From ce08379e47b9e02836026d111e1a27681b21c715 Mon Sep 17 00:00:00 2001 From: Jon Marius Venstad Date: Fri, 7 Jun 2019 17:27:22 +0200 Subject: Move tenant authentication to new module tenant-auth, to override internally --- .../main/java/ai/vespa/hosted/cd/EmptyGroup.java | 9 +++++ .../main/java/ai/vespa/hosted/cd/TestConfig.java | 20 ---------- .../java/ai/vespa/hosted/cd/http/HttpEndpoint.java | 5 ++- .../java/ai/vespa/hosted/cd/http/Security.java | 43 ---------------------- 4 files changed, 13 insertions(+), 64 deletions(-) create mode 100644 tenant-cd/src/main/java/ai/vespa/hosted/cd/EmptyGroup.java delete mode 100644 tenant-cd/src/main/java/ai/vespa/hosted/cd/http/Security.java (limited to 'tenant-cd/src') diff --git a/tenant-cd/src/main/java/ai/vespa/hosted/cd/EmptyGroup.java b/tenant-cd/src/main/java/ai/vespa/hosted/cd/EmptyGroup.java new file mode 100644 index 00000000000..8deca3cfb11 --- /dev/null +++ b/tenant-cd/src/main/java/ai/vespa/hosted/cd/EmptyGroup.java @@ -0,0 +1,9 @@ +package ai.vespa.hosted.cd; + +/** + * The Surefire configuration element <excludedGroups> requires a non-empty argument to reset another. + * This class serves that purpose. Without it, no tests run in the various integration test profiles. + * + * @author jonmv + */ +public interface EmptyGroup { } diff --git a/tenant-cd/src/main/java/ai/vespa/hosted/cd/TestConfig.java b/tenant-cd/src/main/java/ai/vespa/hosted/cd/TestConfig.java index ed9aea0e9b0..36c14a38b37 100644 --- a/tenant-cd/src/main/java/ai/vespa/hosted/cd/TestConfig.java +++ b/tenant-cd/src/main/java/ai/vespa/hosted/cd/TestConfig.java @@ -81,18 +81,6 @@ public class TestConfig { } static TestConfig fromController() { - ApplicationId id = ApplicationId.from(requireNonBlankProperty("tenant"), - requireNonBlankProperty("application"), - getNonBlankProperty("instance").orElse("default")); - - URI endpoint = URI.create(requireNonBlankProperty("endpoint")); - Path privateKeyFile = Paths.get(requireNonBlankProperty("privateKeyFile")); - Optional certificateFile = getNonBlankProperty("certificateFile").map(Paths::get); - - ControllerHttpClient controller = certificateFile.isPresent() - ? ControllerHttpClient.withKeyAndCertificate(endpoint, privateKeyFile, certificateFile.get()) - : ControllerHttpClient.withSignatureKey(endpoint, privateKeyFile, id); - return null; } @@ -110,12 +98,4 @@ public class TestConfig { return new TestConfig(application, zone, system, endpoints); } - static Optional getNonBlankProperty(String name) { - return Optional.ofNullable(System.getProperty(name)).filter(value -> ! value.isBlank()); - } - - static String requireNonBlankProperty(String name) { - return getNonBlankProperty(name).orElseThrow(() -> new IllegalStateException("Missing required property '" + name + "'")); - } - } diff --git a/tenant-cd/src/main/java/ai/vespa/hosted/cd/http/HttpEndpoint.java b/tenant-cd/src/main/java/ai/vespa/hosted/cd/http/HttpEndpoint.java index 7b4f09650ce..e0d3787a21c 100644 --- a/tenant-cd/src/main/java/ai/vespa/hosted/cd/http/HttpEndpoint.java +++ b/tenant-cd/src/main/java/ai/vespa/hosted/cd/http/HttpEndpoint.java @@ -1,5 +1,6 @@ package ai.vespa.hosted.cd.http; +import ai.vespa.hosted.auth.Authenticator; import com.yahoo.slime.Inspector; import com.yahoo.slime.JsonDecoder; import com.yahoo.slime.Slime; @@ -28,11 +29,13 @@ public class HttpEndpoint implements TestEndpoint { private final URI endpoint; private final HttpClient client; + private final Authenticator authenticator; public HttpEndpoint(URI endpoint) { this.endpoint = requireNonNull(endpoint); + this.authenticator = new Authenticator(); this.client = HttpClient.newBuilder() - .sslContext(Security.sslContext()) + .sslContext(authenticator.sslContext()) .connectTimeout(Duration.ofSeconds(5)) .version(HttpClient.Version.HTTP_1_1) .build(); diff --git a/tenant-cd/src/main/java/ai/vespa/hosted/cd/http/Security.java b/tenant-cd/src/main/java/ai/vespa/hosted/cd/http/Security.java deleted file mode 100644 index b4524e3922a..00000000000 --- a/tenant-cd/src/main/java/ai/vespa/hosted/cd/http/Security.java +++ /dev/null @@ -1,43 +0,0 @@ -package ai.vespa.hosted.cd.http; - -import com.yahoo.security.KeyUtils; -import com.yahoo.security.SslContextBuilder; -import com.yahoo.security.X509CertificateUtils; - -import javax.net.ssl.SSLContext; -import java.io.IOException; -import java.io.UncheckedIOException; -import java.nio.file.Files; -import java.nio.file.Path; -import java.security.PrivateKey; -import java.security.cert.X509Certificate; -import java.time.Instant; - -/** - * Miscellaneous related to HTTP security and authentication. - */ -public class Security { - - private Security() { } - - /** Returns an SSLContext from "key" and "cert" files found under {@code System.getProperty("vespa.test.credentials.root")}. */ - public static SSLContext sslContext() { - try { - Path credentialsRoot = Path.of(System.getProperty("vespa.test.credentials.root")); - Path certificateFile = credentialsRoot.resolve("cert"); - Path privateKeyFile = credentialsRoot.resolve("key"); - - X509Certificate certificate = X509CertificateUtils.fromPem(new String(Files.readAllBytes(certificateFile))); - if ( Instant.now().isBefore(certificate.getNotBefore().toInstant()) - || Instant.now().isAfter(certificate.getNotAfter().toInstant())) - throw new IllegalStateException("Certificate at '" + certificateFile + "' is valid between " + - certificate.getNotBefore() + " and " + certificate.getNotAfter() + " — not now."); - - PrivateKey privateKey = KeyUtils.fromPemEncodedPrivateKey(new String(Files.readAllBytes(privateKeyFile))); - return new SslContextBuilder().withKeyStore(privateKey, certificate).build(); - } catch (IOException e) { - throw new UncheckedIOException(e); - } - } - -} -- cgit v1.2.3