diff options
11 files changed, 108 insertions, 22 deletions
diff --git a/athenz-identity-provider-service/pom.xml b/athenz-identity-provider-service/pom.xml index 86d4defa861..982cb89f2bf 100644 --- a/athenz-identity-provider-service/pom.xml +++ b/athenz-identity-provider-service/pom.xml @@ -131,6 +131,14 @@ <plugin> <groupId>org.apache.maven.plugins</groupId> <artifactId>maven-compiler-plugin</artifactId> + <configuration> + <compilerArgs> + <arg>-Xlint:all</arg> + <arg>-Xlint:-deprecation</arg> + <arg>-Xlint:-serial</arg> + <arg>-Werror</arg> + </compilerArgs> + </configuration> </plugin> </plugins> </build> diff --git a/athenz-identity-provider-service/src/main/java/com/yahoo/vespa/hosted/athenz/instanceproviderservice/identitydocument/IdentityDocumentGenerator.java b/athenz-identity-provider-service/src/main/java/com/yahoo/vespa/hosted/athenz/instanceproviderservice/identitydocument/IdentityDocumentGenerator.java index ffe604247ae..ffeca67645b 100644 --- a/athenz-identity-provider-service/src/main/java/com/yahoo/vespa/hosted/athenz/instanceproviderservice/identitydocument/IdentityDocumentGenerator.java +++ b/athenz-identity-provider-service/src/main/java/com/yahoo/vespa/hosted/athenz/instanceproviderservice/identitydocument/IdentityDocumentGenerator.java @@ -28,6 +28,7 @@ import java.util.Set; /** * @author mortent + * @author bjorncs */ public class IdentityDocumentGenerator { @@ -70,7 +71,11 @@ public class IdentityDocumentGenerator { toZoneDnsSuffix(zone, zoneConfig.certDnsSuffix()), new AthenzService(zoneConfig.domain(), zoneConfig.serviceName()), URI.create(zoneConfig.ztsUrl()), - SignedIdentityDocument.DEFAULT_DOCUMENT_VERSION); + SignedIdentityDocument.DEFAULT_DOCUMENT_VERSION, + identityDocument.configServerHostname(), + identityDocument.instanceHostname(), + identityDocument.createdAt(), + identityDocument.ipAddresses()); } catch (Exception e) { throw new RuntimeException("Exception generating identity document: " + e.getMessage(), e); } diff --git a/athenz-identity-provider-service/src/test/java/com/yahoo/vespa/hosted/athenz/instanceproviderservice/instanceconfirmation/InstanceValidatorTest.java b/athenz-identity-provider-service/src/test/java/com/yahoo/vespa/hosted/athenz/instanceproviderservice/instanceconfirmation/InstanceValidatorTest.java index 54786c86cd3..1ac9ff6f83a 100644 --- a/athenz-identity-provider-service/src/test/java/com/yahoo/vespa/hosted/athenz/instanceproviderservice/instanceconfirmation/InstanceValidatorTest.java +++ b/athenz-identity-provider-service/src/test/java/com/yahoo/vespa/hosted/athenz/instanceproviderservice/instanceconfirmation/InstanceValidatorTest.java @@ -143,7 +143,11 @@ public class InstanceValidatorTest { "dnssuffix", "service", URI.create("http://localhost/zts"), - 1)); + 1, + identityDocument.configServerHostname, + identityDocument.instanceHostname, + identityDocument.createdAt, + identityDocument.ipAddresses)); } catch (Exception e) { throw new RuntimeException(e); } diff --git a/vespa-athenz/src/main/java/com/yahoo/vespa/athenz/identityprovider/api/EntityBindingsMapper.java b/vespa-athenz/src/main/java/com/yahoo/vespa/athenz/identityprovider/api/EntityBindingsMapper.java index 1504119d9cc..9f065e7285d 100644 --- a/vespa-athenz/src/main/java/com/yahoo/vespa/athenz/identityprovider/api/EntityBindingsMapper.java +++ b/vespa-athenz/src/main/java/com/yahoo/vespa/athenz/identityprovider/api/EntityBindingsMapper.java @@ -54,7 +54,11 @@ public class EntityBindingsMapper { entity.dnsSuffix, (AthenzService) AthenzIdentities.from(entity.providerService), entity.ztsEndpoint, - entity.documentVersion); + entity.documentVersion, + entity.configServerHostname, + entity.instanceHostname, + entity.createdAt, + entity.ipAddresses); } public static VespaUniqueInstanceIdEntity toVespaUniqueInstanceIdEntity(VespaUniqueInstanceId model) { @@ -84,7 +88,11 @@ public class EntityBindingsMapper { model.dnsSuffix(), model.providerService().getFullName(), model.ztsEndpoint(), - model.documentVersion()); + model.documentVersion(), + model.configServerHostname(), + model.instanceHostname(), + model.createdAt(), + model.ipAddresses()); } catch (JsonProcessingException e) { throw new