summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat
-rw-r--r--hosted-api/src/main/java/ai/vespa/hosted/api/Properties.java14
-rw-r--r--tenant-auth/src/main/java/ai/vespa/hosted/auth/ApiAuthenticator.java10
-rw-r--r--tenant-auth/src/main/java/ai/vespa/hosted/auth/EndpointAuthenticator.java13
3 files changed, 22 insertions, 15 deletions
diff --git a/hosted-api/src/main/java/ai/vespa/hosted/api/Properties.java b/hosted-api/src/main/java/ai/vespa/hosted/api/Properties.java
index 0ca1b3e5603..68c8ba389d2 100644
--- a/hosted-api/src/main/java/ai/vespa/hosted/api/Properties.java
+++ b/hosted-api/src/main/java/ai/vespa/hosted/api/Properties.java
@@ -30,18 +30,26 @@ public class Properties {
return getNonBlankProperty("region").map(RegionName::from);
}
- public static URI endpoint() {
+ public static URI apiEndpoint() {
return URI.create(requireNonBlankProperty("endpoint"));
}
- public static Path privateKeyFile() {
+ public static Path apiPrivateKeyFile() {
return Paths.get(requireNonBlankProperty("privateKeyFile"));
}
- public static Optional<Path> certificateFile() {
+ public static Optional<Path> apiCertificateFile() {
return getNonBlankProperty("certificateFile").map(Paths::get);
}
+ public static Optional<Path> dataPlaneCertificateFile() {
+ return getNonBlankProperty("dataPlaneCertificateFile").map(Paths::get);
+ }
+
+ public static Optional<Path> dataPlanePrivateKeyFile() {
+ return getNonBlankProperty("dataPlaneKeyFile").map(Paths::get);
+ }
+
/** Returns the system property with the given name if it is set, or empty. */
public static Optional<String> getNonBlankProperty(String name) {
return Optional.ofNullable(System.getProperty(name)).filter(value -> ! value.isBlank());
diff --git a/tenant-auth/src/main/java/ai/vespa/hosted/auth/ApiAuthenticator.java b/tenant-auth/src/main/java/ai/vespa/hosted/auth/ApiAuthenticator.java
index 9de06e7f4da..f6a88ec83c2 100644
--- a/tenant-auth/src/main/java/ai/vespa/hosted/auth/ApiAuthenticator.java
+++ b/tenant-auth/src/main/java/ai/vespa/hosted/auth/ApiAuthenticator.java
@@ -8,13 +8,13 @@ public class ApiAuthenticator implements ai.vespa.hosted.api.ApiAuthenticator {
/** Returns a controller client using mTLS if a key and certificate pair is provided, or signed requests otherwise. */
@Override
public ControllerHttpClient controller() {
- return Properties.certificateFile()
- .map(certificateFile -> ControllerHttpClient.withKeyAndCertificate(Properties.endpoint(),
- Properties.privateKeyFile(),
+ return Properties.apiCertificateFile()
+ .map(certificateFile -> ControllerHttpClient.withKeyAndCertificate(Properties.apiEndpoint(),
+ Properties.apiPrivateKeyFile(),
certificateFile))
.orElseGet(() ->
- ControllerHttpClient.withSignatureKey(Properties.endpoint(),
- Properties.privateKeyFile(),
+ ControllerHttpClient.withSignatureKey(Properties.apiEndpoint(),
+ Properties.apiPrivateKeyFile(),
Properties.application()));
}
diff --git a/tenant-auth/src/main/java/ai/vespa/hosted/auth/EndpointAuthenticator.java b/tenant-auth/src/main/java/ai/vespa/hosted/auth/EndpointAuthenticator.java
index c9640763ac8..e51476907e2 100644
--- a/tenant-auth/src/main/java/ai/vespa/hosted/auth/EndpointAuthenticator.java
+++ b/tenant-auth/src/main/java/ai/vespa/hosted/auth/EndpointAuthenticator.java
@@ -1,5 +1,6 @@
package ai.vespa.hosted.auth;
+import ai.vespa.hosted.api.Properties;
import com.yahoo.config.provision.SystemName;
import com.yahoo.security.KeyUtils;
import com.yahoo.security.SslContextBuilder;
@@ -47,12 +48,10 @@ public class EndpointAuthenticator implements ai.vespa.hosted.api.EndpointAuthen
privateKeyFile = credentialsRoot.resolve("key");
}
else {
- Optional<String> certificateFileProperty = getNonBlankProperty("dataPlaneCertificateFile");
- if (certificateFileProperty.isPresent())
- certificateFile = Path.of(certificateFileProperty.get());
- Optional<String> privateKeyFileProperty = getNonBlankProperty("dataPlaneKeyFile");
- if (privateKeyFileProperty.isPresent())
- privateKeyFile = Path.of(privateKeyFileProperty.get());
+ if (Properties.dataPlaneCertificateFile().isPresent())
+ certificateFile = Properties.dataPlaneCertificateFile().get();
+ if (Properties.dataPlanePrivateKeyFile().isPresent())
+ privateKeyFile = Properties.dataPlanePrivateKeyFile().get();
}
if (certificateFile != null && privateKeyFile != null) {
X509Certificate certificate = X509CertificateUtils.fromPem(new String(Files.readAllBytes(certificateFile)));
@@ -67,7 +66,7 @@ public class EndpointAuthenticator implements ai.vespa.hosted.api.EndpointAuthen
logger.warning( "##################################################################################\n"
+ "# Data plane key and/or certificate missing; please specify #\n"
+ "# '-DdataPlaneCertificateFile=/path/to/certificate' and #\n"
- + "# '-DdataPlaneKeyFile=/path/to/private_key. #\n"
+ + "# '-DdataPlaneKeyFile=/path/to/private_key'. #\n"
+ "# Trying the default SSLContext, but this will most likely cause HTTP error 401. #\n"
+ "##################################################################################");
return SSLContext.getDefault();