diff options
author | Valerij Fredriksen <valerijf@yahooinc.com> | 2022-03-25 17:30:00 +0100 |
---|---|---|
committer | Valerij Fredriksen <valerijf@yahooinc.com> | 2022-03-25 17:30:00 +0100 |
commit | 920db505728277e72aa502af655aa096a44f84b6 (patch) | |
tree | a89b079793d668f1be6da1e97e78de0c45816a33 /node-admin | |
parent | f514e98a805a363f2807b9fe6d6bf51534fd5897 (diff) |
Use vespa user
Diffstat (limited to 'node-admin')
-rw-r--r-- | node-admin/src/main/java/com/yahoo/vespa/hosted/node/admin/maintenance/identity/AthenzCredentialsMaintainer.java | 16 |
1 files changed, 6 insertions, 10 deletions
diff --git a/node-admin/src/main/java/com/yahoo/vespa/hosted/node/admin/maintenance/identity/AthenzCredentialsMaintainer.java b/node-admin/src/main/java/com/yahoo/vespa/hosted/node/admin/maintenance/identity/AthenzCredentialsMaintainer.java index 5c1401ade52..46fbbf7a72a 100644 --- a/node-admin/src/main/java/com/yahoo/vespa/hosted/node/admin/maintenance/identity/AthenzCredentialsMaintainer.java +++ b/node-admin/src/main/java/com/yahoo/vespa/hosted/node/admin/maintenance/identity/AthenzCredentialsMaintainer.java @@ -26,7 +26,6 @@ import com.yahoo.vespa.hosted.node.admin.nodeagent.NodeAgentContext; import com.yahoo.vespa.hosted.node.admin.nodeagent.NodeAgentTask; import com.yahoo.vespa.hosted.node.admin.task.util.file.FileFinder; import com.yahoo.vespa.hosted.node.admin.task.util.file.UnixPath; -import com.yahoo.vespa.hosted.node.admin.task.util.file.UnixUser; import com.yahoo.vespa.hosted.node.admin.task.util.fs.ContainerPath; import javax.net.ssl.HostnameVerifier; @@ -109,7 +108,7 @@ public class AthenzCredentialsMaintainer implements CredentialsMaintainer { try { context.log(logger, Level.FINE, "Checking certificate"); - ContainerPath containerSiaDirectory = context.paths().of(CONTAINER_SIA_DIRECTORY); + ContainerPath containerSiaDirectory = context.paths().of(CONTAINER_SIA_DIRECTORY).withUser(context.users().vespa()); ContainerPath privateKeyFile = (ContainerPath) SiaUtils.getPrivateKeyFile(containerSiaDirectory, context.identity()); ContainerPath certificateFile = (ContainerPath) SiaUtils.getCertificateFile(containerSiaDirectory, context.identity()); ContainerPath identityDocumentFile = containerSiaDirectory.resolve("vespa-node-identity-document.json"); @@ -207,8 +206,7 @@ public class AthenzCredentialsMaintainer implements CredentialsMaintainer { EntityBindingsMapper.toAttestationData(signedIdentityDocument), csr); EntityBindingsMapper.writeSignedIdentityDocumentToFile(identityDocumentFile, signedIdentityDocument); - writePrivateKeyAndCertificate(context.users().vespa(), - privateKeyFile, keyPair.getPrivate(), certificateFile, instanceIdentity.certificate()); + writePrivateKeyAndCertificate(privateKeyFile, keyPair.getPrivate(), certificateFile, instanceIdentity.certificate()); context.log(logger, "Instance successfully registered and credentials written to file"); } } @@ -235,8 +233,7 @@ public class AthenzCredentialsMaintainer implements CredentialsMaintainer { context.identity(), identityDocument.providerUniqueId().asDottedString(), csr); - writePrivateKeyAndCertificate(context.users().vespa(), - privateKeyFile, keyPair.getPrivate(), certificateFile, instanceIdentity.certificate()); + writePrivateKeyAndCertificate(privateKeyFile, keyPair.getPrivate(), certificateFile, instanceIdentity.certificate()); context.log(logger, "Instance successfully refreshed and credentials written to file"); } catch (ZtsClientException e) { if (e.getErrorCode() == 403 && e.getDescription().startsWith("Certificate revoked")) { @@ -252,13 +249,12 @@ public class AthenzCredentialsMaintainer implements CredentialsMaintainer { } - private static void writePrivateKeyAndCertificate(UnixUser vespaUser, - ContainerPath privateKeyFile, + private static void writePrivateKeyAndCertificate(ContainerPath privateKeyFile, PrivateKey privateKey, ContainerPath certificateFile, X509Certificate certificate) { - writeFile(privateKeyFile.withUser(vespaUser), KeyUtils.toPem(privateKey)); - writeFile(certificateFile.withUser(vespaUser), X509CertificateUtils.toPem(certificate)); + writeFile(privateKeyFile, KeyUtils.toPem(privateKey)); + writeFile(certificateFile, X509CertificateUtils.toPem(certificate)); } private static void writeFile(ContainerPath path, String utf8Content) { |