diff options
author | Morten Tokle <mortent@verizonmedia.com> | 2021-01-12 09:50:57 +0100 |
---|---|---|
committer | Morten Tokle <mortent@verizonmedia.com> | 2021-01-12 09:50:57 +0100 |
commit | 0b0860e49eca445b7977e43575e3c72fe1263d8b (patch) | |
tree | 2c6016aab6afe5dc0a5ea1efbea62c3622db2c69 | |
parent | e13f6a8439416f885efa45b7fe5467655ded72dd (diff) |
Reduce role cert ttl, log expiry
-rw-r--r-- | vespa-athenz/src/main/java/com/yahoo/vespa/athenz/identityprovider/client/AthenzIdentityProviderImpl.java | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/vespa-athenz/src/main/java/com/yahoo/vespa/athenz/identityprovider/client/AthenzIdentityProviderImpl.java b/vespa-athenz/src/main/java/com/yahoo/vespa/athenz/identityprovider/client/AthenzIdentityProviderImpl.java index ef38ca8c6ad..7b13332052f 100644 --- a/vespa-athenz/src/main/java/com/yahoo/vespa/athenz/identityprovider/client/AthenzIdentityProviderImpl.java +++ b/vespa-athenz/src/main/java/com/yahoo/vespa/athenz/identityprovider/client/AthenzIdentityProviderImpl.java @@ -67,7 +67,7 @@ public final class AthenzIdentityProviderImpl extends AbstractComponent implemen // TODO These should match the requested expiration static final Duration UPDATE_PERIOD = Duration.ofDays(1); static final Duration AWAIT_TERMINTATION_TIMEOUT = Duration.ofSeconds(90); - private final static Duration ROLE_SSL_CONTEXT_EXPIRY = Duration.ofHours(24); + private final static Duration ROLE_SSL_CONTEXT_EXPIRY = Duration.ofHours(2); private final static Duration ROLE_TOKEN_EXPIRY = Duration.ofMinutes(30); // TODO Make path to trust store paths config @@ -280,6 +280,7 @@ public final class AthenzIdentityProviderImpl extends AbstractComponent implemen try (ZtsClient client = createZtsClient()) { X509Certificate roleCertificate = client.getRoleCertificate(role, csr); updateRoleKeyManager(role, roleCertificate); + log.info(String.format("Requester role certificate for role %s, expires: %s", role.toResourceNameString(), roleCertificate.getNotAfter().toInstant().toString())); return roleCertificate; } } |