-
Notifications
You must be signed in to change notification settings - Fork 603
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge pull request #32481 from vespa-engine/move-secret-impl-to-open-…
…source_pt2_try4 Move secret impl to open source pt2 try4
- Loading branch information
Showing
19 changed files
with
947 additions
and
23 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
34 changes: 34 additions & 0 deletions
34
container-disc/src/main/java/ai/vespa/secret/internal/TypedSecretStore.java
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,34 @@ | ||
| package ai.vespa.secret.internal; | ||
|
|
||
| import ai.vespa.secret.model.Key; | ||
| import ai.vespa.secret.model.Secret; | ||
| import ai.vespa.secret.model.SecretVersionId; | ||
| import com.yahoo.container.jdisc.secretstore.SecretStore; | ||
|
|
||
| import java.util.List; | ||
|
|
||
| public interface TypedSecretStore extends SecretStore { | ||
|
|
||
| enum Type { | ||
| PUBLIC, | ||
| TEST, | ||
| YAHOO | ||
| } | ||
|
|
||
| Secret getSecret(Key key); | ||
|
|
||
| Secret getSecret(Key key, SecretVersionId version); | ||
|
|
||
| /** Lists the existing versions of this secret */ | ||
| default List<Secret> listSecretVersions(Key key) { | ||
| throw new UnsupportedOperationException("Secret store does not support listing versions"); | ||
| } | ||
|
|
||
| Type type(); | ||
|
|
||
| // Do not use! Only for legacy compatibility | ||
| default Secret getSecret(Key k, int i) { | ||
| return getSecret(k, SecretVersionId.of(String.valueOf(i))); | ||
| } | ||
|
|
||
| } |
6 changes: 6 additions & 0 deletions
6
container-disc/src/main/java/ai/vespa/secret/internal/package-info.java
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,6 @@ | ||
| // Copyright Vespa.ai. Licensed under the terms of the Apache 2.0 license. See LICENSE in the project root. | ||
|
|
||
| @ExportPackage | ||
| package ai.vespa.secret.internal; | ||
|
|
||
| import com.yahoo.osgi.annotation.ExportPackage; |
24 changes: 24 additions & 0 deletions
24
container-disc/src/test/java/ai/vespa/secret/model/KeyTest.java
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,24 @@ | ||
| package ai.vespa.secret.model; | ||
|
|
||
| import org.junit.jupiter.api.Test; | ||
|
|
||
| import static org.junit.jupiter.api.Assertions.assertEquals; | ||
| import static org.junit.jupiter.api.Assertions.assertThrows; | ||
|
|
||
| /** | ||
| * @author gjoranv | ||
| */ | ||
| public class KeyTest { | ||
|
|
||
| @Test | ||
| void string_can_be_converted_to_key() { | ||
| var vault = VaultName.of("vaultName"); | ||
| var secret = SecretName.of("secretName"); | ||
|
|
||
| var expected = new Key(vault, secret); | ||
| assertEquals(expected, Key.fromString("vaultName/secretName")); | ||
|
|
||
| assertThrows(IllegalArgumentException.class, () -> Key.fromString("vaultName")); | ||
| assertThrows(IllegalArgumentException.class, () -> Key.fromString("vaultName/secretName/extra")); | ||
| } | ||
| } |
27 changes: 27 additions & 0 deletions
27
container-disc/src/test/java/ai/vespa/secret/model/SecretNameTest.java
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,27 @@ | ||
| package ai.vespa.secret.model; | ||
|
|
||
| import org.junit.jupiter.api.Test; | ||
|
|
||
| import static org.junit.jupiter.api.Assertions.assertThrows; | ||
|
|
||
| /** | ||
| * @author gjoranv | ||
| */ | ||
| public class SecretNameTest { | ||
|
|
||
| @Test | ||
| void testSecretName() { | ||
