diff options
author | Morten Tokle <mortent@yahooinc.com> | 2023-02-22 22:56:16 +0100 |
---|---|---|
committer | Morten Tokle <mortent@yahooinc.com> | 2023-02-27 14:23:11 +0100 |
commit | cb0248d4c3c958cff49530e42b8ffe5abab706a0 (patch) | |
tree | 2e7054860ff353c9052b6990863d367c554875f5 | |
parent | 023d8a0851d321c0f33ba6dde16e1b1fa2fe12ce (diff) |
Add support for athenz provider in public systems
4 files changed, 14 insertions, 1 deletions
diff --git a/athenz-identity-provider-service/src/main/java/com/yahoo/vespa/hosted/ca/restapi/CertificateAuthorityApiHandler.java b/athenz-identity-provider-service/src/main/java/com/yahoo/vespa/hosted/ca/restapi/CertificateAuthorityApiHandler.java index 531a815922b..231f22ac56b 100644 --- a/athenz-identity-provider-service/src/main/java/com/yahoo/vespa/hosted/ca/restapi/CertificateAuthorityApiHandler.java +++ b/athenz-identity-provider-service/src/main/java/com/yahoo/vespa/hosted/ca/restapi/CertificateAuthorityApiHandler.java @@ -65,7 +65,7 @@ public class CertificateAuthorityApiHandler extends ThreadedHttpRequestHandler { super(ctx); this.secretStore = secretStore; this.certificates = certificates; - this.caPrivateKeySecretName = athenzProviderServiceConfig.secretName(); + this.caPrivateKeySecretName = athenzProviderServiceConfig.sisSecretName(); this.caCertificateSecretName = athenzProviderServiceConfig.caCertSecretName(); this.instanceValidator = instanceValidator; } diff --git a/athenz-identity-provider-service/src/test/java/com/yahoo/vespa/hosted/ca/restapi/ContainerTester.java b/athenz-identity-provider-service/src/test/java/com/yahoo/vespa/hosted/ca/restapi/ContainerTester.java index 8112f5779e5..d880fd5220b 100644 --- a/athenz-identity-provider-service/src/test/java/com/yahoo/vespa/hosted/ca/restapi/ContainerTester.java +++ b/athenz-identity-provider-service/src/test/java/com/yahoo/vespa/hosted/ca/restapi/ContainerTester.java @@ -64,6 +64,8 @@ public class ContainerTester { " <serviceName>servicename</serviceName>\n" + " <secretName>secretname</secretName>\n" + " <secretVersion>0</secretVersion>\n" + + " <sisSecretName>secretname</sisSecretName>\n" + + " <sisSecretVersion>0</sisSecretVersion>\n" + " <caCertSecretName>vespa.external.ca.cert</caCertSecretName>\n" + " <certDnsSuffix>suffix</certDnsSuffix>\n" + " <ztsUrl>https://localhost:123/</ztsUrl>\n" + diff --git a/configdefinitions/src/vespa/athenz-provider-service.def b/configdefinitions/src/vespa/athenz-provider-service.def index 2131aa88d30..cb6787c4bec 100644 --- a/configdefinitions/src/vespa/athenz-provider-service.def +++ b/configdefinitions/src/vespa/athenz-provider-service.def @@ -13,6 +13,10 @@ secretName string # Secret version secretVersion int +# Tempory resources +sisSecretName string default="" +sisSecretVersion int default=0 + # Secret name of CA certificate caCertSecretName string diff --git a/flags/src/main/java/com/yahoo/vespa/flags/Flags.java b/flags/src/main/java/com/yahoo/vespa/flags/Flags.java index 3989b45b9ac..9b4b04a3d62 100644 --- a/flags/src/main/java/com/yahoo/vespa/flags/Flags.java +++ b/flags/src/main/java/com/yahoo/vespa/flags/Flags.java @@ -345,6 +345,13 @@ public class Flags { "Takes effect on the next tick.", ZONE_ID, NODE_TYPE, HOSTNAME); + public static final UnboundBooleanFlag VESPA_ATHENZ_PROVIDER = defineFeatureFlag( + "vespa-athenz-provider", false, + List.of("mortent"), "2023-02-22", "2023-05-01", + "Enable athenz provider in public systems", + "Takes effect on next config server container start", + ZONE_ID); + /** WARNING: public for testing: All flags should be defined in {@link Flags}. */ public static UnboundBooleanFlag defineFeatureFlag(String flagId, boolean defaultValue, List<String> owners, String createdAt, String expiresAt, String description, |