1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
|
// Copyright Yahoo. Licensed under the terms of the Apache 2.0 license. See LICENSE in the project root.
package com.yahoo.vespa.config.server.session;
import com.yahoo.component.Version;
import com.yahoo.config.model.api.ContainerEndpoint;
import com.yahoo.config.model.api.EndpointCertificateMetadata;
import com.yahoo.config.model.api.Quota;
import com.yahoo.config.model.api.TenantSecretStore;
import com.yahoo.config.provision.ApplicationId;
import com.yahoo.config.provision.AthenzDomain;
import com.yahoo.config.provision.CloudAccount;
import com.yahoo.config.provision.DataplaneToken;
import com.yahoo.config.provision.DockerImage;
import com.yahoo.config.provision.TenantName;
import com.yahoo.container.jdisc.HttpRequest;
import com.yahoo.security.X509CertificateUtils;
import com.yahoo.slime.Inspector;
import com.yahoo.slime.Slime;
import com.yahoo.slime.SlimeUtils;
import com.yahoo.vespa.config.server.TimeoutBudget;
import com.yahoo.vespa.config.server.http.SessionHandler;
import com.yahoo.vespa.config.server.tenant.CloudAccountSerializer;
import com.yahoo.vespa.config.server.tenant.ContainerEndpointSerializer;
import com.yahoo.vespa.config.server.tenant.DataplaneTokenSerializer;
import com.yahoo.vespa.config.server.tenant.EndpointCertificateMetadataSerializer;
import com.yahoo.vespa.config.server.tenant.TenantSecretStoreSerializer;
import java.security.cert.X509Certificate;
import java.time.Clock;
import java.time.Duration;
import java.util.List;
import java.util.Objects;
import java.util.Optional;
import java.util.function.Function;
import java.util.stream.Collectors;
/**
* Parameters for preparing an application. Immutable.
*
* @author Ulf Lilleengen
*/
public final class PrepareParams {
static final String APPLICATION_NAME_PARAM_NAME = "applicationName";
static final String INSTANCE_PARAM_NAME = "instance";
static final String IGNORE_VALIDATION_PARAM_NAME = "ignoreValidationErrors";
static final String DRY_RUN_PARAM_NAME = "dryRun";
static final String VERBOSE_PARAM_NAME = "verbose";
static final String VESPA_VERSION_PARAM_NAME = "vespaVersion";
static final String CONTAINER_ENDPOINTS_PARAM_NAME = "containerEndpoints";
static final String ENDPOINT_CERTIFICATE_METADATA_PARAM_NAME = "endpointCertificateMetadata";
static final String DOCKER_IMAGE_REPOSITORY = "dockerImageRepository";
static final String ATHENZ_DOMAIN = "athenzDomain";
static final String QUOTA_PARAM_NAME = "quota";
static final String TENANT_SECRET_STORES_PARAM_NAME = "tenantSecretStores";
static final String FORCE_PARAM_NAME = "force";
static final String WAIT_FOR_RESOURCES_IN_PREPARE = "waitForResourcesInPrepare";
static final String OPERATOR_CERTIFICATES = "operatorCertificates";
static final String CLOUD_ACCOUNT = "cloudAccount";
static final String DATAPLANE_TOKENS = "dataplaneTokens";
private final ApplicationId applicationId;
private final TimeoutBudget timeoutBudget;
private final boolean ignoreValidationErrors;
private final boolean dryRun;
private final boolean verbose;
private final boolean isBootstrap;
private final boolean force;
private final boolean waitForResourcesInPrepare;
private final Optional<Version> vespaVersion;
private final List<ContainerEndpoint> containerEndpoints;
private final Optional<EndpointCertificateMetadata> endpointCertificateMetadata;
private final Optional<DockerImage> dockerImageRepository;
private final Optional<AthenzDomain> athenzDomain;
private final Optional<Quota> quota;
private final List<TenantSecretStore> tenantSecretStores;
private final List<X509Certificate> operatorCertificates;
private final Optional<CloudAccount> cloudAccount;
private final List<DataplaneToken> dataplaneTokens;
private PrepareParams(ApplicationId applicationId,
TimeoutBudget timeoutBudget,
boolean ignoreValidationErrors,
boolean dryRun,
boolean verbose,
boolean isBootstrap,
Optional<Version> vespaVersion,
List<ContainerEndpoint> containerEndpoints,
Optional<EndpointCertificateMetadata> endpointCertificateMetadata,
Optional<DockerImage> dockerImageRepository,
Optional<AthenzDomain> athenzDomain,
Optional<Quota> quota,
