Example 1 with TransportEncryptionSpec
use of com.mesosphere.sdk.specification.TransportEncryptionSpec in project dcos-commons by mesosphere.
the class TLSEvaluationStage method evaluate.
@Override
public EvaluationOutcome evaluate(MesosResourcePool mesosResourcePool, PodInfoBuilder podInfoBuilder) {
TaskSpec taskSpec = podInfoBuilder.getPodInstance().getPod().getTasks().stream().filter(task -> task.getName().equals(taskName)).findFirst().get();
if (taskSpec.getTransportEncryption().isEmpty()) {
return EvaluationOutcome.pass(this, "No TLS specs found for task").build();
}
CertificateNamesGenerator certificateNamesGenerator = new CertificateNamesGenerator(serviceName, taskSpec, podInfoBuilder.getPodInstance(), schedulerConfig);
TLSArtifactPaths tlsArtifactPaths = new TLSArtifactPaths(namespace, TaskSpec.getInstanceName(podInfoBuilder.getPodInstance(), taskName), certificateNamesGenerator.getSANsHash());
for (TransportEncryptionSpec transportEncryptionSpec : taskSpec.getTransportEncryption()) {
try {
tlsArtifactsUpdater.update(tlsArtifactPaths, certificateNamesGenerator, transportEncryptionSpec.getName());
} catch (Exception e) {
logger.error(String.format("Failed to process certificates for %s", taskName), e);
return EvaluationOutcome.fail(this, "Failed to store TLS artifacts for task %s because of exception: %s", taskName, e).build();
}
// Share keys to the task container
podInfoBuilder.getTaskBuilder(taskName).getContainerBuilder().addAllVolumes(getExecutorInfoSecretVolumes(transportEncryptionSpec, tlsArtifactPaths));
}
return EvaluationOutcome.pass(this, "TLS certificate created and added to the task").build();
}
Also used :
TransportEncryptionSpec(com.mesosphere.sdk.specification.TransportEncryptionSpec)
TaskSpec(com.mesosphere.sdk.specification.TaskSpec)
IOException(java.io.IOException)
Aggregations
TaskSpec (com.mesosphere.sdk.specification.TaskSpec)1
TransportEncryptionSpec (com.mesosphere.sdk.specification.TransportEncryptionSpec)1
IOException (java.io.IOException)1
