diff options
Diffstat (limited to 'controller-server/src/main/java/com/yahoo/vespa/hosted/controller/restapi/dataplanetoken/DataplaneTokenService.java')
-rw-r--r-- | controller-server/src/main/java/com/yahoo/vespa/hosted/controller/restapi/dataplanetoken/DataplaneTokenService.java | 11 |
1 files changed, 9 insertions, 2 deletions
diff --git a/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/restapi/dataplanetoken/DataplaneTokenService.java b/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/restapi/dataplanetoken/DataplaneTokenService.java index b3e5f663317..32872a01bce 100644 --- a/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/restapi/dataplanetoken/DataplaneTokenService.java +++ b/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/restapi/dataplanetoken/DataplaneTokenService.java @@ -15,6 +15,8 @@ import com.yahoo.vespa.hosted.controller.api.integration.dataplanetoken.TokenId; import com.yahoo.vespa.hosted.controller.persistence.CuratorDb; import java.security.Principal; +import java.time.Duration; +import java.time.Instant; import java.util.List; import java.util.Objects; import java.util.Optional; @@ -30,6 +32,7 @@ public class DataplaneTokenService { private static final String TOKEN_PREFIX = "vespa_cloud_"; private static final int TOKEN_BYTES = 32; private static final int CHECK_HASH_BYTES = 32; + public static final Duration DEFAULT_TTL = Duration.ofDays(30); private final Controller controller; @@ -51,10 +54,12 @@ public class DataplaneTokenService { * * @param tenantName name of the tenant to connect the token to * @param tokenId The user generated name/id of the token + * @param ttl The time to live of the token. Use {@link Duration#ZERO} for no TTL. * @param principal The principal making the request * @return a DataplaneToken containing the secret generated token */ - public DataplaneToken generateToken(TenantName tenantName, TokenId tokenId, Principal principal) { + public DataplaneToken generateToken(TenantName tenantName, TokenId tokenId, Duration ttl, Principal principal) { + Optional<Instant> expiration = ttl.isZero() ? Optional.empty() : Optional.ofNullable(controller.clock().instant().plus(ttl)); TokenDomain tokenDomain = TokenDomain.of("Vespa Cloud tenant data plane:%s".formatted(tenantName.value())); Token token = TokenGenerator.generateToken(tokenDomain, TOKEN_PREFIX, TOKEN_BYTES); TokenCheckHash checkHash = TokenCheckHash.of(token, CHECK_HASH_BYTES); @@ -62,6 +67,7 @@ public class DataplaneTokenService { FingerPrint.of(token.fingerprint().toDelimitedHexString()), checkHash.toHexString(), controller.clock().instant(), + expiration, principal.getName()); CuratorDb curator = controller.curator(); @@ -85,7 +91,8 @@ public class DataplaneTokenService { curator.writeDataplaneTokens(tenantName, dataplaneTokenVersions); // Return the data plane token including the secret token. - return new DataplaneToken(tokenId, FingerPrint.of(token.fingerprint().toDelimitedHexString()), token.secretTokenString()); + return new DataplaneToken(tokenId, FingerPrint.of(token.fingerprint().toDelimitedHexString()), + token.secretTokenString(), expiration); } } |