From 1deb1498cdc6455c975e209e3fbc664fbc35a8d4 Mon Sep 17 00:00:00 2001 From: Martin Polden Date: Wed, 11 May 2022 10:38:23 +0200 Subject: Send cloud account on deploy --- .../api/application/v4/model/DeploymentData.java | 23 +++++++++------------- 1 file changed, 9 insertions(+), 14 deletions(-) (limited to 'controller-api') diff --git a/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/application/v4/model/DeploymentData.java b/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/application/v4/model/DeploymentData.java index ad98197fa93..a35d01f6891 100644 --- a/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/application/v4/model/DeploymentData.java +++ b/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/application/v4/model/DeploymentData.java @@ -3,6 +3,7 @@ package com.yahoo.vespa.hosted.controller.api.application.v4.model; import com.yahoo.component.Version; import com.yahoo.config.provision.ApplicationId; +import com.yahoo.config.provision.CloudAccount; import com.yahoo.config.provision.DockerImage; import com.yahoo.config.provision.zone.ZoneId; import com.yahoo.vespa.athenz.api.AthenzDomain; @@ -13,6 +14,7 @@ import com.yahoo.vespa.hosted.controller.api.integration.secrets.TenantSecretSto import java.security.cert.X509Certificate; import java.util.List; +import java.util.Objects; import java.util.Optional; import java.util.Set; @@ -36,21 +38,9 @@ public class DeploymentData { private final Quota quota; private final List tenantSecretStores; private final List operatorCertificates; + private final Optional cloudAccount; private final boolean dryRun; - // TODO: Remove when users have been updated to use constructor below - public DeploymentData(ApplicationId instance, ZoneId zone, byte[] applicationPackage, Version platform, - Set containerEndpoints, - Optional endpointCertificateMetadata, - Optional dockerImageRepo, - Optional athenzDomain, - Quota quota, - List tenantSecretStores, - List operatorCertificates) { - this(instance, zone, applicationPackage, platform, containerEndpoints, endpointCertificateMetadata, - dockerImageRepo, athenzDomain, quota, tenantSecretStores, operatorCertificates, false); - } - public DeploymentData(ApplicationId instance, ZoneId zone, byte[] applicationPackage, Version platform, Set containerEndpoints, Optional endpointCertificateMetadata, @@ -59,7 +49,7 @@ public class DeploymentData { Quota quota, List tenantSecretStores, List operatorCertificates, - boolean dryRun) { + Optional cloudAccount, boolean dryRun) { this.instance = requireNonNull(instance); this.zone = requireNonNull(zone); this.applicationPackage = requireNonNull(applicationPackage); @@ -71,6 +61,7 @@ public class DeploymentData { this.quota = quota; this.tenantSecretStores = List.copyOf(requireNonNull(tenantSecretStores)); this.operatorCertificates = List.copyOf(requireNonNull(operatorCertificates)); + this.cloudAccount = Objects.requireNonNull(cloudAccount); this.dryRun = dryRun; } @@ -118,6 +109,10 @@ public class DeploymentData { return operatorCertificates; } + public Optional cloudAccount() { + return cloudAccount; + } + public boolean isDryRun() { return dryRun; } } -- cgit v1.2.3 From e1146608d64d0ec5798f35670d85147d4f3cb9a4 Mon Sep 17 00:00:00 2001 From: Valerij Fredriksen Date: Wed, 18 May 2022 09:52:22 +0200 Subject: ZmsClient: Add method to update service public key --- .../api/integration/athenz/ZmsClientMock.java | 6 ++++ .../vespa/athenz/client/zms/DefaultZmsClient.java | 16 +++++++++++ .../yahoo/vespa/athenz/client/zms/ZmsClient.java | 3 ++ .../zms/bindings/ServicePublicKeyEntity.java | 32 ++++++++++++++++++++++ .../vespa/athenz/client/zts/DefaultZtsClient.java | 8 ++---- .../vespa/athenz/tls/AthenzIdentityVerifier.java | 2 +- 6 files changed, 61 insertions(+), 6 deletions(-) create mode 100644 vespa-athenz/src/main/java/com/yahoo/vespa/athenz/client/zms/bindings/ServicePublicKeyEntity.java (limited to 'controller-api') diff --git a/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/athenz/ZmsClientMock.java b/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/athenz/ZmsClientMock.java index 0415b33b29d..53e2592e0a6 100644 --- a/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/athenz/ZmsClientMock.java +++ b/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/athenz/ZmsClientMock.java @@ -17,6 +17,7 @@ import com.yahoo.vespa.athenz.client.zms.ZmsClient; import com.yahoo.vespa.athenz.client.zms.ZmsClientException; import com.yahoo.vespa.hosted.controller.api.identifiers.ApplicationId; +import java.security.PublicKey; import java.time.Instant; import java.util.ArrayList; import java.util.HashSet; @@ -223,6 +224,11 @@ public class ZmsClientMock implements ZmsClient { athenz.getOrCreateDomain(athenzService.getDomain()).services.put(athenzService.getName(), new AthenzDbMock.Service(false)); } + @Override + public void updateServicePublicKey(AthenzService athenzService, String publicKeyId, PublicKey publicKey) { + + } + @Override public void deleteService(AthenzService athenzService) { athenz.getOrCreateDomain(athenzService.getDomain()).services.remove(athenzService.getName()); diff --git a/vespa-athenz/src/main/java/com/yahoo/vespa/athenz/client/zms/DefaultZmsClient.java b/vespa-athenz/src/main/java/com/yahoo/vespa/athenz/client/zms/DefaultZmsClient.java index 8ffb9331ddb..a4045016b78 100644 --- a/vespa-athenz/src/main/java/com/yahoo/vespa/athenz/client/zms/DefaultZmsClient.java +++ b/vespa-athenz/src/main/java/com/yahoo/vespa/athenz/client/zms/DefaultZmsClient.java @@ -1,6 +1,8 @@ // Copyright Yahoo. Licensed under the terms of the Apache 2.0 license. See LICENSE in the project root. package com.yahoo.vespa.athenz.client.zms; +import com.yahoo.athenz.auth.util.Crypto; +import com.yahoo.security.KeyUtils; import com.yahoo.vespa.athenz.api.AthenzAssertion; import com.yahoo.vespa.athenz.api.AthenzDomain; import com.yahoo.vespa.athenz.api.AthenzGroup; @@ -23,6 +25,7 @@ import com.yahoo.vespa.athenz.client.zms.bindings.ResponseListEntity; import com.yahoo.vespa.athenz.client.zms.bindings.RoleEntity; import com.yahoo.vespa.athenz.client.zms.bindings.ServiceEntity; import com.yahoo.vespa.athenz.client.zms.bindings.ServiceListResponseEntity; +import com.yahoo.vespa.athenz.client.zms.bindings.ServicePublicKeyEntity; import com.yahoo.vespa.athenz.client.zms.bindings.StatisticsEntity; import com.yahoo.vespa.athenz.client.zms.bindings.TenancyRequestEntity; import com.yahoo.vespa.athenz.identity.ServiceIdentityProvider; @@ -35,6 +38,7 @@ import org.apache.http.message.BasicHeader; import javax.net.ssl.SSLContext; import java.net.URI; +import java.security.PublicKey; import java.time.Instant; import java.util.Collections; import java.util.HashMap; @@ -355,6 +359,18 @@ public class DefaultZmsClient extends ClientBase implements ZmsClient { execute(request, response -> readEntity(response, Void.class)); } + @Override + public void updateServicePublicKey(AthenzService athenzService, String publicKeyId, PublicKey publicKey) { + URI uri = zmsUrl.resolve(String.format("domain/%s/service/%s/publickey/%s", + athenzService.getDomainName(), athenzService.getName(), publicKeyId)); + + ServicePublicKeyEntity entity = new ServicePublicKeyEntity(publicKeyId, Crypto.ybase64EncodeString(KeyUtils.toPem(publicKey))); + HttpUriRequest request = RequestBuilder.put(uri) + .setEntity(toJsonStringEntity(entity)) + .build(); + execute(request, response -> readEntity(response, Void.class)); + } + @Override