Add athenzDnsSuffix and ztsUrl to identity config

author: Bjørn Christian Seime <bjorncs@oath.com> 2018-05-15 16:54:48 +0200
committer: Bjørn Christian Seime <bjorncs@oath.com> 2018-05-15 16:54:48 +0200
commit: b5d7bb62636c37511dcf215e4601c846d344d2cc (patch)
tree: a5879ce39357f56f22ed0867e01e272f007a067b
parent: 43adb3b962bef9e0d9812daf72737f737ce43061 (diff)
14 files changed, 113 insertions, 6 deletions
diff --git a/config-model-api/src/main/java/com/yahoo/config/model/api/ModelContext.java b/config-model-api/src/main/java/com/yahoo/config/model/api/ModelContext.java
index d4c961068f1..ebc9aa247d8 100644
--- a/config-model-api/src/main/java/com/yahoo/config/model/api/ModelContext.java
+++ b/config-model-api/src/main/java/com/yahoo/config/model/api/ModelContext.java
@@ -11,6 +11,7 @@ import com.yahoo.config.provision.Rotation;
 import com.yahoo.config.provision.Zone;
 
 import java.io.File;
+import java.net.URI;
 import java.util.List;
 import java.util.Optional;
 import java.util.Set;
@@ -43,6 +44,8 @@ public interface ModelContext {
         ApplicationId applicationId();
         List<ConfigServerSpec> configServerSpecs();
         HostName loadBalancerName();
+        URI ztsUrl();
+        String athenzDnsSuffix();
         boolean hostedVespa();
         Zone zone();
         Set<Rotation> rotations();
diff --git a/config-model/src/main/java/com/yahoo/config/model/deploy/DeployProperties.java b/config-model/src/main/java/com/yahoo/config/model/deploy/DeployProperties.java
index 95eca49e5e9..d3e91f8866c 100644
--- a/config-model/src/main/java/com/yahoo/config/model/deploy/DeployProperties.java
+++ b/config-model/src/main/java/com/yahoo/config/model/deploy/DeployProperties.java
@@ -6,6 +6,7 @@ import com.yahoo.config.provision.ApplicationId;
 import com.yahoo.config.provision.HostName;
 import com.yahoo.config.provision.Version;
 
+import java.net.URI;
 import java.util.ArrayList;
 import java.util.List;
 
@@ -20,6 +21,8 @@ public class DeployProperties {
     private final ApplicationId applicationId;
     private final List<ConfigServerSpec> serverSpecs = new ArrayList<>();
     private final HostName loadBalancerName;
+    private final URI ztsUrl;
+    private final String athenzDnsSuffix;
     private final boolean hostedVespa;
     private final Version vespaVersion;
 
@@ -28,8 +31,12 @@ public class DeployProperties {
                              List<ConfigServerSpec> configServerSpecs,
                              HostName loadBalancerName,
                              boolean hostedVespa,
+                             URI ztsUrl,
+                             String athenzDnsSuffix,
                              Version vespaVersion) {
         this.loadBalancerName = loadBalancerName;
+        this.ztsUrl = ztsUrl;
+        this.athenzDnsSuffix = athenzDnsSuffix;
         this.vespaVersion = vespaVersion;
         this.multitenant = multitenant || hostedVespa || Boolean.getBoolean("multitenant");
         this.applicationId = applicationId;
@@ -54,6 +61,14 @@ public class DeployProperties {
         return loadBalancerName;
     }
 
+    public URI ztsUrl() {
+        return ztsUrl;
+    }
+
+    public String athenzDnsSuffix() {
+        return athenzDnsSuffix;
+    }
+
     public boolean hostedVespa() {
         return hostedVespa;
     }
@@ -69,6 +84,8 @@ public class DeployProperties {
         private boolean multitenant = false;
         private List<ConfigServerSpec> configServerSpecs = new ArrayList<>();
         private HostName loadBalancerName;
+        private URI ztsUrl;
+        private String athenzDnsSuffix;
         private boolean hostedVespa = false;
         private Version vespaVersion = Version.fromIntValues(1, 0, 0);
 
@@ -92,6 +109,16 @@ public class DeployProperties {
             return this;
         }
 
