Add support for athenz provider in public systems

4 files changed, 14 insertions, 1 deletions

diff --git a/athenz-identity-provider-service/src/main/java/com/yahoo/vespa/hosted/ca/restapi/CertificateAuthorityApiHandler.java b/athenz-identity-provider-service/src/main/java/com/yahoo/vespa/hosted/ca/restapi/CertificateAuthorityApiHandler.java
index 531a815922b..231f22ac56b 100644
--- a/athenz-identity-provider-service/src/main/java/com/yahoo/vespa/hosted/ca/restapi/CertificateAuthorityApiHandler.java
+++ b/athenz-identity-provider-service/src/main/java/com/yahoo/vespa/hosted/ca/restapi/CertificateAuthorityApiHandler.java
@@ -65,7 +65,7 @@ public class CertificateAuthorityApiHandler extends ThreadedHttpRequestHandler {
         super(ctx);
         this.secretStore = secretStore;
         this.certificates = certificates;
-        this.caPrivateKeySecretName = athenzProviderServiceConfig.secretName();
+        this.caPrivateKeySecretName = athenzProviderServiceConfig.sisSecretName();
         this.caCertificateSecretName = athenzProviderServiceConfig.caCertSecretName();
         this.instanceValidator = instanceValidator;
     }
diff --git a/athenz-identity-provider-service/src/test/java/com/yahoo/vespa/hosted/ca/restapi/ContainerTester.java b/athenz-identity-provider-service/src/test/java/com/yahoo/vespa/hosted/ca/restapi/ContainerTester.java
index 8112f5779e5..d880fd5220b 100644
--- a/athenz-identity-provider-service/src/test/java/com/yahoo/vespa/hosted/ca/restapi/ContainerTester.java
+++ b/athenz-identity-provider-service/src/test/java/com/yahoo/vespa/hosted/ca/restapi/ContainerTester.java
@@ -64,6 +64,8 @@ public class ContainerTester {
                "    <serviceName>servicename</serviceName>\n" +
                "    <secretName>secretname</secretName>\n" +
                "    <secretVersion>0</secretVersion>\n" +
+               "    <sisSecretName>secretname</sisSecretName>\n" +
+               "    <sisSecretVersion>0</sisSecretVersion>\n" +
                "    <caCertSecretName>vespa.external.ca.cert</caCertSecretName>\n" +
                "    <certDnsSuffix>suffix</certDnsSuffix>\n" +
                "    <ztsUrl>https://localhost:123/</ztsUrl>\n" +
diff --git a/configdefinitions/src/vespa/athenz-provider-service.def b/configdefinitions/src/vespa/athenz-provider-service.def
index 2131aa88d30..cb6787c4bec 100644
--- a/configdefinitions/src/vespa/athenz-provider-service.def
+++ b/configdefinitions/src/vespa/athenz-provider-service.def
@@ -13,6 +13,10 @@ secretName                                string
 # Secret version
 secretVersion                             int
 
+# Tempory resources
+sisSecretName                             string default=""
+sisSecretVersion                          int default=0
+
 # Secret name of CA certificate
 caCertSecretName                          string
 
diff --git a/flags/src/main/java/com/yahoo/vespa/flags/Flags.java b/flags/src/main/java/com/yahoo/vespa/flags/Flags.java
index 3989b45b9ac..9b4b04a3d62 100644
--- a/flags/src/main/java/com/yahoo/vespa/flags/Flags.java
+++ b/flags/src/main/java/com/yahoo/vespa/flags/Flags.java
@@ -345,6 +345,13 @@ public class Flags {
             "Takes effect on the next tick.",
             ZONE_ID, NODE_TYPE, HOSTNAME);
 
+    public static final UnboundBooleanFlag VESPA_ATHENZ_PROVIDER = defineFeatureFlag(
+            "vespa-athenz-provider", false,
+            List.of("mortent"), "2023-02-22", "2023-05-01",
+            "Enable athenz provider in public systems",
+            "Takes effect on next config server container start",
+            ZONE_ID);
+
     /** WARNING: public for testing: All flags should be defined in {@link Flags}. */
     public static UnboundBooleanFlag defineFeatureFlag(String flagId, boolean defaultValue, List<String> owners,
                                                        String createdAt, String expiresAt, String description,