Add wireguard key timestamp to node repo and WireguardPeer

- Set from NodePatcher clock.
- Add UNINITIALIZED wireguard key constant

3 files changed, 11 insertions, 4 deletions

diff --git a/node-repository/src/main/java/com/yahoo/vespa/hosted/provision/restapi/NodePatcher.java b/node-repository/src/main/java/com/yahoo/vespa/hosted/provision/restapi/NodePatcher.java
index d88cade0022..5915f02ec4f 100644
--- a/node-repository/src/main/java/com/yahoo/vespa/hosted/provision/restapi/NodePatcher.java
+++ b/node-repository/src/main/java/com/yahoo/vespa/hosted/provision/restapi/NodePatcher.java
@@ -273,8 +273,9 @@ public class NodePatcher {
             case "trustStore":
                 return nodeWithTrustStore(node, value);
             case "wireguardPubkey":
-                return node.withWireguardPubkey(SlimeUtils.optionalString(value).map(WireguardKey::new).orElse(null));
-            default :
+                return node.withWireguardPubkey(SlimeUtils.optionalString(value).map(WireguardKey::new).orElse(null))
+                        .withWireguardKeyTimestamp(clock.instant());
+            default:
                 throw new IllegalArgumentException("Could not apply field '" + name + "' on a node: No such modifiable field");
         }
     }
diff --git a/node-repository/src/main/java/com/yahoo/vespa/hosted/provision/restapi/NodesResponse.java b/node-repository/src/main/java/com/yahoo/vespa/hosted/provision/restapi/NodesResponse.java
index 5221fa8875b..e3960cc5db5 100644
--- a/node-repository/src/main/java/com/yahoo/vespa/hosted/provision/restapi/NodesResponse.java
+++ b/node-repository/src/main/java/com/yahoo/vespa/hosted/provision/restapi/NodesResponse.java
@@ -193,6 +193,7 @@ class NodesResponse extends SlimeJsonResponse {
             object.setString("cloudAccount", node.cloudAccount().value());
         }
         node.wireguardPubKey().ifPresent(key -> object.setString("wireguardPubkey", key.value()));
+        node.wireguardKeyTimestamp().ifPresent(timestamp -> object.setLong("wireguardKeyTimestamp", timestamp.toEpochMilli()));
     }
 
     private Version resolveVersionFlag(StringFlag flag, Node node, Allocation allocation) {
diff --git a/node-repository/src/main/java/com/yahoo/vespa/hosted/provision/restapi/WireguardResponse.java b/node-repository/src/main/java/com/yahoo/vespa/hosted/provision/restapi/WireguardResponse.java
index 76c709da97f..db61540cd0e 100644
--- a/node-repository/src/main/java/com/yahoo/vespa/hosted/provision/restapi/WireguardResponse.java
+++ b/node-repository/src/main/java/com/yahoo/vespa/hosted/provision/restapi/WireguardResponse.java
@@ -10,7 +10,9 @@ import com.yahoo.vespa.hosted.provision.NodeRepository;
 import com.yahoo.vespa.hosted.provision.node.IP;
 
 import java.net.InetAddress;
+import java.time.Instant;
 import java.util.List;
+import java.util.Optional;
 
 /**
  * A response containing the wireguard peer config for each configserver that has a public key.
@@ -34,13 +36,16 @@ public class WireguardResponse extends SlimeJsonResponse {
                     .toList();
             if (ipAddresses.isEmpty()) return;
 
-            addConfigserver(cfgArray.addObject(), cfg.hostname(), cfg.wireguardPubKey().get(), ipAddresses);
+            addConfigserver(cfgArray.addObject(), cfg.hostname(), cfg.wireguardPubKey().get(),
+                            cfg.wireguardKeyTimestamp(), ipAddresses);
         }
     }
 
-    private void addConfigserver(Cursor cfgEntry, String hostname, WireguardKey key, List<String> ipAddresses) {
+    private void addConfigserver(Cursor cfgEntry, String hostname, WireguardKey key, Optional<Instant> keyTimestamp,
+                                 List<String> ipAddresses) {
         cfgEntry.setString("hostname", hostname);
         cfgEntry.setString("wireguardPubkey", key.value());
+        cfgEntry.setLong("wireguardKeyTimestamp", keyTimestamp.orElse(Instant.EPOCH).toEpochMilli());
         NodesResponse.ipAddressesToSlime(ipAddresses, cfgEntry.setArray("ipAddresses"));
     }