+        public Builder athenzDnsSuffix(String athenzDnsSuffix) {
+            this.athenzDnsSuffix = athenzDnsSuffix;
+            return this;
+        }
+
+        public Builder ztsUrl(URI ztsUrl) {
+            this.ztsUrl = ztsUrl;
+            return this;
+        }
+
         public Builder vespaVersion(Version version) {
             this.vespaVersion = version;
             return this;
@@ -103,7 +130,7 @@ public class DeployProperties {
         }
 
         public DeployProperties build() {
-            return new DeployProperties(multitenant, applicationId, configServerSpecs, loadBalancerName, hostedVespa, vespaVersion);
+            return new DeployProperties(multitenant, applicationId, configServerSpecs, loadBalancerName, hostedVespa, ztsUrl, athenzDnsSuffix, vespaVersion);
         }
     }
 
diff --git a/config-model/src/main/java/com/yahoo/vespa/model/VespaModelFactory.java b/config-model/src/main/java/com/yahoo/vespa/model/VespaModelFactory.java
index 71e4e06f716..a6d24f33b5d 100644
--- a/config-model/src/main/java/com/yahoo/vespa/model/VespaModelFactory.java
+++ b/config-model/src/main/java/com/yahoo/vespa/model/VespaModelFactory.java
@@ -148,6 +148,8 @@ public class VespaModelFactory implements ModelFactory {
                 .applicationId(properties.applicationId())
                 .configServerSpecs(properties.configServerSpecs())
                 .loadBalancerName(properties.loadBalancerName())
+                .ztsUrl(properties.ztsUrl())
+                .athenzDnsSuffix(properties.athenzDnsSuffix())
                 .multitenant(properties.multitenant())
                 .hostedVespa(properties.hostedVespa())
                 .vespaVersion(getVersion())
diff --git a/config-model/src/main/java/com/yahoo/vespa/model/container/IdentityProvider.java b/config-model/src/main/java/com/yahoo/vespa/model/container/IdentityProvider.java
index 21636bcf27e..fbfff408cb7 100644
--- a/config-model/src/main/java/com/yahoo/vespa/model/container/IdentityProvider.java
+++ b/config-model/src/main/java/com/yahoo/vespa/model/container/IdentityProvider.java
@@ -9,6 +9,8 @@ import com.yahoo.container.core.identity.IdentityConfig;
 import com.yahoo.osgi.provider.model.ComponentModel;
 import com.yahoo.vespa.model.container.component.SimpleComponent;
 
+import java.net.URI;
+
 /**
  * @author mortent
  */
@@ -19,12 +21,16 @@ public class IdentityProvider extends SimpleComponent implements IdentityConfig.
     private final AthenzDomain domain;
     private final AthenzService service;
     private final HostName loadBalancerName;
+    private final URI ztsUrl;
+    private final String athenzDnsSuffix;
 
-    public IdentityProvider(AthenzDomain domain, AthenzService service, HostName loadBalancerName) {
+    public IdentityProvider(AthenzDomain domain, AthenzService service, HostName loadBalancerName, URI ztsUrl, String athenzDnsSuffix) {
         super(new ComponentModel(BundleInstantiationSpecification.getFromStrings(CLASS, CLASS, BUNDLE)));
         this.domain = domain;
         this.service = service;
         this.loadBalancerName = loadBalancerName;
+        this.ztsUrl = ztsUrl;
+        this.athenzDnsSuffix = athenzDnsSuffix;
     }
 
     @Override
@@ -34,5 +40,7 @@ public class IdentityProvider extends SimpleComponent implements IdentityConfig.
         // Current interpretation of loadbalancer address is: hostname.
         // Config should be renamed or send the uri
         builder.loadBalancerAddress(loadBalancerName.value());
+        builder.ztsUrl(ztsUrl != null ? ztsUrl.toString() : "");
+        builder.athenzDnsSuffix(athenzDnsSuffix != null ? athenzDnsSuffix : "");
     }
 }
diff --git a/config-model/src/main/java/com/yahoo/vespa/model/container/xml/ContainerModelBuilder.java b/config-model/src/main/java/com/yahoo/vespa/model/container/xml/ContainerModelBuilder.java
index 372b3b146a1..46d968554d8 100644
--- a/config-model/src/main/java/com/yahoo/vespa/model/container/xml/ContainerModelBuilder.java
+++ b/config-model/src/main/java/com/yahoo/vespa/model/container/xml/ContainerModelBuilder.java
@@ -64,6 +64,7 @@ import com.yahoo.vespa.model.content.StorageGroup;
 import org.w3c.dom.Element;
 import org.w3c.dom.Node;
 
