diff options
| author | Jon Marius Venstad <jonmv@users.noreply.github.com> | 2021-04-13 16:43:15 +0200 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2021-04-13 16:43:15 +0200 |
| commit | 884a2695354fe6adb292b614c15ef0504568aea7 (patch) | |
| tree | 47bdf6e86ee975e970de69e505d0185c73c146f2 | |
| parent | 80ae4ab691dde21bb156285fafa7910baa4a42bd (diff) | |
| parent | ee3bc15f6c8610d633adb4d0d453301794b254de (diff) | |
Merge pull request #17410 from vespa-engine/revert-17409-revert-17406-revert-17404-revert-17399-jonmv/reapply-upgrade-athenz
Revert "Revert "Revert "Revert "Jonmv/reapply upgrade athenz""""
| -rw-r--r-- | cloud-tenant-base-dependencies-enforcer/pom.xml | 3 | ||||
| -rw-r--r-- | container-dependency-versions/pom.xml | 6 | ||||
| -rwxr-xr-x | docker/build/build-vespa-internal.sh | 9 | ||||
| -rw-r--r-- | hosted-tenant-base/pom.xml | 5 | ||||
| -rw-r--r-- | parent/pom.xml | 41 | ||||
| -rw-r--r-- | vespa-athenz/pom.xml | 24 | ||||
| -rw-r--r-- | vespa-athenz/src/main/java/com/yahoo/vespa/athenz/aws/AwsCredentials.java | 12 |
7 files changed, 67 insertions, 33 deletions
diff --git a/cloud-tenant-base-dependencies-enforcer/pom.xml b/cloud-tenant-base-dependencies-enforcer/pom.xml index 4a1c2a47a07..76a28b04805 100644 --- a/cloud-tenant-base-dependencies-enforcer/pom.xml +++ b/cloud-tenant-base-dependencies-enforcer/pom.xml @@ -20,7 +20,7 @@ Copied here because vz-tenant-base does not have a parent. --> <properties> <aopalliance.version>1.0</aopalliance.version> - <athenz.version>1.8.49</athenz.version> + <athenz.version>1.10.11</athenz.version> <bouncycastle.version>1.65</bouncycastle.version> <felix.version>6.0.3</felix.version> <felix.log.version>1.0.1</felix.log.version> @@ -236,7 +236,6 @@ <include>commons-digester:commons-digester:1.8:jar:test</include> <include>io.airlift:aircompressor:0.17:jar:test</include> <include>io.airlift:airline:0.7:jar:test</include> - <include>io.jsonwebtoken:jjwt:0.9.1:jar:test</include> <include>io.prometheus:simpleclient:0.6.0:jar:test</include> <include>io.prometheus:simpleclient_common:0.6.0:jar:test</include> <include>joda-time:joda-time:2.8.1:jar:test</include> diff --git a/container-dependency-versions/pom.xml b/container-dependency-versions/pom.xml index afcdf474723..c7353241d35 100644 --- a/container-dependency-versions/pom.xml +++ b/container-dependency-versions/pom.xml @@ -22,12 +22,6 @@ <url>https://github.com/vespa-engine</url> </developer> </developers> - <distributionManagement> - <repository> - <id>bintray-vespa-repo</id> - <url>https://api.bintray.com/maven/yahoo/maven/vespa;publish=1</url> - </repository> - </distributionManagement> <scm> <connection>scm:git:git@github.com:vespa-engine/vespa.git</connection> <developerConnection>scm:git:git@github.com:vespa-engine/vespa.git</developerConnection> diff --git a/docker/build/build-vespa-internal.sh b/docker/build/build-vespa-internal.sh index 780713ec732..63eb0efacb8 100755 --- a/docker/build/build-vespa-internal.sh +++ b/docker/build/build-vespa-internal.sh @@ -22,12 +22,11 @@ yum -y install epel-release yum -y install centos-release-scl if ! yum-config-manager --add-repo