Add fields to signed identity document

author: Morten Tokle <mortent@oath.com> 2017-10-23 11:15:16 +0200
committer: Morten Tokle <mortent@oath.com> 2017-10-23 11:21:26 +0200
commit: 4cd5e7ca38c4f8cc752e4c0d0a97c83c8f27863f (patch)
tree: 1bb4ab06f3adaf9df839c0e016127686f12c95c2 /container-disc
parent: ce5b8db39f64101d7ac9fae2847f3db614f14638 (diff)
3 files changed, 79 insertions, 25 deletions
diff --git a/container-disc/src/main/java/com/yahoo/container/jdisc/athenz/AthenzService.java b/container-disc/src/main/java/com/yahoo/container/jdisc/athenz/AthenzService.java
index 2acd630aa7d..cc5fa6a889b 100644
--- a/container-disc/src/main/java/com/yahoo/container/jdisc/athenz/AthenzService.java
+++ b/container-disc/src/main/java/com/yahoo/container/jdisc/athenz/AthenzService.java
@@ -43,5 +43,4 @@ public class AthenzService {
             throw new RuntimeException(e);
         }
     }
-
 }
diff --git a/container-disc/src/main/java/com/yahoo/container/jdisc/athenz/InstanceIdentity.java b/container-disc/src/main/java/com/yahoo/container/jdisc/athenz/InstanceIdentity.java
index e2b65685cdb..45ef4c68d8e 100644
--- a/container-disc/src/main/java/com/yahoo/container/jdisc/athenz/InstanceIdentity.java
+++ b/container-disc/src/main/java/com/yahoo/container/jdisc/athenz/InstanceIdentity.java
@@ -14,34 +14,42 @@ import java.util.Map;
 @JsonIgnoreProperties(ignoreUnknown = true)
 @JsonInclude(JsonInclude.Include.NON_NULL)
 class InstanceIdentity {
-    @JsonProperty("attributes")
-    Map<String, String> attributes;
-    @JsonProperty("provider")
-    private String provider;
-    @JsonProperty("name")
-    private String name;
-    @JsonProperty("instanceId")
-    private String instanceId;
-    @JsonProperty("x509Certificate")
-    private String x509Certificate;
-    @JsonProperty("x509CertificateSigner")
-    private String x509CertificateSigner;
-    @JsonProperty("sshCertificate")
-    private String sshCertificate;
-    @JsonProperty("sshCertificateSigner")
-    private String sshCertificateSigner;
-    @JsonProperty("serviceToken")
-    private String serviceToken;
+    @JsonProperty("attributes") private final Map<String, String> attributes;
+    @JsonProperty("provider") private final String provider;
+    @JsonProperty("name") private final String name;
+    @JsonProperty("instanceId") private final String instanceId;
+    @JsonProperty("x509Certificate") private final String x509Certificate;
+    @JsonProperty("x509CertificateSigner") private final String x509CertificateSigner;
+    @JsonProperty("sshCertificate") private final String sshCertificate;
+    @JsonProperty("sshCertificateSigner") private final String sshCertificateSigner;
+    @JsonProperty("serviceToken") private final String serviceToken;
 
-    public String getX509Certificate() {
-        return x509Certificate;
+    public InstanceIdentity(
+            @JsonProperty("attributes") Map<String, String> attributes,
+            @JsonProperty("provider") String provider,
+            @JsonProperty("name") String name,
+            @JsonProperty("instanceId") String instanceId,
+            @JsonProperty("x509Certificate") String x509Certificate,
+            @JsonProperty("x509CertificateSigner") String x509CertificateSigner,
+            @JsonProperty("sshCertificate") String sshCertificate,
+            @JsonProperty("sshCertificateSigner") String sshCertificateSigner,
+            @JsonProperty("serviceToken") String serviceToken) {
+        this.attributes = attributes;
+        this.provider = provider;
+        this.name = name;
+        this.instanceId = instanceId;
+        this.x509Certificate = x509Certificate;
+        this.x509CertificateSigner = x509CertificateSigner;
+        this.sshCertificate = sshCertificate;
+        this.sshCertificateSigner = sshCertificateSigner;
+        this.serviceToken = serviceToken;
     }
 
-    public String getServiceToken() {
-        return serviceToken;
+    String getX509Certificate() {
+        return x509Certificate;
     }
 
