aboutsummaryrefslogtreecommitdiffstats
path: root/athenz-identity-provider-service/src/test
diff options
context:
space:
mode:
authorMorten Tokle <mortent@oath.com>2018-08-17 14:35:59 +0200
committerMorten Tokle <mortent@oath.com>2018-08-17 14:47:21 +0200
commitf7015e9c2d4614797f20672da2ac89f31f8ed37a (patch)
tree2492ecb3cdea4d3a3a46b93adb6a84b3a4f2a942 /athenz-identity-provider-service/src/test
parent748725984486ddc14eeeb54c71c3017e445ef5c2 (diff)
Validate refresh requests
Diffstat (limited to 'athenz-identity-provider-service/src/test')
-rw-r--r--athenz-identity-provider-service/src/test/java/com/yahoo/vespa/hosted/athenz/instanceproviderservice/instanceconfirmation/InstanceValidatorTest.java115
1 files changed, 101 insertions, 14 deletions
diff --git a/athenz-identity-provider-service/src/test/java/com/yahoo/vespa/hosted/athenz/instanceproviderservice/instanceconfirmation/InstanceValidatorTest.java b/athenz-identity-provider-service/src/test/java/com/yahoo/vespa/hosted/athenz/instanceproviderservice/instanceconfirmation/InstanceValidatorTest.java
index 56777325231..8beb8bda99f 100644
--- a/athenz-identity-provider-service/src/test/java/com/yahoo/vespa/hosted/athenz/instanceproviderservice/instanceconfirmation/InstanceValidatorTest.java
+++ b/athenz-identity-provider-service/src/test/java/com/yahoo/vespa/hosted/athenz/instanceproviderservice/instanceconfirmation/InstanceValidatorTest.java
@@ -1,6 +1,9 @@
// Copyright 2018 Yahoo Holdings. Licensed under the terms of the Apache 2.0 license. See LICENSE in the project root.
package com.yahoo.vespa.hosted.athenz.instanceproviderservice.instanceconfirmation;
+import com.google.common.collect.ImmutableList;
+import com.google.common.collect.ImmutableSet;
+import com.yahoo.component.Version;
import com.yahoo.config.model.api.ApplicationInfo;
import com.yahoo.config.model.api.HostInfo;
import com.yahoo.config.model.api.Model;
@@ -8,12 +11,22 @@ import com.yahoo.config.model.api.ServiceInfo;
import com.yahoo.config.model.api.SuperModel;
import com.yahoo.config.model.api.SuperModelProvider;
import com.yahoo.config.provision.ApplicationId;
+import com.yahoo.config.provision.ClusterMembership;
+import com.yahoo.config.provision.NodeType;
+import com.yahoo.vespa.athenz.identityprovider.api.IdentityType;
+import com.yahoo.vespa.athenz.identityprovider.api.VespaUniqueInstanceId;
+import com.yahoo.vespa.hosted.provision.Node;
+import com.yahoo.vespa.hosted.provision.NodeRepository;
+import com.yahoo.vespa.hosted.provision.testutils.MockNodeFlavors;
import org.junit.Test;
+import java.time.Instant;
+import java.util.ArrayList;
import java.util.Collections;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
+import java.util.Optional;
import java.util.function.Function;
import java.util.stream.Collectors;
import java.util.stream.IntStream;
@@ -29,6 +42,7 @@ import static org.mockito.Mockito.when;
/**
* @author valerijf
* @author bjorncs
+ * @author mortent
*/
public class InstanceValidatorTest {
@@ -36,11 +50,10 @@ public class InstanceValidatorTest {
private final String domain = "domain";
private final String service = "service";
-
@Test
public void application_does_not_exist() {
SuperModelProvider superModelProvider = mockSuperModelProvider();
- InstanceValidator instanceValidator = new InstanceValidator(null, superModelProvider);
+ InstanceValidator instanceValidator = new InstanceValidator(null, superModelProvider, null);
assertFalse(instanceValidator.isSameIdentityAsInServicesXml(applicationId, domain, service));
}
@@ -49,7 +62,7 @@ public class InstanceValidatorTest {
public void application_does_not_have_domain_set() {
SuperModelProvider superModelProvider = mockSuperModelProvider(
mockApplicationInfo(applicationId, 5, Collections.emptyList()));
- InstanceValidator instanceValidator = new InstanceValidator(null, superModelProvider);
+ InstanceValidator instanceValidator = new InstanceValidator(null, superModelProvider, null);
assertFalse(instanceValidator.isSameIdentityAsInServicesXml(applicationId, domain, service));
}
@@ -57,11 +70,11 @@ public class InstanceValidatorTest {
@Test
public void application_has_wrong_domain() {
ServiceInfo serviceInfo = new ServiceInfo("serviceName", "type", Collections.emptyList(),
- Collections.singletonMap(SERVICE_PROPERTIES_DOMAIN_KEY, "not-domain"), "confId", "hostName");
+ Collections.singletonMap(SERVICE_PROPERTIES_DOMAIN_KEY, "not-domain"), "confId", "hostName");
SuperModelProvider superModelProvider = mockSuperModelProvider(
mockApplicationInfo(applicationId, 5, Collections.singletonList(serviceInfo)));
- InstanceValidator instanceValidator = new InstanceValidator(null, superModelProvider);
+ InstanceValidator instanceValidator = new InstanceValidator(null, superModelProvider, null);
assertFalse(instanceValidator.isSameIdentityAsInServicesXml(applicationId, domain, service));
}
@@ -73,24 +86,82 @@ public class InstanceValidatorTest {
