Generate server ZK TLS config using Vespa mTLS config

Server ZK TLS config follows Vespa mTLS config and is no longer controlled by feature flag.

1 files changed, 15 insertions, 41 deletions

diff --git a/zookeeper-server/zookeeper-server-common/src/test/java/com/yahoo/vespa/zookeeper/ConfiguratorTest.java b/zookeeper-server/zookeeper-server-common/src/test/java/com/yahoo/vespa/zookeeper/ConfiguratorTest.java
index 47fed6fceac..c40b7cb7b52 100644
--- a/zookeeper-server/zookeeper-server-common/src/test/java/com/yahoo/vespa/zookeeper/ConfiguratorTest.java
+++ b/zookeeper-server/zookeeper-server-common/src/test/java/com/yahoo/vespa/zookeeper/ConfiguratorTest.java
@@ -7,6 +7,7 @@ import com.yahoo.security.X509CertificateBuilder;
 import com.yahoo.security.tls.AuthorizationMode;
 import com.yahoo.security.tls.DefaultTlsContext;
 import com.yahoo.security.tls.HostnameVerification;
+import com.yahoo.security.tls.MixedMode;
 import com.yahoo.security.tls.PeerAuthentication;
 import com.yahoo.security.tls.TlsContext;
 import com.yahoo.security.tls.policy.AuthorizedPeers;
@@ -24,14 +25,12 @@ import java.nio.file.Files;
 import java.security.KeyPair;
 import java.security.cert.X509Certificate;
 import java.util.List;
-import java.util.Optional;
 import java.util.Set;
 
-import static com.yahoo.cloud.config.ZookeeperServerConfig.TlsForClientServerCommunication;
-import static com.yahoo.cloud.config.ZookeeperServerConfig.TlsForQuorumCommunication;
 import static com.yahoo.security.KeyAlgorithm.EC;
 import static com.yahoo.security.SignatureAlgorithm.SHA256_WITH_ECDSA;
 import static com.yahoo.vespa.defaults.Defaults.getDefaults;
+import static com.yahoo.vespa.zookeeper.Configurator.VespaTlsConfig;
 import static com.yahoo.vespa.zookeeper.Configurator.ZOOKEEPER_JUTE_MAX_BUFFER;
 import static java.time.Instant.EPOCH;
 import static java.time.temporal.ChronoUnit.DAYS;
@@ -57,7 +56,7 @@ public class ConfiguratorTest {
     @Test
     public void config_is_written_correctly_when_one_server() {
         ZookeeperServerConfig.Builder builder = createConfigBuilderForSingleHost(cfgFile, idFile);
-        new Configurator(builder.build()).writeConfigToDisk(Optional.empty());
+        new Configurator(builder.build()).writeConfigToDisk(VespaTlsConfig.tlsDisabled());
         validateConfigFileSingleHost(cfgFile);
         validateIdFile(idFile, "0\n");
     }
@@ -71,39 +70,25 @@ public class ConfiguratorTest {
         builder.server(newServer(2, "baz", 345, 543, true));
         builder.myidFile(idFile.getAbsolutePath());
         builder.myid(1);
-        new Configurator(builder.build()).writeConfigToDisk(Optional.empty());
+        new Configurator(builder.build()).writeConfigToDisk(VespaTlsConfig.tlsDisabled());
         validateConfigFileMultipleHosts(cfgFile);
         validateIdFile(idFile, "1\n");
     }
 
     @Test
-    public void config_is_written_correctly_with_tls_for_quorum_communication_port_unification() {
+    public void config_is_written_correctly_with_tls_for_quorum_communication_tls_with_mixed_mode() {
         ZookeeperServerConfig.Builder builder = createConfigBuilderForSingleHost(cfgFile, idFile);
-        builder.tlsForQuorumCommunication(TlsForQuorumCommunication.PORT_UNIFICATION);
-        builder.tlsForClientServerCommunication(TlsForClientServerCommunication.PORT_UNIFICATION);
         TlsContext tlsContext = createTlsContext();
-        new Configurator(builder.build()).writeConfigToDisk(Optional.of(tlsContext));
-        validateConfigFilePortUnification(cfgFile);
+        new Configurator(builder.build()).writeConfigToDisk(new VespaTlsConfig(tlsContext, MixedMode.TLS_CLIENT_MIXED_SERVER));
+        validateConfigFileTlsWithMixedMode(cfgFile);
     }
 
