diff options
author | Morten Tokle <mortent@vespa.ai> | 2024-04-17 22:53:16 +0200 |
---|---|---|
committer | Morten Tokle <mortent@vespa.ai> | 2024-04-17 22:54:57 +0200 |
commit | 2b264b1ac241ab7b27a0c3c37749daaad16c0c8e (patch) | |
tree | 0d4231cee30987fd0b17cf0e02ad482473394bf5 /config-model/src/test/java/com/yahoo/vespa/model/container | |
parent | 83b0e810215725e86b0066c1bead886c5bc5ac9d (diff) |
Check for duplicate clients
Diffstat (limited to 'config-model/src/test/java/com/yahoo/vespa/model/container')
-rw-r--r-- | config-model/src/test/java/com/yahoo/vespa/model/container/xml/CloudTokenDataPlaneFilterTest.java | 30 |
1 files changed, 30 insertions, 0 deletions
diff --git a/config-model/src/test/java/com/yahoo/vespa/model/container/xml/CloudTokenDataPlaneFilterTest.java b/config-model/src/test/java/com/yahoo/vespa/model/container/xml/CloudTokenDataPlaneFilterTest.java index 1c5eb16be80..fa09d3c1890 100644 --- a/config-model/src/test/java/com/yahoo/vespa/model/container/xml/CloudTokenDataPlaneFilterTest.java +++ b/config-model/src/test/java/com/yahoo/vespa/model/container/xml/CloudTokenDataPlaneFilterTest.java @@ -162,6 +162,36 @@ public class CloudTokenDataPlaneFilterTest extends ContainerModelBuilderTestBase assertEquals("Invalid permission 'unknown-permission'. Valid values are 'read' and 'write'.", exception.getMessage()); } + @Test + void fails_on_duplicate_clients() throws IOException { + var certFile = securityFolder.resolve("foo.pem"); + var servicesXml = """ + <container version="1.0"> + <clients> + <client id="mtls" permissions="read,write"> + <certificate file="%1$s"/> + </client> + <client id="mtls" permissions="read,write"> + <certificate file="%1$s"/> + </client> + <client id="token1" permissions="read"> + <token id="my-token"/> + </client> + <client id="token2" permissions="read"> + <token id="my-token"/> + </client> + <client id="token1" permissions="read"> + <token id="my-token"/> + </client> + </clients> + </container> + """.formatted(applicationFolder.toPath().relativize(certFile).toString()); + var clusterElem = DomBuilderTest.parse(servicesXml); + createCertificate(certFile); + var exception = assertThrows(IllegalArgumentException.class, () -> buildModel(Set.of(mtlsEndpoint), defaultTokens, clusterElem)); + assertEquals("Duplicate client ids: [mtls, token1]", exception.getMessage()); + } + private static CloudTokenDataPlaneFilterConfig.Clients.Tokens tokenConfig( String id, Collection<String> fingerprints, Collection<String> accessCheckHashes, Collection<String> expirations) { return new CloudTokenDataPlaneFilterConfig.Clients.Tokens.Builder() |