diff options
Diffstat (limited to 'athenz-identity-provider-service/src')
8 files changed, 82 insertions, 493 deletions
diff --git a/athenz-identity-provider-service/src/main/java/com/yahoo/vespa/hosted/athenz/instanceproviderservice/AthenzInstanceProviderService.java b/athenz-identity-provider-service/src/main/java/com/yahoo/vespa/hosted/athenz/instanceproviderservice/AthenzInstanceProviderService.java deleted file mode 100644 index e6280abfacb..00000000000 --- a/athenz-identity-provider-service/src/main/java/com/yahoo/vespa/hosted/athenz/instanceproviderservice/AthenzInstanceProviderService.java +++ /dev/null @@ -1,205 +0,0 @@ -// Copyright 2017 Yahoo Holdings. Licensed under the terms of the Apache 2.0 license. See LICENSE in the project root. -package com.yahoo.vespa.hosted.athenz.instanceproviderservice; - -import com.google.inject.Inject; -import com.yahoo.component.AbstractComponent; -import com.yahoo.config.model.api.SuperModelProvider; -import com.yahoo.config.provision.SystemName; -import com.yahoo.config.provision.Zone; -import com.yahoo.jdisc.http.SecretStore; -import com.yahoo.log.LogLevel; -import com.yahoo.net.HostName; -import com.yahoo.vespa.hosted.athenz.instanceproviderservice.ca.CertificateSigner; -import com.yahoo.vespa.hosted.athenz.instanceproviderservice.config.AthenzProviderServiceConfig; -import com.yahoo.vespa.hosted.athenz.instanceproviderservice.impl.AthenzCertificateClient; -import com.yahoo.vespa.hosted.athenz.instanceproviderservice.impl.CertificateClient; -import com.yahoo.vespa.hosted.athenz.instanceproviderservice.impl.IdentityDocumentGenerator; -import com.yahoo.vespa.hosted.athenz.instanceproviderservice.impl.InstanceValidator; -import com.yahoo.vespa.hosted.athenz.instanceproviderservice.impl.KeyProvider; -import com.yahoo.vespa.hosted.athenz.instanceproviderservice.impl.SecretStoreKeyProvider; -import com.yahoo.vespa.hosted.athenz.instanceproviderservice.impl.StatusServlet; -import com.yahoo.vespa.hosted.provision.NodeRepository; -import org.eclipse.jetty.server.Server; -import org.eclipse.jetty.server.ServerConnector; -import org.eclipse.jetty.servlet.ServletHandler; -import org.eclipse.jetty.util.ssl.SslContextFactory; - -import java.security.KeyStore; -import java.security.PrivateKey; -import java.security.cert.Certificate; -import java.security.cert.X509Certificate; -import java.time.Duration; -import java.time.temporal.TemporalAmount; -import java.util.concurrent.Executors; -import java.util.concurrent.ScheduledExecutorService; -import java.util.concurrent.TimeUnit; -import java.util.logging.Logger; - -/** - * A component acting as both SIA for configserver and provides a lightweight Jetty instance hosting the InstanceConfirmation API - * - * @author bjorncs - */ -public class AthenzInstanceProviderService extends AbstractComponent { - - private static final Logger log = Logger.getLogger(AthenzInstanceProviderService.class.getName()); - - private final ScheduledExecutorService scheduler; - private final Server jetty; - - @Inject - public AthenzInstanceProviderService(AthenzProviderServiceConfig config, SuperModelProvider superModelProvider, - NodeRepository nodeRepository, Zone zone, SecretStore secretStore) { - this(config, new SecretStoreKeyProvider(secretStore, getZoneConfig(config, zone).secretName()), Executors.newSingleThreadScheduledExecutor(), - superModelProvider, nodeRepository, zone, new AthenzCertificateClient(config, getZoneConfig(config, zone)), createSslContextFactory()); - } - - private AthenzInstanceProviderService(AthenzProviderServiceConfig config, - KeyProvider keyProvider, - ScheduledExecutorService scheduler, - SuperModelProvider superModelProvider, - NodeRepository nodeRepository, - Zone