diff options
author | Morten Tokle <mortent@yahooinc.com> | 2023-09-05 15:06:58 +0200 |
---|---|---|
committer | Morten Tokle <mortent@yahooinc.com> | 2023-09-05 15:06:58 +0200 |
commit | 3ad79195646d48ef92addee18bf516407cd228f2 (patch) | |
tree | 1d4e3a43a58ea8745df382d20431da80cc9a9e7b /controller-server/src/test/java/com/yahoo/vespa/hosted/controller/certificate/EndpointCertificatesTest.java | |
parent | fc02966a4aeeece1cf70e2b8762987e4903829b7 (diff) |
Assign per instance cert when randomized id present
Diffstat (limited to 'controller-server/src/test/java/com/yahoo/vespa/hosted/controller/certificate/EndpointCertificatesTest.java')
-rw-r--r-- | controller-server/src/test/java/com/yahoo/vespa/hosted/controller/certificate/EndpointCertificatesTest.java | 38 |
1 files changed, 38 insertions, 0 deletions
diff --git a/controller-server/src/test/java/com/yahoo/vespa/hosted/controller/certificate/EndpointCertificatesTest.java b/controller-server/src/test/java/com/yahoo/vespa/hosted/controller/certificate/EndpointCertificatesTest.java index f151b90d760..1cb43453918 100644 --- a/controller-server/src/test/java/com/yahoo/vespa/hosted/controller/certificate/EndpointCertificatesTest.java +++ b/controller-server/src/test/java/com/yahoo/vespa/hosted/controller/certificate/EndpointCertificatesTest.java @@ -28,6 +28,7 @@ import com.yahoo.vespa.hosted.controller.application.pkg.ApplicationPackage; import com.yahoo.vespa.hosted.controller.deployment.ApplicationPackageBuilder; import com.yahoo.vespa.hosted.controller.integration.SecretStoreMock; import com.yahoo.vespa.hosted.controller.integration.ZoneApiMock; +import com.yahoo.vespa.hosted.controller.maintenance.EndpointCertificateMaintainer; import com.yahoo.vespa.hosted.controller.persistence.CuratorDb; import org.junit.jupiter.api.BeforeEach; import org.junit.jupiter.api.Test; @@ -35,6 +36,7 @@ import org.junit.jupiter.api.Test; import javax.security.auth.x500.X500Principal; import java.security.KeyPair; import java.security.cert.X509Certificate; +import java.time.Duration; import java.time.Instant; import java.time.temporal.ChronoUnit; import java.util.ArrayList; @@ -326,6 +328,42 @@ public class EndpointCertificatesTest { } } + @Test + void reuse_per_instance_certificate_if_assigned_random_id() { + // Initial certificate is requested directly from provider + Optional<EndpointCertificate> certFromProvider = endpointCertificates.get(instance, prodZone, DeploymentSpec.empty); + assertTrue(certFromProvider.isPresent()); + assertFalse(certFromProvider.get().randomizedId().isPresent()); + + // Simulate endpoint certificate maintainer to assign random id + TenantAndApplicationId tenantAndApplicationId = TenantAndApplicationId.from(instance.id()); + Optional<InstanceName> instanceName = Optional.of(instance.name()); + Optional<AssignedCertificate> assignedCertificate = tester.controller().curator().readAssignedCertificate(tenantAndApplicationId, instanceName); + assertTrue(assignedCertificate.isPresent()); + String assignedRandomId = "randomid"; + AssignedCertificate updated = assignedCertificate.get().with(assignedCertificate.get().certificate().withRandomizedId(assignedRandomId)); + tester.controller().curator().writeAssignedCertificate(updated); + + // Pooled certificates become available + tester.flagSource().withBooleanFlag(Flags.RANDOMIZED_ENDPOINT_NAMES.id(), true); + + // Create 1 cert in pool + String certId = "pool-cert-1"; + addCertificateToPool(certId, UnassignedCertificate.State.ready); + + // Request cert for app + Optional<EndpointCertificate> cert = endpointCertificates.get(instance, prodZone, DeploymentSpec.empty); + assertEquals(assignedRandomId, cert.get().randomizedId().get()); + + // Pooled cert remains unassigned + List<String> unassignedCertificateIds = tester.curator().readUnassignedCertificates().stream() + .map(UnassignedCertificate::certificate) + .map(EndpointCertificate::randomizedId) + .map(Optional::get) + .toList(); + assertEquals(List.of(certId), unassignedCertificateIds); + } + private void addCertificateToPool(String id, UnassignedCertificate.State state) { EndpointCertificate cert = new EndpointCertificate(testKeyName, testCertName, 1, 0, "request-id", |