diff options
author | Bjørn Christian Seime <bjorncs@oath.com> | 2018-05-29 17:56:44 +0200 |
---|---|---|
committer | Morten Tokle <mortent@oath.com> | 2018-06-11 14:15:11 +0200 |
commit | 45e49e44fc9f37d95c47047228cb675008e192c4 (patch) | |
tree | 94716f858af067285180283355bb1ee97958e2e5 /vespa-athenz/src/test | |
parent | b267b3642c34720e8a6353d9afaf324f64ff2f71 (diff) |
Use mutual TLS auth when communicating with ZTS
- Remove instance register/refresh from ad-hoc ZtsClient implementation
- Deprecate ad-hoc ZtsClient
Diffstat (limited to 'vespa-athenz/src/test')
-rw-r--r-- | vespa-athenz/src/test/java/com/yahoo/vespa/athenz/identityprovider/client/AthenzIdentityProviderImplTest.java | 67 |
1 files changed, 10 insertions, 57 deletions
diff --git a/vespa-athenz/src/test/java/com/yahoo/vespa/athenz/identityprovider/client/AthenzIdentityProviderImplTest.java b/vespa-athenz/src/test/java/com/yahoo/vespa/athenz/identityprovider/client/AthenzIdentityProviderImplTest.java index 8b87c93f051..48781aad651 100644 --- a/vespa-athenz/src/test/java/com/yahoo/vespa/athenz/identityprovider/client/AthenzIdentityProviderImplTest.java +++ b/vespa-athenz/src/test/java/com/yahoo/vespa/athenz/identityprovider/client/AthenzIdentityProviderImplTest.java @@ -5,35 +5,18 @@ import com.yahoo.container.core.identity.IdentityConfig; import com.yahoo.container.jdisc.athenz.AthenzIdentityProviderException; import com.yahoo.jdisc.Metric; import com.yahoo.test.ManualClock; -import com.yahoo.vespa.athenz.api.AthenzService; -import com.yahoo.vespa.athenz.identityprovider.api.IdentityDocument; -import com.yahoo.vespa.athenz.identityprovider.api.IdentityType; -import com.yahoo.vespa.athenz.identityprovider.api.IdentityDocumentClient; -import com.yahoo.vespa.athenz.identityprovider.api.SignedIdentityDocument; -import com.yahoo.vespa.athenz.identityprovider.api.VespaUniqueInstanceId; -import com.yahoo.vespa.athenz.tls.KeyStoreBuilder; -import com.yahoo.vespa.athenz.tls.KeyStoreUtils; import org.junit.Rule; import org.junit.Test; import org.junit.rules.TemporaryFolder; -import org.mockito.invocation.InvocationOnMock; -import org.mockito.stubbing.Answer; -import java.io.File; -import java.io.IOException; -import java.net.URI; -import java.security.KeyStore; import java.security.cert.X509Certificate; import java.time.Duration; import java.time.Instant; -import java.util.Collections; import java.util.Date; import java.util.concurrent.ScheduledExecutorService; import java.util.function.Supplier; -import static com.yahoo.vespa.athenz.tls.KeyStoreType.JKS; import static org.mockito.Matchers.any; -import static org.mockito.Matchers.anyString; import static org.mockito.Matchers.eq; import static org.mockito.Mockito.mock; import static org.mockito.Mockito.verify; @@ -70,30 +53,24 @@ public class AthenzIdentityProviderImplTest { } @Test - public void metrics_updated_on_refresh() throws IOException { - IdentityDocumentClient identityDocumentClient = mock(IdentityDocumentClient.class); - ZtsClient ztsClient = mock(ZtsClient.class); + public void metrics_updated_on_refresh() { ManualClock clock = new ManualClock(Instant.EPOCH); Metric metric = mock(Metric.class); - when(identityDocumentClient.getTenantIdentityDocument(any())).thenReturn(getIdentityDocument()); - when(ztsClient.sendInstanceRegisterRequest(any(), any())).then(new Answer<InstanceIdentity>() { - @Override - public InstanceIdentity answer(InvocationOnMock invocationOnMock) throws Throwable { - return new InstanceIdentity(getCertificate(getExpirationSupplier(clock)), "TOKEN"); - } - }); + AthenzCredentialsService athenzCredentialsService = mock(AthenzCredentialsService.class); - when(ztsClient.sendInstanceRefreshRequest(anyString(), anyString(), anyString(), anyString(), any(), any(), any())) + X509Certificate certificate = getCertificate(getExpirationSupplier(clock)); + + when(athenzCredentialsService.registerInstance()) + .thenReturn(new AthenzCredentials(null, certificate, null, null, null)); + + when(athenzCredentialsService.updateCredentials(any(), any())) .thenThrow(new RuntimeException("#1")) .thenThrow(new RuntimeException("#2")) - .thenReturn(new InstanceIdentity(getCertificate(getExpirationSupplier(clock)), "TOKEN")); - - AthenzCredentialsService credentialService = - new AthenzCredentialsService(IDENTITY_CONFIG, identityDocumentClient, ztsClient, createDummyTrustStore(), "localhost"); + .thenReturn(new AthenzCredentials(null, certificate, null, null, null)); AthenzIdentityProviderImpl identityProvider = - new AthenzIdentityProviderImpl(IDENTITY_CONFIG, metric, credentialService, mock(ScheduledExecutorService.class), clock); + new AthenzIdentityProviderImpl(IDENTITY_CONFIG, metric, athenzCredentialsService, mock(ScheduledExecutorService.class), clock); identityProvider.reportMetrics(); verify(metric).set(eq(AthenzIdentityProviderImpl.CERTIFICATE_EXPIRY_METRIC_NAME), eq(certificateValidity.getSeconds()), any()); @@ -128,28 +105,4 @@ public class AthenzIdentityProviderImplTest { return x509Certificate; } - private File createDummyTrustStore() throws IOException { - File file = tempDir.newFile(); - KeyStore keyStore = KeyStoreBuilder.withType(JKS).build(); - KeyStoreUtils.writeKeyStoreToFile(keyStore, file); - return file; - } - - private static SignedIdentityDocument getIdentityDocument() { - VespaUniqueInstanceId instanceId = new VespaUniqueInstanceId(0, "default", "default", "application", "tenant", "us-north-1", "dev", IdentityType.TENANT); - return new SignedIdentityDocument( - new IdentityDocument(instanceId, "localhost", "x.y.com", Instant.EPOCH, Collections.emptySet()), - "dummysignature", - 0, - instanceId, - "dev-us-north-1.vespa.cloud", - new AthenzService("vespa.vespa.provider_dev_us-north-1"), - URI.create("https://zts:4443/zts/v1"), - 1, - "localhost", - "x.y.com", - Instant.EPOCH, - Collections.emptySet(), - IdentityType.TENANT); - } } |