diff options
author | gjoranv <gv@verizonmedia.com> | 2022-07-05 16:59:19 +0200 |
---|---|---|
committer | gjoranv <gv@verizonmedia.com> | 2022-07-05 20:23:10 +0200 |
commit | ca990c9b5e2d643cc09a04fffd5949a078d226cb (patch) | |
tree | 64bcb9ca70b2b5b7582daf375972ac4d07ddd8ec /config-model/src/test/java/com | |
parent | 96f0cf9971eb266ae398e357e2eff36a3c8e9285 (diff) |
Move secret store related test to new subclass.
Diffstat (limited to 'config-model/src/test/java/com')
3 files changed, 139 insertions, 113 deletions
diff --git a/config-model/src/test/java/com/yahoo/vespa/model/container/xml/ContainerModelBuilderTest.java b/config-model/src/test/java/com/yahoo/vespa/model/container/xml/ContainerModelBuilderTest.java index d9831bed787..3a241d9607f 100644 --- a/config-model/src/test/java/com/yahoo/vespa/model/container/xml/ContainerModelBuilderTest.java +++ b/config-model/src/test/java/com/yahoo/vespa/model/container/xml/ContainerModelBuilderTest.java @@ -8,7 +8,6 @@ import com.yahoo.config.model.NullConfigModelRegistry; import com.yahoo.config.model.api.ApplicationClusterEndpoint; import com.yahoo.config.model.api.ContainerEndpoint; import com.yahoo.config.model.api.ModelContext; -import com.yahoo.config.model.api.TenantSecretStore; import com.yahoo.config.model.builder.xml.test.DomBuilderTest; import com.yahoo.config.model.deploy.DeployState; import com.yahoo.config.model.deploy.TestProperties; @@ -20,7 +19,6 @@ import com.yahoo.config.model.test.MockRoot; import com.yahoo.config.provision.Environment; import com.yahoo.config.provision.Flavor; import com.yahoo.config.provision.RegionName; -import com.yahoo.config.provision.SystemName; import com.yahoo.config.provision.Zone; import com.yahoo.config.provisioning.FlavorsConfig; import com.yahoo.container.ComponentsConfig; @@ -32,7 +30,6 @@ import com.yahoo.container.handler.VipStatusHandler; import com.yahoo.container.handler.metrics.MetricsV2Handler; import com.yahoo.container.handler.observability.ApplicationStatusHandler; import com.yahoo.container.jdisc.JdiscBindingsConfig; -import com.yahoo.container.jdisc.secretstore.SecretStoreConfig; import com.yahoo.container.usability.BindingsOverviewHandler; import com.yahoo.net.HostName; import com.yahoo.prelude.cluster.QrMonitorConfig; @@ -44,7 +41,6 @@ import com.yahoo.vespa.model.container.ApplicationContainer; import com.yahoo.vespa.model.container.ApplicationContainerCluster; import com.yahoo.vespa.model.container.ContainerCluster; import com.yahoo.vespa.model.container.ContainerModelEvaluation; -import com.yahoo.vespa.model.container.SecretStore; import com.yahoo.vespa.model.container.component.Component; import com.yahoo.vespa.model.content.utils.ContentClusterUtils; import com.yahoo.vespa.model.test.VespaModelTester; @@ -56,7 +52,6 @@ import org.xml.sax.SAXException; import java.io.IOException; import java.util.List; import java.util.Map; -import java.util.Optional; import java.util.Set; import java.util.function.Function; import java.util.logging.Level; @@ -574,104 +569,6 @@ public class ContainerModelBuilderTest extends ContainerModelBuilderTestBase { } @Test - public void secret_store_can_be_set_up() { - Element clusterElem = DomBuilderTest.parse( - "<container version='1.0'>", - " <secret-store type='oath-ckms'>", - " <group name='group1' environment='env1'/>", - " </secret-store>", - "</container>"); - createModel(root, clusterElem); - SecretStore secretStore = getContainerCluster("container").getSecretStore().get(); - assertEquals("group1", secretStore.getGroups().get(0).name); - assertEquals("env1", secretStore.getGroups().get(0).environment); - } - - @Test - public void cloud_secret_store_requires_configured_secret_store() { - Element clusterElem = DomBuilderTest.parse( - "<container version='1.0'>", - " <secret-store type='cloud'>", - " <store id='store'>", - " <aws-parameter-store account='store1' region='eu-north-1'/>", - " </store>", - " </secret-store>", - "</container>"); - try { - DeployState state = new DeployState.Builder() - .properties(new TestProperties().setHostedVespa(true)) - .zone(new Zone(SystemName.Public, Environment.prod, RegionName.defaultName())) - .build(); - createModel(root, state, null, clusterElem); - fail("secret store not defined"); - } catch (RuntimeException e) { - assertEquals("No configured secret store named store1", e.getMessage()); - } - } - - - @Test - public void cloud_secret_store_can_be_set_up() { - Element clusterElem = DomBuilderTest.parse( - "<container version='1.0'>", - " <secret-store type='cloud'>", - " <store id='store'>", - " <aws-parameter-store