diff options
author | Valerij Fredriksen <freva@users.noreply.github.com> | 2023-07-25 15:32:36 +0200 |
---|---|---|
committer | GitHub <noreply@github.com> | 2023-07-25 15:32:36 +0200 |
commit | eb5839b2b9163b3f7cd8608405dfb68f9937543e (patch) | |
tree | 124c927ac8f67cba7dc8a0f72fb45c4cd770c352 /node-repository/src/test | |
parent | 83ea8501b3dab10cc3762987c68e18435e6458b1 (diff) | |
parent | 6b430b2131113d242a8089f8328577636ed24a71 (diff) |
Merge pull request #27881 from vespa-engine/revert-27877-revert-27632-hakonhall/exclude-private-ip-addresses-in-other-cloud-accounts-in-acls
Exclude private IP addresses in other cloud accounts in ACLs, try 2
Diffstat (limited to 'node-repository/src/test')
14 files changed, 186 insertions, 290 deletions
diff --git a/node-repository/src/test/java/com/yahoo/vespa/hosted/provision/NodeRepositoryTest.java b/node-repository/src/test/java/com/yahoo/vespa/hosted/provision/NodeRepositoryTest.java index 605bf514f03..5148d2a635c 100644 --- a/node-repository/src/test/java/com/yahoo/vespa/hosted/provision/NodeRepositoryTest.java +++ b/node-repository/src/test/java/com/yahoo/vespa/hosted/provision/NodeRepositoryTest.java @@ -1,8 +1,14 @@ // Copyright Yahoo. Licensed under the terms of the Apache 2.0 license. See LICENSE in the project root. package com.yahoo.vespa.hosted.provision; +import com.yahoo.config.provision.Cloud; import com.yahoo.config.provision.CloudAccount; +import com.yahoo.config.provision.CloudName; +import com.yahoo.config.provision.Environment; import com.yahoo.config.provision.NodeType; +import com.yahoo.config.provision.RegionName; +import com.yahoo.config.provision.SystemName; +import com.yahoo.config.provision.Zone; import com.yahoo.vespa.hosted.provision.node.Agent; import com.yahoo.vespa.hosted.provision.node.History; import com.yahoo.vespa.hosted.provision.node.IP; @@ -53,7 +59,11 @@ public class NodeRepositoryTest { @Test public void test_ip_conflicts() { - NodeRepositoryTester tester = new NodeRepositoryTester(); + var zone = new Zone(Cloud.builder().name(CloudName.AWS).account(CloudAccount.from("aws:123456789012")).allowEnclave(true).build(), + SystemName.Public, + Environment.prod, + RegionName.from("aws-us-east-1a")); + NodeRepositoryTester tester = new NodeRepositoryTester(zone); IP.Config ipConfig = IP.Config.of(Set.of("1.2.3.4", "10.2.3.4"), Set.of("1.2.3.4", "10.2.3.4")); IP.Config publicIpConfig = IP.Config.of(Set.of("1.2.3.4"), Set.of("1.2.3.4")); IP.Config privateIpConfig = IP.Config.of(Set.of("10.2.3.4"), Set.of("10.2.3.4")); diff --git a/node-repository/src/test/java/com/yahoo/vespa/hosted/provision/NodeRepositoryTester.java b/node-repository/src/test/java/com/yahoo/vespa/hosted/provision/NodeRepositoryTester.java index 00c4d95b0da..49702a7d4c1 100644 --- a/node-repository/src/test/java/com/yahoo/vespa/hosted/provision/NodeRepositoryTester.java +++ b/node-repository/src/test/java/com/yahoo/vespa/hosted/provision/NodeRepositoryTester.java @@ -33,6 +33,10 @@ public class NodeRepositoryTester { private final MockCurator curator; public NodeRepositoryTester() { + this(Zone.defaultZone()); + } + + public NodeRepositoryTester(Zone zone) { nodeFlavors = new NodeFlavors(createConfig()); clock = new ManualClock(); curator = new MockCurator(); @@ -41,7 +45,7 @@ public class NodeRepositoryTester { new EmptyProvisionServiceProvider(), curator, clock, - Zone.defaultZone(), + zone, new MockNameResolver().mockAnyLookup(), DockerImage.fromString("docker-registry.domain.tld:8080/dist/vespa"), Optional.empty(), diff --git a/node-repository/src/test/java/com/yahoo/vespa/hosted/provision/provisioning/AclProvisioningTest.java b/node-repository/src/test/java/com/yahoo/vespa/hosted/provision/provisioning/AclProvisioningTest.java index 50eeef69448..26925372b93 100644 --- a/node-repository/src/test/java/com/yahoo/vespa/hosted/provision/provisioning/AclProvisioningTest.java +++ b/node-repository/src/test/java/com/yahoo/vespa/hosted/provision/provisioning/AclProvisioningTest.java @@ -15,6 +15,7 @@ import com.yahoo.config.provision.SystemName; import com.yahoo.config.provision.Zone; import com.yahoo.vespa.hosted.provision.Node; import com.yahoo.vespa.hosted.provision.NodeList; +import com.yahoo.vespa.hosted.provision.node.IP; import com.yahoo.vespa.hosted.provision.node.NodeAcl; import com.yahoo.vespa.hosted.provision.node.NodeAcl.TrustedNode; import org.junit.Test; @@ -57,32 +58,35 @@ public class AclProvisioningTest { // Get trusted nodes for the first active node Node node = activeNodes.get(0); List<Node> hostOfNode = node.parentHostname().flatMap(tester.nodeRepository().nodes()::node).map(List::of).orElseGet(List::of); - Supplier<NodeAcl> nodeAcls = () -> node.acl(tester.nodeRepository().nodes().list(), tester.nodeRepository().loadBalancers(), tester.nodeRepository().zone()); + Supplier<NodeAcl> nodeAcls = () -> node.acl(tester.nodeRepository().nodes().list(), tester.nodeRepository().loadBalancers(), tester.nodeRepository().zone(), true); // Trusted nodes are active nodes in same application, proxy nodes and config servers - assertAcls(trustedNodesOf(List.of(activeNodes, proxyNodes, configServers.asList(), hostOfNode)), + assertAcls(trustedNodesOf(List.of(activeNodes, proxyNodes, configServers.asList(), hostOfNode), node.cloudAccount()), Set.of("10.2.3.0/24", "10.4.5.0/24"), List.of(nodeAcls.get())); } @Test - public void trusted_nodes_for_unallocated_node() { + public void trusted_nodes_for_parked_node() { NodeList configServers = tester.makeConfigServers(3, "default", Version.fromString("6.123.456")); // Populate repo - tester.makeReadyNodes(10, nodeResources); + List<Node> tenantNodes = tester.makeReadyNodes(10, nodeResources); List<Node> proxyNodes = tester.makeReadyNodes(3, "default", NodeType.proxy); // Allocate 2 nodes to an application - deploy(2); + Set<String> deployedTenantNodes = deploy(2).stream().map(Node::hostname).collect(Collectors.toSet()); + + tester.move(Node.State.parked, tenantNodes.stream() + .filter(node -> !deployedTenantNodes.contains(node.hostname())) + .toList()); - // Get trusted nodes for a ready tenant node - Node node = tester.nodeRepository().nodes().list(Node.State.ready).nodeType(NodeType.tenant).first().get(); - NodeAcl nodeAcl = node.acl(tester.nodeRepository().nodes().list(), tester.nodeRepository().loadBalancers(), tester.nodeRepository().zone()); - NodeList tenantNodes = tester.nodeRepository().nodes().list().nodeType(NodeType.tenant); + // Get trusted nodes for a parked tenant node + Node node = tester.nodeRepository().nodes().list(Node.State.parked).nodeType(NodeType.tenant).first().get(); + NodeAcl nodeAcl = node.acl(tester.nodeRepository().nodes().list(), tester.nodeRepository().loadBalancers(), tester.nodeRepository().zone(), true); - // Trusted nodes are all proxy-, config-, and, tenant-nodes - assertAcls(trustedNodesOf(List.of(proxyNodes, configServers.asList(), tenantNodes.asList())), List.of(nodeAcl)); + // Trusted nodes are all config-nodes + assertAcls(trustedNodesOf(List.of(proxyNodes, configServers.asList()), node.cloudAccount()), List.of(nodeAcl)); } @Test @@ -104,14 +108,16 @@ public class AclProvisioningTest { // Get trusted nodes for the first config server Node node = tester.nodeRepository().nodes().node("cfg1") .orElseThrow(() -> new RuntimeException("Failed to find cfg1")); - NodeAcl nodeAcl = node.acl(nodes, tester.nodeRepository().loadBalancers(), tester.nodeRepository().zone()); - - // Trusted nodes is all tenant nodes+hosts, all proxy nodes+hosts, all config servers and load balancer subnets - assertAcls(List.of(TrustedNode.of(tenantHosts, Set.of(19070)), - TrustedNode.of(tenantNodes, Set.of(19070)), - TrustedNode.of(proxyHosts, Set.of(19070)), - TrustedNode.of(proxyNodes, Set.of(19070)), - TrustedNode.of(configNodes)), + NodeAcl nodeAcl = node.acl(nodes, tester.nodeRepository().loadBalancers(), tester.nodeRepository().zone(), true); + + // Trusted nodes is all tenant nodes, all proxy nodes, all config servers and load balancer subnets + // All tenant hosts because nodes are IPv6 and cfg are IPv4, so traffic is NATed. + // NOT proxy hosts because proxies are dual-stacked so no NAT is needed + IP.Space ipSpace = IP.Space.of(tester.nodeRepository().zone(), node.cloudAccount()); + assertAcls(List.of(TrustedNode.of(tenantHosts, Set.of(19070), ipSpace), + TrustedNode.of(tenantNodes, Set.of(19070), ipSpace), + TrustedNode.of(proxyNodes, Set.of(19070), ipSpace), + TrustedNode.of(configNodes, ipSpace)), Set.of("10.2.3.0/24", "10.4.5.0/24"), List.of(nodeAcl)); assertEquals(Set.of(22, 4443), nodeAcl.trustedPorts()); @@ -122,7 +128,7 @@ public class AclProvisioningTest { publicTester.makeConfigServers(3, "default", Version.fromString("6.123.456")); Node publicCfgNode = publicTester.nodeRepository().nodes().node("cfg1") .orElseThrow(() -> new RuntimeException("Failed to find cfg1")); - NodeAcl publicNodeAcl = publicCfgNode.acl(nodes, publicTester.nodeRepository().loadBalancers(), publicTester.nodeRepository().zone()); + NodeAcl publicNodeAcl = publicCfgNode.acl(nodes, publicTester.nodeRepository().loadBalancers(), publicTester.nodeRepository().zone(), true); assertEquals(Set.of(51820), publicNodeAcl.trustedUdpPorts()); } @@ -140,10 +146,10 @@ public class AclProvisioningTest { // Get trusted nodes for first proxy node NodeList proxyNodes = tester.nodeRepository().nodes().list().nodeType(NodeType.proxy); Node node = proxyNodes.first().get(); - NodeAcl nodeAcl = node.acl(tester.nodeRepository().nodes().list(), tester.nodeRepository().loadBalancers(), tester.nodeRepository().zone()); + NodeAcl nodeAcl = node.acl(tester.nodeRepository().nodes().list(), tester.nodeRepository().loadBalancers(), tester.nodeRepository().zone(), true); // Trusted nodes is all config servers and all proxy nodes - assertAcls(trustedNodesOf(List.of(proxyNodes.asList(), configServers.asList())), List.of(nodeAcl)); + assertAcls(trustedNodesOf(List.of(proxyNodes.asList(), configServers.asList()), node.cloudAccount()), List.of(nodeAcl)); assertEquals(Set.of(22, 443, 4443), nodeAcl.trustedPorts()); assertEquals(Set.of(), nodeAcl.trustedUdpPorts()); } @@ -158,7 +164,7 @@ public class AclProvisioningTest { List<Node> nodes = tester.makeReadyChildren(5, new NodeResources(1, 4, 10, 1), host.hostname()); - List<NodeAcl> acls = tester.nodeRepository().getChildAcls(host); + List<NodeAcl> acls = tester.nodeRepository().getChildAcls(host, true); // ACLs for each container on the host assertFalse(nodes.isEmpty()); @@ -169,7 +175,7 @@ public class AclProvisioningTest { .findFirst() .orElseThrow(() -> new RuntimeException("Expected to find ACL for node " + node.hostname())); assertEquals(host.hostname(), node.parentHostname().get()); - assertAcls(trustedNodesOf(List.of(configServers.asList(), nodes, List.of(host))), nodeAcl); + assertAcls(trustedNodesOf(List.of(configServers.asList(), List.of(host)), node.cloudAccount()), nodeAcl); } } @@ -182,8 +188,8 @@ public class AclProvisioningTest { List<Node> controllers = tester.nodeRepository().nodes().list().nodeType(NodeType.controller).asList(); // Controllers and hosts all trust each other - NodeAcl controllerAcl = controllers.get(0).acl(tester.nodeRepository().nodes().list(), tester.nodeRepository().loadBalancers(), tester.nodeRepository().zone()); - assertAcls(trustedNodesOf(List.of(controllers)), Set.of("10.2.3.0/24", "10.4.5.0/24"), List.of(controllerAcl)); + NodeAcl controllerAcl = controllers.get(0).acl(tester.nodeRepository().nodes().list(), tester.nodeRepository().loadBalancers(), tester.nodeRepository().zone(), true); + assertAcls(trustedNodesOf(List.of(controllers), controllers.get(0).cloudAccount()), Set.of("10.2.3.0/24", "10.4.5.0/24"), List.of(controllerAcl)); assertEquals(Set.of(22, 4443, 443), controllerAcl.trustedPorts()); assertEquals(Set.of(), controllerAcl.trustedUdpPorts()); } @@ -211,7 +217,7 @@ public class AclProvisioningTest { // ACL for nodes with allocation trust their respective load balancer networks, if any for (var host : hosts) { - List<NodeAcl> acls = tester.nodeRepository().getChildAcls(host); + List<NodeAcl> acls = tester.nodeRepository().getChildAcls(host, true); assertEquals(2, acls.size()); for (var acl : acls) { if (acl.node().allocation().isPresent()) { @@ -229,19 +235,20 @@ public class AclProvisioningTest { tester.makeConfigServers(3, "default", Version.fromString("6.123.456")); List<Node> readyNodes = tester.makeReadyNodes(1, "default", NodeType.proxy); - NodeAcl nodeAcl = readyNodes.get(0).acl(tester.nodeRepository().nodes().list(), tester.nodeRepository().loadBalancers(), tester.nodeRepository().zone()); + NodeAcl nodeAcl = readyNodes.get(0).acl(tester.nodeRepository().nodes().list(), tester.nodeRepository().loadBalancers(), tester.nodeRepository().zone(), true); assertEquals(3, nodeAcl.trustedNodes().size()); assertEquals(List.of(Set.of("127.0.1.1"), Set.of("127.0.1.2"), Set.of("127.0.1.3")), nodeAcl.trustedNodes().stream().map(TrustedNode::ipAddresses).toList()); } - private static List<List<TrustedNode>> trustedNodesOf(List<List<Node>> nodes, Set<Integer> ports) { - return nodes.stream().map(node -> TrustedNode.of(node, ports)).toList(); + private List<List<TrustedNode>> trustedNodesOf(List<List<Node>> nodes, Set<Integer> ports, CloudAccount cloudAccount) { + IP.Space ipSpace = IP.Space.of(tester.nodeRepository().zone(), cloudAccount); + return nodes.stream().map(node -> TrustedNode.of(node, ports, ipSpace)).toList(); } - private static List<List<TrustedNode>> trustedNodesOf(List<List<Node>> nodes) { - return trustedNodesOf(nodes, Set.of()); + private List<List<TrustedNode>> trustedNodesOf(List<List<Node>> nodes, CloudAccount cloudAccount) { + return trustedNodesOf(nodes, Set.of(), cloudAccount); } private List<Node> deploy(int nodeCount) { diff --git a/node-repository/src/test/java/com/yahoo/vespa/hosted/provision/restapi/NodesV2ApiTest.java b/node-repository/src/test/java/com/yahoo/vespa/hosted/provision/restapi/NodesV2ApiTest.java index 53b1a3bcb89..7769523f3d6 100644 --- a/node-repository/src/test/java/com/yahoo/vespa/hosted/provision/restapi/NodesV2ApiTest.java +++ b/node-repository/src/test/java/com/yahoo/vespa/hosted/provision/restapi/NodesV2ApiTest.java @@ -459,8 +459,8 @@ public class NodesV2ApiTest { } @Test - public void acl_request_by_tenant_node() throws Exception { - assertFile(new Request("http://localhost:8080/nodes/v2/acl/host3.yahoo.com"), "acl-tenant-node.json"); + public void acls_for_inclave_tenant_host() throws Exception { + assertFile(new Request("http://localhost:8080/nodes/v2/acl/host5.yahoo.com"), "acl-tenant-node.json"); } @Test diff --git a/node-repository/src/test/java/com/yahoo/vespa/hosted/provision/restapi/responses/acl-config-server.json b/node-repository/src/test/java/com/yahoo/vespa/hosted/provision/restapi/responses/acl-config-server.json index 1800dcacc3d..e3b487325f8 100644 --- a/node-repository/src/test/java/com/yahoo/vespa/hosted/provision/restapi/responses/acl-config-server.json +++ b/node-repository/src/test/java/com/yahoo/vespa/hosted/provision/restapi/responses/acl-config-server.json @@ -3,256 +3,250 @@ { "hostname": "cfg1.yahoo.com", "type": "config", - "ipAddress": "127.0.201.1", + "ipAddress": "::201:1", "trustedBy": "cfg1.yahoo.com" }, { "hostname": "cfg1.yahoo.com", "type": "config", - "ipAddress": "::201:1", + "ipAddress": "127.0.201.1", "trustedBy": "cfg1.yahoo.com" }, { "hostname": "cfg2.yahoo.com", "type": "config", - "ipAddress": "127.0.202.1", + "ipAddress": "::202:1", "trustedBy": "cfg1.yahoo.com" }, { "hostname": "cfg2.yahoo.com", "type": "config", - "ipAddress": "::202:1", - "trustedBy": "cfg1.yahoo.com" - }, - { - "hostname": "dockerhost1.yahoo.com", - "type": "host", - "ipAddress": "127.0.100.1", - "ports": [19070], - "trustedBy": "cfg1.yahoo.com" - }, - { - "hostname": "dockerhost1.yahoo.com", - "type": "host", - "ipAddress": "::100:1", - "ports": [19070], - "trustedBy": "cfg1.yahoo.com" - }, - { - "hostname": "dockerhost2.yahoo.com", - "type": "host", - "ipAddress": "127.0.101.1", - "ports": [19070], - "trustedBy": "cfg1.yahoo.com" - }, - { - "hostname": "dockerhost2.yahoo.com", - "type": "host", - "ipAddress": "::101:1", - "ports": [19070], - "trustedBy": "cfg1.yahoo.com" - }, - { - "hostname": "dockerhost3.yahoo.com", - "type": "host", - "ipAddress": "127.0.102.1", - "ports": [19070], + "ipAddress": "127.0.202.1", "trustedBy": "cfg1.yahoo.com" }, { "hostname": "dockerhost3.yahoo.com", "type": "host", "ipAddress": "::102:1", - "ports": [19070], + "ports": [ + 19070 + ], "trustedBy": "cfg1.yahoo.com" }, { - "hostname": "dockerhost4.yahoo.com", - "type": "host", - "ipAddress": "127.0.103.1", - "ports": [19070], - "trustedBy": "cfg1.yahoo.com" - }, - { - "hostname": "dockerhost4.yahoo.com", - "type": "host", - "ipAddress": "::103:1", - "ports": [19070], - "trustedBy": "cfg1.yahoo.com" - }, - { - "hostname": "dockerhost5.yahoo.com", - "type": "host", - "ipAddress": "127.0.104.1", - "ports": [19070], - "trustedBy": "cfg1.yahoo.com" - }, - { - "hostname": "dockerhost5.yahoo.com", + "hostname": "dockerhost3.yahoo.com", "type": "host", - "ipAddress": "::104:1", - "ports": [19070], + "ipAddress": "127.0.102.1", + "ports": [ + 19070 + ], "trustedBy": "cfg1.yahoo.com" }, { "hostname": "host1.yahoo.com", "type": "tenant", - "ipAddress": "127.0.1.1", - "ports": [19070], + "ipAddress": "::1:1", + "ports": [ + 19070 + ], "trustedBy": "cfg1.yahoo.com" }, { "hostname": "host1.yahoo.com", "type": "tenant", - "ipAddress": "::1:1", - "ports": [19070], + "ipAddress": "127.0.1.1", + "ports": [ + 19070 + ], "trustedBy": "cfg1.yahoo.com" }, { "hostname": "host10.yahoo.com", "type": "tenant", - "ipAddress": "127.0.10.1", - "ports": [19070], + "ipAddress": "::10:1", + "ports": [ + 19070 + ], "trustedBy": "cfg1.yahoo.com" }, { "hostname": "host10.yahoo.com", "type": "tenant", - "ipAddress": "::10:1", - "ports": [19070], + "ipAddress": "127.0.10.1", + "ports": [ + 19070 + ], "trustedBy": "cfg1.yahoo.com" }, { "hostname": "host13.yahoo.com", "type": "tenant", "ipAddress": "127.0.13.1", - "ports": [19070], + "ports": [ + 19070 + ], "trustedBy": "cfg1.yahoo.com" }, { "hostname": "host13.yahoo.com", "type": "tenant", "ipAddress": "::13:1", - "ports": [19070], + "ports": [ + 19070 + ], "trustedBy": "cfg1.yahoo.com" }, { "hostname": "host14.yahoo.com", "type": "tenant", - "ipAddress": "127.0.14.1", - "ports": [19070], + "ipAddress": "::14:1", + "ports": [ + 19070 + ], "trustedBy": "cfg1.yahoo.com" }, { "hostname": "host14.yahoo.com", "type": "tenant", - "ipAddress": "::14:1", - "ports": [19070], + "ipAddress": "127.0.14.1", + "ports": [ + 19070 + ], "trustedBy": "cfg1.yahoo.com" }, { "hostname": "host2.yahoo.com", "type": "tenant", - "ipAddress": "127.0.2.1", - "ports": [19070], + "ipAddress": "::2:1", + "ports": [ + 19070 + ], "trustedBy": "cfg1.yahoo.com" }, { "hostname": "host2.yahoo.com", "type": "tenant", - "ipAddress": "::2:1", - "ports": [19070], + "ipAddress": "127.0.2.1", + "ports": [ + 19070 + ], "trustedBy": "cfg1.yahoo.com" }, { "hostname": "host3.yahoo.com", "type": "tenant", "ipAddress": "127.0.3.1", - "ports": [19070], + "ports": [ + 19070 + ], "trustedBy": "cfg1.yahoo.com" }, { "hostname": "host3.yahoo.com", "type": "tenant", "ipAddress": "::3:1", - "ports": [19070], + "ports": [ + 19070 + ], "trustedBy": "cfg1.yahoo.com" }, { "hostname": "host4.yahoo.com", "type": "tenant", "ipAddress": "127.0.4.1", - "ports": [19070], + "ports": [ + 19070 + ], "trustedBy": "cfg1.yahoo.com" }, { "hostname": "host4.yahoo.com", "type": "tenant", "ipAddress": "::4:1", - "ports": [19070], + "ports": [ + 19070 + ], "trustedBy": "cfg1.yahoo.com" }, { "hostname": "host5.yahoo.com", "type": "tenant", - "ipAddress": "127.0.5.1", - "ports": [19070], + "ipAddress": "::5:1", + "ports": [ + 19070 + ], "trustedBy": "cfg1.yahoo.com" }, { "hostname": "host5.yahoo.com", "type": "tenant", - "ipAddress": "::5:1", - "ports": [19070], + "ipAddress": "127.0.5.1", + "ports": [ + 19070 + ], "trustedBy": "cfg1.yahoo.com" }, { "hostname": "host55.yahoo.com", "type": "tenant", - "ipAddress": "127.0.55.1", - "ports": [19070], + "ipAddress": "::55:1", + "ports": [ + 19070 + ], "trustedBy": "cfg1.yahoo.com" }, { "hostname": "host55.yahoo.com", "type": "tenant", - "ipAddress": "::55:1", - "ports": [19070], + "ipAddress": "127.0.55.1", + "ports": [ + 19070 + ], "trustedBy": "cfg1.yahoo.com" }, { "hostname": "host6.yahoo.com", "type": "tenant", "ipAddress": "127.0.6.1", - "ports": [19070], + "ports": [ + 19070 + ], "trustedBy": "cfg1.yahoo.com" }, { "hostname": "host6.yahoo.com", "type": "tenant", "ipAddress": "::6:1", - "ports": [19070], + "ports": [ + 19070 + ], "trustedBy": "cfg1.yahoo.com" }, { "hostname": "host7.yahoo.com", "type": "tenant", - "ipAddress": "127.0.7.1", - "ports": [19070], + "ipAddress": "::7:1", + "ports": [ + 19070 + ], "trustedBy": "cfg1.yahoo.com" }, { "hostname": "host7.yahoo.com", "type": "tenant", - "ipAddress": "::7:1", - "ports": [19070], + "ipAddress": "127.0.7.1", + "ports": [ + 19070 + ], "trustedBy": "cfg1.yahoo.com" }, { "hostname": "test-node-pool-102-2", "type": "tenant", "ipAddress": "::102:2", - "ports": [19070], + "ports": [ + 19070 + ], "trustedBy": "cfg1.yahoo.com" } ], @@ -268,14 +262,13 @@ ], "trustedPorts": [ { - "port":22, - "trustedBy":"cfg1.yahoo.com" + "port": 22, + "trustedBy": "cfg1.yahoo.com" }, { "port": 4443, "trustedBy": "cfg1.yahoo.com" } ], - "trustedUdpPorts": [ - ] + "trustedUdpPorts": [] } diff --git a/node-repository/src/test/java/com/yahoo/vespa/hosted/provision/restapi/responses/acl-tenant-node.json b/node-repository/src/test/java/com/yahoo/vespa/hosted/provision/restapi/responses/acl-tenant-node.json index bdc0dc21c95..98a7c5f9036 100644 --- a/node-repository/src/test/java/com/yahoo/vespa/hosted/provision/restapi/responses/acl-tenant-node.json +++ b/node-repository/src/test/java/com/yahoo/vespa/hosted/provision/restapi/responses/acl-tenant-node.json @@ -3,171 +3,45 @@ { "hostname": "cfg1.yahoo.com", "type": "config", - "ipAddress": "127.0.201.1", - "trustedBy": "host3.yahoo.com" + "ipAddress": "::201:1", + "trustedBy": "host5.yahoo.com" }, { "hostname": "cfg1.yahoo.com", "type": "config", - "ipAddress": "::201:1", - "trustedBy": "host3.yahoo.com" + "ipAddress": "127.0.201.1", + "trustedBy": "host5.yahoo.com" }, { "hostname": "cfg2.yahoo.com", "type": "config", - "ipAddress": "127.0.202.1", - "trustedBy": "host3.yahoo.com" + "ipAddress": "::202:1", + "trustedBy": "host5.yahoo.com" }, { "hostname": "cfg2.yahoo.com", "type": "config", - "ipAddress": "::202:1", - "trustedBy": "host3.yahoo.com" - }, - { - "hostname": "host1.yahoo.com", - "type": "tenant", - "ipAddress": "127.0.1.1", - "trustedBy": "host3.yahoo.com" - }, - { - "hostname": "host1.yahoo.com", - "type": "tenant", - "ipAddress": "::1:1", - "trustedBy": "host3.yahoo.com" - }, - { - "hostname": "host10.yahoo.com", - "type": "tenant", - "ipAddress": "127.0.10.1", - "trustedBy": "host3.yahoo.com" - }, - { - "hostname": "host10.yahoo.com", - "type": "tenant", - "ipAddress