blob: dc59f513509c347f6d2bdb39e78af307a7f9000d (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
|
package com.yahoo.vespa.hosted.controller.certificate;
import com.yahoo.config.provision.ApplicationId;
import com.yahoo.container.jdisc.HttpRequest;
import com.yahoo.container.jdisc.HttpResponse;
import com.yahoo.container.jdisc.ThreadedHttpRequestHandler;
import com.yahoo.restapi.RestApiException;
import com.yahoo.restapi.StringResponse;
import com.yahoo.vespa.hosted.controller.api.integration.ServiceRegistry;
import com.yahoo.vespa.hosted.controller.api.integration.certificates.EndpointCertificateMetadata;
import com.yahoo.vespa.hosted.controller.api.integration.certificates.EndpointCertificateProvider;
import com.yahoo.vespa.hosted.controller.api.integration.certificates.EndpointCertificateRequestMetadata;
import com.yahoo.vespa.hosted.controller.application.TenantAndApplicationId;
import com.yahoo.vespa.hosted.controller.persistence.CuratorDb;
import com.yahoo.vespa.hosted.controller.persistence.EndpointCertificateMetadataSerializer;
import java.util.List;
import java.util.Optional;
import java.util.concurrent.Executor;
import java.util.stream.Collectors;
import static com.yahoo.jdisc.http.HttpRequest.Method.GET;
import static com.yahoo.jdisc.http.HttpRequest.Method.POST;
/**
* List all certificate requests for a system, with their requested DNS names.
* Used for debugging, and verifying basic functionality of Cameo client in CD.
*
* @author andreer
*/
public class EndpointCertificatesHandler extends ThreadedHttpRequestHandler {
private final EndpointCertificateProvider endpointCertificateProvider;
private final CuratorDb curator;
public EndpointCertificatesHandler(Executor executor, ServiceRegistry serviceRegistry, CuratorDb curator) {
super(executor);
this.endpointCertificateProvider = serviceRegistry.endpointCertificateProvider();
this.curator = curator;
}
public HttpResponse handle(HttpRequest request) {
if (request.getMethod().equals(GET)) return listEndpointCertificates();
if (request.getMethod().equals(POST)) return reRequestEndpointCertificateFor(request.getProperty("application"));
throw new RestApiException.MethodNotAllowed(request);
}
public HttpResponse listEndpointCertificates() {
List<EndpointCertificateRequestMetadata> endpointCertificateMetadata = endpointCertificateProvider.listCertificates();
String requestsWithNames = endpointCertificateMetadata.stream()
.map(metadata -> metadata.requestId() + " : " +
String.join(", ", metadata.dnsNames().stream()
.map(dnsNameStatus -> dnsNameStatus.dnsName)
.collect(Collectors.joining(", "))))
.collect(Collectors.joining("\n"));
return new StringResponse(requestsWithNames);
}
public StringResponse reRequestEndpointCertificateFor(String instanceId) {
ApplicationId applicationId = ApplicationId.fromFullString(instanceId);
try (var lock = curator.lock(TenantAndApplicationId.from(applicationId))) {
EndpointCertificateMetadata endpointCertificateMetadata = curator.readEndpointCertificateMetadata(applicationId)
.orElseThrow(() -> new RestApiException.NotFound("No certificate found for application " + applicationId.serializedForm()));
EndpointCertificateMetadata reRequestedMetadata = endpointCertificateProvider.requestCaSignedCertificate(
applicationId, endpointCertificateMetadata.requestedDnsSans(), Optional.of(endpointCertificateMetadata));
curator.writeEndpointCertificateMetadata(applicationId, reRequestedMetadata);
return new StringResponse(EndpointCertificateMetadataSerializer.toSlime(reRequestedMetadata).toString());
}
}
}
|