public void deleteService(AthenzService athenzService) { URI uri = zmsUrl.resolve(String.format("domain/%s/service/%s", athenzService.getDomainName(), athenzService.getName())); diff --git a/vespa-athenz/src/main/java/com/yahoo/vespa/athenz/client/zms/ZmsClient.java b/vespa-athenz/src/main/java/com/yahoo/vespa/athenz/client/zms/ZmsClient.java index 80a0ddff204..e15af58cb76 100644 --- a/vespa-athenz/src/main/java/com/yahoo/vespa/athenz/client/zms/ZmsClient.java +++ b/vespa-athenz/src/main/java/com/yahoo/vespa/athenz/client/zms/ZmsClient.java @@ -12,6 +12,7 @@ import com.yahoo.vespa.athenz.api.AthenzService; import com.yahoo.vespa.athenz.api.OAuthCredentials; import java.io.Closeable; +import java.security.PublicKey; import java.time.Instant; import java.util.List; import java.util.Map; @@ -70,6 +71,8 @@ public interface ZmsClient extends Closeable { void createOrUpdateService(AthenzService athenzService); + void updateServicePublicKey(AthenzService athenzService, String publicKeyId, PublicKey publicKey); + void deleteService(AthenzService athenzService); void createRole(AthenzRole role, Map properties); diff --git a/vespa-athenz/src/main/java/com/yahoo/vespa/athenz/client/zms/bindings/ServicePublicKeyEntity.java b/vespa-athenz/src/main/java/com/yahoo/vespa/athenz/client/zms/bindings/ServicePublicKeyEntity.java new file mode 100644 index 00000000000..4767b584661 --- /dev/null +++ b/vespa-athenz/src/main/java/com/yahoo/vespa/athenz/client/zms/bindings/ServicePublicKeyEntity.java @@ -0,0 +1,32 @@ +// Copyright Yahoo. Licensed under the terms of the Apache 2.0 license. See LICENSE in the project root. +package com.yahoo.vespa.athenz.client.zms.bindings; + +import com.fasterxml.jackson.annotation.JsonCreator; +import com.fasterxml.jackson.annotation.JsonGetter; +import com.fasterxml.jackson.annotation.JsonIgnoreProperties; +import com.fasterxml.jackson.annotation.JsonProperty; + +/** + * @author freva + */ +@JsonIgnoreProperties(ignoreUnknown = true) +public class ServicePublicKeyEntity { + public final String id; + public final String key; + + @JsonCreator + public ServicePublicKeyEntity(@JsonProperty("id") String id, @JsonProperty("key") String key) { + this.id = id; + this.key = key; + } + + @JsonGetter("id") + public String name() { + return id; + } + + @JsonGetter("key") + public String key() { + return key; + } +} diff --git a/vespa-athenz/src/main/java/com/yahoo/vespa/athenz/client/zts/DefaultZtsClient.java b/vespa-athenz/src/main/java/com/yahoo/vespa/athenz/client/zts/DefaultZtsClient.java index 0c73891bdae..13a61d65d78 100644 --- a/vespa-athenz/src/main/java/com/yahoo/vespa/athenz/client/zts/DefaultZtsClient.java +++ b/vespa-athenz/src/main/java/com/yahoo/vespa/athenz/client/zts/DefaultZtsClient.java @@ -38,7 +38,6 @@ import java.security.KeyPair; import java.security.cert.X509Certificate; import java.time.Duration; import java.util.List; -import java.util.Objects; import java.util.Optional; import java.util.function.Supplier; import java.util.stream.Collectors; @@ -230,7 +229,7 @@ public class DefaultZtsClient extends ClientBase implements ZtsClient { return URI.create(ztsUrl.toString() + '/'); } public static class Builder { - private URI ztsUrl; + private final URI ztsUrl; private ErrorHandler errorHandler = ErrorHandler.empty(); private HostnameVerifier hostnameVerifier = null; private Supplier sslContextSupplier = null; @@ -260,9 +259,8 @@ public class DefaultZtsClient extends ClientBase implements ZtsClient { } public DefaultZtsClient build() { - if (Objects.isNull(sslContextSupplier)) { - throw new IllegalArgumentException("No ssl context or identity provider available to set up zts client"); - } + if (sslContextSupplier == null) + throw new IllegalArgumentException("No SSL context or identity provider available to set up ZTS client"); return new DefaultZtsClient(ztsUrl, sslContextSupplier, hostnameVerifier, errorHandler); } } diff --git a/vespa-athenz/src/main/java/com/yahoo/vespa/athenz/tls/AthenzIdentityVerifier.java b/vespa-athenz/src/main/java/com/yahoo/vespa/athenz/tls/AthenzIdentityVerifier.java index e440d79a159..bc50bcb2bb6 100644 --- a/vespa-athenz/src/main/java/com/yahoo/vespa/athenz/tls/AthenzIdentityVerifier.java +++ b/vespa-athenz/src/main/java/com/yahoo/vespa/athenz/tls/AthenzIdentityVerifier.java @@ -24,7 +24,7 @@ public class AthenzIdentityVerifier implements HostnameVerifier { private final Set allowedIdentities; public AthenzIdentityVerifier(Set allowedIdentities) { - this.allowedIdentities = allowedIdentities; + this.allowedIdentities = Set.copyOf(allowedIdentities); } @Override -- cgit v1.2.3 From 4747938832aecb6b1639050983cdfcb079da1a1f Mon Sep 17 00:00:00 2001 From: Valerij Fredriksen Date: Fri, 20 May 2022 15:46:17 +0200 Subject: Use config server SSLSocketFactory in FlagsClient and ConfigServerRestExecutor --- .../integration/ControllerIdentityProvider.java | 16 ++++++++++++++ .../proxy/ConfigServerRestExecutorImpl.java | 25 ++++++++++------------ .../restapi/systemflags/FlagsClient.java | 13 ++++++----- .../restapi/systemflags/SystemFlagsDeployer.java | 4 ++-- .../restapi/systemflags/SystemFlagsHandler.java | 4 ++-- .../proxy/ConfigServerRestExecutorImplTest.java | 9 ++++---- 6 files changed, 43 insertions(+), 28 deletions(-) create mode 100644 controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/ControllerIdentityProvider.java (limited to 'controller-api') diff --git a/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/ControllerIdentityProvider.java b/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/ControllerIdentityProvider.java new file mode 100644 index 00000000000..d2a7fb01ae2 --- /dev/null +++ b/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/ControllerIdentityProvider.java @@ -0,0 +1,16 @@ +// Copyright Yahoo. Licensed under the terms of the Apache 2.0 license. See LICENSE in the project root. +package com.yahoo.vespa.hosted.controller.api.integration; + +import com.yahoo.vespa.athenz.identity.ServiceIdentityProvider; + +import javax.net.ssl.SSLSocketFactory; + +/** + * @author freva + */ +public interface ControllerIdentityProvider extends ServiceIdentityProvider { + + /** Returns SSLSocketFactory that creates appropriate sockets to talk to the different config servers */ + SSLSocketFactory getConfigServerSslSocketFactory(); + +} diff --git a/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/proxy/ConfigServerRestExecutorImpl.java b/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/proxy/ConfigServerRestExecutorImpl.java index 671222e2123..9bea7fb829d 100644 --- a/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/proxy/ConfigServerRestExecutorImpl.java +++ b/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/proxy/ConfigServerRestExecutorImpl.java @@ -1,13 +1,13 @@ // Copyright Yahoo. Licensed under the terms of the Apache 2.0 license. See LICENSE in the project root. package com.yahoo.vespa.hosted.controller.proxy; -import com.yahoo.component.annotation.Inject; import com.yahoo.component.AbstractComponent; +import com.yahoo.component.annotation.Inject; import com.yahoo.jdisc.http.HttpRequest.Method; import com.yahoo.text.Text; import com.yahoo.vespa.athenz.api.AthenzIdentity; -import com.yahoo.vespa.athenz.identity.ServiceIdentityProvider; import com.yahoo.vespa.athenz.tls.AthenzIdentityVerifier; +import com.yahoo.vespa.hosted.controller.api.integration.ControllerIdentityProvider; import