From f3a3eb852d27ea4a84acfd6258d370bdc2f2effe Mon Sep 17 00:00:00 2001
From: Bjørn Christian Seime <bjorncs@oath.com>
Date: Wed, 9 May 2018 16:07:19 +0200
Subject: Clenaup of old config parameters in config-server.def

---
 .../node/admin/component/ConfigServerInfo.java     | 57 ++--------------------
 .../hosted/node/admin/component/Environment.java   | 21 +++++---
 .../admin/configserver/ConfigServerApiImpl.java    |  4 +-
 .../resources/configdefinitions/config-server.def  | 24 +--------
 4 files changed, 23 insertions(+), 83 deletions(-)

(limited to 'node-admin')

diff --git a/node-admin/src/main/java/com/yahoo/vespa/hosted/node/admin/component/ConfigServerInfo.java b/node-admin/src/main/java/com/yahoo/vespa/hosted/node/admin/component/ConfigServerInfo.java
index 5f0cb595fb5..93243f8b8ed 100644
--- a/node-admin/src/main/java/com/yahoo/vespa/hosted/node/admin/component/ConfigServerInfo.java
+++ b/node-admin/src/main/java/com/yahoo/vespa/hosted/node/admin/component/ConfigServerInfo.java
@@ -4,6 +4,7 @@ package com.yahoo.vespa.hosted.node.admin.component;
 import com.google.common.base.Strings;
 import com.yahoo.vespa.athenz.api.AthenzIdentity;
 import com.yahoo.vespa.athenz.api.AthenzService;
+import com.yahoo.vespa.athenz.utils.AthenzIdentities;
 import com.yahoo.vespa.hosted.node.admin.config.ConfigServerConfig;
 import com.yahoo.vespa.hosted.node.admin.util.KeyStoreOptions;
 
@@ -27,10 +28,7 @@ public class ConfigServerInfo {
     private final List<String> configServerHostNames;
     private final URI loadBalancerEndpoint;
     private final Map<String, URI> configServerURIs;
-    private final Optional<KeyStoreOptions> keyStoreOptions;
-    private final Optional<KeyStoreOptions> trustStoreOptions;
-    private final Optional<AthenzIdentity> athenzIdentity;
-    private final Optional<ConfigServerConfig.Sia> siaConfig;
+    private final AthenzService configServerIdentity;
 
     public ConfigServerInfo(ConfigServerConfig config) {
         this.configServerHostNames = config.hosts();
@@ -39,18 +37,7 @@ public class ConfigServerInfo {
                 config.hosts(),
                 config.port());
         this.loadBalancerEndpoint = createLoadBalancerEndpoint(config.loadBalancerHost(), config.scheme(), config.port());
-        this.keyStoreOptions = createKeyStoreOptions(
-                config.keyStoreConfig().path(),
-                config.keyStoreConfig().password().toCharArray(),
-                config.keyStoreConfig().type().name());
-        this.trustStoreOptions = createKeyStoreOptions(
-                config.trustStoreConfig().path(),
-                config.trustStoreConfig().password().toCharArray(),
-                config.trustStoreConfig().type().name());
-        this.athenzIdentity = createAthenzIdentity(
-                config.athenzDomain(),
-                config.serviceName());
-        this.siaConfig = verifySiaConfig(config.sia());
+        this.configServerIdentity = (AthenzService) AthenzIdentities.from(config.configserverAthenzIdentity());
     }
 
     private static URI createLoadBalancerEndpoint(String loadBalancerHost, String scheme, int port) {
@@ -78,20 +65,8 @@ public class ConfigServerInfo {
         return loadBalancerEndpoint;
     }
 
-    public Optional<KeyStoreOptions> getKeyStoreOptions() {
-        return keyStoreOptions;
-    }
-
-    public Optional<KeyStoreOptions> getTrustStoreOptions() {
-        return trustStoreOptions;
-    }
-
-    public Optional<AthenzIdentity> getAthenzIdentity() {
-        return athenzIdentity;
-    }
-
-    public Optional<ConfigServerConfig.Sia> getSiaConfig() {
-        return siaConfig;
+    public AthenzService getConfigServerIdentity() {
+        return configServerIdentity;
     }
 
     private static Map<String, URI> createConfigServerUris(
@@ -103,26 +78,4 @@ public class ConfigServerInfo {
                 hostname -> URI.create(scheme + "://" + hostname + ":" + port)));
     }
 
