diff options
| author | Valerij Fredriksen <valerijf@yahooinc.com> | 2021-10-15 14:44:29 +0200 |
|---|---|---|
| committer | Valerij Fredriksen <valerijf@yahooinc.com> | 2021-10-15 14:44:29 +0200 |
| commit | dda42abfdf6dc0538fff025c8e2712b44f528ec0 (patch) | |
| tree | 43f083934a2644a31fa8fe4287970560a8e5fd1d | |
| parent | 95ee45325f25117fcda801ce0066cf66d6167a5a (diff) | |
Set correct owner
| -rw-r--r-- | node-admin/src/main/java/com/yahoo/vespa/hosted/node/admin/maintenance/identity/AthenzCredentialsMaintainer.java | 19 |
1 files changed, 10 insertions, 9 deletions
diff --git a/node-admin/src/main/java/com/yahoo/vespa/hosted/node/admin/maintenance/identity/AthenzCredentialsMaintainer.java b/node-admin/src/main/java/com/yahoo/vespa/hosted/node/admin/maintenance/identity/AthenzCredentialsMaintainer.java index c5cb6020e1c..280e58c91f1 100644 --- a/node-admin/src/main/java/com/yahoo/vespa/hosted/node/admin/maintenance/identity/AthenzCredentialsMaintainer.java +++ b/node-admin/src/main/java/com/yahoo/vespa/hosted/node/admin/maintenance/identity/AthenzCredentialsMaintainer.java @@ -206,8 +206,8 @@ public class AthenzCredentialsMaintainer implements CredentialsMaintainer { EntityBindingsMapper.toAttestationData(signedIdentityDocument), csr); EntityBindingsMapper.writeSignedIdentityDocumentToFile(identityDocumentFile, signedIdentityDocument); - writePrivateKeyAndCertificate(privateKeyFile, keyPair.getPrivate(), - certificateFile, instanceIdentity.certificate()); + writePrivateKeyAndCertificate(context.userNamespace().vespaUserId(), + privateKeyFile, keyPair.getPrivate(), certificateFile, instanceIdentity.certificate()); context.log(logger, "Instance successfully registered and credentials written to file"); } } @@ -234,8 +234,8 @@ public class AthenzCredentialsMaintainer implements CredentialsMaintainer { context.identity(), identityDocument.providerUniqueId().asDottedString(), csr); - writePrivateKeyAndCertificate(privateKeyFile, keyPair.getPrivate(), - certificateFile, instanceIdentity.certificate()); + writePrivateKeyAndCertificate(context.userNamespace().vespaUserId(), + privateKeyFile, keyPair.getPrivate(), certificateFile, instanceIdentity.certificate()); context.log(logger, "Instance successfully refreshed and credentials written to file"); } catch (ZtsClientException e) { if (e.getErrorCode() == 403 && e.getDescription().startsWith("Certificate revoked")) { @@ -251,18 +251,19 @@ public class AthenzCredentialsMaintainer implements CredentialsMaintainer { } - private static void writePrivateKeyAndCertificate(ContainerPath privateKeyFile, + private static void writePrivateKeyAndCertificate(int vespaUid, + ContainerPath privateKeyFile, PrivateKey privateKey, ContainerPath certificateFile, X509Certificate certificate) { - writeFile(privateKeyFile, KeyUtils.toPem(privateKey)); - writeFile(certificateFile, X509CertificateUtils.toPem(certificate)); + writeFile(privateKeyFile, vespaUid, KeyUtils.toPem(privateKey)); + writeFile(certificateFile, vespaUid, X509CertificateUtils.toPem(certificate)); } - private static void writeFile(ContainerPath path, String utf8Content) { + private static void writeFile(ContainerPath path, int vespaUid, String utf8Content) { new UnixPath(path.resolveSibling(path.getFileName() + ".tmp")) .writeUtf8File(utf8Content, "r--------") - .setOwner("vespa") + .setOwnerId(vespaUid) .atomicMove(path); } |