diff options
author | Bjørn Christian Seime <bjorncs@verizonmedia.com> | 2019-08-26 15:15:53 +0200 |
---|---|---|
committer | Bjørn Christian Seime <bjorncs@verizonmedia.com> | 2019-08-26 15:15:53 +0200 |
commit | aca45ba95c5fb0b7d9c1fe89ee3a866ff65c76ac (patch) | |
tree | 457edb12eda58d61feab5812fe4ebed72763b6e9 /node-admin/src/main | |
parent | f49fbf259ea28bf3025580f875885762f12dc651 (diff) |
Include instance hostname in Athenz node certificates
Diffstat (limited to 'node-admin/src/main')
-rw-r--r-- | node-admin/src/main/java/com/yahoo/vespa/hosted/node/admin/maintenance/identity/AthenzCredentialsMaintainer.java | 20 |
1 files changed, 16 insertions, 4 deletions
diff --git a/node-admin/src/main/java/com/yahoo/vespa/hosted/node/admin/maintenance/identity/AthenzCredentialsMaintainer.java b/node-admin/src/main/java/com/yahoo/vespa/hosted/node/admin/maintenance/identity/AthenzCredentialsMaintainer.java index b952ae096b0..f994530bef4 100644 --- a/node-admin/src/main/java/com/yahoo/vespa/hosted/node/admin/maintenance/identity/AthenzCredentialsMaintainer.java +++ b/node-admin/src/main/java/com/yahoo/vespa/hosted/node/admin/maintenance/identity/AthenzCredentialsMaintainer.java @@ -155,13 +155,19 @@ public class AthenzCredentialsMaintainer implements CredentialsMaintainer { private void registerIdentity(NodeAgentContext context, Path privateKeyFile, Path certificateFile, Path identityDocumentFile) { KeyPair keyPair = KeyUtils.generateKeypair(KeyAlgorithm.RSA); SignedIdentityDocument signedIdentityDocument = identityDocumentClient.getNodeIdentityDocument(context.hostname().value()); - Pkcs10Csr csr = csrGenerator.generateInstanceCsr( - context.identity(), signedIdentityDocument.providerUniqueId(), signedIdentityDocument.ipAddresses(), keyPair); + Pkcs10Csr csr = + csrGenerator.generateInstanceCsr( + context.identity(), + signedIdentityDocument.providerUniqueId(), + signedIdentityDocument.instanceHostname(), + signedIdentityDocument.ipAddresses(), + keyPair); try (ZtsClient ztsClient = new DefaultZtsClient(ztsEndpoint, hostIdentityProvider)) { InstanceIdentity instanceIdentity = ztsClient.registerInstance( configserverIdentity, context.identity(), + signedIdentityDocument.instanceHostname(), EntityBindingsMapper.toAttestationData(signedIdentityDocument), csr); EntityBindingsMapper.writeSignedIdentityDocumentToFile(identityDocumentFile, signedIdentityDocument); @@ -174,8 +180,13 @@ public class AthenzCredentialsMaintainer implements CredentialsMaintainer { private void refreshIdentity(NodeAgentContext context, Path privateKeyFile, Path certificateFile, Path identityDocumentFile) { SignedIdentityDocument identityDocument = EntityBindingsMapper.readSignedIdentityDocumentFromFile(identityDocumentFile); KeyPair keyPair = KeyUtils.generateKeypair(KeyAlgorithm.RSA); - Pkcs10Csr csr = csrGenerator.generateInstanceCsr( - context.identity(), identityDocument.providerUniqueId(), identityDocument.ipAddresses(), keyPair); + Pkcs10Csr csr = csrGenerator + .generateInstanceCsr( + context.identity(), + identityDocument.providerUniqueId(), + identityDocument.instanceHostname(), + identityDocument.ipAddresses(), + keyPair); SSLContext containerIdentitySslContext = new SslContextBuilder() .withKeyStore(privateKeyFile, certificateFile) @@ -188,6 +199,7 @@ public class AthenzCredentialsMaintainer implements CredentialsMaintainer { configserverIdentity, context.identity(), identityDocument.providerUniqueId().asDottedString(), + identityDocument.instanceHostname(), csr); writePrivateKeyAndCertificate(context.vespaUserOnHost(), privateKeyFile, keyPair.getPrivate(), certificateFile, instanceIdentity.certificate()); |