Merge pull request #25511 from vespa-engine/olaa/vathenz-enclave-resources

Adds Athenz resource helper functions

4 files changed, 19 insertions, 4 deletions

diff --git a/vespa-athenz/src/main/java/com/yahoo/vespa/athenz/api/AthenzDomain.java b/vespa-athenz/src/main/java/com/yahoo/vespa/athenz/api/AthenzDomain.java
index 155ba8ab66a..d162a1b2e50 100644
--- a/vespa-athenz/src/main/java/com/yahoo/vespa/athenz/api/AthenzDomain.java
+++ b/vespa-athenz/src/main/java/com/yahoo/vespa/athenz/api/AthenzDomain.java
@@ -22,6 +22,11 @@ public class AthenzDomain {
         this.name = name;
     }
 
+    public AthenzDomain(AthenzDomain parentDomain, String subdomain) {
+        validateName(parentDomain.getName() + "." + subdomain);
+        this.name = parentDomain.getName() + "." + subdomain;
+    }
+
     private static void validateName(String name) {
         if (!NAME_PATTERN.matcher(name).matches()) {
             throw new IllegalArgumentException("Not a valid domain name: '" + name + "'");
diff --git a/vespa-athenz/src/main/java/com/yahoo/vespa/athenz/api/AthenzService.java b/vespa-athenz/src/main/java/com/yahoo/vespa/athenz/api/AthenzService.java
index 11dcfa3680e..0ab8ad47e0f 100644
--- a/vespa-athenz/src/main/java/com/yahoo/vespa/athenz/api/AthenzService.java
+++ b/vespa-athenz/src/main/java/com/yahoo/vespa/athenz/api/AthenzService.java
@@ -31,6 +31,10 @@ public class AthenzService implements AthenzIdentity {
         this.serviceName = service.serviceName;
     }
 
+    public AthenzResourceName toResourceName() {
+        return new AthenzResourceName(domain, "service." + serviceName);
+    }
+
     @Override
     public AthenzDomain getDomain() {
         return domain;
diff --git a/vespa-athenz/src/main/java/com/yahoo/vespa/athenz/client/zms/DefaultZmsClient.java b/vespa-athenz/src/main/java/com/yahoo/vespa/athenz/client/zms/DefaultZmsClient.java
index 68a71b9663f..44ea5ef329f 100644
--- a/vespa-athenz/src/main/java/com/yahoo/vespa/athenz/client/zms/DefaultZmsClient.java
+++ b/vespa-athenz/src/main/java/com/yahoo/vespa/athenz/client/zms/DefaultZmsClient.java
@@ -423,13 +423,15 @@ public class DefaultZmsClient extends ClientBase implements ZmsClient {
     }
 
     @Override
-    public void createSubdomain(AthenzDomain parent, String name) {
+    public void createSubdomain(AthenzDomain parent, String name, Map<String, Object> attributes) {
         URI uri = zmsUrl.resolve(String.format("subdomain/%s", parent.getName()));
-        StringEntity entity = toJsonStringEntity(
-                Map.of("name", name,
+        var metaData = new HashMap<String, Object>();
+        metaData.putAll(attributes);
+        metaData.putAll(Map.of("name", name,
                         "parent", parent.getName(),
                         "adminUsers", List.of(identity.getFullName())) // TODO: createSubdomain should receive an adminUsers argument
         );
+        var entity = toJsonStringEntity(metaData);
         var request = RequestBuilder.post(uri)
                 .setEntity(entity)
                 .build();
diff --git a/vespa-athenz/src/main/java/com/yahoo/vespa/athenz/client/zms/ZmsClient.java b/vespa-athenz/src/main/java/com/yahoo/vespa/athenz/client/zms/ZmsClient.java
index be4c6c7ba3b..4342b32e4c8 100644
--- a/vespa-athenz/src/main/java/com/yahoo/vespa/athenz/client/zms/ZmsClient.java
+++ b/vespa-athenz/src/main/java/com/yahoo/vespa/athenz/client/zms/ZmsClient.java
@@ -85,7 +85,11 @@ public interface ZmsClient extends Closeable {
 
     void deleteRole(AthenzRole athenzRole);
 
-    void createSubdomain(AthenzDomain parent, String name);
+    void createSubdomain(AthenzDomain parent, String name, Map<String, Object> attributes);
+
+    default void createSubdomain(AthenzDomain parent, String name) {
+        createSubdomain(parent, name, Map.of());
+    };
 
     AthenzRoleInformation getFullRoleInformation(AthenzRole role);