RuntimeException(e); } diff --git a/vespa-athenz/src/main/java/com/yahoo/vespa/athenz/identityprovider/api/IdentityDocument.java b/vespa-athenz/src/main/java/com/yahoo/vespa/athenz/identityprovider/api/IdentityDocument.java index 8da2bd0a343..82d0a3d622c 100644 --- a/vespa-athenz/src/main/java/com/yahoo/vespa/athenz/identityprovider/api/IdentityDocument.java +++ b/vespa-athenz/src/main/java/com/yahoo/vespa/athenz/identityprovider/api/IdentityDocument.java @@ -8,7 +8,9 @@ import java.util.Set; * The identity document that contains the instance specific information * * @author bjorncs + * @deprecated Will soon be inlined into {@link SignedIdentityDocument} */ +@Deprecated public class IdentityDocument { private final VespaUniqueInstanceId providerUniqueId; private final String configServerHostname; diff --git a/vespa-athenz/src/main/java/com/yahoo/vespa/athenz/identityprovider/api/SignedIdentityDocument.java b/vespa-athenz/src/main/java/com/yahoo/vespa/athenz/identityprovider/api/SignedIdentityDocument.java index d184efc0221..6372c2202f0 100644 --- a/vespa-athenz/src/main/java/com/yahoo/vespa/athenz/identityprovider/api/SignedIdentityDocument.java +++ b/vespa-athenz/src/main/java/com/yahoo/vespa/athenz/identityprovider/api/SignedIdentityDocument.java @@ -4,6 +4,8 @@ package com.yahoo.vespa.athenz.identityprovider.api; import com.yahoo.vespa.athenz.api.AthenzService; import java.net.URI; +import java.time.Instant; +import java.util.Set; /** * A signed identity document which contains a {@link IdentityDocument} @@ -22,6 +24,10 @@ public class SignedIdentityDocument { private final AthenzService providerService; private final URI ztsEndpoint; private final int documentVersion; + private final String configServerHostname; + private final String instanceHostname; + private final Instant createdAt; + private final Set<String> ipAddresses; public SignedIdentityDocument(IdentityDocument identityDocument, String signature, @@ -30,7 +36,11 @@ public class SignedIdentityDocument { String dnsSuffix, AthenzService providerService, URI ztsEndpoint, - int documentVersion) { + int documentVersion, + String configServerHostname, + String instanceHostname, + Instant createdAt, + Set<String> ipAddresses) { this.identityDocument = identityDocument; this.signature = signature; this.signingKeyVersion = signingKeyVersion; @@ -39,6 +49,10 @@ public class SignedIdentityDocument { this.providerService = providerService; this.ztsEndpoint = ztsEndpoint; this.documentVersion = documentVersion; + this.configServerHostname = configServerHostname; + this.instanceHostname = instanceHostname; + this.createdAt = createdAt; + this.ipAddresses = ipAddresses; } public IdentityDocument identityDocument() { @@ -72,4 +86,20 @@ public class SignedIdentityDocument { public int documentVersion() { return documentVersion; } + + public String configServerHostname() { + return configServerHostname; + } + + public String instanceHostname() { + return instanceHostname; + } + + public Instant createdAt() { + return createdAt; + } + + public Set<String> ipAddresses() { + return ipAddresses; + } } diff --git a/vespa-athenz/src/main/java/com/yahoo/vespa/athenz/identityprovider/api/bindings/IdentityDocumentEntity.java b/vespa-athenz/src/main/java/com/yahoo/vespa/athenz/identityprovider/api/bindings/IdentityDocumentEntity.java index 58a4f1e24bf..b4b2e82ab0e 100644 --- a/vespa-athenz/src/main/java/com/yahoo/vespa/athenz/identityprovider/api/bindings/IdentityDocumentEntity.java +++ b/vespa-athenz/src/main/java/com/yahoo/vespa/athenz/identityprovider/api/bindings/IdentityDocumentEntity.java @@ -10,8 +10,10 @@ import java.util.Set; /** * @author bjorncs + * @deprecated Will soon be inlined into {@link SignedIdentityDocumentEntity} */ @JsonIgnoreProperties(ignoreUnknown = true) +@Deprecated public class IdentityDocumentEntity { @JsonProperty("provider-unique-id") diff --git a/vespa-athenz/src/main/java/com/yahoo/vespa/athenz/identityprovider/api/bindings/SignedIdentityDocumentEntity.java b/vespa-athenz/src/main/java/com/yahoo/vespa/athenz/identityprovider/api/bindings/SignedIdentityDocumentEntity.java index e397b81ef9e..5b8ea681b25 100644 --- a/vespa-athenz/src/main/java/com/yahoo/vespa/athenz/identityprovider/api/bindings/SignedIdentityDocumentEntity.java +++ b/vespa-athenz/src/main/java/com/yahoo/vespa/athenz/identityprovider/api/bindings/SignedIdentityDocumentEntity.java @@ -11,8 +11,10 @@ import com.fasterxml.jackson.datatype.jsr310.JavaTimeModule; import java.io.IOException; import java.io.UncheckedIOException; import java.net.URI; +import java.time.Instant; import java.util.Base64; import java.util.Objects; +import java.util.Set; /** * @author bjorncs @@ -31,6 +33,10 @@ public class SignedIdentityDocumentEntity { @JsonProperty("provider-service") public final String providerService; @JsonProperty("zts-endpoint") public final URI ztsEndpoint; @JsonProperty("document-version") public final int documentVersion; + @JsonProperty("configserver-hostname") public final String configServerHostname; + @JsonProperty("instance-hostname") public final String instanceHostname; + @JsonProperty("created-at") public final Instant createdAt; + @JsonProperty("ip-addresses") public final Set<String> ipAddresses; @JsonCreator public SignedIdentityDocumentEntity(@JsonProperty("identity-document") String rawIdentityDocument, @@ -40,7 +46,11 @@ public class SignedIdentityDocumentEntity { @JsonProperty("dns-suffix") String dnsSuffix, @JsonProperty("provider-service") String providerService, @JsonProperty("zts-endpoint") URI ztsEndpoint, - @JsonProperty("document-version") int documentVersion) { + @JsonProperty("document-version") int documentVersion, + @JsonProperty("configserver-hostname") String configServerHostname, + @JsonProperty("instance-hostname") String instanceHostname, + @JsonProperty("created-at") Instant createdAt, + @JsonProperty("ip-addresses") Set<String> ipAddresses) { this.rawIdentityDocument = rawIdentityDocument; this.identityDocument = parseIdentityDocument(rawIdentityDocument); this.signature = signature; @@ -50,6 +60,10 @@ public class SignedIdentityDocumentEntity { this.providerService = providerService; this.ztsEndpoint = ztsEndpoint; this.documentVersion = documentVersion; + this.configServerHostname = configServerHostname; + this.instanceHostname = instanceHostname; + this.createdAt = createdAt; + this.ipAddresses = ipAddresses; } private static IdentityDocumentEntity parseIdentityDocument(String rawIdentityDocument) { @@ -73,7 +87,15 @@ public class SignedIdentityDocumentEntity { ", identityDocument=" + identityDocument + ", signature='" + signature + '\'' + ", signingKeyVersion=" + signingKeyVersion + + ", providerUniqueId='" + providerUniqueId + '\'' + + ", dnsSuffix='" + dnsSuffix + '\'' + + ", providerService='" + providerService + '\'' + + ", ztsEndpoint=" + ztsEndpoint + ", documentVersion=" + documentVersion + + ", configServerHostname='" + configServerHostname + '\'' + + ", instanceHostname='" + instanceHostname + '\'' + + ", createdAt=" + createdAt + + ", ipAddresses=" + ipAddresses + '}'; } @@ -86,11 +108,22 @@ public class SignedIdentityDocumentEntity { documentVersion == that.documentVersion && Objects.equals(rawIdentityDocument, that.rawIdentityDocument) && Objects.equals(identityDocument, that.identityDocument) && - Objects.equals(signature, that.signature); + Objects.equals(signature, that.signature) && + Objects.equals(providerUniqueId, that.providerUniqueId) && + Objects.equals(dnsSuffix, that.dnsSuffix) && + Objects.equals(providerService, that.providerService) && + Objects.equals(ztsEndpoint, that.ztsEndpoint) && + Objects.equals(configServerHostname, that.configServerHostname) && + Objects.equals(instanceHostname, that.instanceHostname) && + Objects.equals(createdAt, that.createdAt) && + Objects.equals(ipAddresses, that.ipAddresses); } @Override public int hashCode() { - return Objects.hash(rawIdentityDocument, identityDocument, signature, signingKeyVersion, documentVersion); + + return Objects.hash(rawIdentityDocument, identityDocument, signature, signingKeyVersion, providerUniqueId, + dnsSuffix, providerService, ztsEndpoint, documentVersion, configServerHostname, + instanceHostname, createdAt, ipAddresses); } } diff --git a/vespa-athenz/src/main/java/com/yahoo/vespa/athenz/identityprovider/client/AthenzCredentialsService.java