diff options
author | Bjørn Christian Seime <bjorncs@oath.com> | 2018-03-16 13:23:15 +0100 |
---|---|---|
committer | Bjørn Christian Seime <bjorncs@oath.com> | 2018-03-16 13:23:15 +0100 |
commit | d7b5cfd1e64ddabe37c68c31e714a328b38ae61a (patch) | |
tree | 73fbb4d78e84ea1e941e150dabe5a8f560f38c9d | |
parent | 394dd122dc0e55040bedad399fcc24fa4ca94c31 (diff) |
Identity cert should always be retrieved using AthenzIdentityProvider
3 files changed, 0 insertions, 37 deletions
diff --git a/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/athenz/ZtsClient.java b/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/athenz/ZtsClient.java index 381896c11cf..7c1f8875fb8 100644 --- a/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/athenz/ZtsClient.java +++ b/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/athenz/ZtsClient.java @@ -3,7 +3,6 @@ package com.yahoo.vespa.hosted.controller.api.integration.athenz; import com.yahoo.vespa.athenz.api.AthenzDomain; import com.yahoo.vespa.athenz.api.AthenzIdentity; -import com.yahoo.vespa.athenz.api.AthenzIdentityCertificate; import com.yahoo.vespa.athenz.api.AthenzRoleCertificate; import java.util.List; @@ -15,8 +14,6 @@ public interface ZtsClient { List<AthenzDomain> getTenantDomainsForUser(AthenzIdentity principal); - AthenzIdentityCertificate getIdentityCertificate(); - AthenzRoleCertificate getRoleCertificate(AthenzDomain roleDomain, String roleName); } diff --git a/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/athenz/impl/ZtsClientImpl.java b/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/athenz/impl/ZtsClientImpl.java index 0166c02db2e..841754782b8 100644 --- a/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/athenz/impl/ZtsClientImpl.java +++ b/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/athenz/impl/ZtsClientImpl.java @@ -2,7 +2,6 @@ package com.yahoo.vespa.hosted.controller.athenz.impl; import com.yahoo.athenz.auth.util.Crypto; -import com.yahoo.athenz.zts.InstanceRefreshRequest; import com.yahoo.athenz.zts.RoleCertificateRequest; import com.yahoo.athenz.zts.TenantDomains; import com.yahoo.athenz.zts.ZTSClient; @@ -10,7 +9,6 @@ import com.yahoo.athenz.zts.ZTSClientException; import com.yahoo.log.LogLevel; import com.yahoo.vespa.athenz.api.AthenzDomain; import com.yahoo.vespa.athenz.api.AthenzIdentity; -import com.yahoo.vespa.athenz.api.AthenzIdentityCertificate; import com.yahoo.vespa.athenz.api.AthenzRoleCertificate; import com.yahoo.vespa.athenz.api.AthenzService; import com.yahoo.vespa.hosted.controller.api.integration.athenz.ZtsClient; @@ -62,25 +60,6 @@ public class ZtsClientImpl implements ZtsClient { } @Override - public AthenzIdentityCertificate getIdentityCertificate() { - return getOrThrow(() -> { - log.log(LogLevel.DEBUG, - String.format("postInstanceRefreshRequest(service=%s)", service.getFullName())); - InstanceRefreshRequest req = - ZTSClient.generateInstanceRefreshRequest( - service.getDomain().getName(), - service.getName(), - privateKey, - certificateDnsDomain, - (int) certExpiry.getSeconds()); - X509Certificate certificate = Crypto.loadX509Certificate( - ztsClient.postInstanceRefreshRequest(service.getDomain().getName(), service.getName(), req) - .getCertificate()); - return new AthenzIdentityCertificate(certificate, privateKey); - }); - } - - @Override public AthenzRoleCertificate getRoleCertificate(AthenzDomain roleDomain, String roleName) { return getOrThrow(() -> { log.log(LogLevel.DEBUG, diff --git a/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/athenz/mock/ZtsClientMock.java b/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/athenz/mock/ZtsClientMock.java index 7aea79a93c6..b6026308272 100644 --- a/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/athenz/mock/ZtsClientMock.java +++ b/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/athenz/mock/ZtsClientMock.java @@ -4,7 +4,6 @@ package com.yahoo.vespa.hosted.controller.athenz.mock; import com.yahoo.athenz.auth.util.Crypto; import com.yahoo.vespa.athenz.api.AthenzDomain; import com.yahoo.vespa.athenz.api.AthenzIdentity; -import com.yahoo.vespa.athenz.api.AthenzIdentityCertificate; import com.yahoo.vespa.athenz.api.AthenzRoleCertificate; import com.yahoo.vespa.hosted.controller.api.integration.athenz.ZtsClient; import org.bouncycastle.asn1.x500.X500Name; @@ -44,18 +43,6 @@ public class ZtsClientMock implements ZtsClient { } @Override - public AthenzIdentityCertificate getIdentityCertificate() { - log.log(Level.INFO, "getIdentityCertificate()"); - try { - KeyPair keyPair = createKeyPair(); - String subject = "CN=controller"; - return new AthenzIdentityCertificate(createCertificate(keyPair, subject), keyPair.getPrivate()); - } catch (NoSuchAlgorithmException | OperatorCreationException | IOException e) { - throw new RuntimeException(e); - } - } - - @Override public AthenzRoleCertificate getRoleCertificate(AthenzDomain roleDomain, String roleName) { log.log(Level.INFO, String.format("getRoleCertificate(roleDomain=%s, roleName=%s)", roleDomain.getName(), roleDomain)); |