diff options
| author | Bjørn Christian Seime <bjorncs@oath.com> | 2018-03-07 14:30:09 +0100 |
|---|---|---|
| committer | Bjørn Christian Seime <bjorncs@oath.com> | 2018-03-07 14:30:09 +0100 |
| commit | b5bbe4781182ef2f2d092fe9063ce83f8f549fd6 (patch) | |
| tree | 67a963cbdaa68834f6a11862dda06cf912330f3c /athenz-identity-provider-service | |
| parent | a1f2a7f2dff2dbd55b2146ca9e898a2dba7a1fb3 (diff) | |
ZTS server endpoint is zone specific
Diffstat (limited to 'athenz-identity-provider-service')
5 files changed, 5 insertions, 8 deletions
diff --git a/athenz-identity-provider-service/src/main/java/com/yahoo/vespa/hosted/athenz/instanceproviderservice/AthenzSslKeyStoreConfigurator.java b/athenz-identity-provider-service/src/main/java/com/yahoo/vespa/hosted/athenz/instanceproviderservice/AthenzSslKeyStoreConfigurator.java index 3774eb015ed..31e1a8519f4 100644 --- a/athenz-identity-provider-service/src/main/java/com/yahoo/vespa/hosted/athenz/instanceproviderservice/AthenzSslKeyStoreConfigurator.java +++ b/athenz-identity-provider-service/src/main/java/com/yahoo/vespa/hosted/athenz/instanceproviderservice/AthenzSslKeyStoreConfigurator.java @@ -65,7 +65,7 @@ public class AthenzSslKeyStoreConfigurator extends AbstractComponent implements ConfigserverConfig configserverConfig) { AthenzProviderServiceConfig.Zones zoneConfig = getZoneConfig(config, zone); Path keystoreCachePath = createKeystoreCachePath(configserverConfig); - AthenzCertificateClient certificateClient = new AthenzCertificateClient(bootstrapIdentity, config, zoneConfig); + AthenzCertificateClient certificateClient = new AthenzCertificateClient(bootstrapIdentity, zoneConfig); Duration updatePeriod = Duration.ofDays(config.updatePeriodDays()); this.certificateClient = certificateClient; this.keyProvider = keyProvider; diff --git a/athenz-identity-provider-service/src/main/java/com/yahoo/vespa/hosted/athenz/instanceproviderservice/identitydocument/IdentityDocumentGenerator.java b/athenz-identity-provider-service/src/main/java/com/yahoo/vespa/hosted/athenz/instanceproviderservice/identitydocument/IdentityDocumentGenerator.java index eb1c6b09f0f..4c23997f9c2 100644 --- a/athenz-identity-provider-service/src/main/java/com/yahoo/vespa/hosted/athenz/instanceproviderservice/identitydocument/IdentityDocumentGenerator.java +++ b/athenz-identity-provider-service/src/main/java/com/yahoo/vespa/hosted/athenz/instanceproviderservice/identitydocument/IdentityDocumentGenerator.java @@ -40,7 +40,7 @@ public class IdentityDocumentGenerator { this.keyProvider = keyProvider; this.dnsSuffix = zoneConfig.certDnsSuffix(); this.providerService = zoneConfig.serviceName(); - this.ztsUrl = config.ztsUrl(); + this.ztsUrl = zoneConfig.ztsUrl(); this.providerDomain = zoneConfig.domain(); this.signingSecretVersion = zoneConfig.secretVersion(); } diff --git a/athenz-identity-provider-service/src/main/java/com/yahoo/vespa/hosted/athenz/instanceproviderservice/impl/AthenzCertificateClient.java b/athenz-identity-provider-service/src/main/java/com/yahoo/vespa/hosted/athenz/instanceproviderservice/impl/AthenzCertificateClient.java index 62c7038a265..ca5c776bf3c 100644 --- a/athenz-identity-provider-service/src/main/java/com/yahoo/vespa/hosted/athenz/instanceproviderservice/impl/AthenzCertificateClient.java +++ b/athenz-identity-provider-service/src/main/java/com/yahoo/vespa/hosted/athenz/instanceproviderservice/impl/AthenzCertificateClient.java @@ -16,21 +16,18 @@ import java.security.cert.X509Certificate; */ public class AthenzCertificateClient { - private final AthenzProviderServiceConfig config; private final AthenzProviderServiceConfig.Zones zoneConfig; private final AthenzIdentityProvider bootstrapIdentity; public AthenzCertificateClient(AthenzIdentityProvider bootstrapIdentity, - AthenzProviderServiceConfig config, AthenzProviderServiceConfig.Zones zoneConfig) { this.bootstrapIdentity = bootstrapIdentity; - this.config = config; this.zoneConfig = zoneConfig; } public X509Certificate updateCertificate(PrivateKey privateKey) { SSLContext bootstrapSslContext = bootstrapIdentity.getIdentitySslContext(); - ZTSClient ztsClient = new ZTSClient(config.ztsUrl(), bootstrapSslContext); + ZTSClient ztsClient = new ZTSClient(zoneConfig.ztsUrl(), bootstrapSslContext); InstanceRefreshRequest req = ZTSClient.generateInstanceRefreshRequest( zoneConfig.domain(), zoneConfig.serviceName(), privateKey, zoneConfig.certDnsSuffix(), /*expiryTime*/0); diff --git a/athenz-identity-provider-service/src/main/resources/configdefinitions/athenz-provider-service.def b/athenz-identity-provider-service/src/main/resources/configdefinitions/athenz-provider-service.def index d92e0b685cc..281db6fb43d 100644 --- a/athenz-identity-provider-service/src/main/resources/configdefinitions/athenz-provider-service.def +++ b/athenz-identity-provider-service/src/main/resources/configdefinitions/athenz-provider-service.def @@ -17,7 +17,7 @@ zones{}.secretVersion int zones{}.certDnsSuffix string # Athenz ZTS server url -ztsUrl string +zones{}.ztsUrl string # Path to Athenz CA JKS trust store athenzCaTrustStore string diff --git a/athenz-identity-provider-service/src/test/java/com/yahoo/vespa/hosted/athenz/instanceproviderservice/TestUtils.java b/athenz-identity-provider-service/src/test/java/com/yahoo/vespa/hosted/athenz/instanceproviderservice/TestUtils.java index 5ae4b9f9bc5..9271fa74363 100644 --- a/athenz-identity-provider-service/src/test/java/com/yahoo/vespa/hosted/athenz/instanceproviderservice/TestUtils.java +++ b/athenz-identity-provider-service/src/test/java/com/yahoo/vespa/hosted/athenz/instanceproviderservice/TestUtils.java @@ -20,11 +20,11 @@ public class TestUtils { .secretVersion(0) .domain(domain) .certDnsSuffix(dnsSuffix) + .ztsUrl("localhost/zts") .secretName("s3cr3t"); return new AthenzProviderServiceConfig( new AthenzProviderServiceConfig.Builder() .zones(ImmutableMap.of(zone.environment().value() + "." + zone.region().value(), zoneConfig)) - .ztsUrl("localhost/zts") .athenzCaTrustStore("/dummy/path/to/athenz-ca.jks")); } |