": "::10:1", - "trustedBy": "host3.yahoo.com" - }, - { - "hostname": "host13.yahoo.com", - "type": "tenant", - "ipAddress": "127.0.13.1", - "trustedBy": "host3.yahoo.com" - }, - { - "hostname": "host13.yahoo.com", - "type": "tenant", - "ipAddress": "::13:1", - "trustedBy": "host3.yahoo.com" - }, - { - "hostname": "host14.yahoo.com", - "type": "tenant", - "ipAddress": "127.0.14.1", - "trustedBy": "host3.yahoo.com" - }, - { - "hostname": "host14.yahoo.com", - "type": "tenant", - "ipAddress": "::14:1", - "trustedBy": "host3.yahoo.com" - }, - { - "hostname": "host2.yahoo.com", - "type": "tenant", - "ipAddress": "127.0.2.1", - "trustedBy": "host3.yahoo.com" - }, - { - "hostname": "host2.yahoo.com", - "type": "tenant", - "ipAddress": "::2:1", - "trustedBy": "host3.yahoo.com" - }, - { - "hostname": "host3.yahoo.com", - "type": "tenant", - "ipAddress": "127.0.3.1", - "trustedBy": "host3.yahoo.com" - }, - { - "hostname": "host3.yahoo.com", - "type": "tenant", - "ipAddress": "::3:1", - "trustedBy": "host3.yahoo.com" - }, - { - "hostname": "host4.yahoo.com", - "type": "tenant", - "ipAddress": "127.0.4.1", - "trustedBy": "host3.yahoo.com" - }, - { - "hostname": "host4.yahoo.com", - "type": "tenant", - "ipAddress": "::4:1", - "trustedBy": "host3.yahoo.com" - }, - { - "hostname": "host5.yahoo.com", - "type": "tenant", - "ipAddress": "127.0.5.1", - "trustedBy": "host3.yahoo.com" - }, - { - "hostname": "host5.yahoo.com", - "type": "tenant", - "ipAddress": "::5:1", - "trustedBy": "host3.yahoo.com" - }, - { - "hostname": "host55.yahoo.com", - "type": "tenant", - "ipAddress": "127.0.55.1", - "trustedBy": "host3.yahoo.com" - }, - { - "hostname": "host55.yahoo.com", - "type": "tenant", - "ipAddress": "::55:1", - "trustedBy": "host3.yahoo.com" - }, - { - "hostname": "host6.yahoo.com", - "type": "tenant", - "ipAddress": "127.0.6.1", - "trustedBy": "host3.yahoo.com" - }, - { - "hostname": "host6.yahoo.com", - "type": "tenant", - "ipAddress": "::6:1", - "trustedBy": "host3.yahoo.com" - }, - { - "hostname": "host7.yahoo.com", - "type": "tenant", - "ipAddress": "127.0.7.1", - "trustedBy": "host3.yahoo.com" + "ipAddress": "127.0.202.1", + "trustedBy": "host5.yahoo.com" }, { - "hostname": "host7.yahoo.com", - "type": "tenant", - "ipAddress": "::7:1", - "trustedBy": "host3.yahoo.com" + "hostname": "dockerhost2.yahoo.com", + "type": "host", + "ipAddress": "::101:1", + "trustedBy": "host5.yahoo.com" }, { - "hostname": "test-node-pool-102-2", - "type": "tenant", - "ipAddress": "::102:2", - "trustedBy": "host3.yahoo.com" + "hostname": "dockerhost2.yahoo.com", + "type": "host", + "ipAddress": "127.0.101.1", + "trustedBy": "host5.yahoo.com" } ], "trustedNetworks": [], "trustedPorts": [ { "port": 22, - "trustedBy": "host3.yahoo.com" + "trustedBy": "host5.yahoo.com" } ], "trustedUdpPorts": [] diff --git a/node-repository/src/test/java/com/yahoo/vespa/hosted/provision/restapi/responses/cfg1.json b/node-repository/src/test/java/com/yahoo/vespa/hosted/provision/restapi/responses/cfg1.json index bd251567f16..fc72d9e08cc 100644 --- a/node-repository/src/test/java/com/yahoo/vespa/hosted/provision/restapi/responses/cfg1.json +++ b/node-repository/src/test/java/com/yahoo/vespa/hosted/provision/restapi/responses/cfg1.json @@ -118,5 +118,6 @@ "::201:1" ], "additionalIpAddresses": [], + "cloudAccount": "aws:111222333444", "wireguardPubkey":"lololololololololololololololololololololoo=" } diff --git a/node-repository/src/test/java/com/yahoo/vespa/hosted/provision/restapi/responses/cfg2.json b/node-repository/src/test/java/com/yahoo/vespa/hosted/provision/restapi/responses/cfg2.json index 022512359cd..7f9830ac1e8 100644 --- a/node-repository/src/test/java/com/yahoo/vespa/hosted/provision/restapi/responses/cfg2.json +++ b/node-repository/src/test/java/com/yahoo/vespa/hosted/provision/restapi/responses/cfg2.json @@ -117,5 +117,6 @@ "127.0.202.1", "::202:1" ], - "additionalIpAddresses": [] + "additionalIpAddresses": [], + "cloudAccount": "aws:111222333444" } diff --git a/node-repository/src/test/java/com/yahoo/vespa/hosted/provision/restapi/responses/enclave-nodes-recursive.json b/node-repository/src/test/java/com/yahoo/vespa/hosted/provision/restapi/responses/enclave-nodes-recursive.json index 540a0086cbf..3e41d87dd4a 100644 --- a/node-repository/src/test/java/com/yahoo/vespa/hosted/provision/restapi/responses/enclave-nodes-recursive.json +++ b/node-repository/src/test/java/com/yahoo/vespa/hosted/provision/restapi/responses/enclave-nodes-recursive.json @@ -1,6 +1,7 @@ { "nodes": [ @include(docker-node2.json), - @include(node3.json) + @include(node3.json), + @include(node5.json) ] } diff --git a/node-repository/src/test/java/com/yahoo/vespa/hosted/provision/restapi/responses/enclave-nodes.json b/node-repository/src/test/java/com/yahoo/vespa/hosted/provision/restapi/responses/enclave-nodes.json index 33fd4daa699..fa34aca85c8 100644 --- a/node-repository/src/test/java/com/yahoo/vespa/hosted/provision/restapi/responses/enclave-nodes.json +++ b/node-repository/src/test/java/com/yahoo/vespa/hosted/provision/restapi/responses/enclave-nodes.json @@ -5,6 +5,9 @@ }, { "url":"http://localhost:8080/nodes/v2/node/host3.yahoo.com" + }, + { + "url":"http://localhost:8080/nodes/v2/node/host5.yahoo.com" } ] } diff --git a/node-repository/src/test/java/com/yahoo/vespa/hosted/provision/restapi/responses/node13.json b/node-repository/src/test/java/com/yahoo/vespa/hosted/provision/restapi/responses/node13.json index bae82bb264a..a0b00877dca 100644 --- a/node-repository/src/test/java/com/yahoo/vespa/hosted/provision/restapi/responses/node13.json +++ b/node-repository/src/test/java/com/yahoo/vespa/hosted/provision/restapi/responses/node13.json @@ -77,5 +77,6 @@ "127.0.13.1", "::13:1" ], - "additionalIpAddresses": [] + "additionalIpAddresses": [], + "cloudAccount": "aws:111222333444" } diff --git a/node-repository/src/test/java/com/yahoo/vespa/hosted/provision/restapi/responses/node14.json b/node-repository/src/test/java/com/yahoo/vespa/hosted/provision/restapi/responses/node14.json index 12e6f026205..6657f6ba609 100644 --- a/node-repository/src/test/java/com/yahoo/vespa/hosted/provision/restapi/responses/node14.json +++ b/node-repository/src/test/java/com/yahoo/vespa/hosted/provision/restapi/responses/node14.json @@ -77,5 +77,6 @@ "127.0.14.1", "::14:1" ], - "additionalIpAddresses": [] + "additionalIpAddresses": [], + "cloudAccount": "aws:111222333444" } diff --git a/node-repository/src/test/java/com/yahoo/vespa/hosted/provision/restapi/responses/node5-after-changes.json b/node-repository/src/test/java/com/yahoo/vespa/hosted/provision/restapi/responses/node5-after-changes.json index abe615bc99f..015a52d3446 100644 --- a/node-repository/src/test/java/com/yahoo/vespa/hosted/provision/restapi/responses/node5-after-changes.json +++ b/node-repository/src/test/java/com/yahoo/vespa/hosted/provision/restapi/responses/node5-after-changes.json @@ -75,5 +75,5 @@ ], "ipAddresses": ["127.0.5.1", "::5:1"], "additionalIpAddresses": [], - "cloudAccount": "aws:111222333444" + "cloudAccount": "aws:777888999000" } diff --git a/node-repository/src/test/java/com/yahoo/vespa/hosted/provision/restapi/responses/node5.json b/node-repository/src/test/java/com/yahoo/vespa/hosted/provision/restapi/responses/node5.json index 98f019f0c0d..900f360bc9e 100644 --- a/node-repository/src/test/java/com/yahoo/vespa/hosted/provision/restapi/responses/node5.json +++ b/node-repository/src/test/java/com/yahoo/vespa/hosted/provision/restapi/responses/node5.json @@ -77,5 +77,5 @@ ], "ipAddresses": ["127.0.5.1", "::5:1"], "additionalIpAddresses": [], - "cloudAccount": "aws:111222333444" + "cloudAccount": "aws:777888999000" } |