Add port for token connector to nginx config

5 files changed, 18 insertions, 9 deletions

diff --git a/config-model/src/main/java/com/yahoo/vespa/model/container/DataplaneProxy.java b/config-model/src/main/java/com/yahoo/vespa/model/container/DataplaneProxy.java
index fe7d9581e46..13aa65909bd 100644
--- a/config-model/src/main/java/com/yahoo/vespa/model/container/DataplaneProxy.java
+++ b/config-model/src/main/java/com/yahoo/vespa/model/container/DataplaneProxy.java
@@ -7,20 +7,23 @@ import com.yahoo.vespa.model.container.component.SimpleComponent;
 
 public class DataplaneProxy extends SimpleComponent implements DataplaneProxyConfig.Producer {
 
-    private final Integer port;
+    private final int mtlsPort;
+    private final int tokenPort;
     private final String serverCertificate;
     private final String serverKey;
 
-    public DataplaneProxy(Integer port, String serverCertificate, String serverKey) {
+    public DataplaneProxy(int mtlsPort, int tokenPort, String serverCertificate, String serverKey) {
         super(DataplaneProxyConfigurator.class.getName());
-        this.port = port;
+        this.mtlsPort = mtlsPort;
+        this.tokenPort = tokenPort;
         this.serverCertificate = serverCertificate;
         this.serverKey = serverKey;
     }
 
     @Override
     public void getConfig(DataplaneProxyConfig.Builder builder) {
-        builder.port(port);
+        builder.mtlsPort(mtlsPort);
+        builder.tokenPort(tokenPort);
         builder.serverCertificate(serverCertificate);
         builder.serverKey(serverKey);
     }
diff --git a/config-model/src/main/java/com/yahoo/vespa/model/container/xml/ContainerModelBuilder.java b/config-model/src/main/java/com/yahoo/vespa/model/container/xml/ContainerModelBuilder.java
index a4a373a89a0..1036a615bb5 100644
--- a/config-model/src/main/java/com/yahoo/vespa/model/container/xml/ContainerModelBuilder.java
+++ b/config-model/src/main/java/com/yahoo/vespa/model/container/xml/ContainerModelBuilder.java
@@ -647,6 +647,7 @@ public class ContainerModelBuilder extends ConfigModelBuilder<ContainerModel> {
         cluster.addSimpleComponent(DataplaneProxyService.class);
         var dataplaneProxy = new DataplaneProxy(
                 getMtlsDataplanePort(state),
+                tokenPort,
                 endpointCert.certificate(),
                 endpointCert.key());
         cluster.addComponent(dataplaneProxy);
diff --git a/configdefinitions/src/vespa/dataplane-proxy.def b/configdefinitions/src/vespa/dataplane-proxy.def
index 9ce3e4b4b7b..dd1d734a91c 100644
--- a/configdefinitions/src/vespa/dataplane-proxy.def
+++ b/configdefinitions/src/vespa/dataplane-proxy.def
@@ -2,7 +2,8 @@
 namespace=cloud.config
 
 # The port Jdisc will be listening on
-port                int
+tokenPort           int
+mtlsPort            int
 
 # Server certificate and key to be used when creating server socket
 serverCertificate   string
diff --git a/container-disc/src/main/java/com/yahoo/container/jdisc/DataplaneProxyService.java b/container-disc/src/main/java/com/yahoo/container/jdisc/DataplaneProxyService.java
index 47050168b80..74e6954e1e1 100644
--- a/container-disc/src/main/java/com/yahoo/container/jdisc/DataplaneProxyService.java
+++ b/container-disc/src/main/java/com/yahoo/container/jdisc/DataplaneProxyService.java
@@ -103,7 +103,8 @@ public class DataplaneProxyService extends AbstractComponent {
                                                    proxyCredentialsKey,
                                                    serverCertificateFile,
                                                    serverKeyFile,
-                                                   config.port(),
+                                                   config.mtlsPort(),
+                                                   config.tokenPort(),
                                                    root
                                            ));
                 if (configChanged && state == NginxState.RUNNING) {
@@ -191,7 +192,8 @@ public class DataplaneProxyService extends AbstractComponent {
             Path clientKey,
             Path serverCert,
             Path serverKey,
-            int vespaPort,
+            int vespaMtlsPort,
+            int vespaTokenPort,
             Path root) {
 
         try {
@@ -200,7 +202,8 @@ public class DataplaneProxyService extends AbstractComponent {
             nginxTemplate = replace(nginxTemplate, "client_key", clientKey.toString());
             nginxTemplate = replace(nginxTemplate, "server_cert", serverCert.toString());
             nginxTemplate = replace(nginxTemplate, "server_key", serverKey.toString());
-            nginxTemplate = replace(nginxTemplate, "vespa_port", Integer.toString(vespaPort));
+            nginxTemplate = replace(nginxTemplate, "vespa_mtls_port", Integer.toString(vespaMtlsPort));
+            nginxTemplate = replace(nginxTemplate, "vespa_token_port", Integer.toString(vespaTokenPort));
             nginxTemplate = replace(nginxTemplate, "prefix", root.toString());
 
             // TODO: verify that all template vars have been expanded
diff --git a/container-disc/src/test/java/com/yahoo/container/jdisc/DataplaneProxyServiceTest.java b/container-disc/src/test/java/com/yahoo/container/jdisc/DataplaneProxyServiceTest.java
index 351890e2a3a..893a527e631 100644
--- a/container-disc/src/test/java/com/yahoo/container/jdisc/DataplaneProxyServiceTest.java
+++ b/container-disc/src/test/java/com/yahoo/container/jdisc/DataplaneProxyServiceTest.java
@@ -168,7 +168,8 @@ public class DataplaneProxyServiceTest {
     private DataplaneProxyConfig proxyConfig() {
         X509CertificateWithKey selfSigned = X509CertificateUtils.createSelfSigned("cn=test", Duration.ofMinutes(10));
         return new DataplaneProxyConfig.Builder()
-                .port(1234)
+                .mtlsPort(1234)
+                .tokenPort(1235)
                 .serverCertificate(X509CertificateUtils.toPem(selfSigned.certificate()))
                 .serverKey(KeyUtils.toPem(selfSigned.privateKey()))
                 .build();