diff options
Diffstat (limited to 'vespa-athenz/src/main/java/com/yahoo/vespa/athenz')
2 files changed, 37 insertions, 0 deletions
diff --git a/vespa-athenz/src/main/java/com/yahoo/vespa/athenz/identityprovider/api/IdentityDocumentClient.java b/vespa-athenz/src/main/java/com/yahoo/vespa/athenz/identityprovider/api/IdentityDocumentClient.java index a3c2f0264d3..522f40bc37d 100644 --- a/vespa-athenz/src/main/java/com/yahoo/vespa/athenz/identityprovider/api/IdentityDocumentClient.java +++ b/vespa-athenz/src/main/java/com/yahoo/vespa/athenz/identityprovider/api/IdentityDocumentClient.java @@ -1,6 +1,7 @@ // Copyright Yahoo. Licensed under the terms of the Apache 2.0 license. See LICENSE in the project root. package com.yahoo.vespa.athenz.identityprovider.api; +import java.util.List; import java.util.Optional; import java.util.OptionalInt; @@ -12,4 +13,5 @@ import java.util.OptionalInt; public interface IdentityDocumentClient { SignedIdentityDocument getNodeIdentityDocument(String host, int documentVersion); Optional<SignedIdentityDocument> getTenantIdentityDocument(String host, int documentVersion); + List<String> getNodeRoles(String hostname); } diff --git a/vespa-athenz/src/main/java/com/yahoo/vespa/athenz/identityprovider/client/DefaultIdentityDocumentClient.java b/vespa-athenz/src/main/java/com/yahoo/vespa/athenz/identityprovider/client/DefaultIdentityDocumentClient.java index f95a3335c24..81aa6e5bd2a 100644 --- a/vespa-athenz/src/main/java/com/yahoo/vespa/athenz/identityprovider/client/DefaultIdentityDocumentClient.java +++ b/vespa-athenz/src/main/java/com/yahoo/vespa/athenz/identityprovider/client/DefaultIdentityDocumentClient.java @@ -7,6 +7,7 @@ import com.yahoo.vespa.athenz.identity.ServiceIdentityProvider; import com.yahoo.vespa.athenz.identityprovider.api.EntityBindingsMapper; import com.yahoo.vespa.athenz.identityprovider.api.IdentityDocumentClient; import com.yahoo.vespa.athenz.identityprovider.api.SignedIdentityDocument; +import com.yahoo.vespa.athenz.identityprovider.api.bindings.RoleListEntity; import com.yahoo.vespa.athenz.identityprovider.api.bindings.SignedIdentityDocumentEntity; import org.apache.http.client.config.RequestConfig; import org.apache.http.client.methods.CloseableHttpResponse; @@ -23,6 +24,7 @@ import java.io.IOException; import java.io.UncheckedIOException; import java.net.URI; import java.time.Duration; +import java.util.List; import java.util.Optional; import java.util.function.Supplier; @@ -66,6 +68,39 @@ public class DefaultIdentityDocumentClient implements IdentityDocumentClient { return getIdentityDocument(host, "tenant", documentVersion); } + @Override + public List<String> getNodeRoles(String hostname) { + try (var client = createHttpClient(sslContextSupplier.get(), hostnameVerifier)) { + var uri = configserverUri + .resolve(IDENTITY_DOCUMENT_API) + .resolve("roles/") + .resolve(hostname); + + var request = RequestBuilder.get() + .setUri(uri) + .addHeader("Connection", "close") + .addHeader("Accept", "application/json") + .build(); + try (var response = client.execute(request)) { + String responseContent = EntityUtils.toString(response.getEntity()); + int statusCode = response.getStatusLine().getStatusCode(); + if (statusCode >= 200 && statusCode <= 299) { + var rolesEntity = objectMapper.readValue(responseContent, RoleListEntity.class); + return rolesEntity.roles(); + } else { + throw new RuntimeException( + String.format( + "Failed to retrieve roles for host %s: %d - %s", + hostname, + statusCode, + responseContent)); + } + } + } catch (IOException e) { + throw new UncheckedIOException(e); + } + } + private Optional<SignedIdentityDocument> getIdentityDocument(String host, String type, int documentVersion) { try (CloseableHttpClient client = createHttpClient(sslContextSupplier.get(), hostnameVerifier)) { |