From d9da501de962175b6798cef10c1bdbf7d74e827e Mon Sep 17 00:00:00 2001 From: Bjørn Christian Seime Date: Fri, 26 Jun 2020 16:27:31 +0200 Subject: Move shared tenant-cd-api implementations to new module Introduce new module tenant-cd-commons. Remove tenant-auth. Change package name for cloud-tenant-cd to avoid potential package conflict. Move ApiAuthenticator to hosted-api. --- .../vespa/hosted/api/DefaultApiAuthenticator.java | 21 +++++++++++++ .../ai/vespa/hosted/api/EndpointAuthenticator.java | 35 ---------------------- 2 files changed, 21 insertions(+), 35 deletions(-) create mode 100644 hosted-api/src/main/java/ai/vespa/hosted/api/DefaultApiAuthenticator.java delete mode 100644 hosted-api/src/main/java/ai/vespa/hosted/api/EndpointAuthenticator.java (limited to 'hosted-api/src/main') diff --git a/hosted-api/src/main/java/ai/vespa/hosted/api/DefaultApiAuthenticator.java b/hosted-api/src/main/java/ai/vespa/hosted/api/DefaultApiAuthenticator.java new file mode 100644 index 00000000000..cdd9a9a56dc --- /dev/null +++ b/hosted-api/src/main/java/ai/vespa/hosted/api/DefaultApiAuthenticator.java @@ -0,0 +1,21 @@ +// Copyright 2020 Oath Inc. Licensed under the terms of the Apache 2.0 license. See LICENSE in the project root. +package ai.vespa.hosted.api; + +public class DefaultApiAuthenticator implements ai.vespa.hosted.api.ApiAuthenticator { + + /** Returns a controller client using mTLS if a key and certificate pair is provided, or signed requests otherwise. */ + @Override + public ControllerHttpClient controller() { + return Properties.apiCertificateFile() + .map(certificateFile -> ControllerHttpClient.withKeyAndCertificate(Properties.apiEndpoint(), + Properties.apiKeyFile(), + certificateFile)) + .or(() -> Properties.apiKey().map(apiKey -> ControllerHttpClient.withSignatureKey(Properties.apiEndpoint(), + apiKey, + Properties.application()))) + .orElseGet(() -> ControllerHttpClient.withSignatureKey(Properties.apiEndpoint(), + Properties.apiKeyFile(), + Properties.application())); + } + +} diff --git a/hosted-api/src/main/java/ai/vespa/hosted/api/EndpointAuthenticator.java b/hosted-api/src/main/java/ai/vespa/hosted/api/EndpointAuthenticator.java deleted file mode 100644 index 81813335a63..00000000000 --- a/hosted-api/src/main/java/ai/vespa/hosted/api/EndpointAuthenticator.java +++ /dev/null @@ -1,35 +0,0 @@ -// Copyright 2020 Oath Inc. Licensed under the terms of the Apache 2.0 license. See LICENSE in the project root. -package ai.vespa.hosted.api; - -import javax.net.ssl.SSLContext; -import java.net.http.HttpRequest; -import java.security.NoSuchAlgorithmException; -import java.util.Optional; - -/** - * Adds environment dependent authentication to HTTP request against Vespa deployments. - * - * An implementation typically needs to override either of the methods in this interface, - * and needs to run in different environments, e.g., local user testing and automatic testing - * in a deployment pipeline. - * - * @author jonmv - */ -public interface EndpointAuthenticator { - - /** Returns an SSLContext which provides authentication against a Vespa endpoint. */ - default SSLContext sslContext() { - try { - return SSLContext.getDefault(); - } - catch (NoSuchAlgorithmException e) { - throw new RuntimeException(e); - } - } - - /** Adds necessary authentication data to the given HTTP request builder, to pass the data plane of a Vespa endpoint. */ - default HttpRequest.Builder authenticated(HttpRequest.Builder request) { - return request; - } - -} -- cgit v1.2.3