diff options
author | Morten Tokle <mortent@oath.com> | 2018-05-15 15:37:16 +0200 |
---|---|---|
committer | Morten Tokle <mortent@oath.com> | 2018-05-15 15:38:51 +0200 |
commit | 361c71b0824189ac7457df3b8afdd86459a0bb62 (patch) | |
tree | 5e5d67ad1bcf12a44a6bf1dc7c49605705537710 /athenz-identity-provider-service/src/test | |
parent | 74756be02f0ee8c0bd2127bd101c8d1029a12d6c (diff) |
Append parent ips to identity document
Diffstat (limited to 'athenz-identity-provider-service/src/test')
-rw-r--r-- | athenz-identity-provider-service/src/test/java/com/yahoo/vespa/hosted/athenz/instanceproviderservice/identitydocument/IdentityDocumentGeneratorTest.java | 44 |
1 files changed, 29 insertions, 15 deletions
diff --git a/athenz-identity-provider-service/src/test/java/com/yahoo/vespa/hosted/athenz/instanceproviderservice/identitydocument/IdentityDocumentGeneratorTest.java b/athenz-identity-provider-service/src/test/java/com/yahoo/vespa/hosted/athenz/instanceproviderservice/identitydocument/IdentityDocumentGeneratorTest.java index 4e84fefbe53..8b4c06c2867 100644 --- a/athenz-identity-provider-service/src/test/java/com/yahoo/vespa/hosted/athenz/instanceproviderservice/identitydocument/IdentityDocumentGeneratorTest.java +++ b/athenz-identity-provider-service/src/test/java/com/yahoo/vespa/hosted/athenz/instanceproviderservice/identitydocument/IdentityDocumentGeneratorTest.java @@ -24,6 +24,7 @@ import com.yahoo.vespa.hosted.provision.NodeRepository; import com.yahoo.vespa.hosted.provision.node.Allocation; import com.yahoo.vespa.hosted.provision.node.Generation; import com.yahoo.vespa.hosted.provision.testutils.MockNodeFlavors; +import org.hamcrest.Matchers; import org.junit.Test; import java.util.HashSet; @@ -31,6 +32,7 @@ import java.util.Optional; import static com.yahoo.vespa.hosted.athenz.instanceproviderservice.TestUtils.getAthenzProviderConfig; import static org.junit.Assert.assertEquals; +import static org.junit.Assert.assertThat; import static org.junit.Assert.assertTrue; import static org.mockito.Matchers.eq; import static org.mockito.Mockito.mock; @@ -44,35 +46,43 @@ public class IdentityDocumentGeneratorTest { @Test public void generates_valid_identity_document() throws Exception { - String hostname = "x.y.com"; + String parentHostname = "docker-host"; + String containerHostname = "docker-container"; ApplicationId appid = ApplicationId.from( TenantName.from("tenant"), ApplicationName.from("application"), InstanceName.from("default")); Allocation allocation = new Allocation(appid, - ClusterMembership.from("container/default/0/0", Version.fromString("1.2.3")), - Generation.inital(), - false); - Node n = Node.create("ostkid", - ImmutableSet.of("127.0.0.1"), - new HashSet<>(), - hostname, - Optional.empty(), - new MockNodeFlavors().getFlavorOrThrow("default"), - NodeType.tenant) + ClusterMembership.from("container/default/0/0", Version.fromString("1.2.3")), + Generation.inital(), + false); + Node parentNode = Node.create("ostkid", + ImmutableSet.of("127.0.0.1"), + new HashSet<>(), + parentHostname, + Optional.empty(), + new MockNodeFlavors().getFlavorOrThrow("default"), + NodeType.host); + Node containerNode = Node.createDockerNode("docker-1", + ImmutableSet.of("::1"), + new HashSet<>(), + containerHostname, + Optional.of(parentHostname), + new MockNodeFlavors().getFlavorOrThrow("default"), + NodeType.tenant) .with(allocation); - NodeRepository nodeRepository = mock(NodeRepository.class); - when(nodeRepository.getNode(eq(hostname))).thenReturn(Optional.of(n)); + when(nodeRepository.getNode(eq(parentHostname))).thenReturn(Optional.of(parentNode)); + when(nodeRepository.getNode(eq(containerHostname))).thenReturn(Optional.of(containerNode)); AutoGeneratedKeyProvider keyProvider = new AutoGeneratedKeyProvider(); String dnsSuffix = "vespa.dns.suffix"; AthenzProviderServiceConfig config = getAthenzProviderConfig("domain", "service", dnsSuffix, ZONE); IdentityDocumentGenerator identityDocumentGenerator = new IdentityDocumentGenerator(config, nodeRepository, ZONE, keyProvider); - SignedIdentityDocument signedIdentityDocument = identityDocumentGenerator.generateSignedIdentityDocument(hostname); + SignedIdentityDocument signedIdentityDocument = identityDocumentGenerator.generateSignedIdentityDocument(containerHostname); // Verify attributes - assertEquals(hostname, signedIdentityDocument.identityDocument.instanceHostname); + assertEquals(containerHostname, signedIdentityDocument.identityDocument.instanceHostname); String environment = "dev"; String region = "us-north-1"; @@ -83,9 +93,13 @@ public class IdentityDocumentGeneratorTest { new ProviderUniqueId("tenant", "application", environment, region, "default", "default", 0); assertEquals(expectedProviderUniqueId, signedIdentityDocument.identityDocument.providerUniqueId); + // Validate that both parent and container ips are present + assertThat(signedIdentityDocument.identityDocument.ipAddresses, Matchers.containsInAnyOrder("127.0.0.1", "::1")); + // Validate signature assertTrue("Message", InstanceValidator.isSignatureValid(keyProvider.getPublicKey(0), signedIdentityDocument.rawIdentityDocument, signedIdentityDocument.signature)); + } } |