diff options
4 files changed, 28 insertions, 18 deletions
diff --git a/athenz-identity-provider-service/src/main/java/com/yahoo/vespa/hosted/athenz/instanceproviderservice/AthenzInstanceProviderService.java b/athenz-identity-provider-service/src/main/java/com/yahoo/vespa/hosted/athenz/instanceproviderservice/AthenzInstanceProviderService.java index 301d6250b31..38d7a999efd 100644 --- a/athenz-identity-provider-service/src/main/java/com/yahoo/vespa/hosted/athenz/instanceproviderservice/AthenzInstanceProviderService.java +++ b/athenz-identity-provider-service/src/main/java/com/yahoo/vespa/hosted/athenz/instanceproviderservice/AthenzInstanceProviderService.java @@ -8,12 +8,13 @@ import com.yahoo.athenz.auth.util.Crypto; import com.yahoo.athenz.zts.InstanceRefreshRequest; import com.yahoo.athenz.zts.ZTSClient; import com.yahoo.component.AbstractComponent; +import com.yahoo.config.provision.SystemName; import com.yahoo.config.provision.Zone; import com.yahoo.jdisc.http.ssl.ReaderForPath; import com.yahoo.jdisc.http.ssl.pem.PemKeyStore; import com.yahoo.jdisc.http.ssl.pem.PemSslKeyStore; import com.yahoo.log.LogLevel; -import com.yahoo.vespa.hosted.athenz.identityproviderservice.config.AthenzProviderServiceConfig; +import com.yahoo.vespa.hosted.athenz.instanceproviderservice.config.AthenzProviderServiceConfig; import com.yahoo.vespa.hosted.athenz.instanceproviderservice.impl.FileBackedKeyProvider; import com.yahoo.vespa.hosted.athenz.instanceproviderservice.impl.IdentityDocumentGenerator; import com.yahoo.vespa.hosted.athenz.instanceproviderservice.impl.InstanceValidator; @@ -56,17 +57,23 @@ public class AthenzInstanceProviderService extends AbstractComponent { AthenzInstanceProviderService(AthenzProviderServiceConfig config, KeyProvider keyProvider, ScheduledExecutorService scheduler, NodeRepository nodeRepository, Zone zone) { - this.scheduler = scheduler; - SslContextFactory sslContextFactory = createSslContextFactory(); - this.jetty = createJettyServer(config, keyProvider, sslContextFactory, - nodeRepository, zone); - AthenzCertificateUpdater reloader = new AthenzCertificateUpdater( - sslContextFactory, keyProvider, config); - scheduler.scheduleAtFixedRate(reloader, 0, 1, TimeUnit.DAYS); - try { - jetty.start(); - } catch (Exception e) { - throw new RuntimeException(e); + // TODO: Enable for all systems. Currently enabled for CD system only + if (SystemName.cd.equals(zone.system())) { + this.scheduler = scheduler; + SslContextFactory sslContextFactory = createSslContextFactory(); + this.jetty = createJettyServer(config, keyProvider, sslContextFactory, + nodeRepository, zone); + AthenzCertificateUpdater reloader = new AthenzCertificateUpdater( + sslContextFactory, keyProvider, config); + scheduler.scheduleAtFixedRate(reloader, 0, 1, TimeUnit.DAYS); + try { + jetty.start(); + } catch (Exception e) { + throw new RuntimeException(e); + } + } else { + this.scheduler = null; + this.jetty = null; } } @@ -165,10 +172,13 @@ public class AthenzInstanceProviderService extends AbstractComponent { @Override public void deconstruct() { try { + // TODO: Fix deconstruct when setup properly in all zones log.log(LogLevel.INFO, "Deconstructing Athenz provider service"); - scheduler.shutdown(); - jetty.stop(); - if (!scheduler.awaitTermination(1, TimeUnit.MINUTES)) { + if(scheduler != null) + scheduler.shutdown(); + if(jetty !