Add wireguard key timestamp to WireguardPeer

4 files changed, 17 insertions, 6 deletions

diff --git a/node-admin/src/main/java/com/yahoo/vespa/hosted/node/admin/configserver/noderepository/RealNodeRepository.java b/node-admin/src/main/java/com/yahoo/vespa/hosted/node/admin/configserver/noderepository/RealNodeRepository.java
index ddad45366ea..84cbc7d40ed 100644
--- a/node-admin/src/main/java/com/yahoo/vespa/hosted/node/admin/configserver/noderepository/RealNodeRepository.java
+++ b/node-admin/src/main/java/com/yahoo/vespa/hosted/node/admin/configserver/noderepository/RealNodeRepository.java
@@ -147,8 +147,10 @@ public class RealNodeRepository implements NodeRepository {
                             .toList();
                     if (ipAddresses.isEmpty()) return;
 
-                    consumer.accept(new WireguardPeer(
-                            HostName.of(node.hostname), ipAddresses, WireguardKey.from(node.wireguardPubkey)));
+                    consumer.accept(new WireguardPeer(HostName.of(node.hostname),
+                                                      ipAddresses,
+                                                      WireguardKey.from(node.wireguardPubkey),
+                                                      Instant.ofEpochMilli(node.wireguardKeyTimestamp)));
                 })
                 .sorted()
                 .toList();
@@ -370,6 +372,7 @@ public class RealNodeRepository implements NodeRepository {
     private static WireguardPeer createConfigserverPeer(GetWireguardResponse.Configserver configServer) {
         return new WireguardPeer(HostName.of(configServer.hostname),
                                  configServer.ipAddresses.stream().map(VersionedIpAddress::from).toList(),
-                                 WireguardKey.from(configServer.wireguardPubkey));
+                                 WireguardKey.from(configServer.wireguardPubkey),
+                                 Instant.ofEpochMilli(configServer.wireguardKeyTimestamp));
     }
 }
diff --git a/node-admin/src/main/java/com/yahoo/vespa/hosted/node/admin/configserver/noderepository/bindings/GetWireguardResponse.java b/node-admin/src/main/java/com/yahoo/vespa/hosted/node/admin/configserver/noderepository/bindings/GetWireguardResponse.java
index a71b2a74b31..dcbf4cc163f 100644
--- a/node-admin/src/main/java/com/yahoo/vespa/hosted/node/admin/configserver/noderepository/bindings/GetWireguardResponse.java
+++ b/node-admin/src/main/java/com/yahoo/vespa/hosted/node/admin/configserver/noderepository/bindings/GetWireguardResponse.java
@@ -35,13 +35,18 @@ public class GetWireguardResponse {
         @JsonProperty("wireguardPubkey")
         public final String wireguardPubkey;
 
+        @JsonProperty("wireguardKeyTimestamp")
+        public final Long wireguardKeyTimestamp;
+
         @JsonCreator
         public Configserver(@JsonProperty("hostname") String hostname,
                             @JsonProperty("ipAddresses") List<String> ipAddresses,
-                            @JsonProperty("wireguardPubkey") String wireguardPubkey) {
+                            @JsonProperty("wireguardPubkey") String wireguardPubkey,
+                            @JsonProperty("wireguardKeyTimestamp") Long wireguardKeyTimestamp) {
             this.hostname = hostname;
             this.ipAddresses = ipAddresses;
             this.wireguardPubkey = wireguardPubkey;
+            this.wireguardKeyTimestamp = wireguardKeyTimestamp;
         }
     }
 
diff --git a/node-admin/src/main/java/com/yahoo/vespa/hosted/node/admin/wireguard/WireguardPeer.java b/node-admin/src/main/java/com/yahoo/vespa/hosted/node/admin/wireguard/WireguardPeer.java
index 0f4d2d5d8e0..b5428f57f08 100644
--- a/node-admin/src/main/java/com/yahoo/vespa/hosted/node/admin/wireguard/WireguardPeer.java
+++ b/node-admin/src/main/java/com/yahoo/vespa/hosted/node/admin/wireguard/WireguardPeer.java
@@ -4,6 +4,7 @@ import com.yahoo.config.provision.HostName;
 import com.yahoo.config.provision.WireguardKey;
 import com.yahoo.vespa.hosted.node.admin.task.util.network.VersionedIpAddress;
 
+import java.time.Instant;
 import java.util.List;
 
 /**
@@ -14,7 +15,8 @@ import java.util.List;
  */
 public record WireguardPeer(HostName hostname,
                             List<VersionedIpAddress> ipAddresses,
-                            WireguardKey publicKey) implements Comparable<WireguardPeer> {
+                            WireguardKey publicKey,
+                            Instant wireguardKeyTimestamp) implements Comparable<WireguardPeer> {
 
     public WireguardPeer {
         if (ipAddresses.isEmpty()) throw new IllegalArgumentException("No IP addresses for peer node " + hostname.value());
diff --git a/node-admin/src/test/java/com/yahoo/vespa/hosted/node/admin/wireguard/WireguardPeerTest.java b/node-admin/src/test/java/com/yahoo/vespa/hosted/node/admin/wireguard/WireguardPeerTest.java
index 00aca5c5e4d..cd76b221c9e 100644
--- a/node-admin/src/test/java/com/yahoo/vespa/hosted/node/admin/wireguard/WireguardPeerTest.java
+++ b/node-admin/src/test/java/com/yahoo/vespa/hosted/node/admin/wireguard/WireguardPeerTest.java
@@ -5,6 +5,7 @@ import com.yahoo.config.provision.WireguardKey;
 import com.yahoo.vespa.hosted.node.admin.task.util.network.VersionedIpAddress;
 import org.junit.jupiter.api.Test;
 
+import java.time.Instant;
 import java.util.List;
 import java.util.stream.Stream;
 
@@ -30,6 +31,6 @@ public class WireguardPeerTest {
 
     private static WireguardPeer peer(String hostname) {
         return new WireguardPeer(HostName.of(hostname), List.of(VersionedIpAddress.from("::1:1")),
-                                 WireguardKey.generateRandomForTesting());
+                                 WireguardKey.generateRandomForTesting(), Instant.EPOCH);
     }
 }