+import java.net.URI;
 import java.util.ArrayList;
 import java.util.Collections;
 import java.util.List;
@@ -195,9 +196,10 @@ public class ContainerModelBuilder extends ConfigModelBuilder<ContainerModel> {
                     addIdentityProvider(cluster,
                                         context.getDeployState().getProperties().configServerSpecs(),
                                         context.getDeployState().getProperties().loadBalancerName(),
+                                        context.getDeployState().getProperties().ztsUrl(),
+                                        context.getDeployState().getProperties().athenzDnsSuffix(),
                                         context.getDeployState().zone(),
                                         deploymentSpec);
-
                     addRotationProperties(cluster, context.getDeployState().zone(), context.getDeployState().getRotations(), deploymentSpec);
                 });
     }
@@ -747,11 +749,17 @@ public class ContainerModelBuilder extends ConfigModelBuilder<ContainerModel> {
         }
     }
 
-    private void addIdentityProvider(ContainerCluster cluster, List<ConfigServerSpec> configServerSpecs, HostName loadBalancerName, Zone zone, DeploymentSpec spec) {
+    private void addIdentityProvider(ContainerCluster cluster,
+                                     List<ConfigServerSpec> configServerSpecs,
+                                     HostName loadBalancerName,
+                                     URI ztsUrl,
+                                     String athenzDnsSuffix,
+                                     Zone zone,
+                                     DeploymentSpec spec) {
         spec.athenzDomain().ifPresent(domain -> {
             AthenzService service = spec.athenzService(zone.environment(), zone.region())
                     .orElseThrow(() -> new RuntimeException("Missing Athenz service configuration"));
-            IdentityProvider identityProvider = new IdentityProvider(domain, service, getLoadBalancerName(loadBalancerName, configServerSpecs));
+            IdentityProvider identityProvider = new IdentityProvider(domain, service, getLoadBalancerName(loadBalancerName, configServerSpecs), ztsUrl, athenzDnsSuffix);
             cluster.addComponent(identityProvider);
 
             cluster.getContainers().forEach(container -> {
diff --git a/config-model/src/test/java/com/yahoo/config/model/MockModelContext.java b/config-model/src/test/java/com/yahoo/config/model/MockModelContext.java
index 58f83d1e4e6..c3fffa96076 100644
--- a/config-model/src/test/java/com/yahoo/config/model/MockModelContext.java
+++ b/config-model/src/test/java/com/yahoo/config/model/MockModelContext.java
@@ -19,6 +19,7 @@ import com.yahoo.config.provision.HostName;
 import com.yahoo.config.provision.Rotation;
 import com.yahoo.config.provision.Zone;
 
+import java.net.URI;
 import java.util.Collections;
 import java.util.HashSet;
 import java.util.List;
@@ -105,6 +106,16 @@ public class MockModelContext implements ModelContext {
             }
 
             @Override
+            public URI ztsUrl() {
+                return null;
+            }
+
+            @Override
+            public String athenzDnsSuffix() {
+                return null;
+            }
+
+            @Override
             public boolean hostedVespa() {return false; }
 
             @Override
diff --git a/config-model/src/test/java/com/yahoo/vespa/model/VespaModelFactoryTest.java b/config-model/src/test/java/com/yahoo/vespa/model/VespaModelFactoryTest.java
index cabe9c0969b..4d221af45a0 100644
--- a/config-model/src/test/java/com/yahoo/vespa/model/VespaModelFactoryTest.java
+++ b/config-model/src/test/java/com/yahoo/vespa/model/VespaModelFactoryTest.java
@@ -28,6 +28,7 @@ import com.yahoo.config.provision.Zone;
 import org.junit.Before;
 import org.junit.Test;
 
+import java.net.URI;
 import java.util.ArrayList;
 import java.util.Collections;
 import java.util.HashSet;
@@ -198,6 +199,16 @@ public class VespaModelFactoryTest {
                     public HostName loadBalancerName() {
                         return null;
                     }
+
+                    @Override
+                    public URI ztsUrl() {
+                        return null;
+                    }
+
+                    @Override
+                    public String athenzDnsSuffix() {
+                        return null;
+                    }
                 };
             }
         };
diff --git a/config-model/src/test/java/com/yahoo/vespa/model/container/configserver/TestOptions.java b/config-model/src/test/java/com/yahoo/vespa/model/container/configserver/TestOptions.java
index 8db253240cf..3c2f71fa2e1 100644
--- a/config-model/src/test/java/com/yahoo/vespa/model/container/configserver/TestOptions.java
+++ b/config-model/src/test/java/com/yahoo/vespa/model/container/configserver/TestOptions.java
@@ -111,6 +111,16 @@ public class TestOptions implements CloudConfigOptions {
     @Override
     public Optional<String> loadBalancerAddress() { return Optional.empty(); }
 
