From d7570dd03cf2eddd9265ae39ac545bd223978cf8 Mon Sep 17 00:00:00 2001
From: Håkon Hallingstad <hakon@yahooinc.com>
Date: Tue, 24 May 2022 11:42:23 +0200
Subject: Get config server CA certificate secret name from config

---
 .../vespa/hosted/ca/restapi/CertificateAuthorityApiHandler.java  | 9 ++++-----
 .../vespa/hosted/athenz/instanceproviderservice/TestUtils.java   | 3 ++-
 .../java/com/yahoo/vespa/hosted/ca/restapi/ContainerTester.java  | 1 +
 configdefinitions/src/vespa/athenz-provider-service.def          | 3 +++
 4 files changed, 10 insertions(+), 6 deletions(-)

diff --git a/athenz-identity-provider-service/src/main/java/com/yahoo/vespa/hosted/ca/restapi/CertificateAuthorityApiHandler.java b/athenz-identity-provider-service/src/main/java/com/yahoo/vespa/hosted/ca/restapi/CertificateAuthorityApiHandler.java
index 9f4b1a9d01c..9bd6153f159 100644
--- a/athenz-identity-provider-service/src/main/java/com/yahoo/vespa/hosted/ca/restapi/CertificateAuthorityApiHandler.java
+++ b/athenz-identity-provider-service/src/main/java/com/yahoo/vespa/hosted/ca/restapi/CertificateAuthorityApiHandler.java
@@ -7,8 +7,6 @@ import com.yahoo.container.jdisc.HttpResponse;
 import com.yahoo.container.jdisc.ThreadedHttpRequestHandler;
 import com.yahoo.container.jdisc.secretstore.SecretStore;
 import com.yahoo.jdisc.http.server.jetty.RequestUtils;
-
-import java.util.logging.Level;
 import com.yahoo.restapi.ErrorResponse;
 import com.yahoo.restapi.Path;
 import com.yahoo.restapi.SlimeJsonResponse;
@@ -16,12 +14,12 @@ import com.yahoo.security.KeyUtils;
 import com.yahoo.security.SubjectAlternativeName;
 import com.yahoo.security.X509CertificateUtils;
 import com.yahoo.slime.Slime;
+import com.yahoo.slime.SlimeUtils;
 import com.yahoo.vespa.athenz.api.AthenzService;
 import com.yahoo.vespa.athenz.identityprovider.api.EntityBindingsMapper;
-import com.yahoo.slime.SlimeUtils;
-import com.yahoo.vespa.hosted.athenz.instanceproviderservice.config.AthenzProviderServiceConfig;
 import com.yahoo.vespa.hosted.athenz.instanceproviderservice.InstanceConfirmation;
 import com.yahoo.vespa.hosted.athenz.instanceproviderservice.InstanceValidator;
+import com.yahoo.vespa.hosted.athenz.instanceproviderservice.config.AthenzProviderServiceConfig;
 import com.yahoo.vespa.hosted.ca.Certificates;
 import com.yahoo.vespa.hosted.ca.instance.InstanceIdentity;
 import com.yahoo.vespa.hosted.ca.instance.InstanceRefresh;
@@ -38,6 +36,7 @@ import java.util.List;
 import java.util.Objects;
 import java.util.Optional;
 import java.util.function.Function;
+import java.util.logging.Level;
 import java.util.stream.Stream;
 
 /**
@@ -68,7 +67,7 @@ public class CertificateAuthorityApiHandler extends ThreadedHttpRequestHandler {
         this.secretStore = secretStore;
         this.certificates = certificates;
         this.caPrivateKeySecretName = athenzProviderServiceConfig.secretName();
-        this.caCertificateSecretName = athenzProviderServiceConfig.domain() + ".ca.cert";
+        this.caCertificateSecretName = athenzProviderServiceConfig.caCertSecretName();
         this.instanceValidator = instanceValidator;
     }
 
diff --git a/athenz-identity-provider-service/src/test/java/com/yahoo/vespa/hosted/athenz/instanceproviderservice/TestUtils.java b/athenz-identity-provider-service/src/test/java/com/yahoo/vespa/hosted/athenz/instanceproviderservice/TestUtils.java
index 7573b5690e7..4110ad2bfa2 100644
--- a/athenz-identity-provider-service/src/test/java/com/yahoo/vespa/hosted/athenz/instanceproviderservice/TestUtils.java
+++ b/athenz-identity-provider-service/src/test/java/com/yahoo/vespa/hosted/athenz/instanceproviderservice/TestUtils.java
@@ -18,7 +18,8 @@ public class TestUtils {
                         .domain(domain)
                         .certDnsSuffix(dnsSuffix)
                         .ztsUrl("localhost/zts")
-                        .secretName("s3cr3t");
+                        .secretName("s3cr3t")
+                        .caCertSecretName(domain + ".ca.cert");
         return new AthenzProviderServiceConfig(
                 zoneConfig.athenzCaTrustStore("/dummy/path/to/athenz-ca.jks"));
     }
diff --git a/athenz-identity-provider-service/src/test/java/com/yahoo/vespa/hosted/ca/restapi/ContainerTester.java b/athenz-identity-provider-service/src/test/java/com/yahoo/vespa/hosted/ca/restapi/ContainerTester.java
index 3341575afd4..ad0715cbbea 100644
--- a/athenz-identity-provider-service/src/test/java/com/yahoo/vespa/hosted/ca/restapi/ContainerTester.java
+++ b/athenz-identity-provider-service/src/test/java/com/yahoo/vespa/hosted/ca/restapi/ContainerTester.java
@@ -64,6 +64,7 @@ public class ContainerTester {
                "    <serviceName>servicename</serviceName>\n" +
                "    <secretName>secretname</secretName>\n" +
                "    <secretVersion>0</secretVersion>\n" +
+               "    <caCertSecretName>vespa.external.ca.cert</caCertSecretName>\n" +
                "    <certDnsSuffix>suffix</certDnsSuffix>\n" +
                "    <ztsUrl>https://localhost:123/</ztsUrl>\n" +
                "  </config>\n" +
diff --git a/configdefinitions/src/vespa/athenz-provider-service.def b/configdefinitions/src/vespa/athenz-provider-service.def
index 0363f299cd6..bfcd13b8592 100644
--- a/configdefinitions/src/vespa/athenz-provider-service.def
+++ b/configdefinitions/src/vespa/athenz-provider-service.def
@@ -13,6 +13,9 @@ secretName                                string
 # Secret version
 secretVersion                             int
 
+# Secret name of CA certificate
+caCertSecretName                          string
+
 # Certificate DNS suffix
 certDnsSuffix                             string
 
-- 
cgit v1.2.3