controller-server/src/main/java/com/yahoo/vespa/hosted/controller/athenz/impl/AthenzClientFactoryImpl.java


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75

// Copyright Vespa.ai. Licensed under the terms of the Apache 2.0 license. See LICENSE in the project root.
package com.yahoo.vespa.hosted.controller.athenz.impl;

import ai.vespa.metrics.ControllerMetrics;
import com.yahoo.component.annotation.Inject;
import com.yahoo.jdisc.Metric;
import com.yahoo.vespa.athenz.api.AthenzIdentity;
import com.yahoo.vespa.athenz.client.ErrorHandler;
import com.yahoo.vespa.athenz.client.zms.DefaultZmsClient;
import com.yahoo.vespa.athenz.client.zms.ZmsClient;
import com.yahoo.vespa.athenz.client.zts.DefaultZtsClient;
import com.yahoo.vespa.athenz.client.zts.ZtsClient;
import com.yahoo.vespa.athenz.identity.ServiceIdentityProvider;
import com.yahoo.vespa.hosted.controller.api.integration.athenz.AthenzClientFactory;
import com.yahoo.vespa.hosted.controller.athenz.config.AthenzConfig;

import java.net.URI;
import java.util.HashMap;
import java.util.Map;

/**
 * @author bjorncs
 */
public class AthenzClientFactoryImpl implements AthenzClientFactory {

    private static final String METRIC_NAME = ControllerMetrics.ATHENZ_REQUEST_ERROR.baseName();
    private static final String ATHENZ_SERVICE_DIMENSION = "athenz-service";
    private static final String EXCEPTION_DIMENSION = "exception";

    private final AthenzConfig config;
    private final ServiceIdentityProvider identityProvider;
    private final Metric metrics;
    private final Map<String, Metric.Context> metricContexts;

    @Inject
    public AthenzClientFactoryImpl(ServiceIdentityProvider identityProvider, AthenzConfig config, Metric metrics) {
        this.identityProvider = identityProvider;
        this.config = config;
        this.metrics = metrics;
        this.metricContexts = new HashMap<>();
    }

    @Override
    public AthenzIdentity getControllerIdentity() {
        return identityProvider.identity();
    }

    /**
     * @return A ZMS client instance with the service identity as principal.
     */
    @Override
    public ZmsClient createZmsClient() {
        return new DefaultZmsClient(URI.create(config.zmsUrl()), identityProvider, this::reportMetricErrorHandler);
    }

    /**
     * @return A ZTS client instance with the service identity as principal.
     */
    @Override
    public ZtsClient createZtsClient() {
        return new DefaultZtsClient.Builder(URI.create(config.ztsUrl())).withIdentityProvider(identityProvider).build();
    }

    @Override
    public boolean cacheLookups() {
        return true;
    }

    private void reportMetricErrorHandler(ErrorHandler.RequestProperties request, Exception error) {
        Metric.Context context = metricContexts.computeIfAbsent(request.hostname(), host -> metrics.createContext(
                Map.of(ATHENZ_SERVICE_DIMENSION, host,
                        EXCEPTION_DIMENSION, error.getClass().getSimpleName())));
        metrics.add(METRIC_NAME, 1, context);
    }
}