From 577a4360debbe8b12cda537ed9390631d5b7136b Mon Sep 17 00:00:00 2001 From: Bjørn Christian Seime Date: Wed, 19 Jul 2023 16:34:47 +0200 Subject: Add port for token connector to nginx config --- .../java/com/yahoo/vespa/model/container/DataplaneProxy.java | 11 +++++++---- .../vespa/model/container/xml/ContainerModelBuilder.java | 1 + configdefinitions/src/vespa/dataplane-proxy.def | 3 ++- .../java/com/yahoo/container/jdisc/DataplaneProxyService.java | 9 ++++++--- .../com/yahoo/container/jdisc/DataplaneProxyServiceTest.java | 3 ++- 5 files changed, 18 insertions(+), 9 deletions(-) diff --git a/config-model/src/main/java/com/yahoo/vespa/model/container/DataplaneProxy.java b/config-model/src/main/java/com/yahoo/vespa/model/container/DataplaneProxy.java index fe7d9581e46..13aa65909bd 100644 --- a/config-model/src/main/java/com/yahoo/vespa/model/container/DataplaneProxy.java +++ b/config-model/src/main/java/com/yahoo/vespa/model/container/DataplaneProxy.java @@ -7,20 +7,23 @@ import com.yahoo.vespa.model.container.component.SimpleComponent; public class DataplaneProxy extends SimpleComponent implements DataplaneProxyConfig.Producer { - private final Integer port; + private final int mtlsPort; + private final int tokenPort; private final String serverCertificate; private final String serverKey; - public DataplaneProxy(Integer port, String serverCertificate, String serverKey) { + public DataplaneProxy(int mtlsPort, int tokenPort, String serverCertificate, String serverKey) { super(DataplaneProxyConfigurator.class.getName()); - this.port = port; + this.mtlsPort = mtlsPort; + this.tokenPort = tokenPort; this.serverCertificate = serverCertificate; this.serverKey = serverKey; } @Override public void getConfig(DataplaneProxyConfig.Builder builder) { - builder.port(port); + builder.mtlsPort(mtlsPort); + builder.tokenPort(tokenPort); builder.serverCertificate(serverCertificate); builder.serverKey(serverKey); } diff --git a/config-model/src/main/java/com/yahoo/vespa/model/container/xml/ContainerModelBuilder.java b/config-model/src/main/java/com/yahoo/vespa/model/container/xml/ContainerModelBuilder.java index a4a373a89a0..1036a615bb5 100644 --- a/config-model/src/main/java/com/yahoo/vespa/model/container/xml/ContainerModelBuilder.java +++ b/config-model/src/main/java/com/yahoo/vespa/model/container/xml/ContainerModelBuilder.java @@ -647,6 +647,7 @@ public class ContainerModelBuilder extends ConfigModelBuilder { cluster.addSimpleComponent(DataplaneProxyService.class); var dataplaneProxy = new DataplaneProxy( getMtlsDataplanePort(state), + tokenPort, endpointCert.certificate(), endpointCert.key()); cluster.addComponent(dataplaneProxy); diff --git a/configdefinitions/src/vespa/dataplane-proxy.def b/configdefinitions/src/vespa/dataplane-proxy.def index 9ce3e4b4b7b..dd1d734a91c 100644 --- a/configdefinitions/src/vespa/dataplane-proxy.def +++ b/configdefinitions/src/vespa/dataplane-proxy.def @@ -2,7 +2,8 @@ namespace=cloud.config # The port Jdisc will be listening on -port int +tokenPort int +mtlsPort int # Server certificate and key to be used when creating server socket serverCertificate string diff --git a/container-disc/src/main/java/com/yahoo/container/jdisc/DataplaneProxyService.java b/container-disc/src/main/java/com/yahoo/container/jdisc/DataplaneProxyService.java index 47050168b80..74e6954e1e1 100644 --- a/container-disc/src/main/java/com/yahoo/container/jdisc/DataplaneProxyService.java +++ b/container-disc/src/main/java/com/yahoo/container/jdisc/DataplaneProxyService.java @@ -103,7 +103,8 @@ public class DataplaneProxyService extends AbstractComponent { proxyCredentialsKey, serverCertificateFile, serverKeyFile, - config.port(), + config.mtlsPort(), + config.tokenPort(), root )); if (configChanged && state == NginxState.RUNNING) { @@ -191,7 +192,8 @@ public class DataplaneProxyService extends AbstractComponent { Path clientKey, Path serverCert, Path serverKey, - int vespaPort, + int vespaMtlsPort, + int vespaTokenPort, Path root) { try { @@ -200,7 +202,8 @@ public class DataplaneProxyService extends AbstractComponent { nginxTemplate = replace(nginxTemplate, "client_key", clientKey.toString()); nginxTemplate = replace(nginxTemplate, "server_cert", serverCert.toString()); nginxTemplate = replace(nginxTemplate, "server_key", serverKey.toString()); - nginxTemplate = replace(nginxTemplate, "vespa_port", Integer.toString(vespaPort)); + nginxTemplate = replace(nginxTemplate, "vespa_mtls_port", Integer.toString(vespaMtlsPort)); + nginxTemplate = replace(nginxTemplate, "vespa_token_port", Integer.toString(vespaTokenPort)); nginxTemplate = replace(nginxTemplate, "prefix", root.toString()); // TODO: verify that all template vars have been expanded diff --git a/container-disc/src/test/java/com/yahoo/container/jdisc/DataplaneProxyServiceTest.java b/container-disc/src/test/java/com/yahoo/container/jdisc/DataplaneProxyServiceTest.java index 351890e2a3a..893a527e631 100644 --- a/container-disc/src/test/java/com/yahoo/container/jdisc/DataplaneProxyServiceTest.java +++ b/container-disc/src/test/java/com/yahoo/container/jdisc/DataplaneProxyServiceTest.java @@ -168,7 +168,8 @@ public class DataplaneProxyServiceTest { private DataplaneProxyConfig proxyConfig() { X509CertificateWithKey selfSigned = X509CertificateUtils.createSelfSigned("cn=test", Duration.ofMinutes(10)); return new DataplaneProxyConfig.Builder() - .port(1234) + .mtlsPort(1234) + .tokenPort(1235) .serverCertificate(X509CertificateUtils.toPem(selfSigned.certificate())) .serverKey(KeyUtils.toPem(selfSigned.privateKey())) .build(); -- cgit v1.2.3