diff options
author | Jon Marius Venstad <jonmv@users.noreply.github.com> | 2021-04-13 15:05:47 +0200 |
---|---|---|
committer | GitHub <noreply@github.com> | 2021-04-13 15:05:47 +0200 |
commit | bdf32ef2914e03d4323f3df64b99f6a3a37fe851 (patch) | |
tree | 9ad3e16526d97cde7eb4b5ea4391231ba59c503d /vespa-athenz | |
parent | 19001d242d5990b769bff7e0171ad94fb6da07e1 (diff) |
Revert "Revert "Jonmv/reapply upgrade athenz""
Diffstat (limited to 'vespa-athenz')
-rw-r--r-- | vespa-athenz/pom.xml | 24 | ||||
-rw-r--r-- | vespa-athenz/src/main/java/com/yahoo/vespa/athenz/aws/AwsCredentials.java | 12 |
2 files changed, 35 insertions, 1 deletions
diff --git a/vespa-athenz/pom.xml b/vespa-athenz/pom.xml index 7d2ad924ae3..653eb58d76d 100644 --- a/vespa-athenz/pom.xml +++ b/vespa-athenz/pom.xml @@ -65,6 +65,14 @@ </exclusion> <!--Exclude all Jackson bundles provided by JDisc --> <exclusion> + <groupId>jakarta.activation</groupId> + <artifactId>jakarta.activation-api</artifactId> + </exclusion> + <exclusion> + <groupId>jakarta.xml.bind</groupId> + <artifactId>jakarta.xml.bind-api</artifactId> + </exclusion> + <exclusion> <groupId>com.fasterxml.jackson.core</groupId> <artifactId>jackson-core</artifactId> </exclusion> @@ -78,6 +86,22 @@ </exclusion> </exclusions> </dependency> + <dependency> <!-- needed by auth-core --> + <groupId>io.jsonwebtoken</groupId> + <artifactId>jjwt-impl</artifactId> + <scope>compile</scope> + </dependency> + <dependency> <!-- needed by auth-core --> + <groupId>io.jsonwebtoken</groupId> + <artifactId>jjwt-jackson</artifactId> + <scope>compile</scope> + <exclusions> + <exclusion> + <groupId>com.fasterxml.jackson.core</groupId> + <artifactId>jackson-databind</artifactId> + </exclusion> + </exclusions> + </dependency> <dependency> <groupId>com.yahoo.athenz</groupId> <artifactId>athenz-zpe-java-client</artifactId> diff --git a/vespa-athenz/src/main/java/com/yahoo/vespa/athenz/aws/AwsCredentials.java b/vespa-athenz/src/main/java/com/yahoo/vespa/athenz/aws/AwsCredentials.java index 30ff63fb108..b5473929184 100644 --- a/vespa-athenz/src/main/java/com/yahoo/vespa/athenz/aws/AwsCredentials.java +++ b/vespa-athenz/src/main/java/com/yahoo/vespa/athenz/aws/AwsCredentials.java @@ -25,12 +25,18 @@ public class AwsCredentials { private final AthenzDomain athenzDomain; private final AwsRole awsRole; private final ZtsClient ztsClient; + private final String externalId; private volatile AwsTemporaryCredentials credentials; public AwsCredentials(ZtsClient ztsClient, AthenzDomain athenzDomain, AwsRole awsRole) { + this(ztsClient, athenzDomain, awsRole, null); + } + + public AwsCredentials(ZtsClient ztsClient, AthenzDomain athenzDomain, AwsRole awsRole, String externalId) { this.ztsClient = ztsClient; this.athenzDomain = athenzDomain; this.awsRole = awsRole; + this.externalId = externalId; this.credentials = get(); } @@ -42,12 +48,16 @@ public class AwsCredentials { this(new DefaultZtsClient.Builder(ztsUrl).withSslContext(sslContext).build(), athenzDomain, awsRole); } + public AwsCredentials(URI ztsUrl, SSLContext sslContext, AthenzDomain athenzDomain, AwsRole awsRole, String externalId) { + this(new DefaultZtsClient.Builder(ztsUrl).withSslContext(sslContext).build(), athenzDomain, awsRole, externalId); + } + /** * Requests temporary credentials from ZTS or return cached credentials */ public AwsTemporaryCredentials get() { if(shouldRefresh(credentials)) { - this.credentials = ztsClient.getAwsTemporaryCredentials(athenzDomain, awsRole); + this.credentials = ztsClient.getAwsTemporaryCredentials(athenzDomain, awsRole, externalId); } return credentials; } |