diff options
Diffstat (limited to 'vespa-athenz/src/main/java/com/yahoo/vespa/athenz')
3 files changed, 11 insertions, 4 deletions
diff --git a/vespa-athenz/src/main/java/com/yahoo/vespa/athenz/client/zts/bindings/AccessTokenResponseEntity.java b/vespa-athenz/src/main/java/com/yahoo/vespa/athenz/client/zts/bindings/AccessTokenResponseEntity.java index a3063524b93..785c215df18 100644 --- a/vespa-athenz/src/main/java/com/yahoo/vespa/athenz/client/zts/bindings/AccessTokenResponseEntity.java +++ b/vespa-athenz/src/main/java/com/yahoo/vespa/athenz/client/zts/bindings/AccessTokenResponseEntity.java @@ -9,6 +9,7 @@ import com.yahoo.vespa.athenz.api.AthenzRole; import java.time.Instant; import java.util.List; +import java.util.Optional; import java.util.stream.Collectors; import java.util.stream.Stream; @@ -19,6 +20,7 @@ import java.util.stream.Stream; public class AccessTokenResponseEntity { private final AthenzAccessToken accessToken; private final Instant expiryTime; + // roles can be null (not set in the json response) private final List<AthenzRole> roles; public AccessTokenResponseEntity( @@ -29,7 +31,8 @@ public class AccessTokenResponseEntity { this.accessToken = new AthenzAccessToken(accessToken); // We do not know from when, so best we can do is assume now ... this.expiryTime = Instant.now().plusSeconds(expiresIn); - this.roles = Stream.of(roles.split(" ")) + this.roles = Optional.ofNullable(roles).stream() + .flatMap(r -> Stream.of(r.split(" "))) .map(AthenzResourceName::fromString) .map(AthenzRole::fromResourceName) .toList(); diff --git a/vespa-athenz/src/main/java/com/yahoo/vespa/athenz/identity/SiaIdentityProvider.java b/vespa-athenz/src/main/java/com/yahoo/vespa/athenz/identity/SiaIdentityProvider.java index 2c8908a89a6..2f344004780 100644 --- a/vespa-athenz/src/main/java/com/yahoo/vespa/athenz/identity/SiaIdentityProvider.java +++ b/vespa-athenz/src/main/java/com/yahoo/vespa/athenz/identity/SiaIdentityProvider.java @@ -86,6 +86,10 @@ public class SiaIdentityProvider extends AbstractComponent implements ServiceIde return createIdentitySslContext(keyManager, trustStoreFile, false); } + public SSLContext createIdentitySslContextWithTrustStore(Path trustStoreFile, boolean includeDefaultTruststore) { + return createIdentitySslContext(keyManager, trustStoreFile, includeDefaultTruststore); + } + /** * Create an SSL context with the given trust store and the key manager from this provider. * If the {code includeDefaultTruststore} is true, the default trust store will be included. diff --git a/vespa-athenz/src/main/java/com/yahoo/vespa/athenz/utils/SiaUtils.java b/vespa-athenz/src/main/java/com/yahoo/vespa/athenz/utils/SiaUtils.java index af0da93edc3..56e64b2261d 100644 --- a/vespa-athenz/src/main/java/com/yahoo/vespa/athenz/utils/SiaUtils.java +++ b/vespa-athenz/src/main/java/com/yahoo/vespa/athenz/utils/SiaUtils.java @@ -1,10 +1,10 @@ // Copyright Vespa.ai. Licensed under the terms of the Apache 2.0 license. See LICENSE in the project root. package com.yahoo.vespa.athenz.utils; -import com.yahoo.vespa.athenz.api.AthenzIdentity; -import com.yahoo.vespa.athenz.api.AthenzService; import com.yahoo.security.KeyUtils; import com.yahoo.security.X509CertificateUtils; +import com.yahoo.vespa.athenz.api.AthenzIdentity; +import com.yahoo.vespa.athenz.api.AthenzService; import java.io.IOException; import java.io.UncheckedIOException; @@ -132,7 +132,7 @@ public class SiaUtils { try (DirectoryStream<Path> directoryStream = Files.newDirectoryStream(keysDirectory)) { return StreamSupport.stream(directoryStream.spliterator(), false) .map(path -> path.getFileName().toString()) - .filter(fileName -> fileName.endsWith(keyFileSuffix)) + .filter(fileName -> fileName.endsWith(keyFileSuffix) && ! fileName.contains(":role.")) .map(fileName -> fileName.substring(0, fileName.length() - keyFileSuffix.length())) .map(AthenzService::new) .collect(toList()); |