diff options
3 files changed, 22 insertions, 15 deletions
diff --git a/hosted-api/src/main/java/ai/vespa/hosted/api/Properties.java b/hosted-api/src/main/java/ai/vespa/hosted/api/Properties.java index 0ca1b3e5603..68c8ba389d2 100644 --- a/hosted-api/src/main/java/ai/vespa/hosted/api/Properties.java +++ b/hosted-api/src/main/java/ai/vespa/hosted/api/Properties.java @@ -30,18 +30,26 @@ public class Properties { return getNonBlankProperty("region").map(RegionName::from); } - public static URI endpoint() { + public static URI apiEndpoint() { return URI.create(requireNonBlankProperty("endpoint")); } - public static Path privateKeyFile() { + public static Path apiPrivateKeyFile() { return Paths.get(requireNonBlankProperty("privateKeyFile")); } - public static Optional<Path> certificateFile() { + public static Optional<Path> apiCertificateFile() { return getNonBlankProperty("certificateFile").map(Paths::get); } + public static Optional<Path> dataPlaneCertificateFile() { + return getNonBlankProperty("dataPlaneCertificateFile").map(Paths::get); + } + + public static Optional<Path> dataPlanePrivateKeyFile() { + return getNonBlankProperty("dataPlaneKeyFile").map(Paths::get); + } + /** Returns the system property with the given name if it is set, or empty. */ public static Optional<String> getNonBlankProperty(String name) { return Optional.ofNullable(System.getProperty(name)).filter(value -> ! value.isBlank()); diff --git a/tenant-auth/src/main/java/ai/vespa/hosted/auth/ApiAuthenticator.java b/tenant-auth/src/main/java/ai/vespa/hosted/auth/ApiAuthenticator.java index 9de06e7f4da..f6a88ec83c2 100644 --- a/tenant-auth/src/main/java/ai/vespa/hosted/auth/ApiAuthenticator.java +++ b/tenant-auth/src/main/java/ai/vespa/hosted/auth/ApiAuthenticator.java @@ -8,13 +8,13 @@ public class ApiAuthenticator implements ai.vespa.hosted.api.ApiAuthenticator { /** Returns a controller client using mTLS if a key and certificate pair is provided, or signed requests otherwise. */ @Override public ControllerHttpClient controller() { - return Properties.certificateFile() - .map(certificateFile -> ControllerHttpClient.withKeyAndCertificate(Properties.endpoint(), - Properties.privateKeyFile(), + return Properties.apiCertificateFile() + .map(certificateFile -> ControllerHttpClient.withKeyAndCertificate(Properties.apiEndpoint(), + Properties.apiPrivateKeyFile(), certificateFile)) .orElseGet(() -> - ControllerHttpClient.withSignatureKey(Properties.endpoint(), - Properties.privateKeyFile(), + ControllerHttpClient.withSignatureKey(Properties.apiEndpoint(), + Properties.apiPrivateKeyFile(), Properties.application())); } diff --git a/tenant-auth/src/main/java/ai/vespa/hosted/auth/EndpointAuthenticator.java b/tenant-auth/src/main/java/ai/vespa/hosted/auth/EndpointAuthenticator.java index c9640763ac8..e51476907e2 100644 --- a/tenant-auth/src/main/java/ai/vespa/hosted/auth/EndpointAuthenticator.java +++ b/tenant-auth/src/main/java/ai/vespa/hosted/auth/EndpointAuthenticator.java @@ -1,5 +1,6 @@ package ai.vespa.hosted.auth; +import ai.vespa.hosted.api.Properties; import com.yahoo.config.provision.SystemName; import com.yahoo.security.KeyUtils; import com.yahoo.security.SslContextBuilder; @@ -47,12 +48,10 @@ public class EndpointAuthenticator implements ai.vespa.hosted.api.EndpointAuthen privateKeyFile = credentialsRoot.resolve("key"); } else { - Optional<String> certificateFileProperty = getNonBlankProperty("dataPlaneCertificateFile"); - if (certificateFileProperty.isPresent()) - certificateFile = Path.of(certificateFileProperty.get()); - Optional<String> privateKeyFileProperty = getNonBlankProperty("dataPlaneKeyFile"); - if (privateKeyFileProperty.isPresent()) - privateKeyFile = Path.of(privateKeyFileProperty.get()); + if (Properties.dataPlaneCertificateFile().isPresent()) + certificateFile = Properties.dataPlaneCertificateFile().get(); + if (Properties.dataPlanePrivateKeyFile().isPresent()) + privateKeyFile = Properties.dataPlanePrivateKeyFile().get(); } if (certificateFile != null && privateKeyFile != null) { X509Certificate certificate = X509CertificateUtils.fromPem(new String(Files.readAllBytes(certificateFile))); @@ -67,7 +66,7 @@ public class EndpointAuthenticator implements ai.vespa.hosted.api.EndpointAuthen logger.warning( "##################################################################################\n" + "# Data plane key and/or certificate missing; please specify #\n" + "# '-DdataPlaneCertificateFile=/path/to/certificate' and #\n" - + "# '-DdataPlaneKeyFile=/path/to/private_key. #\n" + + "# '-DdataPlaneKeyFile=/path/to/private_key'. #\n" + "# Trying the default SSLContext, but this will most likely cause HTTP error 401. #\n" + "##################################################################################"); return SSLContext.getDefault(); |