diff options
author | Martin Polden <mpolden@mpolden.no> | 2023-10-04 11:18:06 +0200 |
---|---|---|
committer | Martin Polden <mpolden@mpolden.no> | 2023-10-04 13:20:01 +0200 |
commit | 49260aa9d9f3b4f76f02a73d01bdf9d91d7c8237 (patch) | |
tree | 4c2a11f9ef4f56c74ffd5966cf859e0bd524d7e2 /controller-server/src/test/java/com/yahoo | |
parent | 67a2ca78bac640ee9663128c80753681959c932f (diff) |
Ensure endpoint is generated for all requested auth methods
Diffstat (limited to 'controller-server/src/test/java/com/yahoo')
-rw-r--r-- | controller-server/src/test/java/com/yahoo/vespa/hosted/controller/routing/RoutingPoliciesTest.java | 82 |
1 files changed, 82 insertions, 0 deletions
diff --git a/controller-server/src/test/java/com/yahoo/vespa/hosted/controller/routing/RoutingPoliciesTest.java b/controller-server/src/test/java/com/yahoo/vespa/hosted/controller/routing/RoutingPoliciesTest.java index 22523103208..3405009714d 100644 --- a/controller-server/src/test/java/com/yahoo/vespa/hosted/controller/routing/RoutingPoliciesTest.java +++ b/controller-server/src/test/java/com/yahoo/vespa/hosted/controller/routing/RoutingPoliciesTest.java @@ -1206,6 +1206,70 @@ public class RoutingPoliciesTest { } @Test + public void generated_endpoints_enable_token() { + var tester = new RoutingPoliciesTester(SystemName.Public); + var context = tester.newDeploymentContext("tenant1", "app1", "default"); + tester.controllerTester().flagSource().withBooleanFlag(Flags.RANDOMIZED_ENDPOINT_NAMES.id(), true); + tester.controllerTester().flagSource().withBooleanFlag(Flags.LEGACY_ENDPOINTS.id(), false); + addCertificateToPool("cafed00d", UnassignedCertificate.State.ready, tester); + + // Deploy application without token + var zone1 = ZoneId.from("prod", "aws-us-east-1c"); + ApplicationPackage applicationPackage = applicationPackageBuilder().region(zone1.region()) + .container("c0", AuthMethod.mtls) + .endpoint("foo", "c0") + .build(); + tester.provisionLoadBalancers(1, context.instanceId(), ZoneId.from("test", "aws-us-east-2c")); + tester.provisionLoadBalancers(1, context.instanceId(), ZoneId.from("staging", "aws-us-east-3c")); + tester.provisionLoadBalancers(1, context.instanceId(), zone1); + context.submit(applicationPackage).deferLoadBalancerProvisioningIn(Environment.test, Environment.staging, Environment.prod).deploy(); + assertEquals(List.of("a9c8c045.cafed00d.g.vespa-app.cloud", + "ebd395b6.cafed00d.z.vespa-app.cloud", + "fcf1bd63.cafed00d.aws-us-east-1.w.vespa-app.cloud"), + tester.recordNames()); + + // Re-deploy with token enabled + applicationPackage = applicationPackageBuilder().region(zone1.region()) + .container("c0", AuthMethod.mtls, AuthMethod.token) + .endpoint("foo", "c0") + .build(); + tester.provisionLoadBalancers(1, context.instanceId(), ZoneId.from("test", "aws-us-east-2c")); + tester.provisionLoadBalancers(1, context.instanceId(), ZoneId.from("staging", "aws-us-east-3c")); + context.submit(applicationPackage).deferLoadBalancerProvisioningIn(Environment.test, Environment.staging, Environment.prod).deploy(); + // Additional zone- and global-scoped endpoints are added (token) + assertEquals(List.of("a9c8c045.cafed00d.g.vespa-app.cloud", + "b7e79800.cafed00d.z.vespa-app.cloud", + "c60d3149.cafed00d.g.vespa-app.cloud", + "ebd395b6.cafed00d.z.vespa-app.cloud", + "fcf1bd63.cafed00d.aws-us-east-1.w.vespa-app.cloud"), + tester.recordNames()); + + // Add new endpoint is generated for an additional global endpoint + applicationPackage = applicationPackageBuilder().region(zone1.region()) + .container("c0", AuthMethod.mtls, AuthMethod.token) + .endpoint("foo", "c0") + .endpoint("bar", "c0") + .build(); + tester.provisionLoadBalancers(1, context.instanceId(), ZoneId.from("test", "aws-us-east-2c")); + tester.provisionLoadBalancers(1, context.instanceId(), ZoneId.from("staging", "aws-us-east-3c")); + context.submit(applicationPackage).deferLoadBalancerProvisioningIn(Environment.test, Environment.staging, Environment.prod).deploy(); + List<String> expectedRecords = List.of("a9c8c045.cafed00d.g.vespa-app.cloud", + "aa7591aa.cafed00d.g.vespa-app.cloud", + "b7e79800.cafed00d.z.vespa-app.cloud", + "c60d3149.cafed00d.g.vespa-app.cloud", + "d467800f.cafed00d.g.vespa-app.cloud", + "ebd395b6.cafed00d.z.vespa-app.cloud", + "fcf1bd63.cafed00d.aws-us-east-1.w.vespa-app.cloud"); + assertEquals(expectedRecords, tester.recordNames()); + + // No change on redeployment + tester.provisionLoadBalancers(1, context.instanceId(), ZoneId.from("test", "aws-us-east-2c")); + tester.provisionLoadBalancers(1, context.instanceId(), ZoneId.from("staging", "aws-us-east-3c")); + context.submit(applicationPackage).deferLoadBalancerProvisioningIn(Environment.test, Environment.staging, Environment.prod).deploy(); + assertEquals(expectedRecords, tester.recordNames()); + } + + @Test public void generated_endpoints_only() { var tester = new RoutingPoliciesTester(SystemName.Public); var context = tester.newDeploymentContext("tenant1", "app1", "default"); @@ -1216,6 +1280,7 @@ public class RoutingPoliciesTest { // Deploy application var zone1 = ZoneId.from("prod", "aws-us-east-1c"); + var zone2 = ZoneId.from("prod", "aws-eu-west-1a"); ApplicationPackage applicationPackage = applicationPackageBuilder().region(zone1.region()) .container("c0", AuthMethod.mtls) .endpoint("foo", "c0") @@ -1232,6 +1297,23 @@ public class RoutingPoliciesTest { "ebd395b6.cafed00d.z.vespa-app.cloud", "fcf1bd63.cafed00d.aws-us-east-1.w.vespa-app.cloud"), tester.recordNames()); + + // Another zone is added to global endpoint + applicationPackage = applicationPackageBuilder().region(zone1.region()) + .region(zone2.region()) + .container("c0", AuthMethod.mtls) + .endpoint("foo", "c0") + .build(); + tester.provisionLoadBalancers(1, context.instanceId(), ZoneId.from("test", "aws-us-east-2c")); + tester.provisionLoadBalancers(1, context.instanceId(), ZoneId.from("staging", "aws-us-east-3c")); + tester.provisionLoadBalancers(1, context.instanceId(), zone2); + context.submit(applicationPackage).deferLoadBalancerProvisioningIn(Environment.test, Environment.staging, Environment.prod).deploy(); + assertEquals(List.of("a6414896.cafed00d.aws-eu-west-1.w.vespa-app.cloud", + "a9c8c045.cafed00d.g.vespa-app.cloud", + "cbff1506.cafed00d.z.vespa-app.cloud", + "ebd395b6.cafed00d.z.vespa-app.cloud", + "fcf1bd63.cafed00d.aws-us-east-1.w.vespa-app.cloud"), + tester.recordNames()); } @Test |