diff options
| author | Bjørn Christian Seime <bjorncs@oath.com> | 2018-05-28 13:14:30 +0200 |
|---|---|---|
| committer | Bjørn Christian Seime <bjorncs@oath.com> | 2018-05-28 13:14:30 +0200 |
| commit | 6faa134c70c79a491c6130680da6b146d4685ec1 (patch) | |
| tree | dddb09b1434d8eb73f4f75fa32a6e01a6a3e5c2d /vespa-athenz | |
| parent | c721dbc32a95a5a754464461bf154141ad6c5f07 (diff) | |
Remove deprecated identity-document entity types
Diffstat (limited to 'vespa-athenz')
10 files changed, 57 insertions, 380 deletions
diff --git a/vespa-athenz/src/main/java/com/yahoo/vespa/athenz/identityprovider/api/EntityBindingsMapper.java b/vespa-athenz/src/main/java/com/yahoo/vespa/athenz/identityprovider/api/EntityBindingsMapper.java index f879c2fa672..1504119d9cc 100644 --- a/vespa-athenz/src/main/java/com/yahoo/vespa/athenz/identityprovider/api/EntityBindingsMapper.java +++ b/vespa-athenz/src/main/java/com/yahoo/vespa/athenz/identityprovider/api/EntityBindingsMapper.java @@ -4,11 +4,10 @@ package com.yahoo.vespa.athenz.identityprovider.api; import com.fasterxml.jackson.core.JsonProcessingException; import com.fasterxml.jackson.databind.ObjectMapper; import com.fasterxml.jackson.datatype.jsr310.JavaTimeModule; -import com.yahoo.vespa.athenz.api.AthenzIdentity; import com.yahoo.vespa.athenz.api.AthenzService; import com.yahoo.vespa.athenz.identityprovider.api.bindings.IdentityDocumentEntity; -import com.yahoo.vespa.athenz.identityprovider.api.bindings.VespaUniqueInstanceIdEntity; import com.yahoo.vespa.athenz.identityprovider.api.bindings.SignedIdentityDocumentEntity; +import com.yahoo.vespa.athenz.identityprovider.api.bindings.VespaUniqueInstanceIdEntity; import com.yahoo.vespa.athenz.utils.AthenzIdentities; import java.util.Base64; @@ -37,7 +36,7 @@ public class EntityBindingsMapper { entity.clusterIndex, entity.clusterId, entity.instance, entity.application, entity.tenant, entity.region, entity.environment); } - private static IdentityDocument toIdentityDocument(IdentityDocumentEntity entity) { + public static IdentityDocument toIdentityDocument(IdentityDocumentEntity entity) { return new IdentityDocument( toVespaUniqueInstanceId(entity.providerUniqueId), entity.configServerHostname, diff --git a/vespa-athenz/src/main/java/com/yahoo/vespa/athenz/identityprovider/api/bindings/IdentityDocument.java b/vespa-athenz/src/main/java/com/yahoo/vespa/athenz/identityprovider/api/bindings/IdentityDocument.java deleted file mode 100644 index b2be9567258..00000000000 --- a/vespa-athenz/src/main/java/com/yahoo/vespa/athenz/identityprovider/api/bindings/IdentityDocument.java +++ /dev/null @@ -1,73 +0,0 @@ -// Copyright 2018 Yahoo Holdings. Licensed under the terms of the Apache 2.0 license. See LICENSE in the project root. -package com.yahoo.vespa.athenz.identityprovider.api.bindings; - -import com.fasterxml.jackson.annotation.JsonIgnoreProperties; -import com.fasterxml.jackson.annotation.JsonProperty; - -import java.time.Instant; -import java.util.Objects; -import java.util.Set; - -/** - * @author bjorncs - * @deprecated Use {@link IdentityDocumentEntity} instead. - */ -@Deprecated -@JsonIgnoreProperties(ignoreUnknown = true) -public class IdentityDocument { - - @JsonProperty("provider-unique-id") - public final ProviderUniqueId providerUniqueId; - @JsonProperty("configserver-hostname") - public final String configServerHostname; - @JsonProperty("instance-hostname") - public final String instanceHostname; - @JsonProperty("created-at") - public final Instant createdAt; - @JsonProperty("ip-addresses") - public final Set<String> ipAddresses; - - public IdentityDocument( - @JsonProperty("provider-unique-id") ProviderUniqueId providerUniqueId, - @JsonProperty("configserver-hostname") String