https://copr.fedorainfracloud.org/coprs/g/vespa/vespa/repo/epel-7/group_vespa-vespa-epel-7.repo; then - cat << 'EOF' > /etc/yum.repos.d/vespa-engine-stable.repo -[vespa-engine-stable] -name=vespa-engine-stable -baseurl=https://yahoo.bintray.com/vespa-engine/centos/$releasever/stable/$basearch + cat << 'EOF' > /etc/yum.repos.d/vespa-release.repo +[vespa-release] +name=Vespa releases +baseurl=https://verizonmedia.jfrog.io/artifactory/vespa/centos/$releasever/release/$basearch gpgcheck=0 -repo_gpgcheck=0 enabled=1 EOF fi diff --git a/hosted-tenant-base/pom.xml b/hosted-tenant-base/pom.xml index 094238454c9..08648f47ce2 100644 --- a/hosted-tenant-base/pom.xml +++ b/hosted-tenant-base/pom.xml @@ -66,6 +66,11 @@ <type>pom</type> <scope>import</scope> </dependency> + <dependency> + <groupId>org.glassfish.jaxb</groupId> + <artifactId>jaxb-runtime</artifactId> + <version>2.3.2</version> <!-- 2.3.3 has BROKEN manifest --> + </dependency> </dependencies> </dependencyManagement> diff --git a/parent/pom.xml b/parent/pom.xml index 3b5b0891e73..097f72a1943 100644 --- a/parent/pom.xml +++ b/parent/pom.xml @@ -28,30 +28,12 @@ <url>https://github.com/vespa-engine</url> </developer> </developers> - <distributionManagement> - <repository> - <id>bintray-vespa-repo</id> - <url>https://api.bintray.com/maven/yahoo/maven/vespa;publish=1</url> - </repository> - </distributionManagement> <scm> <connection>scm:git:git@github.com:vespa-engine/vespa.git</connection> <developerConnection>scm:git:git@github.com:vespa-engine/vespa.git</developerConnection> <url>git@github.com:vespa-engine/vespa.git</url> </scm> - <repositories> - <!-- Required for Athenz libraries --> - <repository> - <snapshots> - <enabled>false</enabled> - </snapshots> - <id>bintray-yahoo-maven</id> - <name>bintray</name> - <url>https://yahoo.bintray.com/maven</url> - </repository> - </repositories> - <build> <finalName>${project.artifactId}</finalName> <extensions> @@ -490,6 +472,21 @@ <version>${athenz.version}</version> </dependency> <dependency> + <groupId>io.jsonwebtoken</groupId> + <artifactId>jjwt-api</artifactId> + <version>${jjwt.version}</version> + </dependency> + <dependency> + <groupId>io.jsonwebtoken</groupId> + <artifactId>jjwt-impl</artifactId> + <version>${jjwt.version}</version> + </dependency> + <dependency> + <groupId>io.jsonwebtoken</groupId> + <artifactId>jjwt-jackson</artifactId> + <version>${jjwt.version}</version> + </dependency> + <dependency> <groupId>org.apache.commons</groupId> <artifactId>commons-math3</artifactId> <version>${commons.math3.version}</version> @@ -687,6 +684,11 @@ <version>9.2.0</version> </dependency> <dependency> + <groupId>org.glassfish.jaxb</groupId> + <artifactId>jaxb-runtime</artifactId> + <version>2.3.2</version> <!-- 2.3.3 has a BROKEN manifest --> + </dependency> + <dependency> <groupId>org.hamcrest</groupId> <artifactId>hamcrest-all</artifactId> <version>1.3</version> @@ -777,7 +779,8 @@ <apache.httpclient5.version>5.0.3</apache.httpclient5.version> <asm.version>7.0</asm.version> <!-- Athenz dependencies. Make sure these dependencies match those in Vespa's internal repositories --> - <athenz.version>1.8.49</athenz.version> + <athenz.version>1.10.11</athenz.version> + <jjwt.version>0.11.2</jjwt.version> <aws.sdk.version>1.11.974</aws.sdk.version> <!