zone, - CertificateClient certificateClient, - SslContextFactory sslContextFactory) { - this(config, scheduler, zone, sslContextFactory, - new CertificateSigner(keyProvider, getZoneConfig(config, zone), HostName.getLocalhost()), - new InstanceValidator(keyProvider, superModelProvider), - new IdentityDocumentGenerator(config, getZoneConfig(config, zone), nodeRepository, zone, keyProvider), - new AthenzCertificateUpdater( - certificateClient, sslContextFactory, keyProvider, config, getZoneConfig(config, zone))); - } - - AthenzInstanceProviderService(AthenzProviderServiceConfig config, - ScheduledExecutorService scheduler, - Zone zone, - SslContextFactory sslContextFactory, - CertificateSigner certificateSigner, - InstanceValidator instanceValidator, - IdentityDocumentGenerator identityDocumentGenerator, - AthenzCertificateUpdater reloader) { - // TODO: Enable for all systems. Currently enabled for CD system only - if (SystemName.cd.equals(zone.system())) { - this.scheduler = scheduler; - this.jetty = createJettyServer(config, sslContextFactory, - certificateSigner, instanceValidator, identityDocumentGenerator); - - // TODO Configurable update frequency - scheduler.scheduleAtFixedRate(reloader, 0, 1, TimeUnit.DAYS); - try { - jetty.start(); - } catch (Exception e) { - throw new RuntimeException(e); - } - } else { - this.scheduler = null; - this.jetty = null; - } - } - - private static Server createJettyServer(AthenzProviderServiceConfig config, - SslContextFactory sslContextFactory, - CertificateSigner certificateSigner, - InstanceValidator instanceValidator, - IdentityDocumentGenerator identityDocumentGenerator) { - Server server = new Server(); - ServerConnector connector = new ServerConnector(server, sslContextFactory); - connector.setPort(config.port()); - server.addConnector(connector); - - ServletHandler handler = new ServletHandler(); - - handler.addServletWithMapping(StatusServlet.class, "/status.html"); - server.setHandler(handler); - return server; - - } - - private static AthenzProviderServiceConfig.Zones getZoneConfig(AthenzProviderServiceConfig config, Zone zone) { - String key = zone.environment().value() + "." + zone.region().value(); - return config.zones(key); - } - - static SslContextFactory createSslContextFactory() { - try { - SslContextFactory sslContextFactory = new SslContextFactory(); - sslContextFactory.setWantClientAuth(true); - sslContextFactory.setProtocol("TLS"); - sslContextFactory.setKeyManagerFactoryAlgorithm("SunX509"); - return sslContextFactory; - } catch (Exception e) { - throw new IllegalArgumentException("Failed to create SSL context factory: " + e.getMessage(), e); - } - } - - static class AthenzCertificateUpdater implements Runnable { - - // TODO Make expiry a configuration parameter - private static final TemporalAmount EXPIRY_TIME = Duration.ofDays(30); - private static final Logger log = Logger.getLogger(AthenzCertificateUpdater.class.getName()); - - private final CertificateClient certificateClient; - private final SslContextFactory sslContextFactory; - private final KeyProvider keyProvider; - private final AthenzProviderServiceConfig config; - private final AthenzProviderServiceConfig.Zones zoneConfig; - - AthenzCertificateUpdater(CertificateClient certificateClient, - SslContextFactory sslContextFactory, - KeyProvider keyProvider, - AthenzProviderServiceConfig config, - AthenzProviderServiceConfig.Zones zoneConfig) { - this.certificateClient = certificateClient; - this.sslContextFactory = sslContextFactory; - this.keyProvider = keyProvider; - this.config = config; - this.zoneConfig = zoneConfig; - } - - @Override - public void run() { - try { - log.log(LogLevel.INFO, "Updating Athenz certificate through ZTS"); - PrivateKey