diff options
author | Bjørn Christian Seime <bjorncs@verizonmedia.com> | 2021-03-17 18:02:19 +0100 |
---|---|---|
committer | Bjørn Christian Seime <bjorncs@verizonmedia.com> | 2021-04-21 14:40:06 +0200 |
commit | e3f754b6bac836d45374a5a57e426aa9bfc7bead (patch) | |
tree | 74bcd301839461ed9229a3326d9d6bffcd164d7e /zookeeper-server/zookeeper-server-common/src/test/java/com/yahoo | |
parent | 1f02cb563b04142807818c9c7d7ba3bc32ba70c9 (diff) |
Generate server ZK TLS config using Vespa mTLS config
Server ZK TLS config follows Vespa mTLS config and is no longer controlled by feature flag.
Diffstat (limited to 'zookeeper-server/zookeeper-server-common/src/test/java/com/yahoo')
-rw-r--r-- | zookeeper-server/zookeeper-server-common/src/test/java/com/yahoo/vespa/zookeeper/ConfiguratorTest.java | 56 |
1 files changed, 15 insertions, 41 deletions
diff --git a/zookeeper-server/zookeeper-server-common/src/test/java/com/yahoo/vespa/zookeeper/ConfiguratorTest.java b/zookeeper-server/zookeeper-server-common/src/test/java/com/yahoo/vespa/zookeeper/ConfiguratorTest.java index 47fed6fceac..c40b7cb7b52 100644 --- a/zookeeper-server/zookeeper-server-common/src/test/java/com/yahoo/vespa/zookeeper/ConfiguratorTest.java +++ b/zookeeper-server/zookeeper-server-common/src/test/java/com/yahoo/vespa/zookeeper/ConfiguratorTest.java @@ -7,6 +7,7 @@ import com.yahoo.security.X509CertificateBuilder; import com.yahoo.security.tls.AuthorizationMode; import com.yahoo.security.tls.DefaultTlsContext; import com.yahoo.security.tls.HostnameVerification; +import com.yahoo.security.tls.MixedMode; import com.yahoo.security.tls.PeerAuthentication; import com.yahoo.security.tls.TlsContext; import com.yahoo.security.tls.policy.AuthorizedPeers; @@ -24,14 +25,12 @@ import java.nio.file.Files; import java.security.KeyPair; import java.security.cert.X509Certificate; import java.util.List; -import java.util.Optional; import java.util.Set; -import static com.yahoo.cloud.config.ZookeeperServerConfig.TlsForClientServerCommunication; -import static com.yahoo.cloud.config.ZookeeperServerConfig.TlsForQuorumCommunication; import static com.yahoo.security.KeyAlgorithm.EC; import static com.yahoo.security.SignatureAlgorithm.SHA256_WITH_ECDSA; import static com.yahoo.vespa.defaults.Defaults.getDefaults; +import static com.yahoo.vespa.zookeeper.Configurator.VespaTlsConfig; import static com.yahoo.vespa.zookeeper.Configurator.ZOOKEEPER_JUTE_MAX_BUFFER; import static java.time.Instant.EPOCH; import static java.time.temporal.ChronoUnit.DAYS; @@ -57,7 +56,7 @@ public class ConfiguratorTest { @Test public void config_is_written_correctly_when_one_server() { ZookeeperServerConfig.Builder builder = createConfigBuilderForSingleHost(cfgFile, idFile); - new Configurator(builder.build()).writeConfigToDisk(Optional.empty()); + new Configurator(builder.build()).writeConfigToDisk(VespaTlsConfig.tlsDisabled()); validateConfigFileSingleHost(cfgFile); validateIdFile(idFile, "0\n"); } @@ -71,39 +70,25 @@ public class ConfiguratorTest { builder.server(newServer(2, "baz", 345, 543, true)); builder.myidFile(idFile.getAbsolutePath()); builder.myid(1); - new Configurator(builder.build()).writeConfigToDisk(Optional.empty()); + new Configurator(builder.build()).writeConfigToDisk(VespaTlsConfig.tlsDisabled()); validateConfigFileMultipleHosts(cfgFile); validateIdFile(idFile, "1\n"); } @Test - public void config_is_written_correctly_with_tls_for_quorum_communication_port_unification() { + public void config_is_written_correctly_with_tls_for_quorum_communication_tls_with_mixed_mode() { ZookeeperServerConfig.Builder builder = createConfigBuilderForSingleHost(cfgFile, idFile); - builder.tlsForQuorumCommunication(TlsForQuorumCommunication.PORT_UNIFICATION); - builder.tlsForClientServerCommunication(TlsForClientServerCommunication.PORT_UNIFICATION); TlsContext