summaryrefslogtreecommitdiffstats
path: root/athenz-identity-provider-service/src/main/java/com/yahoo/vespa/hosted/athenz/instanceproviderservice/impl/IdentityDocumentResource.java
diff options
context:
space:
mode:
Diffstat (limited to 'athenz-identity-provider-service/src/main/java/com/yahoo/vespa/hosted/athenz/instanceproviderservice/impl/IdentityDocumentResource.java')
-rw-r--r--athenz-identity-provider-service/src/main/java/com/yahoo/vespa/hosted/athenz/instanceproviderservice/impl/IdentityDocumentResource.java62
1 files changed, 62 insertions, 0 deletions
diff --git a/athenz-identity-provider-service/src/main/java/com/yahoo/vespa/hosted/athenz/instanceproviderservice/impl/IdentityDocumentResource.java b/athenz-identity-provider-service/src/main/java/com/yahoo/vespa/hosted/athenz/instanceproviderservice/impl/IdentityDocumentResource.java
new file mode 100644
index 00000000000..cbc38fe6d3c
--- /dev/null
+++ b/athenz-identity-provider-service/src/main/java/com/yahoo/vespa/hosted/athenz/instanceproviderservice/impl/IdentityDocumentResource.java
@@ -0,0 +1,62 @@
+// Copyright 2017 Yahoo Holdings. Licensed under the terms of the Apache 2.0 license. See LICENSE in the project root.
+package com.yahoo.vespa.hosted.athenz.instanceproviderservice.impl;
+
+import com.google.inject.Inject;
+import com.yahoo.config.provision.Zone;
+import com.yahoo.container.jaxrs.annotation.Component;
+import com.yahoo.jdisc.http.SecretStore;
+import com.yahoo.log.LogLevel;
+import com.yahoo.vespa.hosted.athenz.instanceproviderservice.config.AthenzProviderServiceConfig;
+import com.yahoo.vespa.hosted.athenz.instanceproviderservice.impl.model.SignedIdentityDocument;
+import com.yahoo.vespa.hosted.provision.NodeRepository;
+
+import javax.ws.rs.BadRequestException;
+import javax.ws.rs.GET;
+import javax.ws.rs.InternalServerErrorException;
+import javax.ws.rs.Path;
+import javax.ws.rs.Produces;
+import javax.ws.rs.QueryParam;
+import javax.ws.rs.core.MediaType;
+import java.util.logging.Logger;
+
+import static com.yahoo.vespa.hosted.athenz.instanceproviderservice.impl.Utils.getZoneConfig;
+
+/**
+ * @author bjorncs
+ */
+@Path("/identity-document")
+public class IdentityDocumentResource {
+
+ private static final Logger log = Logger.getLogger(IdentityDocumentResource.class.getName());
+
+ private final IdentityDocumentGenerator identityDocumentGenerator;
+
+ @Inject
+ public IdentityDocumentResource(@Component AthenzProviderServiceConfig config,
+ @Component Zone zone,
+ @Component NodeRepository nodeRepository,
+ @Component SecretStore secretStore) {
+ AthenzProviderServiceConfig.Zones zoneConfig = getZoneConfig(config, zone);
+ SecretStoreKeyProvider keyProvider = new SecretStoreKeyProvider(secretStore, zoneConfig.secretName());
+ this.identityDocumentGenerator =
+ new IdentityDocumentGenerator(config, zoneConfig, nodeRepository, zone, keyProvider);
+ }
+
+ @GET
+ @Produces(MediaType.APPLICATION_JSON)
+ public SignedIdentityDocument getIdentityDocument(@QueryParam("hostname") String hostname) {
+ // TODO Use TLS client authentication instead of blindly trusting hostname
+ if (hostname == null) {
+ throw new BadRequestException("The 'hostname' query parameter is missing");
+ }
+ try {
+ log.log(LogLevel.INFO, "Generating identity document for " + hostname);
+ return identityDocumentGenerator.generateSignedIdentityDocument(hostname);
+ } catch (Exception e) {
+ String message = String.format("Unable to generate identity doument [%s]", e.getMessage());
+ log.log(LogLevel.ERROR, message, e);
+ throw new InternalServerErrorException(message, e);
+ }
+ }
+
+}