Control rollout of new identity document layout with feature flag

author: Morten Tokle <mortent@yahooinc.com> 2023-04-25 08:25:34 +0200
committer: Morten Tokle <mortent@yahooinc.com> 2023-04-25 08:25:34 +0200
commit: e82bbf3d3437008aaaaabac1c2359ba1300ea84c (patch)
tree: fc693bd4903c5715774f2e393107188534d806c0 /vespa-athenz/src
parent: df7289aa922a76c1e47fd9759453ef4b9e03ce02 (diff)
3 files changed, 12 insertions, 9 deletions
diff --git a/vespa-athenz/src/main/java/com/yahoo/vespa/athenz/identityprovider/api/IdentityDocumentClient.java b/vespa-athenz/src/main/java/com/yahoo/vespa/athenz/identityprovider/api/IdentityDocumentClient.java
index 5a0f77ec765..0e13cba8de9 100644
--- a/vespa-athenz/src/main/java/com/yahoo/vespa/athenz/identityprovider/api/IdentityDocumentClient.java
+++ b/vespa-athenz/src/main/java/com/yahoo/vespa/athenz/identityprovider/api/IdentityDocumentClient.java
@@ -1,12 +1,14 @@
 // Copyright Yahoo. Licensed under the terms of the Apache 2.0 license. See LICENSE in the project root.
 package com.yahoo.vespa.athenz.identityprovider.api;
 
+import java.util.OptionalInt;
+
 /**
  * A client that communicates that fetches an identity document.
  *
  * @author bjorncs
  */
 public interface IdentityDocumentClient {
-    SignedIdentityDocument getNodeIdentityDocument(String host);
-    SignedIdentityDocument getTenantIdentityDocument(String host);
+    SignedIdentityDocument getNodeIdentityDocument(String host, int documentVersion);
+    SignedIdentityDocument getTenantIdentityDocument(String host, int documentVersion);
 }
diff --git a/vespa-athenz/src/main/java/com/yahoo/vespa/athenz/identityprovider/client/AthenzCredentialsService.java b/vespa-athenz/src/main/java/com/yahoo/vespa/athenz/identityprovider/client/AthenzCredentialsService.java
index 6b167dcde21..1858653c9b4 100644
--- a/vespa-athenz/src/main/java/com/yahoo/vespa/athenz/identityprovider/client/AthenzCredentialsService.java
+++ b/vespa-athenz/src/main/java/com/yahoo/vespa/athenz/identityprovider/client/AthenzCredentialsService.java
@@ -75,7 +75,8 @@ class AthenzCredentialsService {
         }
         KeyPair keyPair = KeyUtils.generateKeypair(KeyAlgorithm.RSA);
         IdentityDocumentClient identityDocumentClient = createIdentityDocumentClient();
-        SignedIdentityDocument signedDocument = identityDocumentClient.getTenantIdentityDocument(hostname);
+        // Use legacy version for now.
+        SignedIdentityDocument signedDocument = identityDocumentClient.getTenantIdentityDocument(hostname, SignedIdentityDocument.LEGACY_DEFAULT_DOCUMENT_VERSION);
         IdentityDocument document = signedDocument.identityDocument();
         Pkcs10Csr csr = csrGenerator.generateInstanceCsr(
                 tenantIdentity,
diff --git a/vespa-athenz/src/main/java/com/yahoo/vespa/athenz/identityprovider/client/DefaultIdentityDocumentClient.java b/vespa-athenz/src/main/java/com/yahoo/vespa/athenz/identityprovider/client/DefaultIdentityDocumentClient.java
index 36ae978c853..48fc021dced 100644
--- a/vespa-athenz/src/main/java/com/yahoo/vespa/athenz/identityprovider/client/DefaultIdentityDocumentClient.java
+++ b/vespa-athenz/src/main/java/com/yahoo/vespa/athenz/identityprovider/client/DefaultIdentityDocumentClient.java
@@ -56,16 +56,16 @@ public class DefaultIdentityDocumentClient implements IdentityDocumentClient {
     }
 
     @Override
-    public SignedIdentityDocument getNodeIdentityDocument(String host) {
-        return getIdentityDocument(host, "node");
+    public SignedIdentityDocument getNodeIdentityDocument(String host, int documentVersion) {
+        return getIdentityDocument(host, "node", documentVersion);
     }
 
     @Override
-    public SignedIdentityDocument getTenantIdentityDocument(String host) {
-        return getIdentityDocument(host, "tenant");
+    public SignedIdentityDocument getTenantIdentityDocument(String host, int documentVersion) {
+        return getIdentityDocument(host, "tenant", documentVersion);
     }
 
-    private SignedIdentityDocument getIdentityDocument(String host, String type) {
+    private SignedIdentityDocument getIdentityDocument(String host, String type, int documentVersion) {
 
         try (CloseableHttpClient client = createHttpClient(sslContextSupplier.get(), hostnameVerifier)) {
             URI uri = configserverUri
@@ -76,7 +76,7 @@ public class DefaultIdentityDocumentClient implements IdentityDocumentClient {
                     .setUri(uri)
                     .addHeader("Connection", "close")
                     .addHeader("Accept", "application/json")
-                    .addParameter("documentVersion", Integer.toString(SignedIdentityDocument.DEFAULT_DOCUMENT_VERSION))
+                    .addParameter("documentVersion", Integer.toString(documentVersion))
                     .build();
             try (CloseableHttpResponse response = client.execute(request)) {
                 String responseContent = EntityUtils.toString(response.getEntity());
author	Morten Tokle <mortent@yahooinc.com>	2023-04-25 08:25:34 +0200
committer	Morten Tokle <mortent@yahooinc.com>	2023-04-25 08:25:34 +0200
commit	e82bbf3d3437008aaaaabac1c2359ba1300ea84c (patch)
tree	fc693bd4903c5715774f2e393107188534d806c0 /vespa-athenz/src
parent	df7289aa922a76c1e47fd9759453ef4b9e03ce02 (diff)