Use mutual TLS auth when retrieving identity document

author: Bjørn Christian Seime <bjorncs@oath.com> 2018-05-29 16:35:01 +0200
committer: Morten Tokle <mortent@oath.com> 2018-06-11 14:15:11 +0200
commit: b267b3642c34720e8a6353d9afaf324f64ff2f71 (patch)
tree: a78bbf5b2deac0c1d8bffaea0ffaa5357f6e8b04 /config-model/src/main/java/com/yahoo/vespa/model/container/IdentityProvider.java
parent: 673d1bba562da999ea3c92327a0504e0a9691e35 (diff)
1 files changed, 20 insertions, 1 deletions
diff --git a/config-model/src/main/java/com/yahoo/vespa/model/container/IdentityProvider.java b/config-model/src/main/java/com/yahoo/vespa/model/container/IdentityProvider.java
index fbfff408cb7..874a7933fbe 100644
--- a/config-model/src/main/java/com/yahoo/vespa/model/container/IdentityProvider.java
+++ b/config-model/src/main/java/com/yahoo/vespa/model/container/IdentityProvider.java
@@ -4,6 +4,8 @@ package com.yahoo.vespa.model.container;
 import com.yahoo.config.provision.AthenzDomain;
 import com.yahoo.config.provision.AthenzService;
 import com.yahoo.config.provision.HostName;
+import com.yahoo.config.provision.SystemName;
+import com.yahoo.config.provision.Zone;
 import com.yahoo.container.bundle.BundleInstantiationSpecification;
 import com.yahoo.container.core.identity.IdentityConfig;
 import com.yahoo.osgi.provider.model.ComponentModel;
@@ -23,14 +25,21 @@ public class IdentityProvider extends SimpleComponent implements IdentityConfig.
     private final HostName loadBalancerName;
     private final URI ztsUrl;
     private final String athenzDnsSuffix;
+    private final Zone zone;
 
-    public IdentityProvider(AthenzDomain domain, AthenzService service, HostName loadBalancerName, URI ztsUrl, String athenzDnsSuffix) {
+    public IdentityProvider(AthenzDomain domain,
+                            AthenzService service,
+                            HostName loadBalancerName,
+                            URI ztsUrl,
+                            String athenzDnsSuffix,
+                            Zone zone) {
         super(new ComponentModel(BundleInstantiationSpecification.getFromStrings(CLASS, CLASS, BUNDLE)));
         this.domain = domain;
         this.service = service;
         this.loadBalancerName = loadBalancerName;
         this.ztsUrl = ztsUrl;
         this.athenzDnsSuffix = athenzDnsSuffix;
+        this.zone = zone;
     }
 
     @Override
@@ -42,5 +51,15 @@ public class IdentityProvider extends SimpleComponent implements IdentityConfig.
         builder.loadBalancerAddress(loadBalancerName.value());
         builder.ztsUrl(ztsUrl != null ? ztsUrl.toString() : "");
         builder.athenzDnsSuffix(athenzDnsSuffix != null ? athenzDnsSuffix : "");
+        builder.nodeIdentityName("vespa.vespa.tenant"); // TODO Move to Oath configmodel amender
+        builder.configserverIdentityName(getConfigserverIdentityName());
+    }
+
+    // TODO Move to Oath configmodel amender
+    private String getConfigserverIdentityName() {
+        return String.format("%s.provider_%s_%s",
+                             zone.system() == SystemName.main ? "vespa.vespa" : "vespa.vespa.cd",
+                             zone.environment().value(),
+                             zone.region().value());
     }
 }
author	Bjørn Christian Seime <bjorncs@oath.com>	2018-05-29 16:35:01 +0200
committer	Morten Tokle <mortent@oath.com>	2018-06-11 14:15:11 +0200
commit	b267b3642c34720e8a6353d9afaf324f64ff2f71 (patch)
tree	a78bbf5b2deac0c1d8bffaea0ffaa5357f6e8b04 /config-model/src/main/java/com/yahoo/vespa/model/container/IdentityProvider.java
parent	673d1bba562da999ea3c92327a0504e0a9691e35 (diff)