diff options
author | Bjørn Christian Seime <bjorncs@vespa.ai> | 2024-01-29 07:53:44 +0100 |
---|---|---|
committer | Bjørn Christian Seime <bjorncs@vespa.ai> | 2024-01-29 07:53:44 +0100 |
commit | a8e44e20d15093d1aadeba946fea75b7674dc00c (patch) | |
tree | 72e657ff53ad37f689086d16981343207b2bf1b0 /config-model/src/test/java/com/yahoo | |
parent | 6992a234c6e474dbe95e446bd1cdc50bdb452414 (diff) |
Revert "Revert "Validate applied permissions in config model""
This reverts commit 1c97bdea2713238c87e44440cb03c913911090d2.
Diffstat (limited to 'config-model/src/test/java/com/yahoo')
-rw-r--r-- | config-model/src/test/java/com/yahoo/vespa/model/container/xml/CloudTokenDataPlaneFilterTest.java | 23 |
1 files changed, 20 insertions, 3 deletions
diff --git a/config-model/src/test/java/com/yahoo/vespa/model/container/xml/CloudTokenDataPlaneFilterTest.java b/config-model/src/test/java/com/yahoo/vespa/model/container/xml/CloudTokenDataPlaneFilterTest.java index c89ea421b39..1c5eb16be80 100644 --- a/config-model/src/test/java/com/yahoo/vespa/model/container/xml/CloudTokenDataPlaneFilterTest.java +++ b/config-model/src/test/java/com/yahoo/vespa/model/container/xml/CloudTokenDataPlaneFilterTest.java @@ -16,7 +16,6 @@ import com.yahoo.config.provision.SystemName; import com.yahoo.config.provision.Zone; import com.yahoo.jdisc.http.ConnectorConfig; import com.yahoo.jdisc.http.filter.security.cloud.config.CloudTokenDataPlaneFilterConfig; -import com.yahoo.processing.response.Data; import com.yahoo.vespa.model.container.ApplicationContainer; import com.yahoo.vespa.model.container.ContainerModel; import com.yahoo.vespa.model.container.http.ConnectorFactory; @@ -41,14 +40,14 @@ import static com.yahoo.vespa.model.container.xml.CloudDataPlaneFilterTest.creat import static org.junit.jupiter.api.Assertions.assertEquals; import static org.junit.jupiter.api.Assertions.assertFalse; import static org.junit.jupiter.api.Assertions.assertNotNull; -import static org.junit.jupiter.api.Assertions.assertNull; +import static org.junit.jupiter.api.Assertions.assertThrows; public class CloudTokenDataPlaneFilterTest extends ContainerModelBuilderTestBase { private static final String servicesXmlTemplate = """ <container version='1.0'> <clients> - <client id="foo" permissions="read,write"> + <client id="foo" permissions="read, write"> <certificate file="%s"/> </client> <client id="bar" permissions="read"> @@ -145,6 +144,24 @@ public class CloudTokenDataPlaneFilterTest extends ContainerModelBuilderTestBase } + @Test + void fails_on_unknown_permission() throws IOException { + var certFile = securityFolder.resolve("foo.pem"); + var servicesXml = """ + <container version='1.0'> + <clients> + <client id="foo" permissions="read,unknown-permission"> + <certificate file="%s"/> + </client> + </clients> + </container> + """.formatted(applicationFolder.toPath().relativize(certFile).toString()); + var clusterElem = DomBuilderTest.parse(servicesXml); + createCertificate(certFile); + var exception = assertThrows(IllegalArgumentException.class, () -> buildModel(Set.of(mtlsEndpoint), defaultTokens, clusterElem)); + assertEquals("Invalid permission 'unknown-permission'. Valid values are 'read' and 'write'.", exception.getMessage()); + } + private static CloudTokenDataPlaneFilterConfig.Clients.Tokens tokenConfig( String id, Collection<String> fingerprints, Collection<String> accessCheckHashes, Collection<String> expirations) { return new CloudTokenDataPlaneFilterConfig.Clients.Tokens.Builder() |