Test registration with ZTS client

author: Martin Polden <mpolden@mpolden.no> 2019-09-20 15:04:32 +0200
committer: Martin Polden <mpolden@mpolden.no> 2019-09-20 15:32:52 +0200
commit: 00c7e655dfb56f00e8451b2aaaee44189077b433 (patch)
tree: 92147546c67f74f82869f299f5ea20b3264dc73c /athenz-identity-provider-service
parent: 3b0db309add7a123dcd2e1efc0952048bc6b2d72 (diff)
2 files changed, 20 insertions, 5 deletions
diff --git a/athenz-identity-provider-service/src/test/java/com/yahoo/vespa/hosted/ca/restapi/CertificateAuthorityApiTest.java b/athenz-identity-provider-service/src/test/java/com/yahoo/vespa/hosted/ca/restapi/CertificateAuthorityApiTest.java
index 1598f69a5f4..4393c3a25b9 100644
--- a/athenz-identity-provider-service/src/test/java/com/yahoo/vespa/hosted/ca/restapi/CertificateAuthorityApiTest.java
+++ b/athenz-identity-provider-service/src/test/java/com/yahoo/vespa/hosted/ca/restapi/CertificateAuthorityApiTest.java
@@ -7,11 +7,15 @@ import com.yahoo.security.KeyUtils;
 import com.yahoo.security.Pkcs10Csr;
 import com.yahoo.security.Pkcs10CsrUtils;
 import com.yahoo.security.X509CertificateUtils;
+import com.yahoo.vespa.athenz.api.AthenzService;
+import com.yahoo.vespa.athenz.client.zts.DefaultZtsClient;
 import com.yahoo.vespa.config.SlimeUtils;
 import com.yahoo.vespa.hosted.ca.CertificateTester;
 import org.junit.Before;
 import org.junit.Test;
 
+import javax.net.ssl.SSLContext;
+import java.net.URI;
 import java.nio.charset.StandardCharsets;
 
 import static org.junit.Assert.assertEquals;
@@ -28,25 +32,33 @@ public class CertificateAuthorityApiTest extends ContainerTester {
     }
 
     @Test
-    public void register_instance() {
+    public void register_instance() throws Exception {
         // POST instance registration
         var csr = CertificateTester.createCsr("node1.example.com");
-        assertRegistration(new Request("http://localhost:8080/ca/v1/instance/",
+        assertRegistration(new Request("http://localhost:12345/ca/v1/instance/",
                                        instanceRegistrationJson(csr),
                                        Request.Method.POST));
+
+        // POST instance registration with ZTS client
+        var ztsClient = new DefaultZtsClient(URI.create("http://localhost:12345/ca/v1/"), SSLContext.getDefault());
+        var instanceIdentity = ztsClient.registerInstance(new AthenzService("vespa.external", "provider_prod_us-north-1"),
+                                                          new AthenzService("vespa.external", "tenant"),
+                                                          "identity document generated by config server",
+                                                          csr);
+        assertEquals("CN=Vespa CA", instanceIdentity.certificate().getIssuerX500Principal().getName());
     }
 
     @Test
     public void invalid_register_instance() {
         // POST instance registration with missing fields
         assertResponse(400, "{\"error-code\":\"BAD_REQUEST\",\"message\":\"Missing required field 'provider'\"}",
-                       new Request("http://localhost:8080/ca/v1/instance/",
+                       new Request("http://localhost:12345/ca/v1/instance/",
                                    new byte[0],
                                    Request.Method.POST));
 
         // POST instance registration without DNS name in CSR
         var csr = CertificateTester.createCsr();
-        var request = new Request("http://localhost:8080/ca/v1/instance/",
+        var request = new Request("http://localhost:12345/ca/v1/instance/",
                                   instanceRegistrationJson(csr),
                                   Request.Method.POST);
         assertResponse(400, "{\"error-code\":\"BAD_REQUEST\",\"message\":\"DNS name not found in CSR\"}", request);
diff --git a/athenz-identity-provider-service/src/test/java/com/yahoo/vespa/hosted/ca/restapi/ContainerTester.java b/athenz-identity-provider-service/src/test/java/com/yahoo/vespa/hosted/ca/restapi/ContainerTester.java
index 6cc86839290..2ca45cf7e56 100644
--- a/athenz-identity-provider-service/src/test/java/com/yahoo/vespa/hosted/ca/restapi/ContainerTester.java
+++ b/athenz-identity-provider-service/src/test/java/com/yahoo/vespa/hosted/ca/restapi/ContainerTester.java
@@ -25,7 +25,7 @@ public class ContainerTester {
 
     @Before
     public void startContainer() {
-        container = JDisc.fromServicesXml(servicesXml(), Networking.disable);
+        container = JDisc.fromServicesXml(servicesXml(), Networking.enable);
     }
 
     @After
@@ -63,6 +63,9 @@ public class ContainerTester {
                "  <handler id='com.yahoo.vespa.hosted.ca.restapi.CertificateAuthorityApiHandler'>\n" +
                "    <binding>http://*/ca/v1/*</binding>\n" +
                "  </handler>\n" +
+               "  <http>\n" +
+               "    <server id='default' port='12345'/>\n" +
+               "  </http>\n" +
                "</container>";
     }
author	Martin Polden <mpolden@mpolden.no>	2019-09-20 15:04:32 +0200
committer	Martin Polden <mpolden@mpolden.no>	2019-09-20 15:32:52 +0200
commit	00c7e655dfb56f00e8451b2aaaee44189077b433 (patch)
tree	92147546c67f74f82869f299f5ea20b3264dc73c /athenz-identity-provider-service
parent	3b0db309add7a123dcd2e1efc0952048bc6b2d72 (diff)