summaryrefslogtreecommitdiffstats
path: root/config-model/src/test
diff options
context:
space:
mode:
authorMorten Tokle <mortent@yahooinc.com>2022-11-28 10:30:29 +0100
committerMorten Tokle <mortent@yahooinc.com>2022-11-28 11:04:07 +0100
commitafd2cbfe0bb8dc3ee74f40ca2b62e102bd0a6d1c (patch)
tree2c467828330422df6ebbac66515c269e68ec2a26 /config-model/src/test
parent6b94dfc1fa9461a12e2d267c8c07fc0837f524de (diff)
Add legacy test cases
Diffstat (limited to 'config-model/src/test')
-rw-r--r--config-model/src/test/java/com/yahoo/vespa/model/container/xml/CloudDataPlaneFilterTest.java136
1 files changed, 100 insertions, 36 deletions
diff --git a/config-model/src/test/java/com/yahoo/vespa/model/container/xml/CloudDataPlaneFilterTest.java b/config-model/src/test/java/com/yahoo/vespa/model/container/xml/CloudDataPlaneFilterTest.java
index 0f99f1c67c9..39d2da11465 100644
--- a/config-model/src/test/java/com/yahoo/vespa/model/container/xml/CloudDataPlaneFilterTest.java
+++ b/config-model/src/test/java/com/yahoo/vespa/model/container/xml/CloudDataPlaneFilterTest.java
@@ -19,7 +19,9 @@ import com.yahoo.security.SignatureAlgorithm;
import com.yahoo.security.X509CertificateBuilder;
import com.yahoo.security.X509CertificateUtils;
import com.yahoo.vespa.model.container.ApplicationContainer;
+import com.yahoo.vespa.model.container.ContainerModel;
import com.yahoo.vespa.model.container.http.ConnectorFactory;
+import org.junit.jupiter.api.BeforeEach;
import org.junit.jupiter.api.Test;
import org.junit.jupiter.api.io.TempDir;
import org.w3c.dom.Element;
@@ -40,20 +42,28 @@ import java.util.Optional;
import static org.junit.jupiter.api.Assertions.assertEquals;
import static org.junit.jupiter.api.Assertions.assertFalse;
import static org.junit.jupiter.api.Assertions.assertIterableEquals;
-import static org.junit.jupiter.api.Assertions.assertNotNull;
+import static org.junit.jupiter.api.Assertions.assertTrue;
public class CloudDataPlaneFilterTest extends ContainerModelBuilderTestBase {
@TempDir
public File applicationFolder;
+ Path securityFolder;
+ private static final String cloudDataPlaneFilterConfigId = "container/filters/chain/cloud-data-plane-secure/component/" +
+ "com.yahoo.jdisc.http.filter.security.cloud.CloudDataPlaneFilter";
+
+ @BeforeEach
+ public void setup() throws IOException {
+ securityFolder = applicationFolder.toPath().resolve("security");
+ Files.createDirectories(securityFolder);
+ }
+
@Test
public void it_generates_correct_config() throws IOException {
- Path security = applicationFolder.toPath().resolve("security");
- Files.createDirectories(security);
- Path certFile = security.resolve("foo.pem");
+ Path certFile = securityFolder.resolve("foo.pem");
Element clusterElem = DomBuilderTest.parse(
- """
+ """
<container version='1.0'>
<clients>
<client id="foo" permissions="read,write">
@@ -63,44 +73,20 @@ public class CloudDataPlaneFilterTest extends ContainerModelBuilderTestBase {
</container>
"""
.formatted(applicationFolder.toPath().relativize(certFile).toString()));
- X509Certificate certificate = createCertificate();
- String certPem = X509CertificateUtils.toPem(certificate);
- Files.writeString(certFile, certPem);
+ X509Certificate certificate = createCertificate(certFile);
- var applicationPackage = new MockApplicationPackage.Builder()
- .withRoot(applicationFolder)
- .build();
+ buildModel(true, clusterElem);
- DeployState state = new DeployState.Builder()
- .applicationPackage(applicationPackage)
- .properties(
- new TestProperties()
- .setEndpointCertificateSecrets(Optional.of(new EndpointCertificateSecrets("CERT", "KEY")))
- .setHostedVespa(true)
- .setEnableDataPlaneFilter(true))
- .zone(new Zone(SystemName.PublicCd, Environment.dev, RegionName.defaultName()))
- .build();
- createModel(root, state, null, clusterElem);
-
- String configId = "container/filters/chain/cloud-data-plane-secure/component/" +
- "com.yahoo.jdisc.http.filter.security.cloud.CloudDataPlaneFilter";
- CloudDataPlaneFilterConfig config = root.getConfig(CloudDataPlaneFilterConfig.class, configId);
+ CloudDataPlaneFilterConfig config = root.getConfig(CloudDataPlaneFilterConfig.class, cloudDataPlaneFilterConfigId);
assertFalse(config.legacyMode());
List<CloudDataPlaneFilterConfig.Clients> clients = config.clients();
assertEquals(1, clients.size());
CloudDataPlaneFilterConfig.Clients client = clients.get(0);
assertEquals("foo", client.id());
assertIterableEquals(List.of("read", "write"), client.permissions());
- assertIterableEquals(List.of(certPem), client.certificates());
-
- ApplicationContainer container = (ApplicationContainer) root.getProducer("container/container.0");
