1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
|
package com.yahoo.config.provision;
import ai.vespa.validation.Validation;
import java.util.List;
import java.util.Objects;
/**
* Settings for a zone endpoint of a deployment.
*
* @author jonmv
*/
public class ZoneEndpoint {
public static final ZoneEndpoint defaultEndpoint = new ZoneEndpoint(true, false, List.of());
private final boolean isPublicEndpoint;
private final boolean isPrivateEndpoint;
private final List<AllowedUrn> allowedUrns;
public ZoneEndpoint(boolean isPublicEndpoint, boolean isPrivateEndpoint, List<AllowedUrn> allowedUrns) {
if ( ! allowedUrns.isEmpty() && ! isPrivateEndpoint)
throw new IllegalArgumentException("cannot list allowed urns, without also enabling private visibility");
this.isPublicEndpoint = isPublicEndpoint;
this.isPrivateEndpoint = isPrivateEndpoint;
this.allowedUrns = List.copyOf(allowedUrns);
}
/** Whether this has an endpoint which is visible from the public internet. */
public boolean isPublicEndpoint() {
return isPublicEndpoint;
}
/** Whether this has an endpoint which is visible through private DNS of the cloud. */
public boolean isPrivateEndpoint() {
return isPrivateEndpoint;
}
/** List of allowed URNs, for specified private access types. */
public List<AllowedUrn> allowedUrns() {
return allowedUrns;
}
/** List of URNs for the given access type. */
public List<String> allowedUrnsWith(AccessType type) {
return allowedUrns.stream().filter(urn -> urn.type == type).map(AllowedUrn::urn).toList();
}
public boolean isDefault() {
return equals(defaultEndpoint);
}
@Override
public boolean equals(Object o) {
if (this == o) return true;
if (o == null || getClass() != o.getClass()) return false;
ZoneEndpoint that = (ZoneEndpoint) o;
return isPublicEndpoint == that.isPublicEndpoint && isPrivateEndpoint == that.isPrivateEndpoint && allowedUrns.equals(that.allowedUrns);
}
@Override
public int hashCode() {
return Objects.hash(isPublicEndpoint, isPrivateEndpoint, allowedUrns);
}
@Override
public String toString() {
return "ZoneEndpoint{" +
"isPublicEndpoint=" + isPublicEndpoint +
", isPrivateEndpoint=" + isPrivateEndpoint +
", allowedUrns=" + allowedUrns +
'}';
}
public enum AccessType {
awsPrivateLink,
gcpServiceConnect,
}
/** A URN allowed to access this (private) endpoint, through a {@link AccessType} method. */
public static class AllowedUrn {
private final AccessType type;
private final String urn;
public AllowedUrn(AccessType type, String urn) {
this.type = Objects.requireNonNull(type);
this.urn = Validation.requireNonBlank(urn, "URN");
}
/** Type of private connection. */
public AccessType type() {
return type;
}
/** URN allowed to access this private endpoint. */
public String urn() {
return urn;
}
@Override
public boolean equals(Object o) {
if (this == o) return true;
if (o == null || getClass() != o.getClass()) return false;
AllowedUrn that = (AllowedUrn) o;
return type == that.type && urn.equals(that.urn);
}
@Override
public int hashCode() {
return Objects.hash(type, urn);
}
@Override
public String toString() {
return "'" + urn + "' through '" +
switch (type) {
case awsPrivateLink -> "aws-private-link";
case gcpServiceConnect -> "gcp-service-connect";
} + "'";
}
}
}
|
