Merge pull request #26012 from vespa-engine/bjorncs/capabilities

Bjorncs/capabilities
author: Henning Baldersheim <balder@yahoo-inc.com> 2023-02-14 06:38:05 +0100
committer: GitHub <noreply@github.com> 2023-02-14 06:38:05 +0100
commit: 98869035893b99654614d6ff76189e3dbbb52482 (patch)
tree: de5929dfea715eea5b240f4e22cdf70c1a4c3d3c /security-utils/src/test/java/com/yahoo/security/tls
parent: 0fa853df47b6cb208303bcf0ee0ff34e801a7c45 (diff)
parent: 4887b76984bb002dcfc97db45431411ef5ba6fa0 (diff)
3 files changed, 6 insertions, 7 deletions
diff --git a/security-utils/src/test/java/com/yahoo/security/tls/ConnectionAuthContextTest.java b/security-utils/src/test/java/com/yahoo/security/tls/ConnectionAuthContextTest.java
index ae36cc2f774..7092486e521 100644
--- a/security-utils/src/test/java/com/yahoo/security/tls/ConnectionAuthContextTest.java
+++ b/security-utils/src/test/java/com/yahoo/security/tls/ConnectionAuthContextTest.java
@@ -28,17 +28,16 @@ class ConnectionAuthContextTest {
     void fails_on_missing_capabilities() {
         ConnectionAuthContext ctx = createConnectionAuthContext();
         assertThrows(MissingCapabilitiesException.class,
-                () -> ctx.verifyCapabilities(CapabilitySet.from(Capability.CONTENT__STATUS_PAGES)));
+                () -> ctx.verifyCapabilities(CapabilitySet.of(Capability.CONTENT__STATUS_PAGES)));
     }
 
     @Test
     void creates_correct_error_message() {
         ConnectionAuthContext ctx = createConnectionAuthContext();
-        CapabilitySet requiredCaps = CapabilitySet.from(Capability.CONTENT__STATUS_PAGES);
+        CapabilitySet requiredCaps = CapabilitySet.of(Capability.CONTENT__STATUS_PAGES);
         String expectedMessage = """
                 Permission denied for 'myaction' on 'myresource'. Peer 'mypeer' with [CN='myidentity'].
-                Requires capabilities [vespa.content.status_pages] but peer has
-                [vespa.content.document_api, vespa.content.search_api, vespa.slobrok.api].
+                Requires capabilities [vespa.content.status_pages] but peer has [vespa.logserver.api].
                 """;
         String actualMessage = ctx.createPermissionDeniedErrorMessage(requiredCaps, "myaction", "myresource", "mypeer");
         assertThat(actualMessage).isEqualToIgnoringWhitespace(expectedMessage);
@@ -46,7 +45,7 @@ class ConnectionAuthContextTest {
 
     private static ConnectionAuthContext createConnectionAuthContext() {
         return new ConnectionAuthContext(
-                List.of(createCertificate()), CapabilitySet.CONTAINER_NODE, Set.of(),
+                List.of(createCertificate()), CapabilitySet.of(Capability.LOGSERVER_API), Set.of(),
                 CapabilityMode.ENFORCE);
     }
 
diff --git a/security-utils/src/test/java/com/yahoo/security/tls/PeerAuthorizerTest.java b/security-utils/src/test/java/com/yahoo/security/tls/PeerAuthorizerTest.java
index bea5c6108f2..55fa8424ae3 100644
--- a/security-utils/src/test/java/com/yahoo/security/tls/PeerAuthorizerTest.java
+++ b/security-utils/src/test/java/com/yahoo/security/tls/PeerAuthorizerTest.java
@@ -149,7 +149,7 @@ public class PeerAuthorizerTest {
     }
 
     private static PeerPolicy createPolicy(String name, List<Capability> caps, List<RequiredPeerCredential> creds) {
-        return new PeerPolicy(name, Optional.empty(), CapabilitySet.from(caps), creds);
+        return new PeerPolicy(name, Optional.empty(), CapabilitySet.of(caps), creds);
     }
 
     private static void assertAuthorized(ConnectionAuthContext result) {
diff --git a/security-utils/src/test/java/com/yahoo/security/tls/TransportSecurityOptionsJsonSerializerTest.java b/security-utils/src/test/java/com/yahoo/security/tls/TransportSecurityOptionsJsonSerializerTest.java
index 895428037ed..9ba5886e408 100644
--- a/security-utils/src/test/java/com/yahoo/security/tls/TransportSecurityOptionsJsonSerializerTest.java
+++ b/security-utils/src/test/java/com/yahoo/security/tls/TransportSecurityOptionsJsonSerializerTest.java
@@ -49,7 +49,7 @@ public class TransportSecurityOptionsJsonSerializerTest {
                                                 RequiredPeerCredential.of(SAN_DNS, "*.suffix.com"),
                                                 RequiredPeerCredential.of(SAN_URI, "myscheme://resource/path/"))),
                                         new PeerPolicy("node", Optional.empty(),
-                                                CapabilitySet.from(Capability.SLOBROK__API),
+                                                CapabilitySet.of(Capability.SLOBROK__API),
                                                 Collections.singletonList(RequiredPeerCredential.of(CN, "hostname")))))))
                 .build();
author	Henning Baldersheim <balder@yahoo-inc.com>	2023-02-14 06:38:05 +0100
committer	GitHub <noreply@github.com>	2023-02-14 06:38:05 +0100
commit	98869035893b99654614d6ff76189e3dbbb52482 (patch)
tree	de5929dfea715eea5b240f4e22cdf70c1a4c3d3c /security-utils/src/test/java/com/yahoo/security/tls
parent	0fa853df47b6cb208303bcf0ee0ff34e801a7c45 (diff)
parent	4887b76984bb002dcfc97db45431411ef5ba6fa0 (diff)