diff options
author | Bjørn Christian Seime <bjorncs@verizonmedia.com> | 2019-08-28 21:40:05 +0200 |
---|---|---|
committer | Bjørn Christian Seime <bjorncs@verizonmedia.com> | 2019-08-28 21:40:05 +0200 |
commit | 8b37b6ed1eafc8d8967e4732ea978ed1806eca71 (patch) | |
tree | 3c401b108b9095f8cae4c580737a85f9077042c8 /node-admin/src | |
parent | ec8efebdb70dd4c07288b0b9c6398af6635dced4 (diff) |
Revert "Include instance hostname in Athenz node certificates"
This reverts commit aca45ba95c5fb0b7d9c1fe89ee3a866ff65c76ac.
Diffstat (limited to 'node-admin/src')
-rw-r--r-- | node-admin/src/main/java/com/yahoo/vespa/hosted/node/admin/maintenance/identity/AthenzCredentialsMaintainer.java | 20 |
1 files changed, 4 insertions, 16 deletions
diff --git a/node-admin/src/main/java/com/yahoo/vespa/hosted/node/admin/maintenance/identity/AthenzCredentialsMaintainer.java b/node-admin/src/main/java/com/yahoo/vespa/hosted/node/admin/maintenance/identity/AthenzCredentialsMaintainer.java index f994530bef4..b952ae096b0 100644 --- a/node-admin/src/main/java/com/yahoo/vespa/hosted/node/admin/maintenance/identity/AthenzCredentialsMaintainer.java +++ b/node-admin/src/main/java/com/yahoo/vespa/hosted/node/admin/maintenance/identity/AthenzCredentialsMaintainer.java @@ -155,19 +155,13 @@ public class AthenzCredentialsMaintainer implements CredentialsMaintainer { private void registerIdentity(NodeAgentContext context, Path privateKeyFile, Path certificateFile, Path identityDocumentFile) { KeyPair keyPair = KeyUtils.generateKeypair(KeyAlgorithm.RSA); SignedIdentityDocument signedIdentityDocument = identityDocumentClient.getNodeIdentityDocument(context.hostname().value()); - Pkcs10Csr csr = - csrGenerator.generateInstanceCsr( - context.identity(), - signedIdentityDocument.providerUniqueId(), - signedIdentityDocument.instanceHostname(), - signedIdentityDocument.ipAddresses(), - keyPair); + Pkcs10Csr csr = csrGenerator.generateInstanceCsr( + context.identity(), signedIdentityDocument.providerUniqueId(), signedIdentityDocument.ipAddresses(), keyPair); try (ZtsClient ztsClient = new DefaultZtsClient(ztsEndpoint, hostIdentityProvider)) { InstanceIdentity instanceIdentity = ztsClient.registerInstance( configserverIdentity, context.identity(), - signedIdentityDocument.instanceHostname(), EntityBindingsMapper.toAttestationData(signedIdentityDocument), csr); EntityBindingsMapper.writeSignedIdentityDocumentToFile(identityDocumentFile, signedIdentityDocument); @@ -180,13 +174,8 @@ public class AthenzCredentialsMaintainer implements CredentialsMaintainer { private void refreshIdentity(NodeAgentContext context, Path privateKeyFile, Path certificateFile, Path identityDocumentFile) { SignedIdentityDocument identityDocument = EntityBindingsMapper.readSignedIdentityDocumentFromFile(identityDocumentFile); KeyPair keyPair = KeyUtils.generateKeypair(KeyAlgorithm.RSA); - Pkcs10Csr csr = csrGenerator - .generateInstanceCsr( - context.identity(), - identityDocument.providerUniqueId(), - identityDocument.instanceHostname(), - identityDocument.ipAddresses(), - keyPair); + Pkcs10Csr csr = csrGenerator.generateInstanceCsr( + context.identity(), identityDocument.providerUniqueId(), identityDocument.ipAddresses(), keyPair); SSLContext containerIdentitySslContext = new SslContextBuilder() .withKeyStore(privateKeyFile, certificateFile) @@ -199,7 +188,6 @@ public class AthenzCredentialsMaintainer implements CredentialsMaintainer { configserverIdentity, context.identity(), identityDocument.providerUniqueId().asDottedString(), - identityDocument.instanceHostname(), csr); writePrivateKeyAndCertificate(context.vespaUserOnHost(), privateKeyFile, keyPair.getPrivate(), certificateFile, instanceIdentity.certificate()); |