-    public void setServiceToken(String serviceToken) {
-        this.serviceToken = serviceToken;
+    String getServiceToken() {
+        return serviceToken;
     }
 }
diff --git a/container-disc/src/test/java/com/yahoo/container/jdisc/athenz/AthenzIdentityProviderTest.java b/container-disc/src/test/java/com/yahoo/container/jdisc/athenz/AthenzIdentityProviderTest.java
new file mode 100644
index 00000000000..4b351f1d2c0
--- /dev/null
+++ b/container-disc/src/test/java/com/yahoo/container/jdisc/athenz/AthenzIdentityProviderTest.java
@@ -0,0 +1,47 @@
+package com.yahoo.container.jdisc.athenz;
+
+import com.yahoo.container.core.identity.IdentityConfig;
+import org.junit.Assert;
+import org.junit.Test;
+
+import java.io.IOException;
+
+import static org.mockito.Matchers.any;
+import static org.mockito.Matchers.anyString;
+import static org.mockito.Mockito.mock;
+import static org.mockito.Mockito.when;
+
+/**
+ * @author mortent
+ */
+public class AthenzIdentityProviderTest {
+
+    @Test
+    public void ntoken_fetched_on_init() throws IOException {
+        IdentityConfig config = new IdentityConfig(new IdentityConfig.Builder().serviceName("tenantService").domain("tenantDomain"));
+        ServiceProviderApi serviceProviderApi = mock(ServiceProviderApi.class);
+        AthenzService athenzService = mock(AthenzService.class);
+
+        when(serviceProviderApi.getSignedIdentityDocument()).thenReturn(getIdentityDocument());
+        when(athenzService.sendInstanceRegisterRequest(any(), anyString())).thenReturn(
+                new InstanceIdentity(null,null,null,null,null,null, null, null, "TOKEN"));
+
+        AthenzIdentityProvider identityProvider = new AthenzIdentityProvider(config, serviceProviderApi, athenzService);
+
+        Assert.assertEquals("TOKEN", identityProvider.getNToken());
+    }
+
+    private String getIdentityDocument() {
+        return "{\n" +
+               "  \"identity-document\": \"eyJwcm92aWRlci11bmlxdWUtaWQiOnsidGVuYW50IjoidGVuYW50IiwiYXBwbGljYXRpb24iOiJhcHBsaWNhdGlvbiIsImVudmlyb25tZW50IjoiZGV2IiwicmVnaW9uIjoidXMtbm9ydGgtMSIsImluc3RhbmNlIjoiZGVmYXVsdCIsImNsdXN0ZXItaWQiOiJkZWZhdWx0IiwiY2x1c3Rlci1pbmRleCI6MH0sImNvbmZpZ3NlcnZlci1ob3N0bmFtZSI6ImxvY2FsaG9zdCIsImluc3RhbmNlLWhvc3RuYW1lIjoieC55LmNvbSIsImNyZWF0ZWQtYXQiOjE1MDg3NDgyODUuNzQyMDAwMDAwfQ==\",\n" +
+               "  \"signature\": \"kkEJB/98cy1FeXxzSjtvGH2a6BFgZu/9/kzCcAqRMZjENxnw5jyO1/bjZVzw2Sz4YHPsWSx2uxb32hiQ0U8rMP0zfA9nERIalSP0jB/hMU8laezGhdpk6VKZPJRC6YKAB9Bsv2qUIfMsSxkMqf66GUvjZAGaYsnNa2yHc1jIYHOGMeJO+HNPYJjGv26xPfAOPIKQzs3RmKrc3FoweTCsIwm5oblqekdJvVWYe0obwlOSB5uwc1zpq3Ie1QBFtJRuCGMVHg1pDPxXKBHLClGIrEvzLmICy6IRdHszSO5qiwujUD7sbrbM0sB/u0cYucxbcsGRUmBvme3UAw2mW9POVQ==\",\n" +
+               "  \"signing-key-version\": 0,\n" +
+               "  \"provider-unique-id\": \"tenant.application.dev.us-north-1.default.default.0\",\n" +
+               "  \"dns-suffix\": \"dnsSuffix\",\n" +
+               "  \"provider-service\": \"service\",\n" +
+               "  \"zts-endpoint\": \"localhost/zts\", \n" +
+               "  \"document-version\": 1\n" +
+               "}";
+
+    }
+}
author	Morten Tokle <mortent@oath.com>	2017-10-23 11:15:16 +0200
committer	Morten Tokle <mortent@oath.com>	2017-10-23 11:21:26 +0200
commit	4cd5e7ca38c4f8cc752e4c0d0a97c83c8f27863f (patch)
tree	1bb4ab06f3adaf9df839c0e016127686f12c95c2 /container-disc
parent	ce5b8db39f64101d7ac9fae2847f3db614f14638 (diff)