blob: 33f20327d926a8168c3d4883a9c6c323511e2347 (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
|
package com.yahoo.vespa.hosted.controller.application.pkg;
import com.yahoo.text.XML;
import org.w3c.dom.Document;
import org.w3c.dom.Element;
import java.util.ArrayList;
import java.util.List;
import java.util.Objects;
/**
* A partially parsed variant of services.xml, for use by the {@link com.yahoo.vespa.hosted.controller.Controller}.
*
* @author mpolden
*/
public record BasicServicesXml(List<Container> containers) {
public static final BasicServicesXml empty = new BasicServicesXml(List.of());
private static final String SERVICES_TAG = "services";
private static final String CONTAINER_TAG = "container";
private static final String CLIENTS_TAG = "clients";
private static final String CLIENT_TAG = "client";
private static final String TOKEN_TAG = "token";
public BasicServicesXml(List<Container> containers) {
this.containers = List.copyOf(Objects.requireNonNull(containers));
}
/** Parse a services.xml from given document */
public static BasicServicesXml parse(Document document) {
Element root = document.getDocumentElement();
if (!root.getTagName().equals("services")) {
throw new IllegalArgumentException("Root tag must be <" + SERVICES_TAG + ">");
}
List<BasicServicesXml.Container> containers = new ArrayList<>();
for (var childNode : XML.getChildren(root)) {
if (childNode.getTagName().equals(CONTAINER_TAG)) {
String id = childNode.getAttribute("id");
if (id.isEmpty()) throw new IllegalArgumentException(CONTAINER_TAG + " tag requires 'id' attribute");
List<Container.AuthMethod> methods = parseAuthMethods(childNode);
containers.add(new Container(id, methods));
}
}
return new BasicServicesXml(containers);
}
private static List<BasicServicesXml.Container.AuthMethod> parseAuthMethods(Element containerNode) {
List<BasicServicesXml.Container.AuthMethod> methods = new ArrayList<>();
for (var node : XML.getChildren(containerNode)) {
if (node.getTagName().equals(CLIENTS_TAG)) {
for (var clientNode : XML.getChildren(node)) {
if (clientNode.getTagName().equals(CLIENT_TAG)) {
boolean tokenEnabled = XML.getChildren(clientNode).stream()
.anyMatch(n -> n.getTagName().equals(TOKEN_TAG));
methods.add(tokenEnabled ? Container.AuthMethod.token : Container.AuthMethod.mtls);
}
}
}
}
if (methods.isEmpty()) {
methods.add(Container.AuthMethod.mtls);
}
return methods;
}
/**
* A Vespa container service.
*
* @param id ID of container
* @param authMethods Authentication methods supported by this container
*/
public record Container(String id, List<AuthMethod> authMethods) {
public Container(String id, List<AuthMethod> authMethods) {
this.id = Objects.requireNonNull(id);
this.authMethods = Objects.requireNonNull(authMethods).stream()
.distinct()
.sorted()
.toList();
if (authMethods.isEmpty()) throw new IllegalArgumentException("Container must have at least one auth method");
}
public enum AuthMethod {
mtls,
token,
}
}
}
|