     @Test
-    public void config_is_written_correctly_with_tls_for_quorum_communication_tls_with_port_unification() {
+    public void config_is_written_correctly_with_tls_for_quorum_communication_tls_without_mixed_mode() {
         ZookeeperServerConfig.Builder builder = createConfigBuilderForSingleHost(cfgFile, idFile);
-        builder.tlsForQuorumCommunication(TlsForQuorumCommunication.TLS_WITH_PORT_UNIFICATION);
-        builder.tlsForClientServerCommunication(TlsForClientServerCommunication.TLS_WITH_PORT_UNIFICATION);
         TlsContext tlsContext = createTlsContext();
-        new Configurator(builder.build()).writeConfigToDisk(Optional.of(tlsContext));
-        validateConfigFileTlsWithPortUnification(cfgFile);
-    }
-
-    @Test
-    public void config_is_written_correctly_with_tls_for_quorum_communication_tls_only() {
-        ZookeeperServerConfig.Builder builder = createConfigBuilderForSingleHost(cfgFile, idFile);
-        builder.tlsForQuorumCommunication(TlsForQuorumCommunication.TLS_ONLY);
-        builder.tlsForClientServerCommunication(TlsForClientServerCommunication.TLS_ONLY);
-        TlsContext tlsContext = createTlsContext();
-        new Configurator(builder.build()).writeConfigToDisk(Optional.of(tlsContext));
-        validateConfigFileTlsOnly(cfgFile);
+        new Configurator(builder.build()).writeConfigToDisk(new VespaTlsConfig(tlsContext, MixedMode.DISABLED));
+        validateConfigFileTlsWithoutMixedMode(cfgFile);
     }
 
     @Test(expected = RuntimeException.class)
@@ -113,7 +98,7 @@ public class ConfiguratorTest {
         builder.server(newServer(1, "bar", 234, 432, false));
         builder.server(newServer(2, "baz", 345, 543, false));
         builder.myid(0);
-        new Configurator(builder.build()).writeConfigToDisk(Optional.empty());
+        new Configurator(builder.build()).writeConfigToDisk(VespaTlsConfig.tlsDisabled());
     }
 
     @Test
@@ -127,12 +112,12 @@ public class ConfiguratorTest {
         builder.zooKeeperConfigFile(cfgFile.getAbsolutePath());
         builder.myidFile(idFile.getAbsolutePath());
 
-        new Configurator(builder.build()).writeConfigToDisk(Optional.empty());
+        new Configurator(builder.build()).writeConfigToDisk(VespaTlsConfig.tlsDisabled());
         assertEquals("" + new ZookeeperServerConfig(builder).juteMaxBuffer(), System.getProperty(ZOOKEEPER_JUTE_MAX_BUFFER));
 
         final int max_buffer = 1;
         builder.juteMaxBuffer(max_buffer);
-        new Configurator(builder.build()).writeConfigToDisk(Optional.empty());
+        new Configurator(builder.build()).writeConfigToDisk(VespaTlsConfig.tlsDisabled());
         assertEquals("" + max_buffer, System.getProperty(ZOOKEEPER_JUTE_MAX_BUFFER));
     }
 
@@ -216,19 +201,8 @@ public class ConfiguratorTest {
         validateConfigFile(cfgFile, expected);
     }
 
-    private void validateConfigFilePortUnification(File cfgFile) {
-        String expected =
-                commonConfig() +
-                "server.0=foo:321:123;2181\n" +
-                "sslQuorum=false\n" +
-                "portUnification=true\n" +
-                tlsQuorumConfig() +
-                "client.portUnification=true\n" +
-                tlsClientServerConfig();
-        validateConfigFile(cfgFile, expected);
-    }
 
-    private void validateConfigFileTlsWithPortUnification(File cfgFile) {
+    private void validateConfigFileTlsWithMixedMode(File cfgFile) {
         String expected =
                 commonConfig() +
                 "server.0=foo:321:123;2181\n" +
@@ -240,7 +214,7 @@ public class ConfiguratorTest {
         validateConfigFile(cfgFile, expected);
     }
 
-    private void validateConfigFileTlsOnly(File cfgFile) {
+    private void validateConfigFileTlsWithoutMixedMode(File cfgFile) {
         String expected =
                 commonConfig() +
                 "server.0=foo:321:123;2181\n" +