List<TenantSecretStore> tenantSecretStores,
boolean force,
boolean waitForResourcesInPrepare,
List<X509Certificate> operatorCertificates,
Optional<CloudAccount> cloudAccount,
List<DataplaneToken> dataplaneTokens) {
this.timeoutBudget = timeoutBudget;
this.applicationId = Objects.requireNonNull(applicationId);
this.ignoreValidationErrors = ignoreValidationErrors;
this.dryRun = dryRun;
this.verbose = verbose;
this.isBootstrap = isBootstrap;
this.vespaVersion = vespaVersion;
this.containerEndpoints = containerEndpoints;
this.endpointCertificateMetadata = endpointCertificateMetadata;
this.dockerImageRepository = dockerImageRepository;
this.athenzDomain = athenzDomain;
this.quota = quota;
this.tenantSecretStores = tenantSecretStores;
this.force = force;
this.waitForResourcesInPrepare = waitForResourcesInPrepare;
this.operatorCertificates = operatorCertificates;
this.cloudAccount = Objects.requireNonNull(cloudAccount);
this.dataplaneTokens = dataplaneTokens;
}
public static class Builder {
private boolean ignoreValidationErrors = false;
private boolean dryRun = false;
private boolean verbose = false;
private boolean isBootstrap = false;
private boolean force = false;
private boolean waitForResourcesInPrepare = false;
private ApplicationId applicationId = null;
private TimeoutBudget timeoutBudget = new TimeoutBudget(Clock.systemUTC(), Duration.ofSeconds(60));
private Optional<Version> vespaVersion = Optional.empty();
private List<ContainerEndpoint> containerEndpoints = null;
private Optional<EndpointCertificateMetadata> endpointCertificateMetadata = Optional.empty();
private Optional<DockerImage> dockerImageRepository = Optional.empty();
private Optional<AthenzDomain> athenzDomain = Optional.empty();
private Optional<Quota> quota = Optional.empty();
private List<TenantSecretStore> tenantSecretStores = List.of();
private List<X509Certificate> operatorCertificates = List.of();
private Optional<CloudAccount> cloudAccount = Optional.empty();
private List<DataplaneToken> dataplaneTokens = List.of();
public Builder() { }
public Builder applicationId(ApplicationId applicationId) {
this.applicationId = applicationId;
return this;
}
public Builder ignoreValidationErrors(boolean ignoreValidationErrors) {
this.ignoreValidationErrors = ignoreValidationErrors;
return this;
}
public Builder dryRun(boolean dryRun) {
this.dryRun = dryRun;
return this;
}
public Builder verbose(boolean verbose) {
this.verbose = verbose;
return this;
}
public Builder isBootstrap(boolean isBootstrap) {
this.isBootstrap = isBootstrap;
return this;
}
public Builder timeoutBudget(TimeoutBudget timeoutBudget) {
this.timeoutBudget = timeoutBudget;
return this;
}
public Builder vespaVersion(String vespaVersion) {
Optional<Version> version = Optional.empty();
if (vespaVersion != null && !vespaVersion.isEmpty()) {
version = Optional.of(Version.fromString(vespaVersion));
}
this.vespaVersion = version;
return this;
}
public Builder vespaVersion(Version vespaVersion) {
this.vespaVersion = Optional.ofNullable(vespaVersion);
return this;
}
public Builder containerEndpoints(String serialized) {
this.containerEndpoints = (serialized == null)
? List.of()
: ContainerEndpointSerializer.endpointListFromSlime(SlimeUtils.jsonToSlime(serialized));
return this;
}
public Builder containerEndpointList(List<ContainerEndpoint> endpoints) {
this.containerEndpoints = endpoints;
return this;
}
public Builder endpointCertificateMetadata(EndpointCertificateMetadata endpointCertificateMetadata) {
this.endpointCertificateMetadata = Optional.ofNullable(endpointCertificateMetadata);
return this;
}
public Builder endpointCertificateMetadata(String serialized) {
this.endpointCertificateMetadata = (serialized == null)
? Optional.empty()
: Optional.of(EndpointCertificateMetadataSerializer.fromSlime(SlimeUtils.jsonToSlime(serialized).get()));
return this;
}
public Builder dockerImageRepository(String dockerImageRepository) {
this.dockerImageRepository = (dockerImageRepository == null)
? Optional.empty()
: Optional.of(DockerImage.fromString(dockerImageRepository));
return this;
}
public Builder dockerImageRepository(DockerImage dockerImageRepository) {