-    private static Optional<ConfigServerConfig.Sia> verifySiaConfig(ConfigServerConfig.Sia sia) {
-        List<String> configParams = Arrays.asList(
-                sia.credentialsPath(), sia.configserverIdentityName(), sia.hostIdentityName(), sia.trustStoreFile());
-        if (configParams.stream().allMatch(String::isEmpty)) {
-            return Optional.empty();
-        } else if (configParams.stream().noneMatch(String::isEmpty)) {
-            return Optional.of(sia);
-        } else {
-            throw new IllegalArgumentException("Inconsistent sia config: " + sia);
-        }
-    }
-
-    private static Optional<KeyStoreOptions> createKeyStoreOptions(String pathToKeyStore, char[] password, String type) {
-        return Optional.ofNullable(pathToKeyStore)
-                .filter(path -> !Strings.isNullOrEmpty(path))
-                .map(path -> new KeyStoreOptions(Paths.get(path), password, type));
-    }
-
-    private static Optional<AthenzIdentity> createAthenzIdentity(String athenzDomain, String serviceName) {
-        if (Strings.isNullOrEmpty(athenzDomain) || Strings.isNullOrEmpty(serviceName)) return Optional.empty();
-        return Optional.of(new AthenzService(athenzDomain, serviceName));
-    }
 }
diff --git a/node-admin/src/main/java/com/yahoo/vespa/hosted/node/admin/component/Environment.java b/node-admin/src/main/java/com/yahoo/vespa/hosted/node/admin/component/Environment.java
index 5498e86ce4f..42729d06891 100644
--- a/node-admin/src/main/java/com/yahoo/vespa/hosted/node/admin/component/Environment.java
+++ b/node-admin/src/main/java/com/yahoo/vespa/hosted/node/admin/component/Environment.java
@@ -14,6 +14,7 @@ import java.net.InetAddress;
 import java.net.URI;
 import java.net.UnknownHostException;
 import java.nio.file.Path;
+import java.nio.file.Paths;
 import java.text.DateFormat;
 import java.text.SimpleDateFormat;
 import java.time.Instant;
@@ -45,6 +46,7 @@ public class Environment {
     private static final String ZTS_URI = "ZTS_URL";
     private static final String NODE_ATHENZ_IDENTITY = "NODE_ATHENZ_IDENTITY";
     private static final String ENABLE_NODE_AGENT_CERT = "ENABLE_NODE_AGENT_CERT";
+    private static final String TRUST_STORE_PATH = "TRUST_STORE_PATH";
 
     private final ConfigServerInfo configServerInfo;
     private final String environment;
@@ -62,6 +64,7 @@ public class Environment {
     private final URI ztsUri;
     private final AthenzService nodeAthenzIdentity;
     private final boolean nodeAgentCertEnabled;
+    private final Path trustStorePath;
 
     static {
         filenameFormatter.setTimeZone(TimeZone.getTimeZone("UTC"));
@@ -69,6 +72,7 @@ public class Environment {
 
     public Environment(ConfigServerConfig configServerConfig) {
         this(configServerConfig,
+             Paths.get(getEnvironmentVariable(TRUST_STORE_PATH)),
              getEnvironmentVariable(ENVIRONMENT),
              getEnvironmentVariable(REGION),
              getEnvironmentVariable(SYSTEM),
@@ -87,6 +91,7 @@ public class Environment {
     }
 
     private Environment(ConfigServerConfig configServerConfig,
+                        Path trustStorePath,
                         String environment,
                         String region,
                         String system,
@@ -124,6 +129,7 @@ public class Environment {
         this.ztsUri = ztsUri;
         this.nodeAthenzIdentity = nodeAthenzIdentity;
         this.nodeAgentCertEnabled = nodeAgentCertEnabled;
+        this.trustStorePath = trustStorePath;
     }
 
     public List<String> getConfigServerHostNames() { return configServerInfo.getConfigServerHostNames(); }
@@ -239,16 +245,12 @@ public class Environment {
         return containerEnvironmentResolver;
     }
 
