diff options
author | Bjørn Christian Seime <bjorn.christian@seime.no> | 2023-07-19 14:49:10 +0200 |
---|---|---|
committer | GitHub <noreply@github.com> | 2023-07-19 14:49:10 +0200 |
commit | 9819e2c447f2ff54dc458bf33b8d0ea84d1017d6 (patch) | |
tree | 6dbc129686d9242d3c4aeef40dc622853892dbb3 | |
parent | 3415a8a8065ee25cf9a644281a67eda777cbcdeb (diff) | |
parent | d7df34cd09f5dffa964096d6188b31e919b0c115 (diff) |
Merge pull request #27829 from vespa-engine/bjorncs/test
Verify connector config when application has mTLS disabled
-rw-r--r-- | config-model/src/test/java/com/yahoo/vespa/model/container/xml/AccessControlTest.java | 20 |
1 files changed, 16 insertions, 4 deletions
diff --git a/config-model/src/test/java/com/yahoo/vespa/model/container/xml/AccessControlTest.java b/config-model/src/test/java/com/yahoo/vespa/model/container/xml/AccessControlTest.java index bbc73e848d3..697d2d422e8 100644 --- a/config-model/src/test/java/com/yahoo/vespa/model/container/xml/AccessControlTest.java +++ b/config-model/src/test/java/com/yahoo/vespa/model/container/xml/AccessControlTest.java @@ -16,7 +16,6 @@ import com.yahoo.jdisc.http.ConnectorConfig; import com.yahoo.path.Path; import com.yahoo.security.X509CertificateUtils; import com.yahoo.security.tls.TlsContext; -import com.yahoo.vespa.defaults.Defaults; import com.yahoo.vespa.model.container.ApplicationContainer; import com.yahoo.vespa.model.container.http.AccessControl; import com.yahoo.vespa.model.container.http.ConnectorFactory; @@ -37,10 +36,15 @@ import java.util.Optional; import java.util.Set; import java.util.stream.Collectors; +import static com.yahoo.jdisc.http.ConnectorConfig.Ssl.ClientAuth.Enum.WANT_AUTH; import static com.yahoo.vespa.defaults.Defaults.getDefaults; import static org.hamcrest.MatcherAssert.assertThat; import static org.hamcrest.Matchers.containsInAnyOrder; -import static org.junit.jupiter.api.Assertions.*; +import static org.junit.jupiter.api.Assertions.assertEquals; +import static org.junit.jupiter.api.Assertions.assertFalse; +import static org.junit.jupiter.api.Assertions.assertThrows; +import static org.junit.jupiter.api.Assertions.assertTrue; +import static org.junit.jupiter.api.Assertions.fail; /** * @author gjoranv @@ -280,7 +284,8 @@ public class AccessControlTest extends ContainerModelBuilderTestBase { new TestProperties() .setAthenzDomain(tenantDomain) .setHostedVespa(true) - .allowDisableMtls(true)) + .allowDisableMtls(true) + .setEndpointCertificateSecrets(Optional.of(new EndpointCertificateSecrets("CERT", "KEY")))) .build(); Http http = createModelAndGetHttp(state, " <http>", @@ -290,6 +295,13 @@ public class AccessControlTest extends ContainerModelBuilderTestBase { " </http>"); assertTrue(http.getAccessControl().isPresent()); assertEquals(AccessControl.ClientAuthentication.want, http.getAccessControl().get().clientAuthentication); + var tlsPort = http.getHttpServer().get().getConnectorFactories().stream() + .filter(connectorFactory -> connectorFactory.getListenPort() == 4443).findFirst().orElseThrow(); + var builder = new ConnectorConfig.Builder(); + tlsPort.getConfig(builder); + var connectorConfig = new ConnectorConfig(builder); + assertFalse(connectorConfig.tlsClientAuthEnforcer().enable()); + assertEquals(WANT_AUTH, connectorConfig.ssl().clientAuth()); } @Test @@ -497,7 +509,7 @@ public class AccessControlTest extends ContainerModelBuilderTestBase { ConnectorConfig connectorConfig = new ConnectorConfig(builder); assertTrue(connectorConfig.ssl().enabled()); - assertEquals(ConnectorConfig.Ssl.ClientAuth.Enum.WANT_AUTH, connectorConfig.ssl().clientAuth()); + assertEquals(WANT_AUTH, connectorConfig.ssl().clientAuth()); assertEquals("CERT", connectorConfig.ssl().certificate()); assertEquals("KEY", connectorConfig.ssl().privateKey()); assertEquals(4443, connectorConfig.listenPort()); |