diff options
author | Morten Tokle <morten.tokle@gmail.com> | 2023-04-26 12:51:14 +0200 |
---|---|---|
committer | GitHub <noreply@github.com> | 2023-04-26 12:51:14 +0200 |
commit | 7197a334e230fcc99109a10858922f95216ae0e9 (patch) | |
tree | 57d0a019d384d1bcd810cb0fa15aa5cf959cec8d /node-admin | |
parent | a6c5b734b94d0239db9df0d37e390f82d3deabf1 (diff) |
Revert "Write tenant service identity at same location as AthenzCredentialsService"
Diffstat (limited to 'node-admin')
-rw-r--r-- | node-admin/src/main/java/com/yahoo/vespa/hosted/node/admin/maintenance/identity/AthenzCredentialsMaintainer.java | 25 |
1 files changed, 1 insertions, 24 deletions
diff --git a/node-admin/src/main/java/com/yahoo/vespa/hosted/node/admin/maintenance/identity/AthenzCredentialsMaintainer.java b/node-admin/src/main/java/com/yahoo/vespa/hosted/node/admin/maintenance/identity/AthenzCredentialsMaintainer.java index 9e295b6a8e6..c9c76e1edd3 100644 --- a/node-admin/src/main/java/com/yahoo/vespa/hosted/node/admin/maintenance/identity/AthenzCredentialsMaintainer.java +++ b/node-admin/src/main/java/com/yahoo/vespa/hosted/node/admin/maintenance/identity/AthenzCredentialsMaintainer.java @@ -1,8 +1,6 @@ // Copyright Yahoo. Licensed under the terms of the Apache 2.0 license. See LICENSE in the project root. package com.yahoo.vespa.hosted.node.admin.maintenance.identity; -import com.yahoo.component.Version; -import com.yahoo.config.provision.ApplicationId; import com.yahoo.security.KeyAlgorithm; import com.yahoo.security.KeyUtils; import com.yahoo.security.Pkcs10Csr; @@ -109,8 +107,6 @@ public class AthenzCredentialsMaintainer implements CredentialsMaintainer { modified |= maintain(context, NODE); if (shouldWriteTenantServiceIdentity(context)) modified |= maintain(context, TENANT); - else - modified |= deleteTenantCredentials(context); return modified; } @@ -199,21 +195,6 @@ public class AthenzCredentialsMaintainer implements CredentialsMaintainer { return "node-certificate"; } - private boolean deleteTenantCredentials(NodeAgentContext context) { - var siaDirectory = context.paths().of(CONTAINER_SIA_DIRECTORY, context.users().vespa()); - var identityDocumentFile = siaDirectory.resolve(TENANT.getIdentityDocument()); - var athenzIdentity = getAthenzIdentity(context, TENANT, identityDocumentFile); - var privateKeyFile = (ContainerPath) SiaUtils.getPrivateKeyFile(siaDirectory, athenzIdentity); - var certificateFile = (ContainerPath) SiaUtils.getCertificateFile(siaDirectory, athenzIdentity); - try { - return Files.deleteIfExists(identityDocumentFile) || - Files.deleteIfExists(privateKeyFile) || - Files.deleteIfExists(certificateFile); - } catch (IOException e) { - throw new UncheckedIOException(e); - } - } - private boolean shouldRefreshCredentials(Duration age) { return age.compareTo(REFRESH_PERIOD) >= 0; } @@ -340,12 +321,8 @@ public class AthenzCredentialsMaintainer implements CredentialsMaintainer { } private boolean shouldWriteTenantServiceIdentity(NodeAgentContext context) { - var version = context.node().currentVespaVersion() - .orElse(context.node().wantedVespaVersion().orElse(Version.emptyVersion)); - var appId = context.node().owner().orElse(ApplicationId.defaultId()); return tenantServiceIdentityFlag - .with(FetchVector.Dimension.VESPA_VERSION, version.toFullString()) - .with(FetchVector.Dimension.APPLICATION_ID, appId.serializedForm()) + .with(FetchVector.Dimension.HOSTNAME, context.hostname().value()) .value(); } |