configServerHostname, - @JsonProperty("instance-hostname") String instanceHostname, - @JsonProperty("created-at") Instant createdAt, - @JsonProperty("ip-addresses") Set<String> ipAddresses) { - this.providerUniqueId = providerUniqueId; - this.configServerHostname = configServerHostname; - this.instanceHostname = instanceHostname; - this.createdAt = createdAt; - this.ipAddresses = ipAddresses; - } - - - @Override - public String toString() { - return "IdentityDocument{" + - "providerUniqueId=" + providerUniqueId + - ", configServerHostname='" + configServerHostname + '\'' + - ", instanceHostname='" + instanceHostname + '\'' + - ", createdAt=" + createdAt + - ", ipAddresses=" + ipAddresses + - '}'; - } - - - @Override - public boolean equals(Object o) { - if (this == o) return true; - if (o == null || getClass() != o.getClass()) return false; - IdentityDocument that = (IdentityDocument) o; - return Objects.equals(providerUniqueId, that.providerUniqueId) && - Objects.equals(configServerHostname, that.configServerHostname) && - Objects.equals(instanceHostname, that.instanceHostname) && - Objects.equals(createdAt, that.createdAt) && - Objects.equals(ipAddresses, that.ipAddresses); - } - - @Override - public int hashCode() { - - return Objects.hash(providerUniqueId, configServerHostname, instanceHostname, createdAt, ipAddresses); - } -} diff --git a/vespa-athenz/src/main/java/com/yahoo/vespa/athenz/identityprovider/api/bindings/ProviderUniqueId.java b/vespa-athenz/src/main/java/com/yahoo/vespa/athenz/identityprovider/api/bindings/ProviderUniqueId.java deleted file mode 100644 index eea469f282a..00000000000 --- a/vespa-athenz/src/main/java/com/yahoo/vespa/athenz/identityprovider/api/bindings/ProviderUniqueId.java +++ /dev/null @@ -1,88 +0,0 @@ -// Copyright 2018 Yahoo Holdings. Licensed under the terms of the Apache 2.0 license. See LICENSE in the project root. -package com.yahoo.vespa.athenz.identityprovider.api.bindings; - -import com.fasterxml.jackson.annotation.JsonProperty; -import com.yahoo.vespa.athenz.identityprovider.api.VespaUniqueInstanceId; - -import java.util.Objects; - -/** - * @author bjorncs - * @deprecated Use {@link VespaUniqueInstanceIdEntity} instead. - */ -@Deprecated -public class ProviderUniqueId { - - @JsonProperty("tenant") - public final String tenant; - @JsonProperty("application") - public final String application; - @JsonProperty("environment") - public final String environment; - @JsonProperty("region") - public final String region; - @JsonProperty("instance") - public final String instance; - @JsonProperty("cluster-id") - public final String clusterId; - @JsonProperty("cluster-index") - public final int clusterIndex; - - public ProviderUniqueId(@JsonProperty("tenant") String tenant, - @JsonProperty("application") String application, - @JsonProperty("environment") String environment, - @JsonProperty("region") String region, - @JsonProperty("instance") String instance, - @JsonProperty("cluster-id") String clusterId, - @JsonProperty("cluster-index") int clusterIndex) { - this.tenant = tenant; - this.application = application; - this.environment = environment; - this.region = region; - this.instance = instance; - this.clusterId = clusterId; - this.clusterIndex = clusterIndex; - } - - public VespaUniqueInstanceId toVespaUniqueInstanceId() { - return new VespaUniqueInstanceId(clusterIndex, clusterId, instance, application, tenant, region, environment); - } - - public static ProviderUniqueId fromVespaUniqueInstanceId(VespaUniqueInstanceId instanceId) { - return new ProviderUniqueId( - instanceId.tenant(), instanceId.application(), instanceId.environment(), instanceId.region(), - instanceId.instance(), instanceId.clusterId(), instanceId.clusterIndex()); - } - - @Override - public String toString() { - return "ProviderUniqueId{" + - "tenant='" + tenant + '\'' + - ", application='" + application + '\'' + - ", environment='" + environment + '\'' + - ", region='" + region + '\'' + - ", instance='" + instance + '\'' + - ", clusterId='" + clusterId + '\'' + - ", clusterIndex=" + clusterIndex + - '}'; - } - - @Override - public boolean equals(Object o) { - if (this == o) return true; - if (o == null || getClass() != o.getClass()) return false; - ProviderUniqueId that = (ProviderUniqueId) o; - return clusterIndex == that.clusterIndex && - Objects.equals(tenant, that.tenant) && - Objects.equals(application, that.application) && - Objects.equals(environment, that.environment) && - Objects.equals(region, that.region) && - Objects.equals(instance, that.instance) && - Objects.equals(clusterId, that.clusterId); - } - - @Override - public int hashCode() { - return Objects.hash(tenant, application, environment, region, instance, clusterId, clusterIndex); - } -} diff --git a/vespa-athenz/src/main/java/com/yahoo/vespa/athenz/identityprovider/api/bindings/SignedIdentityDocument.java b/vespa-athenz/src/main/java/com/yahoo/vespa/athenz/identityprovider/api/bindings/SignedIdentityDocument.java deleted file mode 100644 index 20c3e236667..00000000000 --- a/vespa-athenz/src/main/java/com/yahoo/vespa/athenz/identityprovider/api/bindings/SignedIdentityDocument.java +++ /dev/null @@ -1,101 +0,0 @@ -// Copyright 2018 Yahoo Holdings. Licensed under the terms of the Apache 2.0 license. See LICENSE in the project root. -package com.yahoo.vespa.athenz.identityprovider.api.bindings; - -import com.fasterxml.jackson.annotation.JsonCreator; -import com.fasterxml.jackson.annotation.JsonIgnore; -import com.fasterxml.jackson.annotation.JsonIgnoreProperties; -import com.fasterxml.jackson.annotation.JsonProperty; -import com.fasterxml.jackson.databind.ObjectMapper; -import com.fasterxml.jackson.datatype.jsr310.JavaTimeModule; - -import java.io.IOException; -import java.io.UncheckedIOException; -import java.net.URI; -import java.util.Base64; -import java.util.Objects; - -/** - * @author bjorncs - * @deprecated Use {@link SignedIdentityDocumentEntity} instead. - */ -@Deprecated -@JsonIgnoreProperties(ignoreUnknown = true) -public class SignedIdentityDocument { - - public static final int DEFAULT_KEY_VERSION = 0; - public static final int DEFAULT_DOCUMENT_VERSION = 1; - - private static final ObjectMapper mapper = createObjectMapper(); - - @JsonProperty("identity-document")public final String rawIdentityDocument; - @JsonIgnore public final IdentityDocument identityDocument; - @JsonProperty("signature") public final String signature; - @JsonProperty("signing-key-version") public final int signingKeyVersion; - @JsonProperty("provider-unique-id") public final String providerUniqueId; // String representation - @JsonProperty("dns-suffix") public final String dnsSuffix; - @JsonProperty("provider-service") public final String providerService; - @JsonProperty("zts-endpoint") public final URI ztsEndpoint; - @JsonProperty("document-version") public final int documentVersion; - - @JsonCreator - public SignedIdentityDocument(@JsonProperty("identity-document") String rawIdentityDocument, - @JsonProperty("signature") String signature, - @JsonProperty("signing-key-version") int signingKeyVersion, - @JsonProperty("provider-unique-id") String providerUniqueId, - @JsonProperty("dns-suffix") String dnsSuffix, - @JsonProperty("provider-service") String providerService, - @JsonProperty("zts-endpoint") URI ztsEndpoint, - @JsonProperty("document-version") int