From c7a11b4b15a8bb6005c5183079c29f46a3a37dfc Mon Sep 17 00:00:00 2001
From: Håkon Hallingstad <hakon@verizonmedia.com>
Date: Mon, 7 Oct 2019 11:48:33 +0200
Subject: Update flag definition of include-sis-in-truststore

---
 flags/src/main/java/com/yahoo/vespa/flags/Flags.java | 11 ++++++++---
 1 file changed, 8 insertions(+), 3 deletions(-)

(limited to 'flags')

diff --git a/flags/src/main/java/com/yahoo/vespa/flags/Flags.java b/flags/src/main/java/com/yahoo/vespa/flags/Flags.java
index ae782bf32ff..4b1befc1770 100644
--- a/flags/src/main/java/com/yahoo/vespa/flags/Flags.java
+++ b/flags/src/main/java/com/yahoo/vespa/flags/Flags.java
@@ -82,9 +82,14 @@ public class Flags {
 
     public static final UnboundBooleanFlag INCLUDE_SIS_IN_TRUSTSTORE = defineFeatureFlag(
             "include-sis-in-truststore", false,
-            "Whether to use the trust store backed by Athenz and Service Identity certificates.",
-            "Takes effect on next tick, but may get throttled due to orchestration.",
-            HOSTNAME);
+            "Whether to use the trust store backed by Athenz and (in public) Service Identity certificates in " +
+            "host-admin and/or Docker containers",
+            "Takes effect on restart of host-admin (for host-admin), and restart of Docker container.",
+            // For host-admin, HOSTNAME and NODE_TYPE is available
+            // For Docker containers, HOSTNAME and APPLICATION_ID is available
+            // WARNING: Having different sets of dimensions is DISCOURAGED in general, but needed for here since
+            // trust store for host-admin is determined before having access to application ID from node repo.
+            HOSTNAME, NODE_TYPE, APPLICATION_ID);
 
     public static final UnboundStringFlag TLS_INSECURE_MIXED_MODE = defineStringFlag(
             "tls-insecure-mixed-mode", "tls_client_mixed_server",
-- 
cgit v1.2.3