Add tlskeys test for sessionpreparer

author: Morten Tokle <mortent@oath.com> 2019-06-20 12:32:47 +0200
committer: Morten Tokle <mortent@oath.com> 2019-06-20 12:32:47 +0200
commit: 0993fea1522eb129c646ab9e9e631a2c8bea722c (patch)
tree: d4ea5f36ff346e44461d226c08e8bce41420d90c /configserver
parent: 343517fc75c9799f62cfd4584add30520b84e172 (diff)
3 files changed, 68 insertions, 4 deletions
diff --git a/configserver/src/main/java/com/yahoo/vespa/config/server/tenant/TlsSecretsKeys.java b/configserver/src/main/java/com/yahoo/vespa/config/server/tenant/TlsSecretsKeys.java
index b336b527aa7..eaa4916d8fc 100644
--- a/configserver/src/main/java/com/yahoo/vespa/config/server/tenant/TlsSecretsKeys.java
+++ b/configserver/src/main/java/com/yahoo/vespa/config/server/tenant/TlsSecretsKeys.java
@@ -62,8 +62,8 @@ public class TlsSecretsKeys {
         if(secretKeyname.isEmpty()) return Optional.empty();
         TlsSecrets tlsSecretParameters = TlsSecrets.MISSING;
         try {
-            String cert = secretStore.getSecret(secretKeyname + "-cert");
-            String key = secretStore.getSecret(secretKeyname + "-key");
+            String cert = secretStore.getSecret(secretKeyname.get() + "-cert");
+            String key = secretStore.getSecret(secretKeyname.get() + "-key");
             tlsSecretParameters = new TlsSecrets(cert, key);
         } catch (RuntimeException e) {
             // Assume not ready yet
diff --git a/configserver/src/test/java/com/yahoo/vespa/config/server/MockSecretStore.java b/configserver/src/test/java/com/yahoo/vespa/config/server/MockSecretStore.java
index 2e521b5e600..8a77b53875e 100644
--- a/configserver/src/test/java/com/yahoo/vespa/config/server/MockSecretStore.java
+++ b/configserver/src/test/java/com/yahoo/vespa/config/server/MockSecretStore.java
@@ -3,14 +3,33 @@ package com.yahoo.vespa.config.server;
 
 import com.yahoo.container.jdisc.secretstore.SecretStore;
 
+import java.util.HashMap;
+import java.util.Map;
+
 public class MockSecretStore implements SecretStore {
+    Map<String, String> secrets = new HashMap<>();
+
     @Override
     public String getSecret(String key) {
-        return null;
+        if(secrets.containsKey(key))
+            return secrets.get(key);
+        throw new RuntimeException("Key not found: " + key);
     }
 
     @Override
     public String getSecret(String key, int version) {
-        return null;
+        return getSecret(key);
+    }
+
+    public void put(String key, String value) {
+        secrets.put(key, value);
+    }
+
+    public void remove(String key) {
+        secrets.remove(key);
+    }
+
+    public void clear() {
+        secrets.clear();
     }
 }
diff --git a/configserver/src/test/java/com/yahoo/vespa/config/server/session/SessionPreparerTest.java b/configserver/src/test/java/com/yahoo/vespa/config/server/session/SessionPreparerTest.java
index 379481f49d6..02f5dbeb4cb 100644
--- a/configserver/src/test/java/com/yahoo/vespa/config/server/session/SessionPreparerTest.java
+++ b/configserver/src/test/java/com/yahoo/vespa/config/server/session/SessionPreparerTest.java
@@ -4,6 +4,7 @@ package com.yahoo.vespa.config.server.session;
 import com.yahoo.component.Version;
 import com.yahoo.config.application.api.DeployLogger;
 import com.yahoo.config.model.api.ModelContext;
+import com.yahoo.config.model.api.TlsSecrets;
 import com.yahoo.config.model.application.provider.BaseDeployLogger;
 import com.yahoo.config.model.application.provider.FilesApplicationPackage;
 import com.yahoo.config.provision.ApplicationId;
@@ -31,6 +32,7 @@ import com.yahoo.vespa.config.server.provision.HostProvisionerProvider;
 import com.yahoo.vespa.config.server.tenant.ContainerEndpoint;
 import com.yahoo.vespa.config.server.tenant.ContainerEndpointsCache;
 import com.yahoo.vespa.config.server.tenant.Rotations;
+import com.yahoo.vespa.config.server.tenant.TlsSecretsKeys;
 import com.yahoo.vespa.config.server.zookeeper.ConfigCurator;
 import com.yahoo.vespa.curator.mock.MockCurator;
 import com.yahoo.vespa.flags.InMemoryFlagSource;
@@ -259,6 +261,49 @@ public class SessionPreparerTest {
         assertEquals(expected, readContainerEndpoints(applicationId));
     }
 