+    @Override
+    public Optional<String> athenzDnsSuffix() {
+        return Optional.empty();
+    }
+
+    @Override
+    public Optional<String> ztsUrl() {
+        return Optional.empty();
+    }
+
     public TestOptions numParallelTenantLoaders(int numLoaders) {
         this.numParallelTenantLoaders = Optional.of(numLoaders);
         return this;
diff --git a/configserver/src/main/java/com/yahoo/vespa/config/server/deploy/ModelContextImpl.java b/configserver/src/main/java/com/yahoo/vespa/config/server/deploy/ModelContextImpl.java
index 1aaddfce6fc..cec879c6e14 100644
--- a/configserver/src/main/java/com/yahoo/vespa/config/server/deploy/ModelContextImpl.java
+++ b/configserver/src/main/java/com/yahoo/vespa/config/server/deploy/ModelContextImpl.java
@@ -16,6 +16,7 @@ import com.yahoo.config.provision.Rotation;
 import com.yahoo.config.provision.Zone;
 
 import java.io.File;
+import java.net.URI;
 import java.util.List;
 import java.util.Optional;
 import java.util.Set;
@@ -117,6 +118,8 @@ public class ModelContextImpl implements ModelContext {
         private final boolean multitenant;
         private final List<ConfigServerSpec> configServerSpecs;
         private final HostName loadBalancerName;
+        private final URI ztsUrl;
+        private final String athenzDnsSuffix;
         private final boolean hostedVespa;
         private final Zone zone;
         private final Set<Rotation> rotations;
@@ -125,6 +128,8 @@ public class ModelContextImpl implements ModelContext {
                           boolean multitenant,
                           List<ConfigServerSpec> configServerSpecs,
                           HostName loadBalancerName,
+                          URI ztsUrl,
+                          String athenzDnsSuffix,
                           boolean hostedVespa,
                           Zone zone,
                           Set<Rotation> rotations) {
@@ -132,6 +137,8 @@ public class ModelContextImpl implements ModelContext {
             this.multitenant = multitenant;
             this.configServerSpecs = configServerSpecs;
             this.loadBalancerName = loadBalancerName;
+            this.ztsUrl = ztsUrl;
+            this.athenzDnsSuffix = athenzDnsSuffix;
             this.hostedVespa = hostedVespa;
             this.zone = zone;
             this.rotations = rotations;
@@ -150,6 +157,16 @@ public class ModelContextImpl implements ModelContext {
         public HostName loadBalancerName() { return loadBalancerName; }
 
         @Override
+        public URI ztsUrl() {
+            return ztsUrl;
+        }
+
+        @Override
+        public String athenzDnsSuffix() {
+            return athenzDnsSuffix;
+        }
+
+        @Override
         public boolean hostedVespa() { return hostedVespa; }
 
         @Override
diff --git a/configserver/src/main/java/com/yahoo/vespa/config/server/modelfactory/ModelsBuilder.java b/configserver/src/main/java/com/yahoo/vespa/config/server/modelfactory/ModelsBuilder.java
index 04e0c9a2902..3010f1383da 100644
--- a/configserver/src/main/java/com/yahoo/vespa/config/server/modelfactory/ModelsBuilder.java
+++ b/configserver/src/main/java/com/yahoo/vespa/config/server/modelfactory/ModelsBuilder.java
@@ -23,6 +23,7 @@ import com.yahoo.vespa.config.server.http.InternalServerException;
 import com.yahoo.vespa.config.server.http.UnknownVespaVersionException;
 import com.yahoo.vespa.config.server.provision.StaticProvisioner;
 
