New syntax for cloud secret store

2 files changed, 14 insertions, 11 deletions

diff --git a/config-model/src/main/java/com/yahoo/vespa/model/container/xml/ContainerModelBuilder.java b/config-model/src/main/java/com/yahoo/vespa/model/container/xml/ContainerModelBuilder.java
index f2e8757c115..aeca5ff62ae 100644
--- a/config-model/src/main/java/com/yahoo/vespa/model/container/xml/ContainerModelBuilder.java
+++ b/config-model/src/main/java/com/yahoo/vespa/model/container/xml/ContainerModelBuilder.java
@@ -281,19 +281,19 @@ public class ContainerModelBuilder extends ConfigModelBuilder<ContainerModel> {
                         TenantSecretStore::getName,
                         store -> store
                 ));
-
-        for (Element group : XML.getChildren(secretStoreElement, "aws-parameter-store")) {
-            String name = group.getAttribute("name");
-            String region = group.getAttribute("region");
-            TenantSecretStore secretStore = secretStoresByName.get(name);
+        Element store = XML.getChild(secretStoreElement, "store");
+        for (Element group : XML.getChildren(store, "aws-parameter-store")) {
+            String account = group.getAttribute("account");
+            String region = group.getAttribute("aws-region");
+            TenantSecretStore secretStore = secretStoresByName.get(account);
 
             if (secretStore == null)
-                throw new RuntimeException("No configured secret store named " + name);
+                throw new RuntimeException("No configured secret store named " + account);
 
             if (secretStore.getExternalId().isEmpty())
                 throw new RuntimeException("No external ID has been set");
 
-            cloudSecretStore.addConfig(name, region, secretStore.getAwsId(), secretStore.getRole(), secretStore.getExternalId().get());
+            cloudSecretStore.addConfig(account, region, secretStore.getAwsId(), secretStore.getRole(), secretStore.getExternalId().get());
         }
 
         cluster.addComponent(cloudSecretStore);
diff --git a/config-model/src/main/resources/schema/containercluster.rnc b/config-model/src/main/resources/schema/containercluster.rnc
index 9313d91ea55..39df939f78c 100644
--- a/config-model/src/main/resources/schema/containercluster.rnc
+++ b/config-model/src/main/resources/schema/containercluster.rnc
@@ -91,10 +91,13 @@ SecretStore = element secret-store {
       attribute name { string } &
       attribute environment { string "alpha" | string "corp" | string "prod" | string "aws" | string "aws_stage" }
     } * &
-    element aws-parameter-store {
-      attribute name { string } &
-      attribute region { string }
-    } *
+    element store {
+      attribute id { string } &
+      element aws-parameter-store {
+        attribute account { string } &
+        attribute aws-region { string }
+      } *
+    }?
 }
 
 ZooKeeper = element zookeeper {