From d7552d8f13cdf7b8b997f2fa468f8c03abaa9e85 Mon Sep 17 00:00:00 2001 From: Morten Tokle Date: Mon, 3 Feb 2020 13:32:52 +0100 Subject: Support Athenz access tokens --- .../client/AthenzIdentityProviderImpl.java | 27 ++++++++++++++++++++++ 1 file changed, 27 insertions(+) (limited to 'vespa-athenz') diff --git a/vespa-athenz/src/main/java/com/yahoo/vespa/athenz/identityprovider/client/AthenzIdentityProviderImpl.java b/vespa-athenz/src/main/java/com/yahoo/vespa/athenz/identityprovider/client/AthenzIdentityProviderImpl.java index bea9af458b4..5d6f0e3ce16 100644 --- a/vespa-athenz/src/main/java/com/yahoo/vespa/athenz/identityprovider/client/AthenzIdentityProviderImpl.java +++ b/vespa-athenz/src/main/java/com/yahoo/vespa/athenz/identityprovider/client/AthenzIdentityProviderImpl.java @@ -16,6 +16,7 @@ import com.yahoo.security.KeyStoreType; import com.yahoo.security.Pkcs10Csr; import com.yahoo.security.SslContextBuilder; import com.yahoo.security.tls.MutableX509KeyManager; +import com.yahoo.vespa.athenz.api.AthenzAccessToken; import com.yahoo.vespa.athenz.api.AthenzDomain; import com.yahoo.vespa.athenz.api.AthenzRole; import com.yahoo.vespa.athenz.api.AthenzService; @@ -84,6 +85,8 @@ public final class AthenzIdentityProviderImpl extends AbstractComponent implemen private final LoadingCache roleSslContextCache; private final LoadingCache roleSpecificRoleTokenCache; private final LoadingCache domainSpecificRoleTokenCache; + private final LoadingCache domainSpecificAccessTokenCache; + private final LoadingCache, AthenzAccessToken> roleSpecificAccessTokenCache; private final CsrGenerator csrGenerator; @Inject @@ -116,6 +119,8 @@ public final class AthenzIdentityProviderImpl extends AbstractComponent implemen roleSslContextCache = createCache(ROLE_SSL_CONTEXT_EXPIRY, this::createRoleSslContext); roleSpecificRoleTokenCache = createCache(ROLE_TOKEN_EXPIRY, this::createRoleToken); domainSpecificRoleTokenCache = createCache(ROLE_TOKEN_EXPIRY, this::createRoleToken); + domainSpecificAccessTokenCache = createCache(ROLE_TOKEN_EXPIRY, this::createAccessToken); + roleSpecificAccessTokenCache = createCache(ROLE_TOKEN_EXPIRY, this::createAccessToken); this.csrGenerator = new CsrGenerator(config.athenzDnsSuffix(), config.configserverIdentityName()); this.identitySslContext = createIdentitySslContext(identityKeyManager, trustStore); registerInstance(); @@ -198,6 +203,16 @@ public final class AthenzIdentityProviderImpl extends AbstractComponent implemen } } + @Override + public String getAccessToken(String domain) { + return null; + } + + @Override + public String getAccessToken(String domain, List roles) { + return null; + } + @Override public PrivateKey getPrivateKey() { return credentials.getKeyPair().getPrivate(); @@ -240,6 +255,18 @@ public final class AthenzIdentityProviderImpl extends AbstractComponent implemen } } + private AthenzAccessToken createAccessToken(AthenzDomain domain) { + try (ZtsClient client = createZtsClient()) { + return client.getAccessToken(domain); + } + } + + private AthenzAccessToken createAccessToken(List roles) { + try (ZtsClient client = createZtsClient()) { + return client.getAccessToken(roles); + } + } + private DefaultZtsClient createZtsClient() { return new DefaultZtsClient(ztsEndpoint, getIdentitySslContext()); } -- cgit v1.2.3