+import java.net.URI;
 import java.time.Instant;
 import java.util.ArrayList;
 import java.util.Collections;
@@ -205,6 +206,8 @@ public abstract class ModelsBuilder<MODELRESULT extends ModelResult> {
                                                configserverConfig.multitenant(),
                                                ConfigServerSpec.fromConfig(configserverConfig),
                                                HostName.from(configserverConfig.loadBalancerAddress()),
+                                               configserverConfig.ztsUrl() != null ? URI.create(configserverConfig.ztsUrl()) : null,
+                                               configserverConfig.athenzDnsSuffix(),
                                                configserverConfig.hostedVespa(),
                                                zone,
                                                rotations);
diff --git a/configserver/src/main/java/com/yahoo/vespa/config/server/session/SessionPreparer.java b/configserver/src/main/java/com/yahoo/vespa/config/server/session/SessionPreparer.java
index bfed526a130..32e87007ba8 100644
--- a/configserver/src/main/java/com/yahoo/vespa/config/server/session/SessionPreparer.java
+++ b/configserver/src/main/java/com/yahoo/vespa/config/server/session/SessionPreparer.java
@@ -36,6 +36,7 @@ import org.xml.sax.SAXException;
 import javax.xml.parsers.ParserConfigurationException;
 import javax.xml.transform.TransformerException;
 import java.io.IOException;
+import java.net.URI;
 import java.time.Instant;
 import java.util.List;
 import java.util.Map;
@@ -152,6 +153,8 @@ public class SessionPreparer {
                                                               configserverConfig.multitenant(),
                                                               ConfigServerSpec.fromConfig(configserverConfig),
                                                               HostName.from(configserverConfig.loadBalancerAddress()),
+                                                              configserverConfig.ztsUrl() != null ? URI.create(configserverConfig.ztsUrl()) : null,
+                                                              configserverConfig.athenzDnsSuffix(),
                                                               configserverConfig.hostedVespa(),
                                                               zone,
                                                               rotationsSet);
diff --git a/configserver/src/test/java/com/yahoo/vespa/config/server/ModelContextImplTest.java b/configserver/src/test/java/com/yahoo/vespa/config/server/ModelContextImplTest.java
index aed0a6a9750..5d9a5f0fadc 100644
--- a/configserver/src/test/java/com/yahoo/vespa/config/server/ModelContextImplTest.java
+++ b/configserver/src/test/java/com/yahoo/vespa/config/server/ModelContextImplTest.java
@@ -46,6 +46,8 @@ public class ModelContextImplTest {
                         true,
                         Collections.emptyList(),
                         null,
+                        null,
+                        null,
                         false,
                         Zone.defaultZone(),
                         rotations),
diff --git a/container-core/src/main/resources/configdefinitions/identity.def b/container-core/src/main/resources/configdefinitions/identity.def
index 4200f2285f5..6c722868e61 100644
--- a/container-core/src/main/resources/configdefinitions/identity.def
+++ b/container-core/src/main/resources/configdefinitions/identity.def
@@ -4,3 +4,5 @@ namespace=container.core.identity
 domain string
 service string
 loadBalancerAddress string
+athenzDnsSuffix string
+ztsUrl string
diff --git a/vespa-athenz/src/test/java/com/yahoo/vespa/athenz/identityprovider/client/AthenzIdentityProviderImplTest.java b/vespa-athenz/src/test/java/com/yahoo/vespa/athenz/identityprovider/client/AthenzIdentityProviderImplTest.java
index f2988956233..98f0aa9b7ef 100644
--- a/vespa-athenz/src/test/java/com/yahoo/vespa/athenz/identityprovider/client/AthenzIdentityProviderImplTest.java
+++ b/vespa-athenz/src/test/java/com/yahoo/vespa/athenz/identityprovider/client/AthenzIdentityProviderImplTest.java
@@ -44,7 +44,7 @@ public class AthenzIdentityProviderImplTest {
 
     private static final IdentityConfig IDENTITY_CONFIG =
             new IdentityConfig(new IdentityConfig.Builder()
-                                       .service("tenantService").domain("tenantDomain").loadBalancerAddress("cfg"));
+                                       .service("tenantService").domain("tenantDomain").loadBalancerAddress("cfg").ztsUrl("https:localhost:4443/zts/v1").athenzDnsSuffix("vespa.cloud"));
 
     @Test(expected = AthenzIdentityProviderException.class)
     public void component_creation_fails_when_credentials_not_found() {
author	Bjørn Christian Seime <bjorncs@oath.com>	2018-05-15 16:54:48 +0200
committer	Bjørn Christian Seime <bjorncs@oath.com>	2018-05-15 16:54:48 +0200
commit	b5d7bb62636c37511dcf215e4601c846d344d2cc (patch)
tree	a5879ce39357f56f22ed0867e01e272f007a067b
parent	43adb3b962bef9e0d9812daf72737f737ce43061 (diff)