diff options
author | Jon Marius Venstad <jvenstad@yahoo-inc.com> | 2019-06-13 13:52:18 +0200 |
---|---|---|
committer | Jon Marius Venstad <jvenstad@yahoo-inc.com> | 2019-06-13 13:52:18 +0200 |
commit | 2bb71582b979a83a39260f3f11466737b94ee47f (patch) | |
tree | ac4d17548ae440348a7ecd62bbd87cfa998c6496 /tenant-auth | |
parent | 7d2366a939f64f964a208e01c4455dd530f833c6 (diff) |
Wrap TestConfig in TestRuntime, which includes and Authenticator, and obtain the former from controller
Diffstat (limited to 'tenant-auth')
-rw-r--r-- | tenant-auth/src/main/java/ai/vespa/hosted/auth/Authenticator.java | 38 |
1 files changed, 16 insertions, 22 deletions
diff --git a/tenant-auth/src/main/java/ai/vespa/hosted/auth/Authenticator.java b/tenant-auth/src/main/java/ai/vespa/hosted/auth/Authenticator.java index 33c1d09c828..f2de1f1e210 100644 --- a/tenant-auth/src/main/java/ai/vespa/hosted/auth/Authenticator.java +++ b/tenant-auth/src/main/java/ai/vespa/hosted/auth/Authenticator.java @@ -1,6 +1,7 @@ package ai.vespa.hosted.auth; import ai.vespa.hosted.api.ControllerHttpClient; +import ai.vespa.hosted.api.Properties; import com.yahoo.config.provision.ApplicationId; import com.yahoo.security.KeyUtils; import com.yahoo.security.SslContextBuilder; @@ -20,17 +21,21 @@ import java.security.cert.X509Certificate; import java.time.Instant; import java.util.Optional; +import static ai.vespa.hosted.api.Properties.getNonBlankProperty; +import static ai.vespa.hosted.api.Properties.requireNonBlankProperty; + /** - * Authenticates {@link HttpRequest}s against a hosted Vespa application based on mutual TLS. + * Authenticates against the hosted Vespa API using private key signatures, and against Vespa applications using mutual TLS. * * @author jonmv */ -public class Authenticator { +public class Authenticator implements ai.vespa.hosted.api.Authenticator { - /** Returns an SSLContext which provides authentication against a Vespa endpoint. - * + /** * If {@code System.getProperty("vespa.test.credentials.root")} is set, key and certificate files - * "key" and "cert" in that directory are used; otherwise, the system default SSLContext is returned. */ + * "key" and "cert" in that directory are used; otherwise, the system default SSLContext is returned. + */ + @Override public SSLContext sslContext() { try { Optional<String> credentialsRootProperty = getNonBlankProperty("vespa.test.credentials.root"); @@ -57,28 +62,17 @@ public class Authenticator { } } - /** Adds necessary authentication to the given HTTP request builder, to be verified by a Vespa endpoint. */ + @Override public HttpRequest.Builder authenticated(HttpRequest.Builder request) { return request; } - /** Returns an authenticated controller client. */ + /** Returns an authenticating controller client, using the (overridable) project properties of this Vespa application. */ + @Override public ControllerHttpClient controller() { - ApplicationId id = ApplicationId.from(requireNonBlankProperty("tenant"), - requireNonBlankProperty("application"), - getNonBlankProperty("instance").orElse("default")); - URI endpoint = URI.create(requireNonBlankProperty("endpoint")); - Path privateKeyFile = Paths.get(requireNonBlankProperty("privateKeyFile")); - - return ControllerHttpClient.withSignatureKey(endpoint, privateKeyFile, id); - } - - static Optional<String> getNonBlankProperty(String name) { - return Optional.ofNullable(System.getProperty(name)).filter(value -> ! value.isBlank()); - } - - static String requireNonBlankProperty(String name) { - return getNonBlankProperty(name).orElseThrow(() -> new IllegalStateException("Missing required property '" + name + "'")); + return ControllerHttpClient.withSignatureKey(Properties.endpoint(), + Properties.privateKeyFile(), + Properties.application()); } } |