Generate proper zone dns suffix

2 files changed, 17 insertions, 6 deletions

diff --git a/athenz-identity-provider-service/src/main/java/com/yahoo/vespa/hosted/athenz/instanceproviderservice/impl/IdentityDocumentGenerator.java b/athenz-identity-provider-service/src/main/java/com/yahoo/vespa/hosted/athenz/instanceproviderservice/impl/IdentityDocumentGenerator.java
index efb2179ff6b..0e8ca0017f4 100644
--- a/athenz-identity-provider-service/src/main/java/com/yahoo/vespa/hosted/athenz/instanceproviderservice/impl/IdentityDocumentGenerator.java
+++ b/athenz-identity-provider-service/src/main/java/com/yahoo/vespa/hosted/athenz/instanceproviderservice/impl/IdentityDocumentGenerator.java
@@ -59,7 +59,7 @@ public class IdentityDocumentGenerator {
                     signature,
                     SignedIdentityDocument.DEFAULT_KEY_VERSION,
                     identityDocument.providerUniqueId.asString(),
-                    dnsSuffix,
+                    toZoneDnsSuffix(zone, dnsSuffix),
                     providerDomain + "." + providerService,
                     ztsUrl,
                     SignedIdentityDocument.DEFAILT_DOCUMENT_VERSION
@@ -87,5 +87,9 @@ public class IdentityDocumentGenerator {
                 node.hostname(),
                 Instant.now());
     }
+
+    private static String toZoneDnsSuffix(Zone zone, String dnsSuffix) {
+        return zone.environment().value() + "-" + zone.region().value() + "." + dnsSuffix;
+    }
 }
 
diff --git a/athenz-identity-provider-service/src/test/java/com/yahoo/vespa/hosted/athenz/instanceproviderservice/AthenzInstanceProviderServiceTest.java b/athenz-identity-provider-service/src/test/java/com/yahoo/vespa/hosted/athenz/instanceproviderservice/AthenzInstanceProviderServiceTest.java
index c32f8e18c00..c49122a07b8 100644
--- a/athenz-identity-provider-service/src/test/java/com/yahoo/vespa/hosted/athenz/instanceproviderservice/AthenzInstanceProviderServiceTest.java
+++ b/athenz-identity-provider-service/src/test/java/com/yahoo/vespa/hosted/athenz/instanceproviderservice/AthenzInstanceProviderServiceTest.java
@@ -103,7 +103,7 @@ public class AthenzInstanceProviderServiceTest {
         String service = "service";
         AutoGeneratedKeyProvider keyProvider = new AutoGeneratedKeyProvider();
         PrivateKey privateKey = keyProvider.getPrivateKey(0);
-        AthenzProviderServiceConfig config = getAthenzProviderConfig(domain, service);
+        AthenzProviderServiceConfig config = getAthenzProviderConfig(domain, service, "vespa.dns.suffix");
         ScheduledExecutorServiceMock executor = new ScheduledExecutorServiceMock();
 
         AthenzInstanceProviderService athenzInstanceProviderService =
@@ -152,8 +152,9 @@ public class AthenzInstanceProviderServiceTest {
         when(nodeRepository.getNode(eq(hostname))).thenReturn(Optional.of(n));
         AutoGeneratedKeyProvider keyProvider = new AutoGeneratedKeyProvider();
 
+        String dnsSuffix = "vespa.dns.suffix";
         IdentityDocumentGenerator identityDocumentGenerator = new IdentityDocumentGenerator(
-                getAthenzProviderConfig("domain", "service"),
+                getAthenzProviderConfig("domain", "service", dnsSuffix),
                 nodeRepository,
                 ZONE,
                 keyProvider);
@@ -165,8 +166,14 @@ public class AthenzInstanceProviderServiceTest {
 
         // Verify attributes
         assertEquals(hostname, signedIdentityDocument.identityDocument.instanceHostname);
+
+        String environment = "dev";
+        String region = "us-north-1";
+        String expectedZoneDnsSuffix = environment + "-" + region + "." + dnsSuffix;
+        assertEquals(expectedZoneDnsSuffix, signedIdentityDocument.dnsSuffix);
+
         ProviderUniqueId expectedProviderUniqueId =
-                new ProviderUniqueId("tenant", "application", "dev", "us-north-1", "default", "default", 0);
+                new ProviderUniqueId("tenant", "application", environment, region, "default", "default", 0);
         assertEquals(expectedProviderUniqueId, signedIdentityDocument.identityDocument.providerUniqueId);
 
         // Validate signature
@@ -175,14 +182,14 @@ public class AthenzInstanceProviderServiceTest {
                                                                  signedIdentityDocument.signature));
     }
 
-    private static AthenzProviderServiceConfig getAthenzProviderConfig(String domain, String service) {
+    private static AthenzProviderServiceConfig getAthenzProviderConfig(String domain, String service, String dnsSuffix) {
         return new AthenzProviderServiceConfig(
                         new AthenzProviderServiceConfig.Builder()
                                 .domain(domain)
                                 .serviceName(service)
                                 .port(PORT)
                                 .keyPathPrefix("dummy-path")
-                                .certDnsSuffix("dnsSuffix")
+                                .certDnsSuffix(dnsSuffix)
                                 .ztsUrl("localhost/zts")
                                 .athenzPrincipalHeaderName("Athenz-Principal-Auth")
                                 .apiPath(""));