Class AthenzIdentityProviderImpl
java.lang.Object
com.yahoo.component.AbstractComponent
com.yahoo.vespa.athenz.identityprovider.client.AthenzIdentityProviderImpl
- All Implemented Interfaces:
com.yahoo.component.Component
,com.yahoo.component.Deconstructable
,com.yahoo.container.jdisc.athenz.AthenzIdentityProvider
,ServiceIdentityProvider
,Comparable<com.yahoo.component.Component>
public final class AthenzIdentityProviderImpl
extends com.yahoo.component.AbstractComponent
implements com.yahoo.container.jdisc.athenz.AthenzIdentityProvider, ServiceIdentityProvider
A
AthenzIdentityProvider
/ ServiceIdentityProvider
component that provides the tenant identity.- Author:
- mortent, bjorncs
-
Field Summary
Fields inherited from class com.yahoo.component.AbstractComponent
isDeconstructable
-
Constructor Summary
ConstructorDescriptionAthenzIdentityProviderImpl
(com.yahoo.container.core.identity.IdentityConfig config, com.yahoo.jdisc.Metric metric) -
Method Summary
Modifier and TypeMethodDescriptionThe client truststore contains the Athenz certificates fromServiceIdentityProvider.athenzTruststorePath()
and additional certificate authorities that issues trusted server certificates.void
domain()
getAccessToken
(String domain) getAccessToken
(String domain, List<String> roles) com.yahoo.security.X509CertificateWithKey
getRoleSslContext
(String domain, String role) getRoleToken
(String domain) getRoleToken
(String domain, String role) identity()
service()
Methods inherited from class com.yahoo.component.AbstractComponent
clone, compareTo, getClassName, getId, getIdString, hasInitializedId, initId, isDeconstructable, setIsDeconstructable, toString
-
Field Details
-
CERTIFICATE_EXPIRY_METRIC_NAME
- See Also:
-
-
Constructor Details
-
AthenzIdentityProviderImpl
@Inject public AthenzIdentityProviderImpl(com.yahoo.container.core.identity.IdentityConfig config, com.yahoo.jdisc.Metric metric)
-
-
Method Details
-
identity
- Specified by:
identity
in interfaceServiceIdentityProvider
- Returns:
- The Athenz identity of the environment
-
domain
- Specified by:
domain
in interfacecom.yahoo.container.jdisc.athenz.AthenzIdentityProvider
-
service
- Specified by:
service
in interfacecom.yahoo.container.jdisc.athenz.AthenzIdentityProvider
-
getIdentitySslContext
- Specified by:
getIdentitySslContext
in interfacecom.yahoo.container.jdisc.athenz.AthenzIdentityProvider
- Specified by:
getIdentitySslContext
in interfaceServiceIdentityProvider
- Returns:
SSLContext
that is automatically updated.
-
getIdentityCertificateWithKey
public com.yahoo.security.X509CertificateWithKey getIdentityCertificateWithKey()- Specified by:
getIdentityCertificateWithKey
in interfaceServiceIdentityProvider
- Returns:
- Current certificate and private key. Unlike
ServiceIdentityProvider.getIdentitySslContext()
underlying credentials are not automatically updated.
-
certificatePath
- Specified by:
certificatePath
in interfaceServiceIdentityProvider
- Returns:
- Path to X.509 certificate in PEM format
-
privateKeyPath
- Specified by:
privateKeyPath
in interfaceServiceIdentityProvider
- Returns:
- Path to private key in PEM format
-
athenzTruststorePath
- Specified by:
athenzTruststorePath
in interfaceServiceIdentityProvider
- Returns:
- Path to Athenz truststore in PEM format
-
clientTruststorePath
Description copied from interface:ServiceIdentityProvider
The client truststore contains the Athenz certificates fromServiceIdentityProvider.athenzTruststorePath()
and additional certificate authorities that issues trusted server certificates.- Specified by:
clientTruststorePath
in interfaceServiceIdentityProvider
- Returns:
- Path to client truststore in PEM format
-
getRoleSslContext
- Specified by:
getRoleSslContext
in interfacecom.yahoo.container.jdisc.athenz.AthenzIdentityProvider
-
getRoleToken
- Specified by:
getRoleToken
in interfacecom.yahoo.container.jdisc.athenz.AthenzIdentityProvider
-
getRoleToken
- Specified by:
getRoleToken
in interfacecom.yahoo.container.jdisc.athenz.AthenzIdentityProvider
-
getAccessToken
- Specified by:
getAccessToken
in interfacecom.yahoo.container.jdisc.athenz.AthenzIdentityProvider
-
getAccessToken
- Specified by:
getAccessToken
in interfacecom.yahoo.container.jdisc.athenz.AthenzIdentityProvider
-
getPrivateKey
- Specified by:
getPrivateKey
in interfacecom.yahoo.container.jdisc.athenz.AthenzIdentityProvider
-
trustStorePath
- Specified by:
trustStorePath
in interfacecom.yahoo.container.jdisc.athenz.AthenzIdentityProvider
-
getIdentityCertificate
- Specified by:
getIdentityCertificate
in interfacecom.yahoo.container.jdisc.athenz.AthenzIdentityProvider
-
deconstruct
public void deconstruct()- Specified by:
deconstruct
in interfacecom.yahoo.component.Deconstructable
- Overrides:
deconstruct
in classcom.yahoo.component.AbstractComponent
-