Add token endpoints to proxy config

2 files changed, 16 insertions, 3 deletions

diff --git a/config-model/src/main/java/com/yahoo/vespa/model/container/DataplaneProxy.java b/config-model/src/main/java/com/yahoo/vespa/model/container/DataplaneProxy.java
index 13aa65909bd..3361793ec1a 100644
--- a/config-model/src/main/java/com/yahoo/vespa/model/container/DataplaneProxy.java
+++ b/config-model/src/main/java/com/yahoo/vespa/model/container/DataplaneProxy.java
@@ -5,19 +5,23 @@ import com.yahoo.cloud.config.DataplaneProxyConfig;
 import com.yahoo.container.jdisc.DataplaneProxyConfigurator;
 import com.yahoo.vespa.model.container.component.SimpleComponent;
 
+import java.util.Set;
+
 public class DataplaneProxy extends SimpleComponent implements DataplaneProxyConfig.Producer {
 
     private final int mtlsPort;
     private final int tokenPort;
     private final String serverCertificate;
     private final String serverKey;
+    private final Set<String> tokenEndpoints;
 
-    public DataplaneProxy(int mtlsPort, int tokenPort, String serverCertificate, String serverKey) {
+    public DataplaneProxy(int mtlsPort, int tokenPort, String serverCertificate, String serverKey, Set<String> tokenEndpoints) {
         super(DataplaneProxyConfigurator.class.getName());
         this.mtlsPort = mtlsPort;
         this.tokenPort = tokenPort;
         this.serverCertificate = serverCertificate;
         this.serverKey = serverKey;
+        this.tokenEndpoints = tokenEndpoints;
     }
 
     @Override
@@ -26,6 +30,7 @@ public class DataplaneProxy extends SimpleComponent implements DataplaneProxyCon
         builder.tokenPort(tokenPort);
         builder.serverCertificate(serverCertificate);
         builder.serverKey(serverKey);
+        builder.tokenEndpoints(tokenEndpoints);
     }
 
 }
diff --git a/config-model/src/main/java/com/yahoo/vespa/model/container/xml/ContainerModelBuilder.java b/config-model/src/main/java/com/yahoo/vespa/model/container/xml/ContainerModelBuilder.java
index 459c54a2805..2baf8f053c9 100644
--- a/config-model/src/main/java/com/yahoo/vespa/model/container/xml/ContainerModelBuilder.java
+++ b/config-model/src/main/java/com/yahoo/vespa/model/container/xml/ContainerModelBuilder.java
@@ -627,9 +627,16 @@ public class ContainerModelBuilder extends ConfigModelBuilder<ContainerModel> {
 
     private void addCloudTokenSupport(DeployState state, ApplicationContainerCluster cluster) {
         var server = cluster.getHttp().getHttpServer().get();
+        Set<String> tokenEndpoints = state.getEndpoints().stream()
+                .filter(endpoint -> endpoint.authMethod() == ApplicationClusterEndpoint.AuthMethod.token)
+                .map(ContainerEndpoint::names)
+                .flatMap(Collection::stream)
+                .collect(Collectors.toSet());
+
         boolean enableTokenSupport = state.isHosted() && state.zone().system().isPublic()
                 && state.featureFlags().enableDataplaneProxy()
-                && cluster.getClients().stream().anyMatch(c -> !c.tokens().isEmpty());
+                && cluster.getClients().stream().anyMatch(c -> !c.tokens().isEmpty())
+                && ! tokenEndpoints.isEmpty();
         if (!enableTokenSupport) return;
         var endpointCert = state.endpointCertificateSecrets().orElseThrow();
         int tokenPort = getTokenDataplanePort(state).orElseThrow();
@@ -641,7 +648,8 @@ public class ContainerModelBuilder extends ConfigModelBuilder<ContainerModel> {
                 getMtlsDataplanePort(state),
                 tokenPort,
                 endpointCert.certificate(),
-                endpointCert.key());
+                endpointCert.key(),
+                tokenEndpoints);
         cluster.addComponent(dataplaneProxy);
 
         // Setup dedicated connector