Rdl latest (#357)

* generate with latest rdl tool

* introduce instance refresh api

clients/go/zms/client.go

@@ -8,15 +8,14 @@ import (
 	"bytes"
 	"encoding/json"
 	"fmt"
+	rdl "github.com/ardielle/ardielle-go/rdl"
 	"io"
 	"io/ioutil"
 	"net/http"
 	"net/url"
 	"strconv"
 	"strings"
 	"time"
-
-	rdl "github.com/ardielle/ardielle-go/rdl"
 )
 
 var _ = json.Marshal

clients/go/zms/model.go

@@ -7,7 +7,6 @@ package zms
 import (
 	"encoding/json"
 	"fmt"
-
 	rdl "github.com/ardielle/ardielle-go/rdl"
 )
 

clients/go/zts/model.go

@@ -1758,6 +1758,12 @@ func (self *InstanceRegisterInformation) Validate() error {
 //
 type InstanceRefreshInformation struct {
 
+	//
+	// identity attestation data including document with its signature containing
+	// attributes like IP address, instance-id, account#, etc.
+	//
+	AttestationData string `json:"attestationData,omitempty" rdl:"optional"`
+
 	//
 	// the Certificate Signing Request for the expected X.509 certificate in the
 	// response

clients/go/zts/zts_schema.go

@@ -254,6 +254,7 @@ func init() {
 	sb.AddType(tInstanceRegisterInformation.Build())
 
 	tInstanceRefreshInformation := rdl.NewStructTypeBuilder("Struct", "InstanceRefreshInformation")
+	tInstanceRefreshInformation.Field("attestationData", "String", true, nil, "identity attestation data including document with its signature containing attributes like IP address, instance-id, account#, etc.")
 	tInstanceRefreshInformation.Field("csr", "String", true, nil, "the Certificate Signing Request for the expected X.509 certificate in the response")
 	tInstanceRefreshInformation.Field("ssh", "String", true, nil, "if present, return an SSH host certificate. Format is JSON.")
 	tInstanceRefreshInformation.Field("token", "Bool", true, nil, "if true, return a service token signed by ZTS for this service")

core/zts/src/main/java/com/yahoo/athenz/instance/provider/InstanceProviderSchema.java

@@ -89,6 +89,18 @@ private static Schema build() {
             .exception("UNAUTHORIZED", "ResourceError", "")
 ;
 
+        sb.resource("InstanceConfirmation", "POST", "/refresh")
+            .name("PostRefreshConfirmation")
+            .input("confirmation", "InstanceConfirmation", "")
+            .auth("", "", true)
+            .expected("OK")
+            .exception("BAD_REQUEST", "ResourceError", "")
+
+            .exception("FORBIDDEN", "ResourceError", "")
+
+            .exception("UNAUTHORIZED", "ResourceError", "")
+;
+
 
         return sb.build();
     }

core/zts/src/main/java/com/yahoo/athenz/zts/InstanceRefreshInformation.java

@@ -10,6 +10,9 @@
 // InstanceRefreshInformation -
 //
 public class InstanceRefreshInformation {
+    @RdlOptional
+    @JsonInclude(JsonInclude.Include.NON_EMPTY)
+    public String attestationData;
     @RdlOptional
     @JsonInclude(JsonInclude.Include.NON_EMPTY)
     public String csr;
@@ -20,6 +23,13 @@ public class InstanceRefreshInformation {
     @JsonInclude(JsonInclude.Include.NON_EMPTY)
     public Boolean token;
 
+    public InstanceRefreshInformation setAttestationData(String attestationData) {
+        this.attestationData = attestationData;
+        return this;
+    }
+    public String getAttestationData() {
+        return attestationData;
+    }
     public InstanceRefreshInformation setCsr(String csr) {
         this.csr = csr;
         return this;
@@ -49,6 +59,9 @@ public boolean equals(Object another) {
                 return false;
             }
             InstanceRefreshInformation a = (InstanceRefreshInformation) another;
+            if (attestationData == null ? a.attestationData != null : !attestationData.equals(a.attestationData)) {
+                return false;
+            }
             if (csr == null ? a.csr != null : !csr.equals(a.csr)) {
                 return false;
             }

core/zts/src/main/java/com/yahoo/athenz/zts/ZTSSchema.java

@@ -217,6 +217,7 @@ private static Schema build() {
             .field("token", "Bool", true, "if true, return a service token signed by ZTS for this service");
 
         sb.structType("InstanceRefreshInformation")
+            .field("attestationData", "String", true, "identity attestation data including document with its signature containing attributes like IP address, instance-id, account#, etc.")
             .field("csr", "String", true, "the Certificate Signing Request for the expected X.509 certificate in the response")
             .field("ssh", "String", true, "if present, return an SSH host certificate. Format is JSON.")
             .field("token", "Bool", true, "if true, return a service token signed by ZTS for this service");

core/zts/src/main/rdl/Instance.rdli

@@ -14,6 +14,7 @@ type InstanceRegisterInformation Struct {
 }
 
 type InstanceRefreshInformation Struct {
+    String attestationData (optional); //identity attestation data including document with its signature containing attributes like IP address, instance-id, account#, etc.
     String csr (optional); //the Certificate Signing Request for the expected X.509 certificate in the response
     String ssh (optional); //if present, return an SSH host certificate. Format is JSON.
     Bool token (optional); //if true, return a service token signed by ZTS for this service

core/zts/src/main/rdl/InstanceProvider.rdli

@@ -21,3 +21,14 @@ resource InstanceConfirmation POST "/instance" {
         ResourceError UNAUTHORIZED;
     }
 }
+
+resource InstanceConfirmation POST "/refresh" (name=PostRefreshConfirmation) {
+    InstanceConfirmation confirmation;
+    authenticate;
+    expected OK;
+    exceptions {
+        ResourceError BAD_REQUEST;
+        ResourceError FORBIDDEN;
+        ResourceError UNAUTHORIZED;
+    }
+}

libs/java/instance_provider/src/main/java/com/yahoo/athenz/instance/provider/InstanceProviderClient.java

@@ -66,4 +66,22 @@ public InstanceConfirmation postInstanceConfirmation(InstanceConfirmation confir
 
     }
 
+    public InstanceConfirmation postRefreshConfirmation(InstanceConfirmation confirmation) {
+        WebTarget target = base.path("/refresh");
+        Invocation.Builder invocationBuilder = target.request("application/json");
+        if (credsHeader != null) {
+            invocationBuilder = credsHeader.startsWith("Cookie.") ? invocationBuilder.cookie(credsHeader.substring(7),
+                credsToken) : invocationBuilder.header(credsHeader, credsToken);
+        }
+        Response response = invocationBuilder.post(javax.ws.rs.client.Entity.entity(confirmation, "application/json"));
+        int code = response.getStatus();
+        switch (code) {
+        case 200:
+            return response.readEntity(InstanceConfirmation.class);
+        default:
+            throw new ResourceException(code, response.readEntity(ResourceError.class));
+        }
+
+    }
+
 }