Merge pull request #25213 from vespa-engine/mortent/certremoval-debuglog

Add debug logging
vespa-engine · Dec 12, 2022 · 4399394 · 4399394
2 parents 7963cdb + 65cbc69
commit 4399394
Show file tree

Hide file tree

Showing 2 changed files with 21 additions and 1 deletion.
diff --git a/...om/yahoo/vespa/model/application/validation/change/CertificateRemovalChangeValidator.java b/...om/yahoo/vespa/model/application/validation/change/CertificateRemovalChangeValidator.java
@@ -1,3 +1,4 @@
+// Copyright Yahoo. Licensed under the terms of the Apache 2.0 license. See LICENSE in the project root.
 package com.yahoo.vespa.model.application.validation.change;
 
 import com.yahoo.config.application.api.ValidationId;
@@ -10,8 +11,19 @@
 import java.time.Instant;
 import java.util.Collection;
 import java.util.List;
+import java.util.logging.Level;
+import java.util.logging.Logger;
+import java.util.stream.Collectors;
 
+/**
+ * Check that data plane certificates are not removed from a cluster.
+ *
+ * @author mortent
+ */
 public class CertificateRemovalChangeValidator implements ChangeValidator {
+
+    private static final Logger logger = Logger.getLogger(CertificateRemovalChangeValidator.class.getName());
+
     @Override
     public List<ConfigChangeAction> validate(VespaModel current, VespaModel next, ValidationOverrides overrides, Instant now) {
 
@@ -25,7 +37,6 @@ public List<ConfigChangeAction> validate(VespaModel current, VespaModel next, Va
     }
 
     void validateClients(String clusterId, List<Client> current, List<Client> next, ValidationOverrides overrides, Instant now) {
-
         List<X509Certificate> currentCertificates = current.stream()
                 .map(Client::certificates)
                 .flatMap(Collection::stream)
@@ -35,6 +46,11 @@ void validateClients(String clusterId, List<Client> current, List<Client> next,
                 .flatMap(Collection::stream)
                 .toList();
 
+        logger.log(Level.FINE, "Certificates for cluster %s: Current: [%s], Next: [%s]"
+                .formatted(clusterId,
+                           currentCertificates.stream().map(cert -> cert.getSubjectX500Principal().getName()).collect(Collectors.joining(", ")),
+                           nextCertificates.stream().map(cert -> cert.getSubjectX500Principal().getName()).collect(Collectors.joining(", "))));
+
         List<X509Certificate> missingCerts = currentCertificates.stream().filter(cert -> !nextCertificates.contains(cert)).toList();
         if (!missingCerts.isEmpty()) {
             overrides.invalid(ValidationId.certificateRemoval,

diff --git a/...ahoo/vespa/model/application/validation/change/CertificateRemovalChangeValidatorTest.java b/...ahoo/vespa/model/application/validation/change/CertificateRemovalChangeValidatorTest.java
@@ -1,3 +1,4 @@
+// Copyright Yahoo. Licensed under the terms of the Apache 2.0 license. See LICENSE in the project root.
 package com.yahoo.vespa.model.application.validation.change;
 
 import com.yahoo.config.application.api.ValidationOverrides;
@@ -15,6 +16,9 @@
 
 import static org.junit.jupiter.api.Assertions.assertThrows;
 
+/**
+ * @author mortent
+ */
 public class CertificateRemovalChangeValidatorTest {
 
     private static final String validationOverrides =