documentVersion) { - this.rawIdentityDocument = rawIdentityDocument; - this.identityDocument = parseIdentityDocument(rawIdentityDocument); - this.signature = signature; - this.signingKeyVersion = signingKeyVersion; - this.providerUniqueId = providerUniqueId; - this.dnsSuffix = dnsSuffix; - this.providerService = providerService; - this.ztsEndpoint = ztsEndpoint; - this.documentVersion = documentVersion; - } - - private static IdentityDocument parseIdentityDocument(String rawIdentityDocument) { - try { - return mapper.readValue(Base64.getDecoder().decode(rawIdentityDocument), IdentityDocument.class); - } catch (IOException e) { - throw new UncheckedIOException(e); - } - } - - private static ObjectMapper createObjectMapper() { - ObjectMapper mapper = new ObjectMapper(); - mapper.registerModule(new JavaTimeModule()); - return mapper; - } - - @Override - public String toString() { - return "SignedIdentityDocument{" + - "rawIdentityDocument='" + rawIdentityDocument + '\'' + - ", identityDocument=" + identityDocument + - ", signature='" + signature + '\'' + - ", signingKeyVersion=" + signingKeyVersion + - ", documentVersion=" + documentVersion + - '}'; - } - - @Override - public boolean equals(Object o) { - if (this == o) return true; - if (o == null || getClass() != o.getClass()) return false; - SignedIdentityDocument that = (SignedIdentityDocument) o; - return signingKeyVersion == that.signingKeyVersion && - documentVersion == that.documentVersion && - Objects.equals(rawIdentityDocument, that.rawIdentityDocument) && - Objects.equals(identityDocument, that.identityDocument) && - Objects.equals(signature, that.signature); - } - - @Override - public int hashCode() { - return Objects.hash(rawIdentityDocument, identityDocument, signature, signingKeyVersion, documentVersion); - } -} diff --git a/vespa-athenz/src/main/java/com/yahoo/vespa/athenz/identityprovider/client/AthenzCredentials.java b/vespa-athenz/src/main/java/com/yahoo/vespa/athenz/identityprovider/client/AthenzCredentials.java index ae66899978e..bb9f512efe6 100644 --- a/vespa-athenz/src/main/java/com/yahoo/vespa/athenz/identityprovider/client/AthenzCredentials.java +++ b/vespa-athenz/src/main/java/com/yahoo/vespa/athenz/identityprovider/client/AthenzCredentials.java @@ -1,7 +1,7 @@ // Copyright 2017 Yahoo Holdings. Licensed under the terms of the Apache 2.0 license. See LICENSE in the project root. package com.yahoo.vespa.athenz.identityprovider.client; -import com.yahoo.vespa.athenz.identityprovider.api.bindings.SignedIdentityDocument; +import com.yahoo.vespa.athenz.identityprovider.api.SignedIdentityDocument; import javax.net.ssl.SSLContext; import java.security.KeyPair; diff --git a/vespa-athenz/src/main/java/com/yahoo/vespa/athenz/identityprovider/client/AthenzCredentialsService.java b/vespa-athenz/src/main/java/com/yahoo/vespa/athenz/identityprovider/client/AthenzCredentialsService.java index 554d50f296b..96e93ca419d 100644 --- a/vespa-athenz/src/main/java/com/yahoo/vespa/athenz/identityprovider/client/AthenzCredentialsService.java +++ b/vespa-athenz/src/main/java/com/yahoo/vespa/athenz/identityprovider/client/AthenzCredentialsService.java @@ -3,28 +3,25 @@ package com.yahoo.vespa.athenz.identityprovider.client; import com.fasterxml.jackson.databind.ObjectMapper; import com.yahoo.container.core.identity.IdentityConfig; -import com.yahoo.vespa.athenz.identityprovider.api.bindings.SignedIdentityDocument; +import com.yahoo.vespa.athenz.api.AthenzService; +import com.yahoo.vespa.athenz.identityprovider.api.EntityBindingsMapper; +import com.yahoo.vespa.athenz.identityprovider.api.SignedIdentityDocument; +import com.yahoo.vespa.athenz.identityprovider.api.bindings.SignedIdentityDocumentEntity; import