account='store1' region='eu-north-1'/>", - " </store>", - " </secret-store>", - "</container>"); - - DeployState state = new DeployState.Builder() - .properties( - new TestProperties() - .setHostedVespa(true) - .setTenantSecretStores(List.of(new TenantSecretStore("store1", "1234", "role", Optional.of("externalid"))))) - .zone(new Zone(SystemName.Public, Environment.prod, RegionName.defaultName())) - .build(); - createModel(root, state, null, clusterElem); - - ApplicationContainerCluster container = getContainerCluster("container"); - assertComponentConfigured(container, "com.yahoo.jdisc.cloud.aws.AwsParameterStore"); - CloudSecretStore secretStore = (CloudSecretStore) container.getComponentsMap().get(ComponentId.fromString("com.yahoo.jdisc.cloud.aws.AwsParameterStore")); - - - SecretStoreConfig.Builder configBuilder = new SecretStoreConfig.Builder(); - secretStore.getConfig(configBuilder); - SecretStoreConfig secretStoreConfig = configBuilder.build(); - - assertEquals(1, secretStoreConfig.awsParameterStores().size()); - assertEquals("store1", secretStoreConfig.awsParameterStores().get(0).name()); - } - - @Test - public void cloud_secret_store_fails_to_set_up_in_non_public_zone() { - try { - Element clusterElem = DomBuilderTest.parse( - "<container version='1.0'>", - " <secret-store type='cloud'>", - " <store id='store'>", - " <aws-parameter-store account='store1' region='eu-north-1'/>", - " </store>", - " </secret-store>", - "</container>"); - - DeployState state = new DeployState.Builder() - .properties( - new TestProperties() - .setHostedVespa(true) - .setTenantSecretStores(List.of(new TenantSecretStore("store1", "1234", "role", Optional.of("externalid"))))) - .zone(new Zone(SystemName.main, Environment.prod, RegionName.defaultName())) - .build(); - createModel(root, state, null, clusterElem); - } catch (RuntimeException e) { - assertEquals("Cloud secret store is not supported in non-public system, see the documentation", - e.getMessage()); - return; - } - fail(); - } - - @Test public void environment_vars_are_honoured() { Element clusterElem = DomBuilderTest.parse( "<container version='1.0'>", @@ -805,11 +702,6 @@ public class ContainerModelBuilderTest extends ContainerModelBuilderTestBase { logger.msgs.get(1).getSecond()); } - private void assertComponentConfigured(ApplicationContainerCluster cluster, String componentId) { - Component<?, ?> component = cluster.getComponentsMap().get(ComponentId.fromString(componentId)); - assertNotNull(component); - } - private void assertComponentConfigured(ApplicationContainer container, String id) { assertTrue(container.getComponents().getComponents().stream().anyMatch(component -> id.equals(component.getComponentId().getName()))); } diff --git a/config-model/src/test/java/com/yahoo/vespa/model/container/xml/ContainerModelBuilderTestBase.java b/config-model/src/test/java/com/yahoo/vespa/model/container/xml/ContainerModelBuilderTestBase.java index 7e8852ce85a..3d7b17d37e0 100644 --- a/config-model/src/test/java/com/yahoo/vespa/model/container/xml/ContainerModelBuilderTestBase.java +++ b/config-model/src/test/java/com/yahoo/vespa/model/container/xml/ContainerModelBuilderTestBase.java @@ -22,6 +22,8 @@ import java.util.Collections; import java.util.List; import java.util.logging.Level; +import static org.junit.Assert.assertNotNull; + /** * Utility functions for testing the ContainerModelBuilder. Note that XML validation will * not be done when using this class @@ -51,6 +53,11 @@ public abstract class ContainerModelBuilderTestBase { protected MockRoot root; + @Before + public void prepareTest() { + root = new MockRoot("root"); + } + protected void createBasicContainerModel() { Element clusterElem = DomBuilderTest.parse("<container id='default' version='1.0' />"); createModel(root, clusterElem); @@ -83,11 +90,6 @@ public abstract class ContainerModelBuilderTestBase { search.initializeSearchChains(Collections.emptyMap()); } - @Before - public void prepareTest() { - root = new MockRoot("root"); - } - protected ComponentsConfig componentsConfig() { return root.getConfig(ComponentsConfig.class, "default"); } @@ -109,4 +111,9 @@ public abstract class ContainerModelBuilderTestBase { ComponentId.fromString(componentId)); } + void assertComponentConfigured(ApplicationContainerCluster cluster, String componentId) { + Component<?, ?