summaryrefslogtreecommitdiffstats
path: root/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/restapi/dataplanetoken/DataplaneTokenService.java
diff options
context:
space:
mode:
Diffstat (limited to 'controller-server/src/main/java/com/yahoo/vespa/hosted/controller/restapi/dataplanetoken/DataplaneTokenService.java')
-rw-r--r--controller-server/src/main/java/com/yahoo/vespa/hosted/controller/restapi/dataplanetoken/DataplaneTokenService.java11
1 files changed, 9 insertions, 2 deletions
diff --git a/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/restapi/dataplanetoken/DataplaneTokenService.java b/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/restapi/dataplanetoken/DataplaneTokenService.java
index b3e5f663317..32872a01bce 100644
--- a/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/restapi/dataplanetoken/DataplaneTokenService.java
+++ b/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/restapi/dataplanetoken/DataplaneTokenService.java
@@ -15,6 +15,8 @@ import com.yahoo.vespa.hosted.controller.api.integration.dataplanetoken.TokenId;
import com.yahoo.vespa.hosted.controller.persistence.CuratorDb;
import java.security.Principal;
+import java.time.Duration;
+import java.time.Instant;
import java.util.List;
import java.util.Objects;
import java.util.Optional;
@@ -30,6 +32,7 @@ public class DataplaneTokenService {
private static final String TOKEN_PREFIX = "vespa_cloud_";
private static final int TOKEN_BYTES = 32;
private static final int CHECK_HASH_BYTES = 32;
+ public static final Duration DEFAULT_TTL = Duration.ofDays(30);
private final Controller controller;
@@ -51,10 +54,12 @@ public class DataplaneTokenService {
*
* @param tenantName name of the tenant to connect the token to
* @param tokenId The user generated name/id of the token
+ * @param ttl The time to live of the token. Use {@link Duration#ZERO} for no TTL.
* @param principal The principal making the request
* @return a DataplaneToken containing the secret generated token
*/
- public DataplaneToken generateToken(TenantName tenantName, TokenId tokenId, Principal principal) {
+ public DataplaneToken generateToken(TenantName tenantName, TokenId tokenId, Duration ttl, Principal principal) {
+ Optional<Instant> expiration = ttl.isZero() ? Optional.empty() : Optional.ofNullable(controller.clock().instant().plus(ttl));
TokenDomain tokenDomain = TokenDomain.of("Vespa Cloud tenant data plane:%s".formatted(tenantName.value()));
Token token = TokenGenerator.generateToken(tokenDomain, TOKEN_PREFIX, TOKEN_BYTES);
TokenCheckHash checkHash = TokenCheckHash.of(token, CHECK_HASH_BYTES);
@@ -62,6 +67,7 @@ public class DataplaneTokenService {
FingerPrint.of(token.fingerprint().toDelimitedHexString()),
checkHash.toHexString(),
controller.clock().instant(),
+ expiration,
principal.getName());
CuratorDb curator = controller.curator();
@@ -85,7 +91,8 @@ public class DataplaneTokenService {
curator.writeDataplaneTokens(tenantName, dataplaneTokenVersions);
// Return the data plane token including the secret token.
- return new DataplaneToken(tokenId, FingerPrint.of(token.fingerprint().toDelimitedHexString()), token.secretTokenString());
+ return new DataplaneToken(tokenId, FingerPrint.of(token.fingerprint().toDelimitedHexString()),
+ token.secretTokenString(), expiration);
}
}