14 +18,16 @@ import java.time.Instant;
 import java.util.Optional;
 
 import static ai.vespa.hosted.api.Properties.getNonBlankProperty;
-import static ai.vespa.hosted.api.Properties.requireNonBlankProperty;
 
 /**
  * Authenticates against the hosted Vespa API using private key signatures, and against Vespa applications using mutual TLS.
  *
  * @author jonmv
  */
-public class Authenticator implements ai.vespa.hosted.api.Authenticator {
+public class EndpointAuthenticator implements ai.vespa.hosted.api.EndpointAuthenticator {
+
+    /** Don't touch. */
+    public EndpointAuthenticator(@SuppressWarnings("unused") SystemName __) { }
 
     /**
      * If {@code System.getProperty("vespa.test.credentials.root")} is set, key and certificate files
@@ -67,12 +65,4 @@ public class Authenticator implements ai.vespa.hosted.api.Authenticator {
         return request;
     }
 
-    /** Returns an authenticating controller client, using the (overridable) project properties of this Vespa application. */
-    @Override
-    public ControllerHttpClient controller() {
-        return ControllerHttpClient.withSignatureKey(Properties.endpoint(),
-                                                     Properties.privateKeyFile(),
-                                                     Properties.application());
-    }
-
 }