properties.put(SERVICE_PROPERTIES_SERVICE_KEY, service);
ServiceInfo serviceInfo = new ServiceInfo("serviceName", "type", Collections.emptyList(),
- properties, "confId", "hostName");
+ properties, "confId", "hostName");
SuperModelProvider superModelProvider = mockSuperModelProvider(
mockApplicationInfo(applicationId, 5, Collections.singletonList(serviceInfo)));
- InstanceValidator instanceValidator = new InstanceValidator(null, superModelProvider);
+ InstanceValidator instanceValidator = new InstanceValidator(null, superModelProvider, null);
assertTrue(instanceValidator.isSameIdentityAsInServicesXml(applicationId, domain, service));
}
+ @Test
+ public void accepts_valid_refresh_requests() {
+ NodeRepository nodeRepository = mock(NodeRepository.class);
+ InstanceValidator instanceValidator = new InstanceValidator(null, null, nodeRepository);
+
+ List<Node> nodeList = createNodes(10);
+ Node node = nodeList.get(0);
+ nodeList = allocateNode(nodeList, node, applicationId);
+ when(nodeRepository.getNodes()).thenReturn(nodeList);
+ String nodeIp = node.ipAddresses().stream().findAny().orElseThrow(() -> new RuntimeException("No ipaddress for mocked node"));
+ InstanceConfirmation instanceConfirmation = createRefreshInstanceConfirmation(ImmutableList.of(nodeIp), applicationId);
+
+ assertTrue(instanceValidator.isValidRefresh(instanceConfirmation));
+ }
+
+ @Test
+ public void rejects_refresh_on_ip_mismatch() {
+ NodeRepository nodeRepository = mock(NodeRepository.class);
+ InstanceValidator instanceValidator = new InstanceValidator(null, null, nodeRepository);
+
+ List<Node> nodeList = createNodes(10);
+ Node node = nodeList.get(0);
+ nodeList = allocateNode(nodeList, node, applicationId);
+ when(nodeRepository.getNodes()).thenReturn(nodeList);
+ String nodeIp = node.ipAddresses().stream().findAny().orElseThrow(() -> new RuntimeException("No ipaddress for mocked node"));
+
+ // Add invalid ip to list of ip addresses
+ InstanceConfirmation instanceConfirmation = createRefreshInstanceConfirmation(ImmutableList.of(nodeIp, "::ff"), applicationId);
+
+ assertFalse(instanceValidator.isValidRefresh(instanceConfirmation));
+ }
+
+ @Test
+ public void rejects_refresh_when_node_is_not_allocated() {
+ NodeRepository nodeRepository = mock(NodeRepository.class);
+ InstanceValidator instanceValidator = new InstanceValidator(null, null, nodeRepository);
+
+ List<Node> nodeList = createNodes(10);
+ when(nodeRepository.getNodes()).thenReturn(nodeList);
+ InstanceConfirmation instanceConfirmation = createRefreshInstanceConfirmation(ImmutableList.of("::11"), applicationId);
+
+ assertFalse(instanceValidator.isValidRefresh(instanceConfirmation));
+
+ }
+
+ private InstanceConfirmation createRefreshInstanceConfirmation(List<String> ips, ApplicationId applicationId) {
+ InstanceConfirmation instanceConfirmation = new InstanceConfirmation(
+ "vespa.vespa.cd.provider_dev_us-north-1",
+ "vespa.vespa.cd",
+ "tenant",
+ null);
+
+ instanceConfirmation.set("sanIP", String.join(",", ips));
+ VespaUniqueInstanceId vespaUniqueInstanceId = new VespaUniqueInstanceId(0, "default", applicationId.instance().value(), applicationId.application().value(), applicationId.tenant().value(), "us-north-1", "dev", IdentityType.NODE);
+ instanceConfirmation.set("sanDNS", vespaUniqueInstanceId.asDottedString() + ".instanceid.athenz.dev-us-north-1.vespa.yahoo.cloud");
+ return instanceConfirmation;
+ }
+
private SuperModelProvider mockSuperModelProvider(ApplicationInfo... appInfos) {
SuperModel superModel = new SuperModel(Stream.of(appInfos)
- .collect(Collectors.groupingBy(
- appInfo -> appInfo.getApplicationId().tenant(),
- Collectors.toMap(
- ApplicationInfo::getApplicationId,
- Function.identity()
- )
- )));
+ .collect(Collectors.groupingBy(
+ appInfo -> appInfo.getApplicationId().tenant(),
+ Collectors.toMap(
+ ApplicationInfo::getApplicationId,
+ Function.identity()
+ )
+ )));
SuperModelProvider superModelProvider = mock(SuperModelProvider.class);
when(superModelProvider.getSuperModel()).thenReturn(superModel);
@@ -107,4 +178,20 @@ public class InstanceValidatorTest {
return new ApplicationInfo(appId, 0, model);
}
+
+ private List<Node> createNodes(int num) {
+ MockNodeFlavors flavors = new MockNodeFlavors();
+ List<Node> nodeList = new ArrayList<>();
+ for (int i = 0; i < num; i++) {
+ Node node = Node.create("foo" + i, ImmutableSet.of("::1" + i, "::2" + i, "::3" + i), Collections.emptySet(), "foo" + i, Optional.empty(), flavors.getFlavorOrThrow("default"), NodeType.tenant);
+ nodeList.add(node);
+ }
+ return nodeList;
+ }
+
+ private List<Node> allocateNode(List<Node> nodeList, Node node, ApplicationId applicationId) {
+ nodeList.removeIf(n -> n.openStackId().equals(node.openStackId()));
+ nodeList.add(node.allocate(applicationId, ClusterMembership.from("container/default/0/0", Version.fromString("6.123.4")), Instant.now()));
+ return nodeList;
+ }
}