-- WARNING: If you change curator version, you also need to update zkfacade/src/main/java/org/apache/curator/**/package-info.java diff --git a/vespa-athenz/pom.xml b/vespa-athenz/pom.xml index 7d2ad924ae3..653eb58d76d 100644 --- a/vespa-athenz/pom.xml +++ b/vespa-athenz/pom.xml @@ -65,6 +65,14 @@ </exclusion> <!--Exclude all Jackson bundles provided by JDisc --> <exclusion> + <groupId>jakarta.activation</groupId> + <artifactId>jakarta.activation-api</artifactId> + </exclusion> + <exclusion> + <groupId>jakarta.xml.bind</groupId> + <artifactId>jakarta.xml.bind-api</artifactId> + </exclusion> + <exclusion> <groupId>com.fasterxml.jackson.core</groupId> <artifactId>jackson-core</artifactId> </exclusion> @@ -78,6 +86,22 @@ </exclusion> </exclusions> </dependency> + <dependency> <!-- needed by auth-core --> + <groupId>io.jsonwebtoken</groupId> + <artifactId>jjwt-impl</artifactId> + <scope>compile</scope> + </dependency> + <dependency> <!-- needed by auth-core --> + <groupId>io.jsonwebtoken</groupId> + <artifactId>jjwt-jackson</artifactId> + <scope>compile</scope> + <exclusions> + <exclusion> + <groupId>com.fasterxml.jackson.core</groupId> + <artifactId>jackson-databind</artifactId> + </exclusion> + </exclusions> + </dependency> <dependency> <groupId>com.yahoo.athenz</groupId> <artifactId>athenz-zpe-java-client</artifactId> diff --git a/vespa-athenz/src/main/java/com/yahoo/vespa/athenz/aws/AwsCredentials.java b/vespa-athenz/src/main/java/com/yahoo/vespa/athenz/aws/AwsCredentials.java index 30ff63fb108..b5473929184 100644 --- a/vespa-athenz/src/main/java/com/yahoo/vespa/athenz/aws/AwsCredentials.java +++ b/vespa-athenz/src/main/java/com/yahoo/vespa/athenz/aws/AwsCredentials.java @@ -25,12 +25,18 @@ public class AwsCredentials { private final AthenzDomain athenzDomain; private final AwsRole awsRole; private final ZtsClient ztsClient; + private final String externalId; private volatile AwsTemporaryCredentials credentials; public AwsCredentials(ZtsClient ztsClient, AthenzDomain athenzDomain, AwsRole awsRole) { + this(ztsClient, athenzDomain, awsRole, null); + } + + public AwsCredentials(ZtsClient ztsClient, AthenzDomain athenzDomain, AwsRole awsRole, String externalId) { this.ztsClient = ztsClient; this.athenzDomain = athenzDomain; this.awsRole = awsRole; + this.externalId = externalId; this.credentials = get(); } @@ -42,12 +48,16 @@ public class AwsCredentials { this(new DefaultZtsClient.Builder(ztsUrl).withSslContext(sslContext).build(), athenzDomain, awsRole); } + public AwsCredentials(URI ztsUrl, SSLContext sslContext, AthenzDomain athenzDomain, AwsRole awsRole, String externalId) { + this(new DefaultZtsClient.Builder(ztsUrl).withSslContext(sslContext).build(), athenzDomain, awsRole, externalId); + } + /** * Requests temporary credentials from ZTS or return cached credentials */ public AwsTemporaryCredentials get() { if(shouldRefresh(credentials)) { - this.credentials = ztsClient.getAwsTemporaryCredentials(athenzDomain, awsRole); + this.credentials = ztsClient.getAwsTemporaryCredentials(athenzDomain, awsRole, externalId); } return credentials; } |