diff options
author | Bjørn Christian Seime <bjorncs@oath.com> | 2017-10-31 16:45:20 +0100 |
---|---|---|
committer | Bjørn Christian Seime <bjorncs@oath.com> | 2017-10-31 16:45:20 +0100 |
commit | 3b46a03b6ef37e2e7e063f6fb238b1135a9781c8 (patch) | |
tree | 803b3dcc34624ad4c0304dd154c84d604807fae3 | |
parent | 38c1e6b65e5de9713bc82c70901a404458834b5c (diff) |
Generate proper zone dns suffix
2 files changed, 17 insertions, 6 deletions
diff --git a/athenz-identity-provider-service/src/main/java/com/yahoo/vespa/hosted/athenz/instanceproviderservice/impl/IdentityDocumentGenerator.java b/athenz-identity-provider-service/src/main/java/com/yahoo/vespa/hosted/athenz/instanceproviderservice/impl/IdentityDocumentGenerator.java index efb2179ff6b..0e8ca0017f4 100644 --- a/athenz-identity-provider-service/src/main/java/com/yahoo/vespa/hosted/athenz/instanceproviderservice/impl/IdentityDocumentGenerator.java +++ b/athenz-identity-provider-service/src/main/java/com/yahoo/vespa/hosted/athenz/instanceproviderservice/impl/IdentityDocumentGenerator.java @@ -59,7 +59,7 @@ public class IdentityDocumentGenerator { signature, SignedIdentityDocument.DEFAULT_KEY_VERSION, identityDocument.providerUniqueId.asString(), - dnsSuffix, + toZoneDnsSuffix(zone, dnsSuffix), providerDomain + "." + providerService, ztsUrl, SignedIdentityDocument.DEFAILT_DOCUMENT_VERSION @@ -87,5 +87,9 @@ public class IdentityDocumentGenerator { node.hostname(), Instant.now()); } + + private static String toZoneDnsSuffix(Zone zone, String dnsSuffix) { + return zone.environment().value() + "-" + zone.region().value() + "." + dnsSuffix; + } } diff --git a/athenz-identity-provider-service/src/test/java/com/yahoo/vespa/hosted/athenz/instanceproviderservice/AthenzInstanceProviderServiceTest.java b/athenz-identity-provider-service/src/test/java/com/yahoo/vespa/hosted/athenz/instanceproviderservice/AthenzInstanceProviderServiceTest.java index c32f8e18c00..c49122a07b8 100644 --- a/athenz-identity-provider-service/src/test/java/com/yahoo/vespa/hosted/athenz/instanceproviderservice/AthenzInstanceProviderServiceTest.java +++ b/athenz-identity-provider-service/src/test/java/com/yahoo/vespa/hosted/athenz/instanceproviderservice/AthenzInstanceProviderServiceTest.java @@ -103,7 +103,7 @@ public class AthenzInstanceProviderServiceTest { String service = "service"; AutoGeneratedKeyProvider keyProvider = new AutoGeneratedKeyProvider(); PrivateKey privateKey = keyProvider.getPrivateKey(0); - AthenzProviderServiceConfig config = getAthenzProviderConfig(domain, service); + AthenzProviderServiceConfig config = getAthenzProviderConfig(domain, service, "vespa.dns.suffix"); ScheduledExecutorServiceMock executor = new ScheduledExecutorServiceMock(); AthenzInstanceProviderService athenzInstanceProviderService = @@ -152,8 +152,9 @@ public class AthenzInstanceProviderServiceTest { when(nodeRepository.getNode(eq(hostname))).thenReturn(Optional.of(n)); AutoGeneratedKeyProvider keyProvider = new AutoGeneratedKeyProvider(); + String dnsSuffix = "vespa.dns.suffix"; IdentityDocumentGenerator identityDocumentGenerator = new IdentityDocumentGenerator( - getAthenzProviderConfig("domain", "service"), + getAthenzProviderConfig("domain", "service", dnsSuffix), nodeRepository, ZONE, keyProvider); @@ -165,8 +166,14 @@ public class AthenzInstanceProviderServiceTest { // Verify attributes assertEquals(hostname, signedIdentityDocument.identityDocument.instanceHostname); + + String environment = "dev"; + String region = "us-north-1"; + String expectedZoneDnsSuffix = environment + "-" + region + "." + dnsSuffix; + assertEquals(expectedZoneDnsSuffix, signedIdentityDocument.dnsSuffix); + ProviderUniqueId expectedProviderUniqueId = - new ProviderUniqueId("tenant", "application", "dev", "us-north-1", "default", "default", 0); + new ProviderUniqueId("tenant", "application", environment, region, "default", "default", 0); assertEquals(expectedProviderUniqueId, signedIdentityDocument.identityDocument.providerUniqueId); // Validate signature @@ -175,14 +182,14 @@ public class AthenzInstanceProviderServiceTest { signedIdentityDocument.signature)); } - private static AthenzProviderServiceConfig getAthenzProviderConfig(String domain, String service) { + private static AthenzProviderServiceConfig getAthenzProviderConfig(String domain, String service, String dnsSuffix) { return new AthenzProviderServiceConfig( new AthenzProviderServiceConfig.Builder() .domain(domain) .serviceName(service) .port(PORT) .keyPathPrefix("dummy-path") - .certDnsSuffix("dnsSuffix") + .certDnsSuffix(dnsSuffix) .ztsUrl("localhost/zts") .athenzPrincipalHeaderName("Athenz-Principal-Auth") .apiPath("")); |