Revert "Revert "Revert "Revert "Jonmv/reapply upgrade athenz""""

2 files changed, 35 insertions, 1 deletions

diff --git a/vespa-athenz/pom.xml b/vespa-athenz/pom.xml
index 7d2ad924ae3..653eb58d76d 100644
--- a/vespa-athenz/pom.xml
+++ b/vespa-athenz/pom.xml
@@ -65,6 +65,14 @@
                 </exclusion>
                 <!--Exclude all Jackson bundles provided by JDisc -->
                 <exclusion>
+                    <groupId>jakarta.activation</groupId>
+                    <artifactId>jakarta.activation-api</artifactId>
+                </exclusion>
+                <exclusion>
+                    <groupId>jakarta.xml.bind</groupId>
+                    <artifactId>jakarta.xml.bind-api</artifactId>
+                </exclusion>
+                <exclusion>
                     <groupId>com.fasterxml.jackson.core</groupId>
                     <artifactId>jackson-core</artifactId>
                 </exclusion>
@@ -78,6 +86,22 @@
                 </exclusion>
             </exclusions>
         </dependency>
+        <dependency> <!-- needed by auth-core -->
+            <groupId>io.jsonwebtoken</groupId>
+            <artifactId>jjwt-impl</artifactId>
+            <scope>compile</scope>
+        </dependency>
+        <dependency> <!-- needed by auth-core -->
+            <groupId>io.jsonwebtoken</groupId>
+            <artifactId>jjwt-jackson</artifactId>
+            <scope>compile</scope>
+            <exclusions>
+                <exclusion>
+                    <groupId>com.fasterxml.jackson.core</groupId>
+                    <artifactId>jackson-databind</artifactId>
+                </exclusion>
+            </exclusions>
+        </dependency>
         <dependency>
             <groupId>com.yahoo.athenz</groupId>
             <artifactId>athenz-zpe-java-client</artifactId>
diff --git a/vespa-athenz/src/main/java/com/yahoo/vespa/athenz/aws/AwsCredentials.java b/vespa-athenz/src/main/java/com/yahoo/vespa/athenz/aws/AwsCredentials.java
index 30ff63fb108..b5473929184 100644
--- a/vespa-athenz/src/main/java/com/yahoo/vespa/athenz/aws/AwsCredentials.java
+++ b/vespa-athenz/src/main/java/com/yahoo/vespa/athenz/aws/AwsCredentials.java
@@ -25,12 +25,18 @@ public class AwsCredentials {
     private final AthenzDomain athenzDomain;
     private final AwsRole awsRole;
     private final ZtsClient ztsClient;
+    private final String externalId;
     private volatile AwsTemporaryCredentials credentials;
 
     public AwsCredentials(ZtsClient ztsClient, AthenzDomain athenzDomain, AwsRole awsRole) {
+        this(ztsClient, athenzDomain, awsRole, null);
+    }
+
+    public AwsCredentials(ZtsClient ztsClient, AthenzDomain athenzDomain, AwsRole awsRole, String externalId) {
         this.ztsClient = ztsClient;
         this.athenzDomain = athenzDomain;
         this.awsRole = awsRole;
+        this.externalId = externalId;
         this.credentials = get();
     }
 
@@ -42,12 +48,16 @@ public class AwsCredentials {
         this(new DefaultZtsClient.Builder(ztsUrl).withSslContext(sslContext).build(), athenzDomain, awsRole);
     }
 
+    public AwsCredentials(URI ztsUrl, SSLContext sslContext, AthenzDomain athenzDomain, AwsRole awsRole, String externalId) {
+        this(new DefaultZtsClient.Builder(ztsUrl).withSslContext(sslContext).build(), athenzDomain, awsRole, externalId);
+    }
+
     /**
      * Requests temporary credentials from ZTS or return cached credentials
      */
     public AwsTemporaryCredentials get() {
         if(shouldRefresh(credentials)) {
-            this.credentials = ztsClient.getAwsTemporaryCredentials(athenzDomain, awsRole);
+            this.credentials = ztsClient.getAwsTemporaryCredentials(athenzDomain, awsRole, externalId);
         }
         return credentials;
     }