this.dockerImageRepository = Optional.ofNullable(dockerImageRepository);
return this;
}
public Builder athenzDomain(String athenzDomain) {
this.athenzDomain = Optional.ofNullable(athenzDomain).map(AthenzDomain::from);
return this;
}
public Builder athenzDomain(AthenzDomain athenzDomain) {
this.athenzDomain = Optional.ofNullable(athenzDomain);
return this;
}
public Builder quota(Quota quota) {
this.quota = Optional.ofNullable(quota);
return this;
}
public Builder quota(String serialized) {
this.quota = (serialized == null)
? Optional.empty()
: Optional.of(Quota.fromSlime(SlimeUtils.jsonToSlime(serialized).get()));
return this;
}
public Builder tenantSecretStores(String serialized) {
List<TenantSecretStore> secretStores = (serialized == null)
? List.of()
: TenantSecretStoreSerializer.listFromSlime(SlimeUtils.jsonToSlime(serialized).get());
return tenantSecretStores(secretStores);
}
public Builder tenantSecretStores(List<TenantSecretStore> tenantSecretStores) {
this.tenantSecretStores = tenantSecretStores;
return this;
}
public Builder waitForResourcesInPrepare(boolean waitForResourcesInPrepare) {
this.waitForResourcesInPrepare = waitForResourcesInPrepare;
return this;
}
public Builder force(boolean force) {
this.force = force;
return this;
}
public Builder operatorCertificates(List<X509Certificate> operatorCertificates) {
this.operatorCertificates = List.copyOf(operatorCertificates);
return this;
}
public Builder cloudAccount(CloudAccount cloudAccount) {
this.cloudAccount = Optional.ofNullable(cloudAccount);
return this;
}
public Builder dataplaneTokens(List<DataplaneToken> dataplaneTokens) {
this.dataplaneTokens = List.copyOf(dataplaneTokens);
return this;
}
public PrepareParams build() {
return new PrepareParams(applicationId,
timeoutBudget,
ignoreValidationErrors,
dryRun,
verbose,
isBootstrap,
vespaVersion,
containerEndpoints,
endpointCertificateMetadata,
dockerImageRepository,
athenzDomain,
quota,
tenantSecretStores,
force,
waitForResourcesInPrepare,
operatorCertificates,
cloudAccount,
dataplaneTokens);
}
}
public static PrepareParams fromHttpRequest(HttpRequest request, TenantName tenant, Duration barrierTimeout) {
return new Builder().ignoreValidationErrors(request.getBooleanProperty(IGNORE_VALIDATION_PARAM_NAME))
.dryRun(request.getBooleanProperty(DRY_RUN_PARAM_NAME))
.verbose(request.getBooleanProperty(VERBOSE_PARAM_NAME))
.timeoutBudget(SessionHandler.getTimeoutBudget(request, barrierTimeout))
.applicationId(createApplicationId(request, tenant))
.vespaVersion(request.getProperty(VESPA_VERSION_PARAM_NAME))
.containerEndpoints(request.getProperty(CONTAINER_ENDPOINTS_PARAM_NAME))
.endpointCertificateMetadata(request.getProperty(ENDPOINT_CERTIFICATE_METADATA_PARAM_NAME))
.dockerImageRepository(request.getProperty(DOCKER_IMAGE_REPOSITORY))
.athenzDomain(request.getProperty(ATHENZ_DOMAIN))
.quota(request.getProperty(QUOTA_PARAM_NAME))
.tenantSecretStores(request.getProperty(TENANT_SECRET_STORES_PARAM_NAME))
.force(request.getBooleanProperty(FORCE_PARAM_NAME))
.waitForResourcesInPrepare(request.getBooleanProperty(WAIT_FOR_RESOURCES_IN_PREPARE))
.build();
}
public static PrepareParams fromJson(byte[] json, TenantName tenant, Duration barrierTimeout) {
Slime slime = SlimeUtils.jsonToSlimeOrThrow(json);
Inspector params = slime.get();
return new Builder()
.ignoreValidationErrors(booleanValue(params, IGNORE_VALIDATION_PARAM_NAME))
.dryRun(booleanValue(params, DRY_RUN_PARAM_NAME))
.verbose(booleanValue(params, VERBOSE_PARAM_NAME))
.timeoutBudget(SessionHandler.getTimeoutBudget(getTimeout(params, barrierTimeout)))
.applicationId(createApplicationId(params, tenant))
.vespaVersion(SlimeUtils.optionalString(params.field(VESPA_VERSION_PARAM_NAME)).orElse(null))
.containerEndpointList(deserialize(params.field(CONTAINER_ENDPOINTS_PARAM_NAME), ContainerEndpointSerializer::endpointListFromSlime, List.of()))
.endpointCertificateMetadata(deserialize(params.field(ENDPOINT_CERTIFICATE_METADATA_PARAM_NAME), EndpointCertificateMetadataSerializer::fromSlime))
.dockerImageRepository(SlimeUtils.optionalString(params.field(DOCKER_IMAGE_REPOSITORY)).orElse(null))
.athenzDomain(SlimeUtils.optionalString(params.field(ATHENZ_DOMAIN)).orElse(null))