tlsContext = createTlsContext(); - new Configurator(builder.build()).writeConfigToDisk(Optional.of(tlsContext)); - validateConfigFilePortUnification(cfgFile); + new Configurator(builder.build()).writeConfigToDisk(new VespaTlsConfig(tlsContext, MixedMode.TLS_CLIENT_MIXED_SERVER)); + validateConfigFileTlsWithMixedMode(cfgFile); } @Test - public void config_is_written_correctly_with_tls_for_quorum_communication_tls_with_port_unification() { + public void config_is_written_correctly_with_tls_for_quorum_communication_tls_without_mixed_mode() { ZookeeperServerConfig.Builder builder = createConfigBuilderForSingleHost(cfgFile, idFile); - builder.tlsForQuorumCommunication(TlsForQuorumCommunication.TLS_WITH_PORT_UNIFICATION); - builder.tlsForClientServerCommunication(TlsForClientServerCommunication.TLS_WITH_PORT_UNIFICATION); TlsContext tlsContext = createTlsContext(); - new Configurator(builder.build()).writeConfigToDisk(Optional.of(tlsContext)); - validateConfigFileTlsWithPortUnification(cfgFile); - } - - @Test - public void config_is_written_correctly_with_tls_for_quorum_communication_tls_only() { - ZookeeperServerConfig.Builder builder = createConfigBuilderForSingleHost(cfgFile, idFile); - builder.tlsForQuorumCommunication(TlsForQuorumCommunication.TLS_ONLY); - builder.tlsForClientServerCommunication(TlsForClientServerCommunication.TLS_ONLY); - TlsContext tlsContext = createTlsContext(); - new Configurator(builder.build()).writeConfigToDisk(Optional.of(tlsContext)); - validateConfigFileTlsOnly(cfgFile); + new Configurator(builder.build()).writeConfigToDisk(new VespaTlsConfig(tlsContext, MixedMode.DISABLED)); + validateConfigFileTlsWithoutMixedMode(cfgFile); } @Test(expected = RuntimeException.class) @@ -113,7 +98,7 @@ public class ConfiguratorTest { builder.server(newServer(1, "bar", 234, 432, false)); builder.server(newServer(2, "baz", 345, 543, false)); builder.myid(0); - new Configurator(builder.build()).writeConfigToDisk(Optional.empty()); + new Configurator(builder.build()).writeConfigToDisk(VespaTlsConfig.tlsDisabled()); } @Test @@ -127,12 +112,12 @@ public class ConfiguratorTest { builder.zooKeeperConfigFile(cfgFile.getAbsolutePath()); builder.myidFile(idFile.getAbsolutePath()); - new Configurator(builder.build()).writeConfigToDisk(Optional.empty()); + new Configurator(builder.build()).writeConfigToDisk(VespaTlsConfig.tlsDisabled()); assertEquals("" + new ZookeeperServerConfig(builder).juteMaxBuffer(), System.getProperty(ZOOKEEPER_JUTE_MAX_BUFFER)); final int max_buffer = 1; builder.juteMaxBuffer(max_buffer); - new Configurator(builder.build()).writeConfigToDisk(Optional.empty()); + new Configurator(builder.build()).writeConfigToDisk(VespaTlsConfig.tlsDisabled()); assertEquals("" + max_buffer, System.getProperty(ZOOKEEPER_JUTE_MAX_BUFFER)); } @@ -216,19 +201,8 @@ public class ConfiguratorTest { validateConfigFile(cfgFile, expected); } - private void validateConfigFilePortUnification(File cfgFile) { - String expected = - commonConfig() + - "server.0=foo:321:123;2181\n" + - "sslQuorum=false\n" + - "portUnification=true\n" + - tlsQuorumConfig() + - "client.portUnification=true\n" + - tlsClientServerConfig(); - validateConfigFile(cfgFile, expected); - } - private void validateConfigFileTlsWithPortUnification(File cfgFile) { + private void validateConfigFileTlsWithMixedMode(File cfgFile) { String expected = commonConfig() + "server.0=foo:321:123;2181\n" + @@ -240,7 +214,7 @@ public class ConfiguratorTest { validateConfigFile(cfgFile, expected); } - private void validateConfigFileTlsOnly(File cfgFile) { + private void validateConfigFileTlsWithoutMixedMode(File cfgFile) { String expected = commonConfig() + "server.0=foo:321:123;2181\n" + |