com.yahoo.vespa.athenz.tls.KeyAlgorithm; import com.yahoo.vespa.athenz.tls.KeyUtils; import com.yahoo.vespa.athenz.tls.Pkcs10Csr; -import com.yahoo.vespa.athenz.tls.Pkcs10CsrBuilder; import com.yahoo.vespa.athenz.tls.Pkcs10CsrUtils; -import com.yahoo.vespa.athenz.tls.SignatureAlgorithm; import com.yahoo.vespa.athenz.tls.SslContextBuilder; -import com.yahoo.vespa.athenz.tls.SubjectAlternativeName; import javax.net.ssl.SSLContext; -import javax.security.auth.x500.X500Principal; import java.io.File; import java.io.IOException; import java.io.UncheckedIOException; import java.security.KeyPair; import java.security.PrivateKey; import java.security.cert.X509Certificate; -import java.util.Set; import static com.yahoo.vespa.athenz.tls.KeyStoreType.JKS; -import static com.yahoo.vespa.athenz.tls.SubjectAlternativeName.Type.IP_ADDRESS; /** * @author bjorncs @@ -52,39 +49,39 @@ class AthenzCredentialsService { KeyPair keyPair = KeyUtils.generateKeypair(KeyAlgorithm.RSA); String rawDocument = identityDocumentClient.getSignedIdentityDocument(); SignedIdentityDocument document = parseSignedIdentityDocument(rawDocument); - Pkcs10Csr csr = createCSR(identityConfig.domain(), - identityConfig.service(), - document.dnsSuffix, - document.providerUniqueId, - document.identityDocument.ipAddresses, - keyPair); + InstanceCsrGenerator instanceCsrGenerator = new InstanceCsrGenerator(document.dnsSuffix()); + Pkcs10Csr csr = instanceCsrGenerator.generateCsr( + new AthenzService(identityConfig.domain(), identityConfig.service()), + document.providerUniqueId(), + document.identityDocument().ipAddresses(), + keyPair); InstanceRegisterInformation instanceRegisterInformation = - new InstanceRegisterInformation(document.providerService, + new InstanceRegisterInformation(document.providerService().getFullName(), identityConfig.domain(), identityConfig.service(), rawDocument, Pkcs10CsrUtils.toPem(csr)); InstanceIdentity instanceIdentity = ztsClient.sendInstanceRegisterRequest(instanceRegisterInformation, - document.ztsEndpoint); + document.ztsEndpoint()); return toAthenzCredentials(instanceIdentity, keyPair, document); } AthenzCredentials updateCredentials(SignedIdentityDocument document, SSLContext sslContext) { KeyPair newKeyPair = KeyUtils.generateKeypair(KeyAlgorithm.RSA); - Pkcs10Csr csr = createCSR(identityConfig.domain(), - identityConfig.service(), - document.dnsSuffix, - document.providerUniqueId, - document.identityDocument.ipAddresses, - newKeyPair); + InstanceCsrGenerator instanceCsrGenerator = new InstanceCsrGenerator(document.dnsSuffix()); + Pkcs10Csr csr = instanceCsrGenerator.generateCsr( + new AthenzService(identityConfig.domain(), identityConfig.service()), + document.providerUniqueId(), + document.identityDocument().ipAddresses(), + newKeyPair); InstanceRefreshInformation refreshInfo = new InstanceRefreshInformation(Pkcs10CsrUtils.toPem(csr)); InstanceIdentity instanceIdentity = - ztsClient.sendInstanceRefreshRequest(document.providerService, + ztsClient.sendInstanceRefreshRequest(document.providerService().getFullName(), identityConfig.domain(), identityConfig.service(), - document.providerUniqueId, + document.providerUniqueId().asDottedString(), refreshInfo, - document.ztsEndpoint, + document.ztsEndpoint(), sslContext); return toAthenzCredentials(instanceIdentity, newKeyPair, document); } @@ -107,32 +104,9 @@ class AthenzCredentialsService { private static SignedIdentityDocument parseSignedIdentityDocument(String rawDocument) { try { - return mapper.readValue(rawDocument, SignedIdentityDocument.class); + return EntityBindingsMapper.toSignedIdentityDocument(mapper.readValue(rawDocument, SignedIdentityDocumentEntity.class)); } catch (IOException e) { throw new UncheckedIOException(e); } } - - private static Pkcs10Csr createCSR(String identityDomain, - String identityService, - String dnsSuffix, - String providerUniqueId, - Set<String> ipAddresses, - KeyPair keyPair) { - X500Principal subject = new X500Principal(String.format("CN=%s.