privateKey = keyProvider.getPrivateKey(zoneConfig.secretVersion()); - X509Certificate certificate = certificateClient.updateCertificate(privateKey, EXPIRY_TIME); - - String dummyPassword = "athenz"; - KeyStore keyStore = KeyStore.getInstance("JKS"); - keyStore.load(null); - keyStore.setKeyEntry("athenz", - privateKey, - dummyPassword.toCharArray(), - new Certificate[]{certificate}); - - sslContextFactory.reload(sslContextFactory -> { - sslContextFactory.setKeyStore(keyStore); - sslContextFactory.setKeyStorePassword(dummyPassword); - }); - log.log(LogLevel.INFO, "Athenz certificate reload successfully completed"); - } catch (Throwable e) { - log.log(LogLevel.ERROR, "Failed to update certificate from ZTS: " + e.getMessage(), e); - } - } - } - - @Override - public void deconstruct() { - try { - // TODO: Fix deconstruct when setup properly in all zones - log.log(LogLevel.INFO, "Deconstructing Athenz provider service"); - if(scheduler != null) - scheduler.shutdown(); - if(jetty != null) - jetty.stop(); - if (scheduler != null && !scheduler.awaitTermination(1, TimeUnit.MINUTES)) { - log.log(LogLevel.ERROR, "Failed to stop certificate updater"); - } - } catch (InterruptedException e) { - log.log(LogLevel.ERROR, "Failed to stop certificate updater: " + e.getMessage(), e); - } catch (Exception e) { - log.log(LogLevel.ERROR, "Failed to stop Jetty: " + e.getMessage(), e); - } finally { - super.deconstruct(); - } - } -} diff --git a/athenz-identity-provider-service/src/main/java/com/yahoo/vespa/hosted/athenz/instanceproviderservice/impl/FileBackedKeyProvider.java b/athenz-identity-provider-service/src/main/java/com/yahoo/vespa/hosted/athenz/instanceproviderservice/impl/FileBackedKeyProvider.java deleted file mode 100644 index 40a2a1dbcc9..00000000000 --- a/athenz-identity-provider-service/src/main/java/com/yahoo/vespa/hosted/athenz/instanceproviderservice/impl/FileBackedKeyProvider.java +++ /dev/null @@ -1,44 +0,0 @@ -// Copyright 2017 Yahoo Holdings. Licensed under the terms of the Apache 2.0 license. See LICENSE in the project root. -package com.yahoo.vespa.hosted.athenz.instanceproviderservice.impl; - -import com.yahoo.athenz.auth.util.Crypto; - -import java.io.File; -import java.io.IOException; -import java.io.UncheckedIOException; -import java.nio.file.Files; -import java.security.PrivateKey; -import java.security.PublicKey; - -/** - * @author bjorncs - */ -public class FileBackedKeyProvider implements KeyProvider { - - private final String keyPathPrefix; - - public FileBackedKeyProvider(String keyPathPrefix) { - this.keyPathPrefix = keyPathPrefix; - } - - @Override - public PrivateKey getPrivateKey(int version) { - return Crypto.loadPrivateKey(readPemStringFromFile(new File(keyPathPrefix + ".priv." + version))); - } - - @Override - public PublicKey getPublicKey(int version) { - return Crypto.loadPublicKey(readPemStringFromFile(new File(keyPathPrefix + ".pub." + version))); - } - - private static String readPemStringFromFile(File file) { - try { - if (!file.exists() || !file.isFile()) { - throw new IllegalArgumentException("Key missing: " + file.getAbsolutePath()); - } - return new String(Files.readAllBytes(file.toPath())); - } catch (IOException e) { - throw new UncheckedIOException(e); - } - } -} diff --git a/athenz-identity-provider-service/src/main/java/com/yahoo/vespa/hosted/athenz/instanceproviderservice/impl/StatusServlet.java b/athenz-identity-provider-service/src/main/java/com/yahoo/vespa/hosted/athenz/instanceproviderservice/impl/StatusServlet.java deleted file mode 100644 index fd5ba5843aa..00000000000 --- a/athenz-identity-provider-service/src/main/java/com/yahoo/vespa/hosted/athenz/instanceproviderservice/impl/StatusServlet.java +++ /dev/null @@ -1,21 +0,0 @@ -// Copyright 2017 Yahoo Holdings. Licensed under the terms of the Apache 2.0 license. See LICENSE in the project root. -package com.yahoo.vespa.hosted.athenz.instanceproviderservice.impl; - -import javax.servlet.ServletException; -import javax.servlet.http.HttpServlet; -import javax.servlet.http.HttpServletRequest; -import javax.servlet.http.HttpServletResponse; -import java.io.IOException; - -/** - * A simple status servlet that should return status code 200 as long as the provider service servlet is up. - * - * @author bjorncs - */ -public class StatusServlet extends HttpServlet { - - @Override - protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException { - resp.setStatus(HttpServletResponse.SC_OK); - } -} diff --git a/athenz-identity-provider-service/src/test/java/com/yahoo/vespa/hosted/athenz/instanceproviderservice/AthenzInstanceProviderServiceTest.java b/athenz-identity-provider-service/src/test/java/com/yahoo/vespa/hosted/athenz/instanceproviderservice/AthenzInstanceProviderServiceTest.java deleted file mode 100644 index c58e86f7585..00000000000 --- a/athenz-identity-provider-service/src/test/java/com/yahoo/vespa/hosted/athenz/instanceproviderservice/AthenzInstanceProviderServiceTest.java +++ /dev/null @@ -1,218 +0,0 @@ -// Copyright 2017 Yahoo Holdings. Licensed under the terms of the Apache 2.0 license. See LICENSE in the project root. -package com.yahoo.vespa.hosted.athenz.instanceproviderservice; - -import athenz.shade.zts.jersey.repackaged.com.google.common.collect.ImmutableMap; -import com.yahoo.config.provision.Environment; -import com.yahoo.config.provision.RegionName; -import com.yahoo.config.provision.SystemName; -import com.yahoo.config.provision.Zone; -import com.yahoo.log.LogLevel; -import com.yahoo.vespa.hosted.athenz.instanceproviderservice.AthenzInstanceProviderService.AthenzCertificateUpdater; -import com.yahoo.vespa.hosted.athenz.instanceproviderservice.ca.CertificateSigner; -import com.yahoo.vespa.hosted.athenz.instanceproviderservice.config.AthenzProviderServiceConfig; -import com.yahoo.vespa.hosted.athenz.instanceproviderservice.impl.CertificateClient; -import com.yahoo.vespa.hosted.athenz.instanceproviderservice.impl.IdentityDocumentGenerator; -import com.yahoo.vespa.hosted.athenz.instanceproviderservice.impl.InstanceValidator; -import com.yahoo.vespa.hosted.athenz.instanceproviderservice.impl.KeyProvider; -import org.apache.http.HttpResponse; -import org.apache.http.HttpStatus; -import org.apache.http.client.HttpClient; -import org.apache.http.client.methods.HttpGet; -import org.apache.http.conn.ssl.NoopHostnameVerifier; -import org.apache.http.impl.client.CloseableHttpClient; -import org.apache.http.impl.client.HttpClients; -import org.apache.http.ssl.SSLContextBuilder; -import org.bouncycastle.asn1.ASN1ObjectIdentifier; -import org.bouncycastle.asn1.x500.X500Name; -import org.bouncycastle.asn1.x509.BasicConstraints; -import org.bouncycastle.cert.CertIOException; -import org.bouncycastle.cert.jcajce.JcaX509CertificateConverter; -import org.bouncycastle.cert.jcajce.JcaX509v3CertificateBuilder; -import org.bouncycastle.jce.provider.BouncyCastleProvider; -import org.bouncycastle.operator.ContentSigner; -import org.bouncycastle.operator.OperatorCreationException; -import org.bouncycastle.operator.jcajce.JcaContentSignerBuilder; -import org.eclipse.jetty.util.ssl.SslContextFactory; -import org.junit.Test; - -import javax.net.ssl.SSLContext; -import java.math.BigInteger; -import java.security.KeyManagementException; -import java.security.KeyPair; -import java.security.KeyPairGenerator; -import java.security.KeyStoreException; -import java.security.NoSuchAlgorithmException; -import java.security.PrivateKey; -import