diff options
Diffstat (limited to 'controller-server')
2 files changed, 41 insertions, 3 deletions
diff --git a/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/RoutingController.java b/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/RoutingController.java index 8d3eceec01d..12329351a59 100644 --- a/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/RoutingController.java +++ b/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/RoutingController.java @@ -173,11 +173,16 @@ public class RoutingController { builders.add(Endpoint.of(deployment.applicationId()).target(ClusterSpec.Id.from("default"), deployment.zoneId())); builders.add(Endpoint.of(deployment.applicationId()).wildcard(deployment.zoneId())); + // Build all endpoints for (var builder : builders) { - Endpoint endpoint = builder.routingMethod(RoutingMethod.exclusive) - .on(Port.tls()) - .in(controller.system()); + builder = builder.routingMethod(RoutingMethod.exclusive) + .on(Port.tls()); + Endpoint endpoint = builder.in(controller.system()); endpointDnsNames.add(endpoint.dnsName()); + if (controller.system().isPublic()) { + Endpoint legacyEndpoint = builder.legacy().in(controller.system()); + endpointDnsNames.add(legacyEndpoint.dnsName()); + } } return Collections.unmodifiableList(endpointDnsNames); } diff --git a/controller-server/src/test/java/com/yahoo/vespa/hosted/controller/certificate/EndpointCertificatesTest.java b/controller-server/src/test/java/com/yahoo/vespa/hosted/controller/certificate/EndpointCertificatesTest.java index 40abb9ba319..22a41740b91 100644 --- a/controller-server/src/test/java/com/yahoo/vespa/hosted/controller/certificate/EndpointCertificatesTest.java +++ b/controller-server/src/test/java/com/yahoo/vespa/hosted/controller/certificate/EndpointCertificatesTest.java @@ -5,6 +5,7 @@ import com.yahoo.config.application.api.DeploymentSpec; import com.yahoo.config.application.api.xml.DeploymentSpecXmlReader; import com.yahoo.config.provision.ApplicationId; import com.yahoo.config.provision.Environment; +import com.yahoo.config.provision.SystemName; import com.yahoo.config.provision.zone.ZoneId; import com.yahoo.security.KeyAlgorithm; import com.yahoo.security.KeyUtils; @@ -128,6 +129,38 @@ public class EndpointCertificatesTest { } @Test + public void provisions_new_certificate_in_public_prod() { + ControllerTester tester = new ControllerTester(SystemName.Public); + EndpointCertificateValidatorImpl endpointCertificateValidator = new EndpointCertificateValidatorImpl(secretStore, clock); + EndpointCertificates endpointCertificates = new EndpointCertificates(tester.controller(), endpointCertificateMock, endpointCertificateValidator); + List<String> expectedSans = List.of( + "vt2ktgkqme5zlnp4tj4ttyor7fj3v7q5o.public.vespa.oath.cloud", + "default.default.global.public.vespa.oath.cloud", + "default.default.g.vespa-app.cloud", + "*.default.default.global.public.vespa.oath.cloud", + "*.default.default.g.vespa-app.cloud", + "default.default.aws-us-east-1a.public.vespa.oath.cloud", + "default.default.aws-us-east-1a.z.vespa-app.cloud", + "*.default.default.aws-us-east-1a.public.vespa.oath.cloud", + "*.default.default.aws-us-east-1a.z.vespa-app.cloud", + "default.default.aws-us-east-1c.test.public.vespa.oath.cloud", + "default.default.aws-us-east-1c.test.z.vespa-app.cloud", + "*.default.default.aws-us-east-1c.test.public.vespa.oath.cloud", + "*.default.default.aws-us-east-1c.test.z.vespa-app.cloud", + "default.default.aws-us-east-1c.staging.public.vespa.oath.cloud", + "default.default.aws-us-east-1c.staging.z.vespa-app.cloud", + "*.default.default.aws-us-east-1c.staging.public.vespa.oath.cloud", + "*.default.default.aws-us-east-1c.staging.z.vespa-app.cloud" + ); + Optional<EndpointCertificateMetadata> endpointCertificateMetadata = endpointCertificates.getMetadata(testInstance, testZone, Optional.empty()); + assertTrue(endpointCertificateMetadata.isPresent()); + assertTrue(endpointCertificateMetadata.get().keyName().matches("vespa.tls.default.default.*-key")); + assertTrue(endpointCertificateMetadata.get().certName().matches("vespa.tls.default.default.*-cert")); + assertEquals(0, endpointCertificateMetadata.get().version()); + assertEquals(expectedSans, endpointCertificateMetadata.get().requestedDnsSans()); + } + + @Test public void reuses_stored_certificate_metadata() { mockCuratorDb.writeEndpointCertificateMetadata(testInstance.id(), new EndpointCertificateMetadata(testKeyName, testCertName, 7, 0, "request_id", List.of("vt2ktgkqme5zlnp4tj4ttyor7fj3v7q5o.vespa.oath.cloud", |