%s", identityDomain, identityService)); - // Add SAN dnsname <service>.<domain-with-dashes>.<provider-dnsname-suffix> - // and SAN dnsname <provider-unique-instance-id>.instanceid.athenz.<provider-dnsname-suffix> - Pkcs10CsrBuilder pkcs10CsrBuilder = Pkcs10CsrBuilder.fromKeypair(subject, keyPair, SignatureAlgorithm.SHA256_WITH_RSA) - .addSubjectAlternativeName(String.format("%s.%s.%s", - identityService, - identityDomain.replace(".", "-"), - dnsSuffix)) - .addSubjectAlternativeName(String.format("%s.instanceid.athenz.%s", - providerUniqueId, - dnsSuffix)); - if(ipAddresses != null) { - ipAddresses.forEach(ipaddress -> pkcs10CsrBuilder.addSubjectAlternativeName(new SubjectAlternativeName(IP_ADDRESS, ipaddress))); - } - return pkcs10CsrBuilder.build(); - } } diff --git a/vespa-athenz/src/main/java/com/yahoo/vespa/athenz/identityprovider/client/AthenzIdentityProviderImpl.java b/vespa-athenz/src/main/java/com/yahoo/vespa/athenz/identityprovider/client/AthenzIdentityProviderImpl.java index 9c7f6cc8efb..db949929115 100644 --- a/vespa-athenz/src/main/java/com/yahoo/vespa/athenz/identityprovider/client/AthenzIdentityProviderImpl.java +++ b/vespa-athenz/src/main/java/com/yahoo/vespa/athenz/identityprovider/client/AthenzIdentityProviderImpl.java @@ -127,8 +127,8 @@ public final class AthenzIdentityProviderImpl extends AbstractComponent implemen X509Certificate roleCertificate = ztsClient.getRoleCertificate( new AthenzDomain(domain), role, - credentials.getIdentityDocument().dnsSuffix, - credentials.getIdentityDocument().ztsEndpoint, + credentials.getIdentityDocument().dnsSuffix(), + credentials.getIdentityDocument().ztsEndpoint(), identity, privateKey, credentials.getIdentitySslContext()); @@ -143,7 +143,7 @@ public final class AthenzIdentityProviderImpl extends AbstractComponent implemen return ztsClient .getRoleToken( new AthenzDomain(domain), - credentials.getIdentityDocument().ztsEndpoint, + credentials.getIdentityDocument().ztsEndpoint(), credentials.getIdentitySslContext()) .getRawToken(); } @@ -154,7 +154,7 @@ public final class AthenzIdentityProviderImpl extends AbstractComponent implemen .getRoleToken( new AthenzDomain(domain), role, - credentials.getIdentityDocument().ztsEndpoint, + credentials.getIdentityDocument().ztsEndpoint(), credentials.getIdentitySslContext()) .getRawToken(); } diff --git a/vespa-athenz/src/main/java/com/yahoo/vespa/athenz/identityprovider/client/DefaultIdentityDocumentClient.java b/vespa-athenz/src/main/java/com/yahoo/vespa/athenz/identityprovider/client/DefaultIdentityDocumentClient.java index 7de42bed1ce..90d1312c9f9 100644 --- a/vespa-athenz/src/main/java/com/yahoo/vespa/athenz/identityprovider/client/DefaultIdentityDocumentClient.java +++ b/vespa-athenz/src/main/java/com/yahoo/vespa/athenz/identityprovider/client/DefaultIdentityDocumentClient.java @@ -4,10 +4,11 @@ package com.yahoo.vespa.athenz.identityprovider.client; import com.fasterxml.jackson.databind.ObjectMapper; import com.yahoo.vespa.athenz.api.AthenzService; import com.yahoo.vespa.athenz.identity.ServiceIdentityProvider; -import com.yahoo.vespa.athenz.identityprovider.api.IdentityDocument; +import com.yahoo.vespa.athenz.identityprovider.api.EntityBindingsMapper; import com.yahoo.vespa.athenz.identityprovider.api.IdentityDocumentClient; import com.yahoo.vespa.athenz.identityprovider.api.SignedIdentityDocument; import