com.yahoo.vespa.hosted.controller.api.integration.zone.ZoneRegistry; import com.yahoo.yolean.concurrent.Sleeper; import org.apache.http.Header; @@ -20,6 +20,7 @@ import org.apache.http.client.methods.HttpPatch; import org.apache.http.client.methods.HttpPost; import org.apache.http.client.methods.HttpPut; import org.apache.http.client.methods.HttpRequestBase; +import org.apache.http.conn.ssl.SSLConnectionSocketFactory; import org.apache.http.entity.InputStreamEntity; import org.apache.http.impl.DefaultConnectionReuseStrategy; import org.apache.http.impl.client.CloseableHttpClient; @@ -29,7 +30,6 @@ import org.apache.http.protocol.HttpCoreContext; import org.apache.http.util.EntityUtils; import javax.net.ssl.HostnameVerifier; -import javax.net.ssl.SSLContext; import javax.net.ssl.SSLSession; import java.io.IOException; import java.io.InputStream; @@ -68,16 +68,15 @@ public class ConfigServerRestExecutorImpl extends AbstractComponent implements C private final Sleeper sleeper; @Inject - public ConfigServerRestExecutorImpl(ZoneRegistry zoneRegistry, ServiceIdentityProvider sslContextProvider) { - this(zoneRegistry, sslContextProvider.getIdentitySslContext(), Sleeper.DEFAULT, - new ConnectionReuseStrategy(zoneRegistry)); + public ConfigServerRestExecutorImpl(ZoneRegistry zoneRegistry, ControllerIdentityProvider identityProvider) { + this(new SSLConnectionSocketFactory(identityProvider.getConfigServerSslSocketFactory(), new ControllerOrConfigserverHostnameVerifier(zoneRegistry)), + Sleeper.DEFAULT, + new ConnectionReuseStrategy(zoneRegistry)); } - ConfigServerRestExecutorImpl(ZoneRegistry zoneRegistry, SSLContext sslContext, + ConfigServerRestExecutorImpl(SSLConnectionSocketFactory connectionSocketFactory, Sleeper sleeper, ConnectionReuseStrategy connectionReuseStrategy) { - this.client = createHttpClient(sslContext, - new ControllerOrConfigserverHostnameVerifier(zoneRegistry), - connectionReuseStrategy); + this.client = createHttpClient(connectionSocketFactory, connectionReuseStrategy); this.sleeper = sleeper; } @@ -227,8 +226,7 @@ public class ConfigServerRestExecutorImpl extends AbstractComponent implements C } } - private static CloseableHttpClient createHttpClient(SSLContext sslContext, - HostnameVerifier hostnameVerifier, + private static CloseableHttpClient createHttpClient(SSLConnectionSocketFactory connectionSocketFactory, org.apache.http.ConnectionReuseStrategy connectionReuseStrategy) { RequestConfig config = RequestConfig.custom() @@ -237,8 +235,7 @@ public class ConfigServerRestExecutorImpl extends AbstractComponent implements C .setSocketTimeout((int) PROXY_REQUEST_TIMEOUT.toMillis()).build(); return HttpClientBuilder.create() .setUserAgent("config-server-proxy-client") - .setSSLContext(sslContext) - .setSSLHostnameVerifier(hostnameVerifier) + .setSSLSocketFactory(connectionSocketFactory) .setDefaultRequestConfig(config) .setMaxConnPerRoute(10) .setMaxConnTotal(500) diff --git a/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/restapi/systemflags/FlagsClient.java b/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/restapi/systemflags/FlagsClient.java index c87fea3beb3..4a208aa3794 100644 --- a/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/restapi/systemflags/FlagsClient.java +++ b/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/restapi/systemflags/FlagsClient.java @@ -5,10 +5,10 @@ import ai.vespa.util.http.hc4.retry.DelayedConnectionLevelRetryHandler; import com.fasterxml.jackson.databind.JsonNode; import com.fasterxml.jackson.databind.ObjectMapper; import com.yahoo.vespa.athenz.api.AthenzIdentity; -import com.yahoo.vespa.athenz.identity.ServiceIdentityProvider; import com.yahoo.vespa.athenz.tls.AthenzIdentityVerifier; import