+    @Test
+    public void require_that_tlssecretkey_is_written() throws IOException {
+        var tlskey = "vespa.tlskeys.tenant1--app1";
+        var applicationId = applicationId("test");
+        var params = new PrepareParams.Builder().applicationId(applicationId).tlsSecretsKeyName(tlskey).build();
+        secretStore.put(tlskey+"-cert", "CERT");
+        secretStore.put(tlskey+"-key", "KEY");
+        prepare(new File("src/test/resources/deploy/hosted-app"), params);
+
+        // Read from zk and verify cert and key are available
+        Optional<TlsSecrets> tlsSecrets = new TlsSecretsKeys(curator, tenantPath, secretStore).readTlsSecretsKeyFromZookeeper(applicationId);
+        assertTrue(tlsSecrets.isPresent());
+        assertEquals("KEY", tlsSecrets.get().key());
+        assertEquals("CERT", tlsSecrets.get().certificate());
+    }
+
+    @Test
+    public void require_that_tlssecretkey_is_missing_when_not_in_secretstore() throws IOException {
+        var tlskey = "vespa.tlskeys.tenant1--app1";
+        var applicationId = applicationId("test");
+        var params = new PrepareParams.Builder().applicationId(applicationId).tlsSecretsKeyName(tlskey).build();
+        prepare(new File("src/test/resources/deploy/hosted-app"), params);
+
+        // Read from zk and verify key/cert is missing
+        Optional<TlsSecrets> tlsSecrets = new TlsSecretsKeys(curator, tenantPath, secretStore).readTlsSecretsKeyFromZookeeper(applicationId);
+        assertTrue(tlsSecrets.isPresent());
+        assertTrue(tlsSecrets.get().isMissing());
+    }
+
+    @Test
+    public void require_that_tlssecretkey_is_missing_when_certificate_not_in_secretstore() throws IOException {
+        var tlskey = "vespa.tlskeys.tenant1--app1";
+        var applicationId = applicationId("test");
+        var params = new PrepareParams.Builder().applicationId(applicationId).tlsSecretsKeyName(tlskey).build();
+        secretStore.put(tlskey+"-key", "KEY");
+        prepare(new File("src/test/resources/deploy/hosted-app"), params);
+
+        // Read from zk and verify key/cert is missing
+        Optional<TlsSecrets> tlsSecrets = new TlsSecretsKeys(curator, tenantPath, secretStore).readTlsSecretsKeyFromZookeeper(applicationId);
+        assertTrue(tlsSecrets.isPresent());
+        assertTrue(tlsSecrets.get().isMissing());
+    }
+
     private void prepare(File app) throws IOException {
         prepare(app, new PrepareParams.Builder().build());
     }
author	Morten Tokle <mortent@oath.com>	2019-06-20 12:32:47 +0200
committer	Morten Tokle <mortent@oath.com>	2019-06-20 12:32:47 +0200
commit	0993fea1522eb129c646ab9e9e631a2c8bea722c (patch)
tree	d4ea5f36ff346e44461d226c08e8bce41420d90c /configserver
parent	343517fc75c9799f62cfd4584add30520b84e172 (diff)