diff options
author | Henning Baldersheim <balder@yahoo-inc.com> | 2023-02-14 06:38:05 +0100 |
---|---|---|
committer | GitHub <noreply@github.com> | 2023-02-14 06:38:05 +0100 |
commit | 98869035893b99654614d6ff76189e3dbbb52482 (patch) | |
tree | de5929dfea715eea5b240f4e22cdf70c1a4c3d3c /security-utils/src/test/java/com/yahoo/security/tls | |
parent | 0fa853df47b6cb208303bcf0ee0ff34e801a7c45 (diff) | |
parent | 4887b76984bb002dcfc97db45431411ef5ba6fa0 (diff) |
Merge pull request #26012 from vespa-engine/bjorncs/capabilities
Bjorncs/capabilities
Diffstat (limited to 'security-utils/src/test/java/com/yahoo/security/tls')
3 files changed, 6 insertions, 7 deletions
diff --git a/security-utils/src/test/java/com/yahoo/security/tls/ConnectionAuthContextTest.java b/security-utils/src/test/java/com/yahoo/security/tls/ConnectionAuthContextTest.java index ae36cc2f774..7092486e521 100644 --- a/security-utils/src/test/java/com/yahoo/security/tls/ConnectionAuthContextTest.java +++ b/security-utils/src/test/java/com/yahoo/security/tls/ConnectionAuthContextTest.java @@ -28,17 +28,16 @@ class ConnectionAuthContextTest { void fails_on_missing_capabilities() { ConnectionAuthContext ctx = createConnectionAuthContext(); assertThrows(MissingCapabilitiesException.class, - () -> ctx.verifyCapabilities(CapabilitySet.from(Capability.CONTENT__STATUS_PAGES))); + () -> ctx.verifyCapabilities(CapabilitySet.of(Capability.CONTENT__STATUS_PAGES))); } @Test void creates_correct_error_message() { ConnectionAuthContext ctx = createConnectionAuthContext(); - CapabilitySet requiredCaps = CapabilitySet.from(Capability.CONTENT__STATUS_PAGES); + CapabilitySet requiredCaps = CapabilitySet.of(Capability.CONTENT__STATUS_PAGES); String expectedMessage = """ Permission denied for 'myaction' on 'myresource'. Peer 'mypeer' with [CN='myidentity']. - Requires capabilities [vespa.content.status_pages] but peer has - [vespa.content.document_api, vespa.content.search_api, vespa.slobrok.api]. + Requires capabilities [vespa.content.status_pages] but peer has [vespa.logserver.api]. """; String actualMessage = ctx.createPermissionDeniedErrorMessage(requiredCaps, "myaction", "myresource", "mypeer"); assertThat(actualMessage).isEqualToIgnoringWhitespace(expectedMessage); @@ -46,7 +45,7 @@ class ConnectionAuthContextTest { private static ConnectionAuthContext createConnectionAuthContext() { return new ConnectionAuthContext( - List.of(createCertificate()), CapabilitySet.CONTAINER_NODE, Set.of(), + List.of(createCertificate()), CapabilitySet.of(Capability.LOGSERVER_API), Set.of(), CapabilityMode.ENFORCE); } diff --git a/security-utils/src/test/java/com/yahoo/security/tls/PeerAuthorizerTest.java b/security-utils/src/test/java/com/yahoo/security/tls/PeerAuthorizerTest.java index bea5c6108f2..55fa8424ae3 100644 --- a/security-utils/src/test/java/com/yahoo/security/tls/PeerAuthorizerTest.java +++ b/security-utils/src/test/java/com/yahoo/security/tls/PeerAuthorizerTest.java @@ -149,7 +149,7 @@ public class PeerAuthorizerTest { } private static PeerPolicy createPolicy(String name, List<Capability> caps, List<RequiredPeerCredential> creds) { - return new PeerPolicy(name, Optional.empty(), CapabilitySet.from(caps), creds); + return new PeerPolicy(name, Optional.empty(), CapabilitySet.of(caps), creds); } private static void assertAuthorized(ConnectionAuthContext result) { diff --git a/security-utils/src/test/java/com/yahoo/security/tls/TransportSecurityOptionsJsonSerializerTest.java b/security-utils/src/test/java/com/yahoo/security/tls/TransportSecurityOptionsJsonSerializerTest.java index 895428037ed..9ba5886e408 100644 --- a/security-utils/src/test/java/com/yahoo/security/tls/TransportSecurityOptionsJsonSerializerTest.java +++ b/security-utils/src/test/java/com/yahoo/security/tls/TransportSecurityOptionsJsonSerializerTest.java @@ -49,7 +49,7 @@ public class TransportSecurityOptionsJsonSerializerTest { RequiredPeerCredential.of(SAN_DNS, "*.suffix.com"), RequiredPeerCredential.of(SAN_URI, "myscheme://resource/path/"))), new PeerPolicy("node", Optional.empty(), - CapabilitySet.from(Capability.SLOBROK__API), + CapabilitySet.of(Capability.SLOBROK__API), Collections.singletonList(RequiredPeerCredential.of(CN, "hostname"))))))) .build(); |