java.security.PublicKey; -import java.security.cert.CertificateException; -import java.security.cert.X509Certificate; -import java.time.temporal.TemporalAmount; -import java.util.Calendar; -import java.util.Date; -import java.util.concurrent.ScheduledExecutorService; -import java.util.logging.Logger; - -import static org.junit.Assert.assertFalse; -import static org.junit.Assert.assertTrue; -import static org.mockito.Matchers.any; -import static org.mockito.Matchers.anyLong; -import static org.mockito.Mockito.mock; -import static org.mockito.Mockito.when; - -/** - * @author bjorncs - */ -public class AthenzInstanceProviderServiceTest { - - private static final Logger log = Logger.getLogger(AthenzInstanceProviderServiceTest.class.getName()); - private static final int PORT = 12345; - private static final Zone ZONE = new Zone(SystemName.cd, Environment.dev, RegionName.from("us-north-1")); - - @Test - public void provider_service_hosts_endpoint_secured_with_tls() throws Exception { - String domain = "domain"; - String service = "service"; - - AutoGeneratedKeyProvider keyProvider = new AutoGeneratedKeyProvider(); - AthenzProviderServiceConfig config = getAthenzProviderConfig(domain, service, "vespa.dns.suffix", ZONE); - SslContextFactory sslContextFactory = AthenzInstanceProviderService.createSslContextFactory(); - AthenzCertificateUpdater certificateUpdater = new AthenzCertificateUpdater( - new SelfSignedCertificateClient(keyProvider.getKeyPair(), getZoneConfig(config, ZONE)), - sslContextFactory, - keyProvider, - config, - getZoneConfig(config, ZONE)); - - ScheduledExecutorService executor = mock(ScheduledExecutorService.class); - when(executor.awaitTermination(anyLong(), any())).thenReturn(true); - - CertificateSigner certificateSigner = mock(CertificateSigner.class); - - InstanceValidator instanceValidator = mock(InstanceValidator.class); - when(instanceValidator.isValidInstance(any())).thenReturn(true); - - IdentityDocumentGenerator identityDocumentGenerator = mock(IdentityDocumentGenerator.class); - - AthenzInstanceProviderService athenzInstanceProviderService = new AthenzInstanceProviderService( - config, executor, ZONE, sslContextFactory, certificateSigner, instanceValidator, - identityDocumentGenerator, certificateUpdater); - - try (CloseableHttpClient client = createHttpClient(domain, service)) { - assertFalse(getStatus(client)); - certificateUpdater.run(); - assertTrue(getStatus(client)); - certificateUpdater.run(); - assertTrue(getStatus(client)); - } finally { - athenzInstanceProviderService.deconstruct(); - } - } - - public static AthenzProviderServiceConfig getAthenzProviderConfig(String domain, String service, String dnsSuffix, Zone zone) { - AthenzProviderServiceConfig.Zones.Builder zoneConfig = - new AthenzProviderServiceConfig.Zones.Builder() - .serviceName(service) - .secretVersion(0) - .domain(domain) - .secretName("s3cr3t"); - - return new AthenzProviderServiceConfig( - new AthenzProviderServiceConfig.Builder() - .zones(ImmutableMap.of(zone.environment().value() + "." + zone.region().value(), zoneConfig)) - .port(PORT) - .certDnsSuffix(dnsSuffix) - .ztsUrl("localhost/zts") - .athenzPrincipalHeaderName("Athenz-Principal-Auth") - .apiPath("")); - - } - - public static AthenzProviderServiceConfig.Zones getZoneConfig(AthenzProviderServiceConfig config, Zone zone) { - return config.zones(zone.environment().value() + "." + zone.region().value()); - } - - private static boolean getStatus(HttpClient client) { - try { - HttpResponse response = client.execute(new HttpGet("https://localhost:" + PORT + "/status.html")); - return response.getStatusLine().getStatusCode() == HttpStatus.SC_OK; - } catch (Exception e) { - log.log(LogLevel.INFO, "Status.html