diff options
author | Morten Tokle <mortent@oath.com> | 2018-08-17 14:35:59 +0200 |
---|---|---|
committer | Morten Tokle <mortent@oath.com> | 2018-08-17 14:47:21 +0200 |
commit | f7015e9c2d4614797f20672da2ac89f31f8ed37a (patch) | |
tree | 2492ecb3cdea4d3a3a46b93adb6a84b3a4f2a942 /athenz-identity-provider-service/src/test | |
parent | 748725984486ddc14eeeb54c71c3017e445ef5c2 (diff) |
Validate refresh requests
Diffstat (limited to 'athenz-identity-provider-service/src/test')
-rw-r--r-- | athenz-identity-provider-service/src/test/java/com/yahoo/vespa/hosted/athenz/instanceproviderservice/instanceconfirmation/InstanceValidatorTest.java | 115 |
1 files changed, 101 insertions, 14 deletions
diff --git a/athenz-identity-provider-service/src/test/java/com/yahoo/vespa/hosted/athenz/instanceproviderservice/instanceconfirmation/InstanceValidatorTest.java b/athenz-identity-provider-service/src/test/java/com/yahoo/vespa/hosted/athenz/instanceproviderservice/instanceconfirmation/InstanceValidatorTest.java index 56777325231..8beb8bda99f 100644 --- a/athenz-identity-provider-service/src/test/java/com/yahoo/vespa/hosted/athenz/instanceproviderservice/instanceconfirmation/InstanceValidatorTest.java +++ b/athenz-identity-provider-service/src/test/java/com/yahoo/vespa/hosted/athenz/instanceproviderservice/instanceconfirmation/InstanceValidatorTest.java @@ -1,6 +1,9 @@ // Copyright 2018 Yahoo Holdings. Licensed under the terms of the Apache 2.0 license. See LICENSE in the project root. package com.yahoo.vespa.hosted.athenz.instanceproviderservice.instanceconfirmation; +import com.google.common.collect.ImmutableList; +import com.google.common.collect.ImmutableSet; +import com.yahoo.component.Version; import com.yahoo.config.model.api.ApplicationInfo; import com.yahoo.config.model.api.HostInfo; import com.yahoo.config.model.api.Model; @@ -8,12 +11,22 @@ import com.yahoo.config.model.api.ServiceInfo; import com.yahoo.config.model.api.SuperModel; import com.yahoo.config.model.api.SuperModelProvider; import com.yahoo.config.provision.ApplicationId; +import com.yahoo.config.provision.ClusterMembership; +import com.yahoo.config.provision.NodeType; +import com.yahoo.vespa.athenz.identityprovider.api.IdentityType; +import com.yahoo.vespa.athenz.identityprovider.api.VespaUniqueInstanceId; +import com.yahoo.vespa.hosted.provision.Node; +import com.yahoo.vespa.hosted.provision.NodeRepository; +import com.yahoo.vespa.hosted.provision.testutils.MockNodeFlavors; import org.junit.Test; +import java.time.Instant; +import java.util.ArrayList; import java.util.Collections; import java.util.HashMap; import java.util.List; import java.util.Map; +import java.util.Optional; import java.util.function.Function; import java.util.stream.Collectors; import java.util.stream.IntStream; @@ -29,6 +42,7 @@ import static org.mockito.Mockito.when; /** * @author valerijf * @author bjorncs + * @author mortent */ public class InstanceValidatorTest { @@ -36,11 +50,10 @@ public class InstanceValidatorTest { private final String domain = "domain"; private final String service = "service"; - @Test public void application_does_not_exist() { SuperModelProvider superModelProvider = mockSuperModelProvider(); - InstanceValidator instanceValidator = new InstanceValidator(null, superModelProvider); + InstanceValidator instanceValidator = new InstanceValidator(null, superModelProvider, null); assertFalse(instanceValidator.isSameIdentityAsInServicesXml(applicationId, domain, service)); } @@ -49,7 +62,7 @@ public class InstanceValidatorTest { public void application_does_not_have_domain_set() { SuperModelProvider superModelProvider = mockSuperModelProvider( mockApplicationInfo(applicationId, 5, Collections.emptyList())); - InstanceValidator instanceValidator = new InstanceValidator(null, superModelProvider); + InstanceValidator instanceValidator = new InstanceValidator(null, superModelProvider, null); assertFalse(instanceValidator.isSameIdentityAsInServicesXml(applicationId, domain, service)); } @@ -57,11 +70,11 @@ public class InstanceValidatorTest { @Test public void application_has_wrong_domain() { ServiceInfo serviceInfo = new ServiceInfo("serviceName", "type", Collections.emptyList(), - Collections.singletonMap(SERVICE_PROPERTIES_DOMAIN_KEY, "not-domain"), "confId", "hostName"); + Collections.singletonMap(SERVICE_PROPERTIES_DOMAIN_KEY, "not-domain"), "confId", "hostName"); SuperModelProvider superModelProvider = mockSuperModelProvider( mockApplicationInfo(applicationId, 5, Collections.singletonList(serviceInfo))); - InstanceValidator instanceValidator = new InstanceValidator(null, superModelProvider); + InstanceValidator instanceValidator = new InstanceValidator(null, superModelProvider, null); assertFalse(instanceValidator.isSameIdentityAsInServicesXml(applicationId, domain, service)); } @@ -73,24 +86,82 @@ public class InstanceValidatorTest { properties.put(SERVICE_PROPERTIES_SERVICE_KEY, service); ServiceInfo serviceInfo = new ServiceInfo("serviceName", "type", Collections.emptyList(), - properties, "confId", "hostName"); + properties, "confId", "hostName"); SuperModelProvider superModelProvider = mockSuperModelProvider( mockApplicationInfo(applicationId, 5, Collections.singletonList(serviceInfo))); - InstanceValidator instanceValidator = new InstanceValidator(null, superModelProvider); + InstanceValidator instanceValidator = new InstanceValidator(null, superModelProvider, null); assertTrue(instanceValidator.isSameIdentityAsInServicesXml(applicationId, domain, service)); } + @Test + public void accepts_valid_refresh_requests() { + NodeRepository nodeRepository = mock(NodeRepository.class); + InstanceValidator instanceValidator = new InstanceValidator(null, null, nodeRepository); + + List<Node> nodeList = createNodes(10); + Node node = nodeList.get(0); + nodeList = allocateNode(nodeList, node, applicationId); + when(nodeRepository.getNodes()).thenReturn(nodeList); + String nodeIp = node.ipAddresses().stream().findAny().orElseThrow(() -> new RuntimeException("No ipaddress for mocked node")); + InstanceConfirmation instanceConfirmation = createRefreshInstanceConfirmation(ImmutableList.of(nodeIp), applicationId); + + assertTrue(instanceValidator.isValidRefresh(instanceConfirmation)); + } + + @Test + public void rejects_refresh_on_ip_mismatch() { + NodeRepository nodeRepository = mock(NodeRepository.class); + InstanceValidator instanceValidator = new InstanceValidator(null, null, nodeRepository); + + List<Node> nodeList = createNodes(10); + Node node = nodeList.get(0); + nodeList = allocateNode(nodeList, node, applicationId); + when(nodeRepository.getNodes()).thenReturn(nodeList); + String nodeIp = node.ipAddresses().stream().findAny().orElseThrow(() -> new RuntimeException("No ipaddress for mocked node")); + + // Add invalid ip to list of ip addresses + InstanceConfirmation instanceConfirmation = createRefreshInstanceConfirmation(ImmutableList.of(nodeIp, "::ff"), applicationId); + + assertFalse(instanceValidator.isValidRefresh(instanceConfirmation)); + } + + @Test + public void rejects_refresh_when_node_is_not_allocated() { + NodeRepository nodeRepository = mock(NodeRepository.class); + InstanceValidator instanceValidator = new InstanceValidator(null, null, nodeRepository); + + List<Node> nodeList = createNodes(10); + when(nodeRepository.getNodes()).thenReturn(nodeList); + InstanceConfirmation instanceConfirmation = createRefreshInstanceConfirmation(ImmutableList.of("::11"), applicationId); + + assertFalse(instanceValidator.isValidRefresh(instanceConfirmation)); + + } + + private InstanceConfirmation createRefreshInstanceConfirmation(List<String> ips, ApplicationId applicationId) { + InstanceConfirmation instanceConfirmation = new InstanceConfirmation( + "vespa.vespa.cd.provider_dev_us-north-1", + "vespa.vespa.cd", + "tenant", + null); + + instanceConfirmation.set("sanIP", String.join(",", ips)); + VespaUniqueInstanceId vespaUniqueInstanceId = new VespaUniqueInstanceId(0, "default", applicationId.instance().value(), applicationId.application().value(), applicationId.tenant().value(), "us-north-1", "dev", IdentityType.NODE); + instanceConfirmation.set("sanDNS", vespaUniqueInstanceId.asDottedString() + ".instanceid.athenz.dev-us-north-1.vespa.yahoo.cloud"); + return instanceConfirmation; + } + private SuperModelProvider mockSuperModelProvider(ApplicationInfo... appInfos) { SuperModel superModel = new SuperModel(Stream.of(appInfos) - .collect(Collectors.groupingBy( - appInfo -> appInfo.getApplicationId().tenant(), - Collectors.toMap( - ApplicationInfo::getApplicationId, - Function.identity() - ) - ))); + .collect(Collectors.groupingBy( + appInfo -> appInfo.getApplicationId().tenant(), + Collectors.toMap( + ApplicationInfo::getApplicationId, + Function.identity() + ) + ))); SuperModelProvider superModelProvider = mock(SuperModelProvider.class); when(superModelProvider.getSuperModel()).thenReturn(superModel); @@ -107,4 +178,20 @@ public class InstanceValidatorTest { return new ApplicationInfo(appId, 0, model); } + + private List<Node> createNodes(int num) { + MockNodeFlavors flavors = new MockNodeFlavors(); + List<Node> nodeList = new ArrayList<>(); + for (int i = 0; i < num; i++) { + Node node = Node.create("foo" + i, ImmutableSet.of("::1" + i, "::2" + i, "::3" + i), Collections.emptySet(), "foo" + i, Optional.empty(), flavors.getFlavorOrThrow("default"), NodeType.tenant); + nodeList.add(node); + } + return nodeList; + } + + private List<Node> allocateNode(List<Node> nodeList, Node node, ApplicationId applicationId) { + nodeList.removeIf(n -> n.openStackId().equals(node.openStackId())); + nodeList.add(node.allocate(applicationId, ClusterMembership.from("container/default/0/0", Version.fromString("6.123.4")), Instant.now())); + return nodeList; + } } |