Create credentials symlink

author: Ola Aunronning <olaa@yahooinc.com> 2023-05-10 10:23:54 +0200
committer: Ola Aunronning <olaa@yahooinc.com> 2023-05-10 10:23:54 +0200
commit: 9a5922e2ff891a7ab3d9f9bc22b82044a8a1ef5e (patch)
tree: 75cc8d46b5ac19251115658264e016d8dba17be4 /node-admin/src
parent: 32cc36e3af0b5e24fdcb27ece4e5920042a8c483 (diff)
1 files changed, 12 insertions, 2 deletions
diff --git a/node-admin/src/main/java/com/yahoo/vespa/hosted/node/admin/maintenance/identity/AthenzCredentialsMaintainer.java b/node-admin/src/main/java/com/yahoo/vespa/hosted/node/admin/maintenance/identity/AthenzCredentialsMaintainer.java
index 6119c77242c..13099c7e99b 100644
--- a/node-admin/src/main/java/com/yahoo/vespa/hosted/node/admin/maintenance/identity/AthenzCredentialsMaintainer.java
+++ b/node-admin/src/main/java/com/yahoo/vespa/hosted/node/admin/maintenance/identity/AthenzCredentialsMaintainer.java
@@ -58,6 +58,7 @@ import java.util.logging.Logger;
 
 import static com.yahoo.vespa.hosted.node.admin.maintenance.identity.AthenzCredentialsMaintainer.IdentityType.NODE;
 import static com.yahoo.vespa.hosted.node.admin.maintenance.identity.AthenzCredentialsMaintainer.IdentityType.TENANT;
+import static com.yahoo.yolean.Exceptions.uncheck;
 
 /**
  * A maintainer that is responsible for providing and refreshing Athenz credentials for a container.
@@ -73,6 +74,7 @@ public class AthenzCredentialsMaintainer implements CredentialsMaintainer {
     private static final Duration REFRESH_BACKOFF = Duration.ofHours(1); // Backoff when refresh fails to ensure ZTS is not DDoS'ed.
 
     private static final String CONTAINER_SIA_DIRECTORY = "/var/lib/sia";
+    private static final String LEGACY_SIA_DIRECTORY = "/opt/vespa/var/vespa/sia";
 
     private final URI ztsEndpoint;
     private final Path ztsTrustStorePath;
@@ -113,10 +115,12 @@ public class AthenzCredentialsMaintainer implements CredentialsMaintainer {
         if (context.zone().getSystemName().isPublic())
             return modified;
 
-        if (shouldWriteTenantServiceIdentity(context))
+        if (shouldWriteTenantServiceIdentity(context)) {
             modified |= maintain(context, TENANT);
-        else
+            createCredentialsSymlink(context);
+        } else {
             modified |= deleteTenantCredentials(context);
+        }
         return modified;
     }
 
@@ -431,6 +435,12 @@ public class AthenzCredentialsMaintainer implements CredentialsMaintainer {
                 .value();
     }
 
+    private void createCredentialsSymlink(NodeAgentContext context) {
+        var siaDirectory = context.paths().of(CONTAINER_SIA_DIRECTORY, context.users().vespa());
+        var legacySiaDirectory = context.paths().of(LEGACY_SIA_DIRECTORY, context.users().vespa());
+        uncheck(() -> Files.createSymbolicLink(legacySiaDirectory, siaDirectory));
+    }
+
     /*
     Get the document version to ask for
      */
author	Ola Aunronning <olaa@yahooinc.com>	2023-05-10 10:23:54 +0200
committer	Ola Aunronning <olaa@yahooinc.com>	2023-05-10 10:23:54 +0200
commit	9a5922e2ff891a7ab3d9f9bc22b82044a8a1ef5e (patch)
tree	75cc8d46b5ac19251115658264e016d8dba17be4 /node-admin/src
parent	32cc36e3af0b5e24fdcb27ece4e5920042a8c483 (diff)