Remove node-admin-tenant-service-registry flag

author: Ola Aunronning <olaa@yahooinc.com> 2023-08-01 10:20:24 +0200
committer: Ola Aunronning <olaa@yahooinc.com> 2023-08-07 10:04:01 +0200
commit: ede76e7024537e06ff16a0fc109a411ecd891200 (patch)
tree: b33362d9a0efa4b773277b9d947f20fa5a035c59 /node-admin
parent: b8fd1760006676638e71d824174e757ecb2fe662 (diff)
1 files changed, 1 insertions, 35 deletions
diff --git a/node-admin/src/main/java/com/yahoo/vespa/hosted/node/admin/maintenance/identity/AthenzCredentialsMaintainer.java b/node-admin/src/main/java/com/yahoo/vespa/hosted/node/admin/maintenance/identity/AthenzCredentialsMaintainer.java
index b6ec0ebbd94..8f8cf267f70 100644
--- a/node-admin/src/main/java/com/yahoo/vespa/hosted/node/admin/maintenance/identity/AthenzCredentialsMaintainer.java
+++ b/node-admin/src/main/java/com/yahoo/vespa/hosted/node/admin/maintenance/identity/AthenzCredentialsMaintainer.java
@@ -80,7 +80,6 @@ public class AthenzCredentialsMaintainer implements CredentialsMaintainer {
     private final String certificateDnsSuffix;
     private final ServiceIdentityProvider hostIdentityProvider;
     private final IdentityDocumentClient identityDocumentClient;
-    private final BooleanFlag tenantServiceIdentityFlag;
 
     // Used as an optimization to ensure ZTS is not DDoS'ed on continuously failing refresh attempts
     private final Map<ContainerName, Instant> lastRefreshAttempt = new ConcurrentHashMap<>();
@@ -99,7 +98,6 @@ public class AthenzCredentialsMaintainer implements CredentialsMaintainer {
                 hostIdentityProvider,
                 new AthenzIdentityVerifier(Set.of(configServerInfo.getConfigServerIdentity())));
         this.timer = timer;
-        this.tenantServiceIdentityFlag = Flags.NODE_ADMIN_TENANT_SERVICE_REGISTRY.bindTo(flagSource);
     }
 
     public boolean converge(NodeAgentContext context) {
@@ -109,11 +107,7 @@ public class AthenzCredentialsMaintainer implements CredentialsMaintainer {
         if (context.zone().getSystemName().isPublic())
             return modified;
 
-        if (shouldWriteTenantServiceIdentity(context)) {
-            modified |= maintain(context, TENANT);
-        } else {
-            modified |= deleteTenantCredentials(context);
-        }
+        modified |= maintain(context, TENANT);
         return modified;
     }
 
@@ -268,24 +262,6 @@ public class AthenzCredentialsMaintainer implements CredentialsMaintainer {
         return "node-certificate";
     }
 
-    private boolean deleteTenantCredentials(NodeAgentContext context) {
-        var siaDirectory = context.paths().of(CONTAINER_SIA_DIRECTORY, context.users().vespa());
-        var identityDocumentFile = siaDirectory.resolve(TENANT.getIdentityDocument());
-        if (!Files.exists(identityDocumentFile)) return false;
-        return getAthenzIdentity(context, TENANT, identityDocumentFile).map(athenzIdentity -> {
-            var privateKeyFile = (ContainerPath) SiaUtils.getPrivateKeyFile(siaDirectory, athenzIdentity);
-            var certificateFile = (ContainerPath) SiaUtils.getCertificateFile(siaDirectory, athenzIdentity);
-            try {
-                var modified = Files.deleteIfExists(identityDocumentFile);
-                modified |= Files.deleteIfExists(privateKeyFile);
-                modified |= Files.deleteIfExists(certificateFile);
-                return modified;
-            } catch (IOException e) {
-                throw new UncheckedIOException(e);
-            }
-        }).orElse(false);
-    }
-
     private boolean shouldRefreshCredentials(Duration age) {
         return age.compareTo(REFRESH_PERIOD) >= 0;
     }
@@ -399,16 +375,6 @@ public class AthenzCredentialsMaintainer implements CredentialsMaintainer {
         }
     }
 
-    private boolean shouldWriteTenantServiceIdentity(NodeAgentContext context) {
-        var version = context.node().currentVespaVersion()
-                .orElse(context.node().wantedVespaVersion().orElse(Version.emptyVersion));
-        var appId = context.node().owner().orElse(ApplicationId.defaultId());
-        return tenantServiceIdentityFlag
-                .with(FetchVector.Dimension.VESPA_VERSION, version.toFullString())
-                .with(FetchVector.Dimension.APPLICATION_ID, appId.serializedForm())
-                .value();
-    }
-
     private void copyCredsToLegacyPath(NodeAgentContext context, ContainerPath privateKeyFile, ContainerPath certificateFile) throws IOException {
         var legacySiaDirectory = context.paths().of(LEGACY_SIA_DIRECTORY, context.users().vespa());
         var keysDirectory = legacySiaDirectory.resolve("keys");
author	Ola Aunronning <olaa@yahooinc.com>	2023-08-01 10:20:24 +0200
committer	Ola Aunronning <olaa@yahooinc.com>	2023-08-07 10:04:01 +0200
commit	ede76e7024537e06ff16a0fc109a411ecd891200 (patch)
tree	b33362d9a0efa4b773277b9d947f20fa5a035c59 /node-admin
parent	b8fd1760006676638e71d824174e757ecb2fe662 (diff)