com.yahoo.vespa.athenz.identityprovider.api.VespaUniqueInstanceId; +import com.yahoo.vespa.athenz.identityprovider.api.bindings.SignedIdentityDocumentEntity; import com.yahoo.vespa.athenz.utils.AthenzIdentities; import org.apache.http.client.methods.CloseableHttpResponse; import org.apache.http.client.methods.HttpUriRequest; @@ -80,12 +81,9 @@ public class DefaultIdentityDocumentClient implements IdentityDocumentClient { try (CloseableHttpResponse response = client.execute(request)) { String responseContent = EntityUtils.toString(response.getEntity()); if (HttpStatus.isSuccess(response.getStatusLine().getStatusCode())) { - com.yahoo.vespa.athenz.identityprovider.api.bindings.SignedIdentityDocument entity = - objectMapper.readValue( - responseContent, - com.yahoo.vespa.athenz.identityprovider.api.bindings.SignedIdentityDocument.class); + SignedIdentityDocumentEntity entity = objectMapper.readValue(responseContent, SignedIdentityDocumentEntity.class); return new SignedIdentityDocument( - toEntityDocument(entity.identityDocument), + EntityBindingsMapper.toIdentityDocument(entity.identityDocument), entity.signature, entity.signingKeyVersion, VespaUniqueInstanceId.fromDottedString(entity.providerUniqueId), @@ -107,16 +105,6 @@ public class DefaultIdentityDocumentClient implements IdentityDocumentClient { } } - private static IdentityDocument toEntityDocument( - com.yahoo.vespa.athenz.identityprovider.api.bindings.IdentityDocument identityDocument) { - return new IdentityDocument( - identityDocument.providerUniqueId.toVespaUniqueInstanceId(), - identityDocument.configServerHostname, - identityDocument.instanceHostname, - identityDocument.createdAt, - identityDocument.ipAddresses); - } - private static CloseableHttpClient createHttpClient(SSLContext sslContext, HostnameVerifier hostnameVerifier) { return HttpClientBuilder.create() diff --git a/vespa-athenz/src/test/java/com/yahoo/vespa/athenz/api/bindings/IdentityDocumentTest.java b/vespa-athenz/src/test/java/com/yahoo/vespa/athenz/api/bindings/IdentityDocumentTest.java deleted file mode 100644 index cfc6e33b911..00000000000 --- a/vespa-athenz/src/test/java/com/yahoo/vespa/athenz/api/bindings/IdentityDocumentTest.java +++ /dev/null @@ -1,34 +0,0 @@ -package com.yahoo.vespa.athenz.api.bindings; - -import com.fasterxml.jackson.databind.ObjectMapper; -import com.fasterxml.jackson.datatype.jsr310.JavaTimeModule; -import com.google.common.collect.ImmutableSet; -import com.yahoo.vespa.athenz.identityprovider.api.VespaUniqueInstanceId; -import com.yahoo.vespa.athenz.identityprovider.api.bindings.IdentityDocument; -import com.yahoo.vespa.athenz.identityprovider.api.bindings.ProviderUniqueId; -import org.junit.Test; - -import java.io.IOException; -import java.time.Instant; - -import static org.junit.Assert.assertEquals; - -public class IdentityDocumentTest { - - @Test - public void test_serialization_deserialization() throws IOException { - IdentityDocument document = new IdentityDocument( - ProviderUniqueId.fromVespaUniqueInstanceId( - VespaUniqueInstanceId.fromDottedString("1.clusterId.instance.application.tenant.region.environment")), - "cfg.prod.xyz", - "foo.bar", - Instant.now(), - ImmutableSet.of("127.0.0.1", "::1")); - - ObjectMapper mapper = new ObjectMapper(); - mapper.registerModule(new JavaTimeModule()); - String documentString = mapper.writeValueAsString(document); - IdentityDocument deserializedDocument = mapper.readValue(documentString, IdentityDocument.class); - assertEquals(document, deserializedDocument); - } -} diff --git a/vespa-athenz/src/test/java/com/yahoo/vespa/athenz/identityprovider/client/AthenzIdentityProviderImplTest.java b/vespa-athenz/src/test/java/com/yahoo/vespa/athenz/identityprovider/client/AthenzIdentityProviderImplTest.java