> component = cluster.getComponentsMap().get(ComponentId.fromString(componentId)); + assertNotNull(component); + } + } diff --git a/config-model/src/test/java/com/yahoo/vespa/model/container/xml/SecretStoreTest.java b/config-model/src/test/java/com/yahoo/vespa/model/container/xml/SecretStoreTest.java new file mode 100644 index 00000000000..8c6eee72cde --- /dev/null +++ b/config-model/src/test/java/com/yahoo/vespa/model/container/xml/SecretStoreTest.java @@ -0,0 +1,127 @@ +package com.yahoo.vespa.model.container.xml; + +import com.yahoo.component.ComponentId; +import com.yahoo.config.model.api.TenantSecretStore; +import com.yahoo.config.model.builder.xml.test.DomBuilderTest; +import com.yahoo.config.model.deploy.DeployState; +import com.yahoo.config.model.deploy.TestProperties; +import com.yahoo.config.provision.Environment; +import com.yahoo.config.provision.RegionName; +import com.yahoo.config.provision.SystemName; +import com.yahoo.config.provision.Zone; +import com.yahoo.container.jdisc.secretstore.SecretStoreConfig; +import com.yahoo.vespa.model.container.ApplicationContainerCluster; +import com.yahoo.vespa.model.container.SecretStore; +import org.junit.Test; +import org.w3c.dom.Element; + +import java.util.List; +import java.util.Optional; + +import static org.junit.Assert.assertEquals; +import static org.junit.Assert.fail; + +/** + * @author tokle + */ +public class SecretStoreTest extends ContainerModelBuilderTestBase { + + @Test + public void secret_store_can_be_set_up() { + Element clusterElem = DomBuilderTest.parse( + "<container version='1.0'>", + " <secret-store type='oath-ckms'>", + " <group name='group1' environment='env1'/>", + " </secret-store>", + "</container>"); + createModel(root, clusterElem); + SecretStore secretStore = getContainerCluster("container").getSecretStore().get(); + assertEquals("group1", secretStore.getGroups().get(0).name); + assertEquals("env1", secretStore.getGroups().get(0).environment); + } + + @Test + public void cloud_secret_store_requires_configured_secret_store() { + Element clusterElem = DomBuilderTest.parse( + "<container version='1.0'>", + " <secret-store type='cloud'>", + " <store id='store'>", + " <aws-parameter-store account='store1' region='eu-north-1'/>", + " </store>", + " </secret-store>", + "</container>"); + try { + DeployState state = new DeployState.Builder() + .properties(new TestProperties().setHostedVespa(true)) + .zone(new Zone(SystemName.Public, Environment.prod, RegionName.defaultName())) + .build(); + createModel(root, state, null, clusterElem); + fail("secret store not defined"); + } catch (RuntimeException e) { + assertEquals("No configured secret store named store1", e.getMessage()); + } + } + + + @Test + public void cloud_secret_store_can_be_set_up() { + Element clusterElem = DomBuilderTest.parse( + "<container version='1.0'>", + " <secret-store type='cloud'>", + " <store id='store'>", + " <aws-parameter-store account='store1' region='eu-north-1'/>", + " </store>", + " </secret-store>", + "</container>"); + + DeployState state = new DeployState.Builder() + .properties( + new TestProperties() + .setHostedVespa(true) + .setTenantSecretStores(List.of(new TenantSecretStore("store1", "1234", "role", Optional.of("externalid"))))) + .zone(new Zone(SystemName.Public, Environment.prod, RegionName.defaultName())) + .build(); + createModel(root, state, null, clusterElem); + + ApplicationContainerCluster container = getContainerCluster("container"); + assertComponentConfigured(container, "com.yahoo.jdisc.cloud.aws.AwsParameterStore"); + CloudSecretStore secretStore = (CloudSecretStore) container.getComponentsMap().get(ComponentId.fromString("com.yahoo.jdisc.cloud.aws.AwsParameterStore")); + + + SecretStoreConfig.Builder configBuilder = new SecretStoreConfig.Builder(); + secretStore.getConfig(configBuilder); + SecretStoreConfig secretStoreConfig = configBuilder.build(); + + assertEquals(1, secretStoreConfig.awsParameterStores().size()); + assertEquals("store1", secretStoreConfig.awsParameterStores().get(0).name()); + } + + @Test + public void cloud_secret_store_fails_to_set_up_in_non_public_zone() { + try { + Element clusterElem = DomBuilderTest.parse( + "<container version='1.0'>", + " <secret-store type='cloud'>", + " <store id='store'>", + " <aws-parameter-store account='store1' region='eu-north-1'/>", + " </store>", + " </secret-store>", + "</container>"); + + DeployState state = new DeployState.Builder() + .properties( + new TestProperties() + .setHostedVespa(true) + .setTenantSecretStores(List.of(new TenantSecretStore("store1", "1234", "role", Optional.of("externalid"))))) + .zone(new Zone(SystemName.main, Environment.prod, RegionName.defaultName())) + .build(); + createModel(root, state, null, clusterElem); + } catch (RuntimeException e) { + assertEquals("Cloud secret store is not supported in non-public system, see the documentation", + e.getMessage()); + return; + } + fail(); + } + +} |