com.yahoo.vespa.flags.FlagId; import com.yahoo.vespa.flags.json.FlagData; +import com.yahoo.vespa.hosted.controller.api.integration.ControllerIdentityProvider; import com.yahoo.vespa.hosted.controller.api.systemflags.v1.FlagsTarget; import com.yahoo.vespa.hosted.controller.api.systemflags.v1.wire.WireErrorResponse; import org.apache.http.HttpEntity; @@ -22,6 +22,7 @@ import org.apache.http.client.methods.HttpGet; import org.apache.http.client.methods.HttpPut; import org.apache.http.client.methods.HttpUriRequest; import org.apache.http.client.utils.URIBuilder; +import org.apache.http.conn.ssl.SSLConnectionSocketFactory; import org.apache.http.entity.ContentType; import org.apache.http.entity.StringEntity; import org.apache.http.impl.client.CloseableHttpClient; @@ -55,7 +56,7 @@ class FlagsClient { private final CloseableHttpClient client; - FlagsClient(ServiceIdentityProvider identityProvider, Set targets) { + FlagsClient(ControllerIdentityProvider identityProvider, Set targets) { this.client = createClient(identityProvider, targets); } @@ -95,14 +96,16 @@ class FlagsClient { }); } - private static CloseableHttpClient createClient(ServiceIdentityProvider identityProvider, Set targets) { + private static CloseableHttpClient createClient(ControllerIdentityProvider identityProvider, Set targets) { DelayedConnectionLevelRetryHandler retryHandler = DelayedConnectionLevelRetryHandler.Builder .withExponentialBackoff(Duration.ofSeconds(1), Duration.ofSeconds(20), 5) .build(); + SSLConnectionSocketFactory connectionSocketFactory = new SSLConnectionSocketFactory( + identityProvider.getConfigServerSslSocketFactory(), new FlagTargetsHostnameVerifier(targets)); + return HttpClientBuilder.create() .setUserAgent("controller-flags-v1-client") - .setSSLContext(identityProvider.getIdentitySslContext()) - .setSSLHostnameVerifier(new FlagTargetsHostnameVerifier(targets)) + .setSSLSocketFactory(connectionSocketFactory) .setDefaultRequestConfig(RequestConfig.custom() .setConnectTimeout((int) Duration.ofSeconds(10).toMillis()) .setConnectionRequestTimeout((int) Duration.ofSeconds(10).toMillis()) diff --git a/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/restapi/systemflags/SystemFlagsDeployer.java b/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/restapi/systemflags/SystemFlagsDeployer.java index 1b543045adc..abc888abccb 100644 --- a/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/restapi/systemflags/SystemFlagsDeployer.java +++ b/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/restapi/systemflags/SystemFlagsDeployer.java @@ -4,10 +4,10 @@ package com.yahoo.vespa.hosted.controller.restapi.systemflags; import com.yahoo.concurrent.DaemonThreadFactory; import com.yahoo.config.provision.SystemName; import com.yahoo.text.Text; -import com.yahoo.vespa.athenz.identity.ServiceIdentityProvider; import com.yahoo.vespa.flags.FlagId; import com.yahoo.vespa.flags.Flags; import com.yahoo.vespa.flags.json.FlagData; +import com.yahoo.vespa.hosted.controller.api.integration.ControllerIdentityProvider; import com.yahoo.vespa.hosted.controller.api.systemflags.v1.FlagsTarget; import com.yahoo.vespa.hosted.controller.api.systemflags.v1.SystemFlagsDataArchive; import com.yahoo.vespa.hosted.controller.restapi.systemflags.SystemFlagsDeployResult.OperationError; @@ -46,7 +46,7 @@ class SystemFlagsDeployer { private final ExecutorService executor = Executors.newCachedThreadPool(new DaemonThreadFactory("system-flags-deployer-")); - SystemFlagsDeployer(ServiceIdentityProvider identityProvider, SystemName system, Set targets) { + SystemFlagsDeployer(ControllerIdentityProvider identityProvider, SystemName system, Set targets) { this(new