diff options
author | Bjørn Christian Seime <bjorncs@verizonmedia.com> | 2019-08-28 13:29:55 +0200 |
---|---|---|
committer | GitHub <noreply@github.com> | 2019-08-28 13:29:55 +0200 |
commit | 0fffe157136a0dc033a0fd63abd61ddf1eaf5eaa (patch) | |
tree | edbbebb10f020508ab8afb571e22dfa05e9e82f9 /node-admin | |
parent | 82a57087a6f9b9d13c708ae930ffa16a01514334 (diff) | |
parent | c3f734b9fdce30ada768c52427004bde763354b4 (diff) |
Merge pull request #10412 from vespa-engine/bjorncs/hostname
Bjorncs/hostname
Diffstat (limited to 'node-admin')
-rw-r--r-- | node-admin/src/main/java/com/yahoo/vespa/hosted/node/admin/maintenance/identity/AthenzCredentialsMaintainer.java | 23 |
1 files changed, 16 insertions, 7 deletions
diff --git a/node-admin/src/main/java/com/yahoo/vespa/hosted/node/admin/maintenance/identity/AthenzCredentialsMaintainer.java b/node-admin/src/main/java/com/yahoo/vespa/hosted/node/admin/maintenance/identity/AthenzCredentialsMaintainer.java index ce7a99fd841..f994530bef4 100644 --- a/node-admin/src/main/java/com/yahoo/vespa/hosted/node/admin/maintenance/identity/AthenzCredentialsMaintainer.java +++ b/node-admin/src/main/java/com/yahoo/vespa/hosted/node/admin/maintenance/identity/AthenzCredentialsMaintainer.java @@ -155,16 +155,20 @@ public class AthenzCredentialsMaintainer implements CredentialsMaintainer { private void registerIdentity(NodeAgentContext context, Path privateKeyFile, Path certificateFile, Path identityDocumentFile) { KeyPair keyPair = KeyUtils.generateKeypair(KeyAlgorithm.RSA); SignedIdentityDocument signedIdentityDocument = identityDocumentClient.getNodeIdentityDocument(context.hostname().value()); - Pkcs10Csr csr = csrGenerator.generateInstanceCsr( - context.identity(), signedIdentityDocument.providerUniqueId(), signedIdentityDocument.ipAddresses(), keyPair); + Pkcs10Csr csr = + csrGenerator.generateInstanceCsr( + context.identity(), + signedIdentityDocument.providerUniqueId(), + signedIdentityDocument.instanceHostname(), + signedIdentityDocument.ipAddresses(), + keyPair); try (ZtsClient ztsClient = new DefaultZtsClient(ztsEndpoint, hostIdentityProvider)) { InstanceIdentity instanceIdentity = ztsClient.registerInstance( configserverIdentity, context.identity(), - signedIdentityDocument.providerUniqueId().asDottedString(), + signedIdentityDocument.instanceHostname(), EntityBindingsMapper.toAttestationData(signedIdentityDocument), - false, csr); EntityBindingsMapper.writeSignedIdentityDocumentToFile(identityDocumentFile, signedIdentityDocument); writePrivateKeyAndCertificate(context.vespaUserOnHost(), privateKeyFile, keyPair.getPrivate(), @@ -176,8 +180,13 @@ public class AthenzCredentialsMaintainer implements CredentialsMaintainer { private void refreshIdentity(NodeAgentContext context, Path privateKeyFile, Path certificateFile, Path identityDocumentFile) { SignedIdentityDocument identityDocument = EntityBindingsMapper.readSignedIdentityDocumentFromFile(identityDocumentFile); KeyPair keyPair = KeyUtils.generateKeypair(KeyAlgorithm.RSA); - Pkcs10Csr csr = csrGenerator.generateInstanceCsr( - context.identity(), identityDocument.providerUniqueId(), identityDocument.ipAddresses(), keyPair); + Pkcs10Csr csr = csrGenerator + .generateInstanceCsr( + context.identity(), + identityDocument.providerUniqueId(), + identityDocument.instanceHostname(), + identityDocument.ipAddresses(), + keyPair); SSLContext containerIdentitySslContext = new SslContextBuilder() .withKeyStore(privateKeyFile, certificateFile) @@ -190,7 +199,7 @@ public class AthenzCredentialsMaintainer implements CredentialsMaintainer { configserverIdentity, context.identity(), identityDocument.providerUniqueId().asDottedString(), - false, + identityDocument.instanceHostname(), csr); writePrivateKeyAndCertificate(context.vespaUserOnHost(), privateKeyFile, keyPair.getPrivate(), certificateFile, instanceIdentity.certificate()); |