diff options
| author | Bjørn Christian Seime <bjorncs@oath.com> | 2018-05-28 15:52:31 +0200 |
|---|---|---|
| committer | Bjørn Christian Seime <bjorncs@oath.com> | 2018-05-28 15:52:31 +0200 |
| commit | 33570370d83a1c72ca502e2e336242a5e30b0357 (patch) | |
| tree | e62f33c8fd7b0c7ebd597b8ade246befdf83b138 /athenz-identity-provider-service | |
| parent | 96b6be30bb0623abbd152b5fd8e264cf62cf5d4d (diff) | |
Accept identity documents for tenant Docker containers
Diffstat (limited to 'athenz-identity-provider-service')
| -rw-r--r-- | athenz-identity-provider-service/src/main/java/com/yahoo/vespa/hosted/athenz/instanceproviderservice/instanceconfirmation/InstanceValidator.java | 7 |
1 files changed, 7 insertions, 0 deletions
diff --git a/athenz-identity-provider-service/src/main/java/com/yahoo/vespa/hosted/athenz/instanceproviderservice/instanceconfirmation/InstanceValidator.java b/athenz-identity-provider-service/src/main/java/com/yahoo/vespa/hosted/athenz/instanceproviderservice/instanceconfirmation/InstanceValidator.java index 5f330dc01bf..e457df37946 100644 --- a/athenz-identity-provider-service/src/main/java/com/yahoo/vespa/hosted/athenz/instanceproviderservice/instanceconfirmation/InstanceValidator.java +++ b/athenz-identity-provider-service/src/main/java/com/yahoo/vespa/hosted/athenz/instanceproviderservice/instanceconfirmation/InstanceValidator.java @@ -7,6 +7,7 @@ import com.yahoo.config.model.api.ServiceInfo; import com.yahoo.config.model.api.SuperModelProvider; import com.yahoo.config.provision.ApplicationId; import com.yahoo.log.LogLevel; +import com.yahoo.vespa.athenz.api.AthenzService; import com.yahoo.vespa.athenz.identityprovider.api.EntityBindingsMapper; import com.yahoo.vespa.athenz.identityprovider.api.SignedIdentityDocument; import com.yahoo.vespa.athenz.identityprovider.api.VespaUniqueInstanceId; @@ -29,6 +30,7 @@ import java.util.logging.Logger; */ public class InstanceValidator { + private static final AthenzService TENANT_DOCKER_CONTAINER_IDENTITY = new AthenzService("vespa.vespa.tenant"); private static final Logger log = Logger.getLogger(InstanceValidator.class.getName()); static final String SERVICE_PROPERTIES_DOMAIN_KEY = "identity.domain"; static final String SERVICE_PROPERTIES_SERVICE_KEY = "identity.service"; @@ -81,6 +83,7 @@ public class InstanceValidator { // If/when we dont care about logging exactly whats wrong, this can be simplified boolean isSameIdentityAsInServicesXml(ApplicationId applicationId, String domain, String service) { + Optional<ApplicationInfo> applicationInfo = superModelProvider.getSuperModel().getApplicationInfo(applicationId); if (!applicationInfo.isPresent()) { @@ -88,6 +91,10 @@ public class InstanceValidator { return false; } + if (TENANT_DOCKER_CONTAINER_IDENTITY.equals(new AthenzService(domain, service))) { + return true; + } + Optional<ServiceInfo> matchingServiceInfo = applicationInfo.get() .getModel() .getHosts() |