diff options
author | Morten Tokle <mortent@oath.com> | 2017-10-23 11:15:16 +0200 |
---|---|---|
committer | Morten Tokle <mortent@oath.com> | 2017-10-23 11:21:26 +0200 |
commit | 4cd5e7ca38c4f8cc752e4c0d0a97c83c8f27863f (patch) | |
tree | 1bb4ab06f3adaf9df839c0e016127686f12c95c2 /container-disc | |
parent | ce5b8db39f64101d7ac9fae2847f3db614f14638 (diff) |
Add fields to signed identity document
Diffstat (limited to 'container-disc')
3 files changed, 79 insertions, 25 deletions
diff --git a/container-disc/src/main/java/com/yahoo/container/jdisc/athenz/AthenzService.java b/container-disc/src/main/java/com/yahoo/container/jdisc/athenz/AthenzService.java index 2acd630aa7d..cc5fa6a889b 100644 --- a/container-disc/src/main/java/com/yahoo/container/jdisc/athenz/AthenzService.java +++ b/container-disc/src/main/java/com/yahoo/container/jdisc/athenz/AthenzService.java @@ -43,5 +43,4 @@ public class AthenzService { throw new RuntimeException(e); } } - } diff --git a/container-disc/src/main/java/com/yahoo/container/jdisc/athenz/InstanceIdentity.java b/container-disc/src/main/java/com/yahoo/container/jdisc/athenz/InstanceIdentity.java index e2b65685cdb..45ef4c68d8e 100644 --- a/container-disc/src/main/java/com/yahoo/container/jdisc/athenz/InstanceIdentity.java +++ b/container-disc/src/main/java/com/yahoo/container/jdisc/athenz/InstanceIdentity.java @@ -14,34 +14,42 @@ import java.util.Map; @JsonIgnoreProperties(ignoreUnknown = true) @JsonInclude(JsonInclude.Include.NON_NULL) class InstanceIdentity { - @JsonProperty("attributes") - Map<String, String> attributes; - @JsonProperty("provider") - private String provider; - @JsonProperty("name") - private String name; - @JsonProperty("instanceId") - private String instanceId; - @JsonProperty("x509Certificate") - private String x509Certificate; - @JsonProperty("x509CertificateSigner") - private String x509CertificateSigner; - @JsonProperty("sshCertificate") - private String sshCertificate; - @JsonProperty("sshCertificateSigner") - private String sshCertificateSigner; - @JsonProperty("serviceToken") - private String serviceToken; + @JsonProperty("attributes") private final Map<String, String> attributes; + @JsonProperty("provider") private final String provider; + @JsonProperty("name") private final String name; + @JsonProperty("instanceId") private final String instanceId; + @JsonProperty("x509Certificate") private final String x509Certificate; + @JsonProperty("x509CertificateSigner") private final String x509CertificateSigner; + @JsonProperty("sshCertificate") private final String sshCertificate; + @JsonProperty("sshCertificateSigner") private final String sshCertificateSigner; + @JsonProperty("serviceToken") private final String serviceToken; - public String getX509Certificate() { - return x509Certificate; + public InstanceIdentity( + @JsonProperty("attributes") Map<String, String> attributes, + @JsonProperty("provider") String provider, + @JsonProperty("name") String name, + @JsonProperty("instanceId") String instanceId, + @JsonProperty("x509Certificate") String x509Certificate, + @JsonProperty("x509CertificateSigner") String x509CertificateSigner, + @JsonProperty("sshCertificate") String sshCertificate, + @JsonProperty("sshCertificateSigner") String sshCertificateSigner, + @JsonProperty("serviceToken") String serviceToken) { + this.attributes = attributes; + this.provider = provider; + this.name = name; + this.instanceId = instanceId; + this.x509Certificate = x509Certificate; + this.x509CertificateSigner = x509CertificateSigner; + this.sshCertificate = sshCertificate; + this.sshCertificateSigner = sshCertificateSigner; + this.serviceToken = serviceToken; } - public String getServiceToken() { - return serviceToken; + String getX509Certificate() { + return x509Certificate; } - public void setServiceToken(String serviceToken) { - this.serviceToken = serviceToken; + String getServiceToken() { + return serviceToken; } } diff --git a/container-disc/src/test/java/com/yahoo/container/jdisc/athenz/AthenzIdentityProviderTest.java b/container-disc/src/test/java/com/yahoo/container/jdisc/athenz/AthenzIdentityProviderTest.java new file mode 100644 index 00000000000..4b351f1d2c0 --- /dev/null +++ b/container-disc/src/test/java/com/yahoo/container/jdisc/athenz/AthenzIdentityProviderTest.java @@ -0,0 +1,47 @@ +package com.yahoo.container.jdisc.athenz; + +import com.yahoo.container.core.identity.IdentityConfig; +import org.junit.Assert; +import org.junit.Test; + +import java.io.IOException; + +import static org.mockito.Matchers.any; +import static org.mockito.Matchers.anyString; +import static org.mockito.Mockito.mock; +import static org.mockito.Mockito.when; + +/** + * @author mortent + */ +public class AthenzIdentityProviderTest { + + @Test + public void ntoken_fetched_on_init() throws IOException { + IdentityConfig config = new IdentityConfig(new IdentityConfig.Builder().serviceName("tenantService").domain("tenantDomain")); + ServiceProviderApi serviceProviderApi = mock(ServiceProviderApi.class); + AthenzService athenzService = mock(AthenzService.class); + + when(serviceProviderApi.getSignedIdentityDocument()).thenReturn(getIdentityDocument()); + when(athenzService.sendInstanceRegisterRequest(any(), anyString())).thenReturn( + new InstanceIdentity(null,null,null,null,null,null, null, null, "TOKEN")); + + AthenzIdentityProvider identityProvider = new AthenzIdentityProvider(config, serviceProviderApi, athenzService); + + Assert.assertEquals("TOKEN", identityProvider.getNToken()); + } + + private String getIdentityDocument() { + return "{\n" + + " \"identity-document\": \"eyJwcm92aWRlci11bmlxdWUtaWQiOnsidGVuYW50IjoidGVuYW50IiwiYXBwbGljYXRpb24iOiJhcHBsaWNhdGlvbiIsImVudmlyb25tZW50IjoiZGV2IiwicmVnaW9uIjoidXMtbm9ydGgtMSIsImluc3RhbmNlIjoiZGVmYXVsdCIsImNsdXN0ZXItaWQiOiJkZWZhdWx0IiwiY2x1c3Rlci1pbmRleCI6MH0sImNvbmZpZ3NlcnZlci1ob3N0bmFtZSI6ImxvY2FsaG9zdCIsImluc3RhbmNlLWhvc3RuYW1lIjoieC55LmNvbSIsImNyZWF0ZWQtYXQiOjE1MDg3NDgyODUuNzQyMDAwMDAwfQ==\",\n" + + " \"signature\": \"kkEJB/98cy1FeXxzSjtvGH2a6BFgZu/9/kzCcAqRMZjENxnw5jyO1/bjZVzw2Sz4YHPsWSx2uxb32hiQ0U8rMP0zfA9nERIalSP0jB/hMU8laezGhdpk6VKZPJRC6YKAB9Bsv2qUIfMsSxkMqf66GUvjZAGaYsnNa2yHc1jIYHOGMeJO+HNPYJjGv26xPfAOPIKQzs3RmKrc3FoweTCsIwm5oblqekdJvVWYe0obwlOSB5uwc1zpq3Ie1QBFtJRuCGMVHg1pDPxXKBHLClGIrEvzLmICy6IRdHszSO5qiwujUD7sbrbM0sB/u0cYucxbcsGRUmBvme3UAw2mW9POVQ==\",\n" + + " \"signing-key-version\": 0,\n" + + " \"provider-unique-id\": \"tenant.application.dev.us-north-1.default.default.0\",\n" + + " \"dns-suffix\": \"dnsSuffix\",\n" + + " \"provider-service\": \"service\",\n" + + " \"zts-endpoint\": \"localhost/zts\", \n" + + " \"document-version\": 1\n" + + "}"; + + } +} |