Add a systemPrefix helper, to filter athenz roles

vespa-engine · Dec 17, 2024 · 51d4588 · 51d4588
1 parent cfa3f3c
commit 51d4588
Showing 1 changed file with 5 additions and 1 deletion.
diff --git a/jdisc-cloud-aws/src/main/java/ai/vespa/secret/aws/AthenzUtil.java b/jdisc-cloud-aws/src/main/java/ai/vespa/secret/aws/AthenzUtil.java
@@ -19,9 +19,13 @@ public class AthenzUtil {
     // Serves as a namespace for resources in athenz and AWS
     public static final String PREFIX = "tenant-secret";
 
+    public static String systemPrefix(String systemName) {
+        return String.join(".", PREFIX, systemName).toLowerCase();
+    }
+
     /* tenant-secret.<system>.<tenant> */
     public static String roleAndPolicyPrefix(String systemName, String tenantName) {
-        return String.join(".", PREFIX, systemName, tenantName).toLowerCase();
+        return String.join(".", systemPrefix(systemName), tenantName).toLowerCase();
     }
 
     /* tenant-secret.<system>.<tenant>.<vaultName>.reader */