.quota(deserialize(params.field(QUOTA_PARAM_NAME), Quota::fromSlime))
.tenantSecretStores(deserialize(params.field(TENANT_SECRET_STORES_PARAM_NAME), TenantSecretStoreSerializer::listFromSlime, List.of()))
.force(booleanValue(params, FORCE_PARAM_NAME))
.waitForResourcesInPrepare(booleanValue(params, WAIT_FOR_RESOURCES_IN_PREPARE))
.operatorCertificates(deserialize(params.field(OPERATOR_CERTIFICATES), PrepareParams::readOperatorCertificates, List.of()))
.cloudAccount(deserialize(params.field(CLOUD_ACCOUNT), CloudAccountSerializer::fromSlime, null))
.dataplaneTokens(deserialize(params.field(DATAPLANE_TOKENS), DataplaneTokenSerializer::fromSlime, List.of()))
.build();
}
private static <T> T deserialize(Inspector field, Function<Inspector, T> mapper) {
return deserialize(field, mapper, null);
}
private static <T> T deserialize(Inspector field, Function<Inspector, T> mapper, T defaultValue) {
return field.valid()
? mapper.apply(field)
: defaultValue;
}
private static boolean booleanValue(Inspector inspector, String fieldName) {
Inspector field = inspector.field(fieldName);
return field.valid() && field.asBool();
}
private static Duration getTimeout(Inspector params, Duration defaultTimeout) {
if (params.field("timeout").valid()) {
return Duration.ofSeconds(params.field("timeout").asLong());
} else {
return defaultTimeout;
}
}
private static ApplicationId createApplicationId(Inspector params, TenantName tenant) {
return new ApplicationId.Builder()
.tenant(tenant)
.applicationName(SlimeUtils.optionalString(params.field(APPLICATION_NAME_PARAM_NAME)).orElse("default"))
.instanceName(SlimeUtils.optionalString(params.field(INSTANCE_PARAM_NAME)).orElse("default"))
.build();
}
private static ApplicationId createApplicationId(HttpRequest request, TenantName tenant) {
return new ApplicationId.Builder()
.tenant(tenant)
.applicationName(getPropertyWithDefault(request, APPLICATION_NAME_PARAM_NAME, "default"))
.instanceName(getPropertyWithDefault(request, INSTANCE_PARAM_NAME, "default"))
.build();
}
private static String getPropertyWithDefault(HttpRequest request, String propertyName, String defaultProperty) {
return getProperty(request, propertyName).orElse(defaultProperty);
}
private static Optional<String> getProperty(HttpRequest request, String propertyName) {
return Optional.ofNullable(request.getProperty(propertyName));
}
private static List<X509Certificate> readOperatorCertificates(Inspector array) {
return SlimeUtils.entriesStream(array)
.map(Inspector::asString)
.map(X509CertificateUtils::fromPem)
.toList();
}
public String getApplicationName() {
return applicationId.application().value();
}
public ApplicationId getApplicationId() { return applicationId; }
/** Returns the Vespa version the nodes running the prepared system should have, or empty to use the system version */
public Optional<Version> vespaVersion() { return vespaVersion; }
/** Returns the container endpoints that should be made available for this deployment. One per cluster */
public List<ContainerEndpoint> containerEndpoints() {
return containerEndpoints;
}
public boolean ignoreValidationErrors() {
return ignoreValidationErrors;
}
public boolean isDryRun() { return dryRun; }
public boolean isVerbose() {
return verbose;
}
public boolean isBootstrap() { return isBootstrap; }
public boolean force() { return force; }
public boolean waitForResourcesInPrepare() { return waitForResourcesInPrepare; }
public TimeoutBudget getTimeoutBudget() {
return timeoutBudget;
}
public Optional<EndpointCertificateMetadata> endpointCertificateMetadata() {
return endpointCertificateMetadata;
}
public Optional<DockerImage> dockerImageRepository() {
return dockerImageRepository;
}
public Optional<AthenzDomain> athenzDomain() { return athenzDomain; }
public Optional<Quota> quota() {
return quota;
}
public List<TenantSecretStore> tenantSecretStores() {
return tenantSecretStores;
}
public List<X509Certificate> operatorCertificates() {
return operatorCertificates;
}
public Optional<CloudAccount> cloudAccount() {
return cloudAccount;
}
public List<DataplaneToken> dataplaneTokens() {
return dataplaneTokens;
}
}
|