=null) + jetty.stop(); + if (scheduler != null && !scheduler.awaitTermination(1, TimeUnit.MINUTES)) { log.log(LogLevel.ERROR, "Failed to stop certificate updater"); } } catch (InterruptedException e) { diff --git a/athenz-identity-provider-service/src/main/java/com/yahoo/vespa/hosted/athenz/instanceproviderservice/impl/IdentityDocumentGenerator.java b/athenz-identity-provider-service/src/main/java/com/yahoo/vespa/hosted/athenz/instanceproviderservice/impl/IdentityDocumentGenerator.java index 2284f63aba5..4669563d8df 100644 --- a/athenz-identity-provider-service/src/main/java/com/yahoo/vespa/hosted/athenz/instanceproviderservice/impl/IdentityDocumentGenerator.java +++ b/athenz-identity-provider-service/src/main/java/com/yahoo/vespa/hosted/athenz/instanceproviderservice/impl/IdentityDocumentGenerator.java @@ -3,7 +3,7 @@ package com.yahoo.vespa.hosted.athenz.instanceproviderservice.impl; import com.yahoo.athenz.auth.util.Crypto; import com.yahoo.config.provision.Zone; -import com.yahoo.vespa.hosted.athenz.identityproviderservice.config.AthenzProviderServiceConfig; +import com.yahoo.vespa.hosted.athenz.instanceproviderservice.config.AthenzProviderServiceConfig; import com.yahoo.vespa.hosted.athenz.instanceproviderservice.impl.model.IdentityDocument; import com.yahoo.vespa.hosted.athenz.instanceproviderservice.impl.model.ProviderUniqueId; import com.yahoo.vespa.hosted.athenz.instanceproviderservice.impl.model.SignedIdentityDocument; diff --git a/athenz-identity-provider-service/src/main/resources/configdefinitions/athenz-provider-service.def b/athenz-identity-provider-service/src/main/resources/configdefinitions/athenz-provider-service.def index 3a2ef9c3092..af3abd8631b 100644 --- a/athenz-identity-provider-service/src/main/resources/configdefinitions/athenz-provider-service.def +++ b/athenz-identity-provider-service/src/main/resources/configdefinitions/athenz-provider-service.def @@ -1,5 +1,5 @@ # Copyright 2017 Yahoo Holdings. Licensed under the terms of the Apache 2.0 license. See LICENSE in the project root. -namespace=vespa.hosted.athenz.identityproviderservice.config +namespace=vespa.hosted.athenz.instanceproviderservice.config # Athenz domain domain string diff --git a/athenz-identity-provider-service/src/test/java/com/yahoo/vespa/hosted/athenz/instanceproviderservice/AthenzInstanceProviderServiceTest.java b/athenz-identity-provider-service/src/test/java/com/yahoo/vespa/hosted/athenz/instanceproviderservice/AthenzInstanceProviderServiceTest.java index 125f8a3cb0f..64ae296b0a7 100644 --- a/athenz-identity-provider-service/src/test/java/com/yahoo/vespa/hosted/athenz/instanceproviderservice/AthenzInstanceProviderServiceTest.java +++ b/athenz-identity-provider-service/src/test/java/com/yahoo/vespa/hosted/athenz/instanceproviderservice/AthenzInstanceProviderServiceTest.java @@ -17,7 +17,7 @@ import com.yahoo.config.provision.RegionName; import com.yahoo.config.provision.TenantName; import com.yahoo.config.provision.Zone; import com.yahoo.log.LogLevel; -import com.yahoo.vespa.hosted.athenz.identityproviderservice.config.AthenzProviderServiceConfig; +import com.yahoo.vespa.hosted.athenz.instanceproviderservice.config.AthenzProviderServiceConfig; import com.yahoo.vespa.hosted.athenz.instanceproviderservice.impl.IdentityDocumentGenerator; import com.yahoo.vespa.hosted.athenz.instanceproviderservice.impl.InstanceValidator; import com.yahoo.vespa.hosted.athenz.instanceproviderservice.impl.KeyProvider; |