-    public ConfigServerInfo getConfigServerInfo() {
-        return configServerInfo;
-    }
-
     public Path getTrustStorePath() {
-        return configServerInfo.getTrustStoreOptions().map(o -> o.path).orElseThrow(IllegalStateException::new);
+        return trustStorePath;
     }
 
     public AthenzService getConfigserverAthenzIdentity() {
-        return (AthenzService) configServerInfo.getAthenzIdentity().orElseThrow(IllegalStateException::new);
+        return configServerInfo.getConfigServerIdentity();
     }
 
     public AthenzService getNodeAthenzIdentity() {
@@ -288,6 +290,7 @@ public class Environment {
         private URI ztsUri;
         private AthenzService nodeAthenzIdentity;
         private boolean nodeAgentCertEnabled;
+        private Path trustStorePath;
 
         public Builder configServerConfig(ConfigServerConfig configServerConfig) {
             this.configServerConfig = configServerConfig;
@@ -369,8 +372,14 @@ public class Environment {
             return this;
         }
 
+        public Builder trustStorePath(Path trustStorePath) {
+            this.trustStorePath = trustStorePath;
+            return this;
+        }
+
         public Environment build() {
             return new Environment(configServerConfig,
+                                   trustStorePath,
                                    environment,
                                    region,
                                    system,
diff --git a/node-admin/src/main/java/com/yahoo/vespa/hosted/node/admin/configserver/ConfigServerApiImpl.java b/node-admin/src/main/java/com/yahoo/vespa/hosted/node/admin/configserver/ConfigServerApiImpl.java
index 25ec4fbd1dd..12ba777f018 100644
--- a/node-admin/src/main/java/com/yahoo/vespa/hosted/node/admin/configserver/ConfigServerApiImpl.java
+++ b/node-admin/src/main/java/com/yahoo/vespa/hosted/node/admin/configserver/ConfigServerApiImpl.java
@@ -61,7 +61,7 @@ public class ConfigServerApiImpl implements ConfigServerApi {
     public static ConfigServerApiImpl create(ConfigServerInfo info, SiaIdentityProvider provider) {
         return new ConfigServerApiImpl(
                 info.getConfigServerUris(),
-                new AthenzIdentityVerifier(singleton(info.getAthenzIdentity().get())),
+                new AthenzIdentityVerifier(singleton(info.getConfigServerIdentity())),
                 provider);
     }
 
@@ -70,7 +70,7 @@ public class ConfigServerApiImpl implements ConfigServerApi {
                                                 HostName configServerHostname) {
         return new ConfigServerApiImpl(
                 Collections.singleton(info.getConfigServerUri(configServerHostname.value())),
-                new AthenzIdentityVerifier(singleton(info.getAthenzIdentity().get())),
+                new AthenzIdentityVerifier(singleton(info.getConfigServerIdentity())),
                 provider);
     }
 
diff --git a/node-admin/src/main/resources/configdefinitions/config-server.def b/node-admin/src/main/resources/configdefinitions/config-server.def
index 1fcf4bb0a62..6a088829bad 100644
--- a/node-admin/src/main/resources/configdefinitions/config-server.def
+++ b/node-admin/src/main/resources/configdefinitions/config-server.def
@@ -5,26 +5,4 @@ hosts[]                      string
 port                         int                         default=8080 range=[1,65535]
 scheme                       string                      default="http"
 loadBalancerHost             string                      default=""
-
-# TODO Remove once self-signed certs are gone
-# Optional options used to authenticate config server
-athenzDomain                 string                      default=""
-serviceName                  string                      default=""
-
-# Configuration of Athenz SIA (Service Identity Agent)
-sia.hostIdentityName         string                      default=""
-sia.configserverIdentityName string                      default=""
-sia.credentialsPath          string                      default=""
-sia.trustStoreFile           string                      default=""
-
-# TODO Remove once self-signed certs are gone
-# Optional options about key store to use when communicating with config server
-keyStoreConfig.path          string                      default=""      # Path to keystore
-keyStoreConfig.type          enum { JKS, PEM, PKCS12 }   default=JKS
-keyStoreConfig.password      string                      default=""
-
-# TODO Remove once self-signed certs are gone
-# Optional options about trust store to use to authenticate config server
-trustStoreConfig.path        string                      default=""
-trustStoreConfig.type        enum { JKS, PEM, PKCS12 }   default=JKS
-trustStoreConfig.password    string                      default=""
+configserverAthenzIdentity   string                      default="vespa.configserver"
\ No newline at end of file
-- 
cgit v1.2.3