blob: 1534cc03a7e8776945721f8971e889ad253509f8 (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
|
// Copyright Yahoo. Licensed under the terms of the Apache 2.0 license. See LICENSE in the project root.
package com.yahoo.vespa.config.server.tenant;
import com.yahoo.config.model.api.EndpointCertificateMetadata;
import com.yahoo.config.provision.ApplicationId;
import com.yahoo.path.Path;
import com.yahoo.slime.Slime;
import com.yahoo.slime.SlimeUtils;
import com.yahoo.vespa.curator.Curator;
import com.yahoo.vespa.curator.transaction.CuratorOperations;
import com.yahoo.vespa.curator.transaction.CuratorTransaction;
import java.util.Optional;
/**
* Stores the endpoint certificate metadata for an application.
* This metadata is then used to retrieve the actual secrets from {@link EndpointCertificateRetriever}.
*
* @author andreer
*/
public class EndpointCertificateMetadataStore {
private final Path path;
private final Curator curator;
public EndpointCertificateMetadataStore(Curator curator, Path tenantPath) {
this.curator = curator;
this.path = tenantPath.append("tlsSecretsKeys/");
}
/** Reads the endpoint certificate metadata from ZooKeeper, if it exists */
public Optional<EndpointCertificateMetadata> readEndpointCertificateMetadata(ApplicationId application) {
try {
Optional<byte[]> data = curator.getData(endpointCertificateMetadataPathOf(application));
if (data.isEmpty() || data.get().length == 0) return Optional.empty();
Slime slime = SlimeUtils.jsonToSlime(data.get());
EndpointCertificateMetadata endpointCertificateMetadata = EndpointCertificateMetadataSerializer.fromSlime(slime.get());
return Optional.of(endpointCertificateMetadata);
} catch (Exception e) {
throw new RuntimeException("Error reading endpoint certificate metadata for " + application, e);
}
}
/** Writes the endpoint certificate metadata to ZooKeeper */
public void writeEndpointCertificateMetadata(ApplicationId application, EndpointCertificateMetadata endpointCertificateMetadata) {
try {
Slime slime = new Slime();
EndpointCertificateMetadataSerializer.toSlime(endpointCertificateMetadata, slime.setObject());
curator.set(endpointCertificateMetadataPathOf(application), SlimeUtils.toJsonBytes(slime));
} catch (Exception e) {
throw new RuntimeException("Could not write endpoint certificate metadata for " + application, e);
}
}
/** Returns a transaction which deletes endpoint certificate metadata if it exists */
public CuratorTransaction delete(ApplicationId application) {
if (!curator.exists(endpointCertificateMetadataPathOf(application))) return CuratorTransaction.empty(curator);
return CuratorTransaction.from(CuratorOperations.delete(endpointCertificateMetadataPathOf(application).getAbsolute()), curator);
}
/** Returns the path storing the endpoint certificate metadata for an application */
private Path endpointCertificateMetadataPathOf(ApplicationId application) {
return path.append(application.serializedForm());
}
}
|
