1 files changed, 43 insertions, 0 deletions

diff --git a/tenant-cd-api/src/main/java/ai/vespa/hosted/cd/EndpointAuthenticator.java b/tenant-cd-api/src/main/java/ai/vespa/hosted/cd/EndpointAuthenticator.java
new file mode 100644
index 00000000000..8985375fce2
--- /dev/null
+++ b/tenant-cd-api/src/main/java/ai/vespa/hosted/cd/EndpointAuthenticator.java
@@ -0,0 +1,43 @@
+// Copyright Yahoo. Licensed under the terms of the Apache 2.0 license. See LICENSE in the project root.
+package ai.vespa.hosted.cd;
+
+import javax.net.ssl.SSLContext;
+import java.net.http.HttpRequest;
+import java.security.NoSuchAlgorithmException;
+import java.util.List;
+import java.util.Map;
+
+/**
+ * Adds environment dependent authentication to HTTP request against Vespa deployments.
+ *
+ * An implementation typically needs to override either of the methods in this interface,
+ * and needs to run in different environments, e.g., local user testing and automatic testing
+ * in a deployment pipeline.
+ *
+ * @author jonmv
+ */
+public interface EndpointAuthenticator {
+
+    /** Returns an SSLContext which provides authentication against a Vespa endpoint. */
+    default SSLContext sslContext() {
+        try {
+            return SSLContext.getDefault();
+        } catch (NoSuchAlgorithmException e) {
+            throw new RuntimeException(e);
+        }
+    }
+
+    /** Adds necessary authentication data to the given HTTP request builder, to pass the data plane of a Vespa endpoint. */
+    default HttpRequest.Builder authenticated(HttpRequest.Builder request) {
+        Map<String, List<String>> headers = request.build().headers().map();
+        authorizationHeaders().forEach((name, value) -> {
+            if ( ! headers.containsKey(name))
+                request.setHeader(name, value);
+        });
+        return request;
+    }
+
+    default Map<String, String> authorizationHeaders() {
+        return Map.of();
+    }
+}