make cert retry property settings dyanmic (#1779)

AthenZ · Feb 11, 2022 · cbc0c4e · cbc0c4e
1 parent 3e1bca1
commit cbc0c4e
Showing 1 changed file with 11 additions and 7 deletions.
diff --git a/servers/zts/src/main/java/com/yahoo/athenz/zts/cert/impl/crypki/HttpCertSigner.java b/servers/zts/src/main/java/com/yahoo/athenz/zts/cert/impl/crypki/HttpCertSigner.java
@@ -30,6 +30,8 @@
 import com.yahoo.athenz.common.server.cert.CertSigner;
 import com.yahoo.athenz.common.server.cert.Priority;
 import com.yahoo.athenz.common.server.rest.ResourceException;
+import com.yahoo.athenz.common.server.util.config.dynamic.DynamicConfigBoolean;
+import com.yahoo.athenz.common.server.util.config.dynamic.DynamicConfigInteger;
 import com.yahoo.athenz.instance.provider.InstanceProvider;
 import com.yahoo.athenz.zts.ZTSConsts;
 import com.yahoo.athenz.zts.utils.ZTSUtils;
@@ -54,6 +56,8 @@
 
 import javax.net.ssl.SSLContext;
 
+import static com.yahoo.athenz.common.server.util.config.ConfigManagerSingleton.CONFIG_MANAGER;
+
 /**
  * This is an implementation of the Yahoo's Crypki certificate signer.
  *          https://github.com/theparanoids/crypki
@@ -81,8 +85,8 @@ public class HttpCertSigner implements CertSigner {
     private final SslContextFactory sslContextFactory;
 
     String serverBaseUri;
-    int certsignRequestRetryCount;
-    boolean retryConnFailuresOnly;
+    DynamicConfigInteger certsignRequestRetryCount;
+    DynamicConfigBoolean retryConnFailuresOnly;
     int maxCertExpiryTimeMins;
     String defaultProviderSignerKeyId = X509_KEY_META_IDENTIFIER;
     Map<String, String> providerSignerKeys = new ConcurrentHashMap<>();
@@ -96,8 +100,8 @@ public HttpCertSigner() {
         int connectionTimeoutSec = Integer.parseInt(System.getProperty(ZTSConsts.ZTS_PROP_CERTSIGN_CONNECT_TIMEOUT, "10"));
         int readTimeoutSec = Integer.parseInt(System.getProperty(ZTSConsts.ZTS_PROP_CERTSIGN_REQUEST_TIMEOUT, "25"));
 
-        certsignRequestRetryCount = Integer.parseInt(System.getProperty(ZTSConsts.ZTS_PROP_CERTSIGN_RETRY_COUNT, "2"));
-        retryConnFailuresOnly = Boolean.parseBoolean(System.getProperty(ZTSConsts.ZTS_PROP_CERTSIGN_RETRY_CONN_ONLY, "true"));
+        certsignRequestRetryCount = new DynamicConfigInteger(CONFIG_MANAGER, ZTSConsts.ZTS_PROP_CERTSIGN_RETRY_COUNT, 2);
+        retryConnFailuresOnly = new DynamicConfigBoolean(CONFIG_MANAGER, ZTSConsts.ZTS_PROP_CERTSIGN_RETRY_CONN_ONLY, true);
 
         // max expiry time in minutes.  Max is 30 days
 
@@ -286,16 +290,16 @@ public String generateX509Certificate(String provider, String certIssuer, String
 
         // Retry configured number of times before returning failure
 
-        for (int i = 0; i < certsignRequestRetryCount; i++) {
+        for (int i = 0; i < certsignRequestRetryCount.get(); i++) {
             try {
                 return processHttpResponse(httpPost, 201);
             } catch (ConnectException ex) {
                 LOGGER.error("Unable to process x509 certificate request to url {}, retrying {}/{}, {}",
-                        x509CertUri, i + 1, certsignRequestRetryCount, ex);
+                        x509CertUri, i + 1, certsignRequestRetryCount.get(), ex);
             } catch (IOException ex) {
                 LOGGER.error("Unable to process x509 certificate request to url {}, try: {}",
                         x509CertUri, i + 1, ex);
-                if (retryConnFailuresOnly) {
+                if (retryConnFailuresOnly.get()) {
                     break;
                 }
             }