FlagsClient(identityProvider, targets), system, targets); } diff --git a/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/restapi/systemflags/SystemFlagsHandler.java b/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/restapi/systemflags/SystemFlagsHandler.java index aaaf09fa781..ed27ffad978 100644 --- a/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/restapi/systemflags/SystemFlagsHandler.java +++ b/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/restapi/systemflags/SystemFlagsHandler.java @@ -8,7 +8,7 @@ import com.yahoo.container.jdisc.ThreadedHttpRequestHandler; import com.yahoo.restapi.ErrorResponse; import com.yahoo.restapi.JacksonJsonResponse; import com.yahoo.restapi.Path; -import com.yahoo.vespa.athenz.identity.ServiceIdentityProvider; +import com.yahoo.vespa.hosted.controller.api.integration.ControllerIdentityProvider; import com.yahoo.vespa.hosted.controller.api.integration.zone.ZoneRegistry; import com.yahoo.vespa.hosted.controller.api.systemflags.v1.FlagsTarget; import com.yahoo.vespa.hosted.controller.api.systemflags.v1.SystemFlagsDataArchive; @@ -30,7 +30,7 @@ public class SystemFlagsHandler extends ThreadedHttpRequestHandler { @Inject public SystemFlagsHandler(ZoneRegistry zoneRegistry, - ServiceIdentityProvider identityProvider, + ControllerIdentityProvider identityProvider, Executor executor) { super(executor); this.deployer = new SystemFlagsDeployer(identityProvider, zoneRegistry.system(), FlagsTarget.getAllTargetsInSystem(zoneRegistry, true)); diff --git a/controller-server/src/test/java/com/yahoo/vespa/hosted/controller/proxy/ConfigServerRestExecutorImplTest.java b/controller-server/src/test/java/com/yahoo/vespa/hosted/controller/proxy/ConfigServerRestExecutorImplTest.java index c4fbf1aa3a5..f5926e799af 100644 --- a/controller-server/src/test/java/com/yahoo/vespa/hosted/controller/proxy/ConfigServerRestExecutorImplTest.java +++ b/controller-server/src/test/java/com/yahoo/vespa/hosted/controller/proxy/ConfigServerRestExecutorImplTest.java @@ -4,11 +4,10 @@ package com.yahoo.vespa.hosted.controller.proxy; import ai.vespa.http.HttpURL.Path; import com.github.tomakehurst.wiremock.junit.WireMockRule; import com.github.tomakehurst.wiremock.stubbing.Scenario; -import com.yahoo.config.provision.SystemName; import com.yahoo.container.jdisc.HttpRequest; import com.yahoo.container.jdisc.HttpResponse; -import com.yahoo.vespa.hosted.controller.integration.ZoneRegistryMock; import com.yahoo.yolean.concurrent.Sleeper; +import org.apache.http.conn.ssl.SSLConnectionSocketFactory; import org.apache.http.protocol.HttpContext; import org.apache.http.protocol.HttpCoreContext; import org.junit.Rule; @@ -39,7 +38,7 @@ public class ConfigServerRestExecutorImplTest { @Test public void proxy_with_retries() throws Exception { var connectionReuseStrategy = new CountingConnectionReuseStrategy(Set.of("127.0.0.1")); - var proxy = new ConfigServerRestExecutorImpl(new ZoneRegistryMock(SystemName.cd), SSLContext.getDefault(), + var proxy = new ConfigServerRestExecutorImpl(new SSLConnectionSocketFactory(SSLContext.getDefault()), Sleeper.NOOP, connectionReuseStrategy); URI url = url(); @@ -64,8 +63,8 @@ public class ConfigServerRestExecutorImplTest { @Test public void proxy_without_connection_reuse() throws Exception { var connectionReuseStrategy = new CountingConnectionReuseStrategy(Set.of()); - var proxy = new ConfigServerRestExecutorImpl(new ZoneRegistryMock(SystemName.cd), SSLContext.getDefault(), - (duration) -> {}, connectionReuseStrategy); + var proxy = new ConfigServerRestExecutorImpl(new SSLConnectionSocketFactory(SSLContext.getDefault()), + Sleeper.NOOP, connectionReuseStrategy); URI url = url(); String path = url.getPath(); -- cgit v1.2.3