| SecretName.of("foo-bar"); | ||
| SecretName.of("-"); | ||
| SecretName.of("0"); | ||
| SecretName.of("0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcde"); | ||
| assertThrows(IllegalArgumentException.class, () -> SecretName.of("")); | ||
|
|
||
| // TODO: enable when all secrets are < 64 characters | ||
| //assertThrows(IllegalArgumentException.class, () -> SecretName.of("0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef")); | ||
|
|
||
| for (char c : "+/$ {}[]()!\"@#?\\'".toCharArray()) | ||
| assertThrows(IllegalArgumentException.class, () -> SecretName.of("foo" + c + "bar")); | ||
| } | ||
|
|
||
| } |
58 changes: 58 additions & 0 deletions
58
container-disc/src/test/java/ai/vespa/secret/model/SecretTest.java
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,58 @@ | ||
| package ai.vespa.secret.model; | ||
|
|
||
| import org.junit.jupiter.api.Test; | ||
|
|
||
| import java.util.List; | ||
|
|
||
| import static ai.vespa.secret.model.SecretVersionState.CURRENT; | ||
| import static ai.vespa.secret.model.SecretVersionState.DEPRECATED; | ||
| import static ai.vespa.secret.model.SecretVersionState.PENDING; | ||
| import static ai.vespa.secret.model.SecretVersionState.PREVIOUS; | ||
| import static org.junit.jupiter.api.Assertions.assertEquals; | ||
|
|
||
| /** | ||
| * @author gjoranv | ||
| */ | ||
| public class SecretTest { | ||
|
|
||
| @Test | ||
| void secrets_are_sorted_on_vault_then_name_then_state() { | ||
|
|
||
| var s11pe = secret("vault1", "name1", PENDING); | ||
| var s11cu = secret("vault1", "name1", CURRENT); | ||
| var s12cu = secret("vault1", "name2", CURRENT); | ||
| var s21pe = secret("vault2", "name1", PENDING); | ||
| var s21cu = secret("vault2", "name1", CURRENT); | ||
| var s21pr = secret("vault2", "name1", PREVIOUS); | ||
| var s21de = secret("vault2", "name1", DEPRECATED); | ||
|
|
||
| var secrets = List.of( s21pe, s11cu, s12cu, s11pe, s21de, s21pr, s21cu ); | ||
|
|
||
| var expected = List.of( s11pe, s11cu, s12cu, s21pe, s21cu, s21pr, s21de ); | ||
|
|
||
| assertEquals(expected, secrets.stream().sorted().toList()); | ||
| } | ||
|
|
||
| // This is relevant for secrets from CKMS, which don't use state, but ascending version numbers. | ||
| @Test | ||
| void secrets_with_same_state_are_sorted_by_version_descending() { | ||
| var v1 = secretWithIntVersion(1); | ||
| var v2 = secretWithIntVersion(2); | ||
| var v3 = secretWithIntVersion(3); | ||
|
|
||
| var secrets = List.of(v3, v1, v2); | ||
| var expected = List.of(v3, v2, v1); | ||
| assertEquals(expected, secrets.stream().sorted().toList()); | ||
| } | ||
|
|
||
| private static Secret secretWithIntVersion(Integer version) { | ||
| return new Secret(new Key(VaultName.of("foo"), SecretName.of("bar")), new byte[0], | ||
| SecretVersionId.of(version.toString())); | ||
| } | ||
|
|
||
| private static Secret secret(String vault, String name, SecretVersionState state) { | ||
| return new Secret(new Key(VaultName.of(vault), SecretName.of(name)), new byte[0], | ||
| SecretVersionId.of("0"), state); | ||
| } | ||
|
|
||
| } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,3 +1,3 @@ | ||
| # Copyright Vespa.ai. Licensed under the terms of the Apache 2.0 license. See LICENSE in the project root. | ||
| install_jar(jdisc-cloud-aws-jar-with-dependencies.jar) | ||
| install_configserver_component(jdisc-cloud-aws) | ||
| install_config_definitions() |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.