b/vespa-athenz/src/main/java/com/yahoo/vespa/athenz/identityprovider/client/AthenzCredentialsService.java index 96e93ca419d..e8ef2d9f97e 100644 --- a/vespa-athenz/src/main/java/com/yahoo/vespa/athenz/identityprovider/client/AthenzCredentialsService.java +++ b/vespa-athenz/src/main/java/com/yahoo/vespa/athenz/identityprovider/client/AthenzCredentialsService.java @@ -2,6 +2,7 @@ package com.yahoo.vespa.athenz.identityprovider.client; import com.fasterxml.jackson.databind.ObjectMapper; +import com.fasterxml.jackson.datatype.jsr310.JavaTimeModule; import com.yahoo.container.core.identity.IdentityConfig; import com.yahoo.vespa.athenz.api.AthenzService; import com.yahoo.vespa.athenz.identityprovider.api.EntityBindingsMapper; @@ -28,7 +29,7 @@ import static com.yahoo.vespa.athenz.tls.KeyStoreType.JKS; */ class AthenzCredentialsService { - private static final ObjectMapper mapper = new ObjectMapper(); + private static final ObjectMapper mapper = new ObjectMapper().registerModule(new JavaTimeModule()); private final IdentityConfig identityConfig; private final IdentityDocumentClient identityDocumentClient; diff --git a/vespa-athenz/src/main/java/com/yahoo/vespa/athenz/identityprovider/client/DefaultIdentityDocumentClient.java b/vespa-athenz/src/main/java/com/yahoo/vespa/athenz/identityprovider/client/DefaultIdentityDocumentClient.java index 90d1312c9f9..f92956f7961 100644 --- a/vespa-athenz/src/main/java/com/yahoo/vespa/athenz/identityprovider/client/DefaultIdentityDocumentClient.java +++ b/vespa-athenz/src/main/java/com/yahoo/vespa/athenz/identityprovider/client/DefaultIdentityDocumentClient.java @@ -2,14 +2,11 @@ package com.yahoo.vespa.athenz.identityprovider.client; import com.fasterxml.jackson.databind.ObjectMapper; -import com.yahoo.vespa.athenz.api.AthenzService; import com.yahoo.vespa.athenz.identity.ServiceIdentityProvider; import com.yahoo.vespa.athenz.identityprovider.api.EntityBindingsMapper; import com.yahoo.vespa.athenz.identityprovider.api.IdentityDocumentClient; import com.yahoo.vespa.athenz.identityprovider.api.SignedIdentityDocument; -import com.yahoo.vespa.athenz.identityprovider.api.VespaUniqueInstanceId; import com.yahoo.vespa.athenz.identityprovider.api.bindings.SignedIdentityDocumentEntity; -import com.yahoo.vespa.athenz.utils.AthenzIdentities; import org.apache.http.client.methods.CloseableHttpResponse; import org.apache.http.client.methods.HttpUriRequest; import org.apache.http.client.methods.RequestBuilder; @@ -82,15 +79,7 @@ public class DefaultIdentityDocumentClient implements IdentityDocumentClient { String responseContent = EntityUtils.toString(response.getEntity()); if (HttpStatus.isSuccess(response.getStatusLine().getStatusCode())) { SignedIdentityDocumentEntity entity = objectMapper.readValue(responseContent, SignedIdentityDocumentEntity.class); - return new SignedIdentityDocument( - EntityBindingsMapper.toIdentityDocument(entity.identityDocument), - entity.signature, - entity.signingKeyVersion, - VespaUniqueInstanceId.fromDottedString(entity.providerUniqueId), - entity.dnsSuffix, - (AthenzService) AthenzIdentities.from(entity.providerService), - entity.ztsEndpoint, - entity.documentVersion); + return EntityBindingsMapper.toSignedIdentityDocument(entity); } else { throw new RuntimeException( String.format( diff --git a/vespa-athenz/src/test/java/com/yahoo/vespa/athenz/identityprovider/client/AthenzIdentityProviderImplTest.java b/vespa-athenz/src/test/java/com/yahoo/vespa/athenz/identityprovider/client/AthenzIdentityProviderImplTest.java index 2e9b29f5327..a84435f2982 100644 --- a/vespa-athenz/src/test/java/com/yahoo/vespa/athenz/identityprovider/client/AthenzIdentityProviderImplTest.java +++ b/vespa-athenz/src/test/java/com/yahoo/vespa/athenz/identityprovider/client/AthenzIdentityProviderImplTest.java @@ -141,7 +141,11 @@ public class AthenzIdentityProviderImplTest { "dev-us-north-1.vespa.cloud", new AthenzService("vespa.vespa.provider_dev_us-north-1"), URI.create("https://zts:4443/zts/v1"), - 1); + 1, + "localhost", + "x.y.com", + Instant.EPOCH, + Collections.emptySet()); return new ObjectMapper().registerModule(new JavaTimeModule()) .writeValueAsString(EntityBindingsMapper.toSignedIdentityDocumentEntity(signedIdentityDocument)); |