- List<ConnectorFactory> connectorFactories = container.getHttp().getHttpServer().get().getConnectorFactories();
- ConnectorFactory tlsPort = connectorFactories.stream().filter(connectorFactory -> connectorFactory.getListenPort() == 4443).findFirst().orElseThrow();
-
- ConnectorConfig.Builder builder = new ConnectorConfig.Builder();
- tlsPort.getConfig(builder);
+ assertIterableEquals(List.of(X509CertificateUtils.toPem(certificate)), client.certificates());
- ConnectorConfig connectorConfig = new ConnectorConfig(builder);
+ ConnectorConfig connectorConfig = connectorConfig();
var caCerts = X509CertificateUtils.certificateListFromPem(connectorConfig.ssl().caCertificate());
assertEquals(1, caCerts.size());
assertEquals(List.of(certificate), caCerts);
@@ -111,15 +97,93 @@ public class CloudDataPlaneFilterTest extends ContainerModelBuilderTestBase {
assertEquals(4443, srvCfg.defaultFilters().get(1).localPort());
}
+ @Test
+ public void it_generates_correct_legacy_config() throws IOException {
+ Path certFile = securityFolder.resolve("clients.pem");
+ Element clusterElem = DomBuilderTest.parse("<container version='1.0' />");
+ X509Certificate certificate = createCertificate(certFile);
+
+ buildModel(true, clusterElem);
+ CloudDataPlaneFilterConfig config = root.getConfig(CloudDataPlaneFilterConfig.class, cloudDataPlaneFilterConfigId);
+ assertTrue(config.legacyMode());
+ List<CloudDataPlaneFilterConfig.Clients> clients = config.clients();
+ assertEquals(0, clients.size());
- static X509Certificate createCertificate() {
+ ConnectorConfig connectorConfig = connectorConfig();
+ var caCerts = X509CertificateUtils.certificateListFromPem(connectorConfig.ssl().caCertificate());
+ assertEquals(1, caCerts.size());
+ assertEquals(List.of(certificate), caCerts);
+ }
+
+ @Test
+ public void it_generates_correct_config_when_filter_not_enabled () throws IOException {
+ Path certFile = securityFolder.resolve("clients.pem");
+ Element clusterElem = DomBuilderTest.parse(
+ """
+ <container version='1.0'>
+ <clients>
+ <client id="foo" permissions="read,write">
+ <certificate file="%s"/>
+ </client>
+ </clients>
+ </container>
+ """
+ .formatted(applicationFolder.toPath().relativize(certFile).toString()));
+ X509Certificate certificate = createCertificate(certFile);
+
+ buildModel(false, clusterElem);
+
+ // Data plane filter config is not configured
+ assertFalse(root.getConfigIds().contains("container/component/com.yahoo.jdisc.http.filter.security.cloud.CloudDataPlaneFilter"));
+
+ // Connector config configures ca certs from security/clients.pem
+ ConnectorConfig connectorConfig = connectorConfig();
+ var caCerts = X509CertificateUtils.certificateListFromPem(connectorConfig.ssl().caCertificate());
+ assertEquals(1, caCerts.size());
+ assertEquals(List.of(certificate), caCerts);
+ }
+
+ private ConnectorConfig connectorConfig() {
+ ApplicationContainer container = (ApplicationContainer) root.getProducer("container/container.0");
+ List<ConnectorFactory> connectorFactories = container.getHttp().getHttpServer().get().getConnectorFactories();
+ ConnectorFactory tlsPort = connectorFactories.stream().filter(connectorFactory -> connectorFactory.getListenPort() == 4443).findFirst().orElseThrow();
+
+ ConnectorConfig.Builder builder = new ConnectorConfig.Builder();
+ tlsPort.getConfig(builder);
+
+ return new ConnectorConfig(builder);
+ }
+
+ /*
+ Creates cert, returns
+ */
+ static X509Certificate createCertificate(Path certFile) throws IOException {
KeyPair keyPair = KeyUtils.generateKeypair(KeyAlgorithm.EC, 256);
X500Principal subject = new X500Principal("CN=mysubject");
- return X509CertificateBuilder
+ X509Certificate certificate = X509CertificateBuilder
.fromKeypair(
keyPair, subject, Instant.now(), Instant.now().plus(1, ChronoUnit.DAYS), SignatureAlgorithm.SHA512_WITH_ECDSA, BigInteger.valueOf(1))
.build();
+ String certPem = X509CertificateUtils.toPem(certificate);
+ Files.writeString(certFile, certPem);
+ return certificate;
}
+ public List<ContainerModel> buildModel(boolean enableFilter, Element... clusterElem) {
+ var applicationPackage = new MockApplicationPackage.Builder()
+ .withRoot(applicationFolder)
+ .build();
+
+ DeployState state = new DeployState.Builder()
+ .applicationPackage(applicationPackage)
+ .properties(
+ new TestProperties()
+ .setEndpointCertificateSecrets(Optional.of(new EndpointCertificateSecrets("CERT", "KEY")))
+ .setHostedVespa(true)
+ .setEnableDataPlaneFilter(enableFilter))
+ .zone(new Zone(SystemName.PublicCd, Environment.dev, RegionName.defaultName()))
+ .build();
+ return createModel(root, state, null, clusterElem);
+ }
}