index 98f0aa9b7ef..2e9b29f5327 100644 --- a/vespa-athenz/src/test/java/com/yahoo/vespa/athenz/identityprovider/client/AthenzIdentityProviderImplTest.java +++ b/vespa-athenz/src/test/java/com/yahoo/vespa/athenz/identityprovider/client/AthenzIdentityProviderImplTest.java @@ -1,10 +1,18 @@ // Copyright 2017 Yahoo Holdings. Licensed under the terms of the Apache 2.0 license. See LICENSE in the project root. package com.yahoo.vespa.athenz.identityprovider.client; +import com.fasterxml.jackson.core.JsonProcessingException; +import com.fasterxml.jackson.databind.ObjectMapper; +import com.fasterxml.jackson.datatype.jsr310.JavaTimeModule; import com.yahoo.container.core.identity.IdentityConfig; import com.yahoo.container.jdisc.athenz.AthenzIdentityProviderException; import com.yahoo.jdisc.Metric; import com.yahoo.test.ManualClock; +import com.yahoo.vespa.athenz.api.AthenzService; +import com.yahoo.vespa.athenz.identityprovider.api.EntityBindingsMapper; +import com.yahoo.vespa.athenz.identityprovider.api.IdentityDocument; +import com.yahoo.vespa.athenz.identityprovider.api.SignedIdentityDocument; +import com.yahoo.vespa.athenz.identityprovider.api.VespaUniqueInstanceId; import com.yahoo.vespa.athenz.tls.KeyStoreBuilder; import com.yahoo.vespa.athenz.tls.KeyStoreUtils; import org.junit.Rule; @@ -15,10 +23,12 @@ import org.mockito.stubbing.Answer; import java.io.File; import java.io.IOException; +import java.net.URI; import java.security.KeyStore; import java.security.cert.X509Certificate; import java.time.Duration; import java.time.Instant; +import java.util.Collections; import java.util.Date; import java.util.concurrent.ScheduledExecutorService; import java.util.function.Supplier; @@ -121,17 +131,19 @@ public class AthenzIdentityProviderImplTest { return file; } - private static String getIdentityDocument() { - return "{\n" + - " \"identity-document\": \"eyJwcm92aWRlci11bmlxdWUtaWQiOnsidGVuYW50IjoidGVuYW50IiwiYXBwbGljYXRpb24iOiJhcHBsaWNhdGlvbiIsImVudmlyb25tZW50IjoiZGV2IiwicmVnaW9uIjoidXMtbm9ydGgtMSIsImluc3RhbmNlIjoiZGVmYXVsdCIsImNsdXN0ZXItaWQiOiJkZWZhdWx0IiwiY2x1c3Rlci1pbmRleCI6MH0sImNvbmZpZ3NlcnZlci1ob3N0bmFtZSI6ImxvY2FsaG9zdCIsImluc3RhbmNlLWhvc3RuYW1lIjoieC55LmNvbSIsImNyZWF0ZWQtYXQiOjE1MDg3NDgyODUuNzQyMDAwMDAwfQ==\",\n" + - " \"signature\": \"kkEJB/98cy1FeXxzSjtvGH2a6BFgZu/9/kzCcAqRMZjENxnw5jyO1/bjZVzw2Sz4YHPsWSx2uxb32hiQ0U8rMP0zfA9nERIalSP0jB/hMU8laezGhdpk6VKZPJRC6YKAB9Bsv2qUIfMsSxkMqf66GUvjZAGaYsnNa2yHc1jIYHOGMeJO+HNPYJjGv26xPfAOPIKQzs3RmKrc3FoweTCsIwm5oblqekdJvVWYe0obwlOSB5uwc1zpq3Ie1QBFtJRuCGMVHg1pDPxXKBHLClGIrEvzLmICy6IRdHszSO5qiwujUD7sbrbM0sB/u0cYucxbcsGRUmBvme3UAw2mW9POVQ==\",\n" + - " \"signing-key-version\": 0,\n" + - " \"provider-unique-id\": \"tenant.application.dev.us-north-1.default.default.0\",\n" + - " \"dns-suffix\": \"dnsSuffix\",\n" + - " \"provider-service\": \"service\",\n" + - " \"zts-endpoint\": \"localhost/zts\", \n" + - " \"document-version\": 1\n" + - "}"; - + private static String getIdentityDocument() throws JsonProcessingException { + VespaUniqueInstanceId instanceId = new VespaUniqueInstanceId(0, "default", "default", "application", "tenant", "us-north-1", "dev"); + SignedIdentityDocument signedIdentityDocument = new SignedIdentityDocument( + new IdentityDocument(instanceId, "localhost", "x.y.com", Instant.EPOCH, Collections.emptySet()), + "dummysignature", + 0, + instanceId, + "dev-us-north-1.vespa.cloud", + new AthenzService("vespa.vespa.provider_dev_us-north-1"), + URI.create("https://zts:4443/zts/v1"), + 1); + + return new ObjectMapper().registerModule(new JavaTimeModule()) + .writeValueAsString(EntityBindingsMapper.toSignedIdentityDocumentEntity(signedIdentityDocument)); } } |