diff options
author | Morten Tokle <mortent@verizonmedia.com> | 2020-02-03 13:32:52 +0100 |
---|---|---|
committer | Morten Tokle <mortent@verizonmedia.com> | 2020-02-03 13:32:52 +0100 |
commit | d7552d8f13cdf7b8b997f2fa468f8c03abaa9e85 (patch) | |
tree | ad9e21d7515ff8e24f360a1a5151183226de996b /vespa-athenz | |
parent | 57496f95277de1527876eac773e88f18edaac005 (diff) |
Support Athenz access tokens
Diffstat (limited to 'vespa-athenz')
-rw-r--r-- | vespa-athenz/src/main/java/com/yahoo/vespa/athenz/identityprovider/client/AthenzIdentityProviderImpl.java | 27 |
1 files changed, 27 insertions, 0 deletions
diff --git a/vespa-athenz/src/main/java/com/yahoo/vespa/athenz/identityprovider/client/AthenzIdentityProviderImpl.java b/vespa-athenz/src/main/java/com/yahoo/vespa/athenz/identityprovider/client/AthenzIdentityProviderImpl.java index bea9af458b4..5d6f0e3ce16 100644 --- a/vespa-athenz/src/main/java/com/yahoo/vespa/athenz/identityprovider/client/AthenzIdentityProviderImpl.java +++ b/vespa-athenz/src/main/java/com/yahoo/vespa/athenz/identityprovider/client/AthenzIdentityProviderImpl.java @@ -16,6 +16,7 @@ import com.yahoo.security.KeyStoreType; import com.yahoo.security.Pkcs10Csr; import com.yahoo.security.SslContextBuilder; import com.yahoo.security.tls.MutableX509KeyManager; +import com.yahoo.vespa.athenz.api.AthenzAccessToken; import com.yahoo.vespa.athenz.api.AthenzDomain; import com.yahoo.vespa.athenz.api.AthenzRole; import com.yahoo.vespa.athenz.api.AthenzService; @@ -84,6 +85,8 @@ public final class AthenzIdentityProviderImpl extends AbstractComponent implemen private final LoadingCache<AthenzRole, SSLContext> roleSslContextCache; private final LoadingCache<AthenzRole, ZToken> roleSpecificRoleTokenCache; private final LoadingCache<AthenzDomain, ZToken> domainSpecificRoleTokenCache; + private final LoadingCache<AthenzDomain, AthenzAccessToken> domainSpecificAccessTokenCache; + private final LoadingCache<List<AthenzRole>, AthenzAccessToken> roleSpecificAccessTokenCache; private final CsrGenerator csrGenerator; @Inject @@ -116,6 +119,8 @@ public final class AthenzIdentityProviderImpl extends AbstractComponent implemen roleSslContextCache = createCache(ROLE_SSL_CONTEXT_EXPIRY, this::createRoleSslContext); roleSpecificRoleTokenCache = createCache(ROLE_TOKEN_EXPIRY, this::createRoleToken); domainSpecificRoleTokenCache = createCache(ROLE_TOKEN_EXPIRY, this::createRoleToken); + domainSpecificAccessTokenCache = createCache(ROLE_TOKEN_EXPIRY, this::createAccessToken); + roleSpecificAccessTokenCache = createCache(ROLE_TOKEN_EXPIRY, this::createAccessToken); this.csrGenerator = new CsrGenerator(config.athenzDnsSuffix(), config.configserverIdentityName()); this.identitySslContext = createIdentitySslContext(identityKeyManager, trustStore); registerInstance(); @@ -199,6 +204,16 @@ public final class AthenzIdentityProviderImpl extends AbstractComponent implemen } @Override + public String getAccessToken(String domain) { + return null; + } + + @Override + public String getAccessToken(String domain, List<String> roles) { + return null; + } + + @Override public PrivateKey getPrivateKey() { return credentials.getKeyPair().getPrivate(); } @@ -240,6 +255,18 @@ public final class AthenzIdentityProviderImpl extends AbstractComponent implemen } } + private AthenzAccessToken createAccessToken(AthenzDomain domain) { + try (ZtsClient client = createZtsClient()) { + return client.getAccessToken(domain); + } + } + + private AthenzAccessToken createAccessToken(List<AthenzRole> roles) { + try (ZtsClient client = createZtsClient()) { + return client.getAccessToken(roles); + } + } + private DefaultZtsClient createZtsClient() { return new DefaultZtsClient(ztsEndpoint, getIdentitySslContext()); } |