Get config server CA certificate secret name from config

author: Håkon Hallingstad <hakon@yahooinc.com> 2022-05-24 11:42:23 +0200
committer: Håkon Hallingstad <hakon@yahooinc.com> 2022-05-24 11:42:23 +0200
commit: d7570dd03cf2eddd9265ae39ac545bd223978cf8 (patch)
tree: 86a7a7faffea439610effea69be6da05edc63dbb /athenz-identity-provider-service
parent: 30ae0b5e47a871c3757cd2ae10f2f9bb52024556 (diff)
3 files changed, 7 insertions, 6 deletions
diff --git a/athenz-identity-provider-service/src/main/java/com/yahoo/vespa/hosted/ca/restapi/CertificateAuthorityApiHandler.java b/athenz-identity-provider-service/src/main/java/com/yahoo/vespa/hosted/ca/restapi/CertificateAuthorityApiHandler.java
index 9f4b1a9d01c..9bd6153f159 100644
--- a/athenz-identity-provider-service/src/main/java/com/yahoo/vespa/hosted/ca/restapi/CertificateAuthorityApiHandler.java
+++ b/athenz-identity-provider-service/src/main/java/com/yahoo/vespa/hosted/ca/restapi/CertificateAuthorityApiHandler.java
@@ -7,8 +7,6 @@ import com.yahoo.container.jdisc.HttpResponse;
 import com.yahoo.container.jdisc.ThreadedHttpRequestHandler;
 import com.yahoo.container.jdisc.secretstore.SecretStore;
 import com.yahoo.jdisc.http.server.jetty.RequestUtils;
-
-import java.util.logging.Level;
 import com.yahoo.restapi.ErrorResponse;
 import com.yahoo.restapi.Path;
 import com.yahoo.restapi.SlimeJsonResponse;
@@ -16,12 +14,12 @@ import com.yahoo.security.KeyUtils;
 import com.yahoo.security.SubjectAlternativeName;
 import com.yahoo.security.X509CertificateUtils;
 import com.yahoo.slime.Slime;
+import com.yahoo.slime.SlimeUtils;
 import com.yahoo.vespa.athenz.api.AthenzService;
 import com.yahoo.vespa.athenz.identityprovider.api.EntityBindingsMapper;
-import com.yahoo.slime.SlimeUtils;
-import com.yahoo.vespa.hosted.athenz.instanceproviderservice.config.AthenzProviderServiceConfig;
 import com.yahoo.vespa.hosted.athenz.instanceproviderservice.InstanceConfirmation;
 import com.yahoo.vespa.hosted.athenz.instanceproviderservice.InstanceValidator;
+import com.yahoo.vespa.hosted.athenz.instanceproviderservice.config.AthenzProviderServiceConfig;
 import com.yahoo.vespa.hosted.ca.Certificates;
 import com.yahoo.vespa.hosted.ca.instance.InstanceIdentity;
 import com.yahoo.vespa.hosted.ca.instance.InstanceRefresh;
@@ -38,6 +36,7 @@ import java.util.List;
 import java.util.Objects;
 import java.util.Optional;
 import java.util.function.Function;
+import java.util.logging.Level;
 import java.util.stream.Stream;
 
 /**
@@ -68,7 +67,7 @@ public class CertificateAuthorityApiHandler extends ThreadedHttpRequestHandler {
         this.secretStore = secretStore;
         this.certificates = certificates;
         this.caPrivateKeySecretName = athenzProviderServiceConfig.secretName();
-        this.caCertificateSecretName = athenzProviderServiceConfig.domain() + ".ca.cert";
+        this.caCertificateSecretName = athenzProviderServiceConfig.caCertSecretName();
         this.instanceValidator = instanceValidator;
     }
 
diff --git a/athenz-identity-provider-service/src/test/java/com/yahoo/vespa/hosted/athenz/instanceproviderservice/TestUtils.java b/athenz-identity-provider-service/src/test/java/com/yahoo/vespa/hosted/athenz/instanceproviderservice/TestUtils.java
index 7573b5690e7..4110ad2bfa2 100644
--- a/athenz-identity-provider-service/src/test/java/com/yahoo/vespa/hosted/athenz/instanceproviderservice/TestUtils.java
+++ b/athenz-identity-provider-service/src/test/java/com/yahoo/vespa/hosted/athenz/instanceproviderservice/TestUtils.java
@@ -18,7 +18,8 @@ public class TestUtils {
                         .domain(domain)
                         .certDnsSuffix(dnsSuffix)
                         .ztsUrl("localhost/zts")
-                        .secretName("s3cr3t");
+                        .secretName("s3cr3t")
+                        .caCertSecretName(domain + ".ca.cert");
         return new AthenzProviderServiceConfig(
                 zoneConfig.athenzCaTrustStore("/dummy/path/to/athenz-ca.jks"));
     }
diff --git a/athenz-identity-provider-service/src/test/java/com/yahoo/vespa/hosted/ca/restapi/ContainerTester.java b/athenz-identity-provider-service/src/test/java/com/yahoo/vespa/hosted/ca/restapi/ContainerTester.java
index 3341575afd4..ad0715cbbea 100644
--- a/athenz-identity-provider-service/src/test/java/com/yahoo/vespa/hosted/ca/restapi/ContainerTester.java
+++ b/athenz-identity-provider-service/src/test/java/com/yahoo/vespa/hosted/ca/restapi/ContainerTester.java
@@ -64,6 +64,7 @@ public class ContainerTester {
                "    <serviceName>servicename</serviceName>\n" +
                "    <secretName>secretname</secretName>\n" +
                "    <secretVersion>0</secretVersion>\n" +
+               "    <caCertSecretName>vespa.external.ca.cert</caCertSecretName>\n" +
                "    <certDnsSuffix>suffix</certDnsSuffix>\n" +
                "    <ztsUrl>https://localhost:123/</ztsUrl>\n" +
                "  </config>\n" +
author	Håkon Hallingstad <hakon@yahooinc.com>	2022-05-24 11:42:23 +0200
committer	Håkon Hallingstad <hakon@yahooinc.com>	2022-05-24 11:42:23 +0200
commit	d7570dd03cf2eddd9265ae39ac545bd223978cf8 (patch)
tree	86a7a7faffea439610effea69be6da05edc63dbb /athenz-identity-provider-service
parent	30ae0b5e47a871c3757cd2ae10f2f9bb52024556 (diff)