diff options
-rw-r--r-- | node-admin/src/main/java/com/yahoo/vespa/hosted/node/admin/maintenance/identity/AthenzCredentialsMaintainer.java | 14 |
1 files changed, 12 insertions, 2 deletions
diff --git a/node-admin/src/main/java/com/yahoo/vespa/hosted/node/admin/maintenance/identity/AthenzCredentialsMaintainer.java b/node-admin/src/main/java/com/yahoo/vespa/hosted/node/admin/maintenance/identity/AthenzCredentialsMaintainer.java index 6119c77242c..13099c7e99b 100644 --- a/node-admin/src/main/java/com/yahoo/vespa/hosted/node/admin/maintenance/identity/AthenzCredentialsMaintainer.java +++ b/node-admin/src/main/java/com/yahoo/vespa/hosted/node/admin/maintenance/identity/AthenzCredentialsMaintainer.java @@ -58,6 +58,7 @@ import java.util.logging.Logger; import static com.yahoo.vespa.hosted.node.admin.maintenance.identity.AthenzCredentialsMaintainer.IdentityType.NODE; import static com.yahoo.vespa.hosted.node.admin.maintenance.identity.AthenzCredentialsMaintainer.IdentityType.TENANT; +import static com.yahoo.yolean.Exceptions.uncheck; /** * A maintainer that is responsible for providing and refreshing Athenz credentials for a container. @@ -73,6 +74,7 @@ public class AthenzCredentialsMaintainer implements CredentialsMaintainer { private static final Duration REFRESH_BACKOFF = Duration.ofHours(1); // Backoff when refresh fails to ensure ZTS is not DDoS'ed. private static final String CONTAINER_SIA_DIRECTORY = "/var/lib/sia"; + private static final String LEGACY_SIA_DIRECTORY = "/opt/vespa/var/vespa/sia"; private final URI ztsEndpoint; private final Path ztsTrustStorePath; @@ -113,10 +115,12 @@ public class AthenzCredentialsMaintainer implements CredentialsMaintainer { if (context.zone().getSystemName().isPublic()) return modified; - if (shouldWriteTenantServiceIdentity(context)) + if (shouldWriteTenantServiceIdentity(context)) { modified |= maintain(context, TENANT); - else + createCredentialsSymlink(context); + } else { modified |= deleteTenantCredentials(context); + } return modified; } @@ -431,6 +435,12 @@ public class AthenzCredentialsMaintainer implements CredentialsMaintainer { .value(); } + private void createCredentialsSymlink(NodeAgentContext context) { + var siaDirectory = context.paths().of(CONTAINER_SIA_DIRECTORY, context.users().vespa()); + var legacySiaDirectory = context.paths().of(LEGACY_SIA_DIRECTORY, context.users().vespa()); + uncheck(() -> Files.createSymbolicLink(legacySiaDirectory, siaDirectory)); + } + /* Get the document version to ask for */ |