failed: " + e); - return false; - } - } - - private static CloseableHttpClient createHttpClient(String domain, String service) - throws NoSuchAlgorithmException, KeyManagementException, KeyStoreException { - SSLContext sslContext = new SSLContextBuilder() - .loadTrustMaterial(null, (certificateChain, ignoredAuthType) -> - certificateChain[0].getSubjectX500Principal().getName().equals("CN=" + domain + "." + service)) - .build(); - - return HttpClients.custom() - .setSslcontext(sslContext) - .setSSLHostnameVerifier(new NoopHostnameVerifier()) - .build(); - } - - - public static class AutoGeneratedKeyProvider implements KeyProvider { - - private final KeyPair keyPair; - - public AutoGeneratedKeyProvider() { - try { - KeyPairGenerator rsa = KeyPairGenerator.getInstance("RSA"); - rsa.initialize(2048); - keyPair = rsa.genKeyPair(); - } catch (NoSuchAlgorithmException e) { - throw new RuntimeException(e); - } - } - - @Override - public PrivateKey getPrivateKey(int version) { - return keyPair.getPrivate(); - } - - @Override - public PublicKey getPublicKey(int version) { - return keyPair.getPublic(); - } - - public KeyPair getKeyPair() { - return keyPair; - } - } - - private static class SelfSignedCertificateClient implements CertificateClient { - - private final KeyPair keyPair; - private final AthenzProviderServiceConfig.Zones zoneConfig; - - private SelfSignedCertificateClient(KeyPair keyPair, - AthenzProviderServiceConfig.Zones zoneConfig) { - this.keyPair = keyPair; - this.zoneConfig = zoneConfig; - } - - @Override - public X509Certificate updateCertificate(PrivateKey privateKey, TemporalAmount expiryTime) { - try { - ContentSigner contentSigner = new JcaContentSignerBuilder("SHA512WithRSA").build(keyPair.getPrivate()); - X500Name dnName = new X500Name("CN=" + zoneConfig.domain() + "." + zoneConfig.serviceName()); - Calendar calendar = Calendar.getInstance(); - calendar.add(Calendar.HOUR, 1); - Date endDate = calendar.getTime(); - JcaX509v3CertificateBuilder certBuilder = new JcaX509v3CertificateBuilder( - dnName, BigInteger.ONE, new Date(), endDate, dnName, keyPair.getPublic()); - certBuilder.addExtension(new ASN1ObjectIdentifier("2.5.29.19"), true, new BasicConstraints(true)); - - return new JcaX509CertificateConverter() - .setProvider(new BouncyCastleProvider()) - .getCertificate(certBuilder.build(contentSigner)); - } catch (CertificateException | CertIOException | OperatorCreationException e) { - throw new RuntimeException(e); - } - } - } -} diff --git a/athenz-identity-provider-service/src/test/java/com/yahoo/vespa/hosted/athenz/instanceproviderservice/AutoGeneratedKeyProvider.java b/athenz-identity-provider-service/src/test/java/com/yahoo/vespa/hosted/athenz/instanceproviderservice/AutoGeneratedKeyProvider.java new file mode 100644 index 00000000000..3096eca0313 --- /dev/null +++ b/athenz-identity-provider-service/src/test/java/com/yahoo/vespa/hosted/athenz/instanceproviderservice/AutoGeneratedKeyProvider.java @@ -0,0 +1,42 @@ +// Copyright 2017 Yahoo Holdings. Licensed under the terms of the Apache 2.0 license. See LICENSE in the project root. +package com.yahoo.vespa.hosted.athenz.instanceproviderservice; + +import com.yahoo.vespa.hosted.athenz.instanceproviderservice.impl.KeyProvider; + +import java.security.KeyPair; +import java.security.KeyPairGenerator; +import java.security.NoSuchAlgorithmException; +import java.security.PrivateKey; +import java.security.PublicKey; + +/** + * @author bjorncs + */ +public class AutoGeneratedKeyProvider implements KeyProvider { + + private final KeyPair keyPair; + + public AutoGeneratedKeyProvider() { + try { + KeyPairGenerator rsa = KeyPairGenerator.getInstance("RSA"); + rsa.initialize(2048); + keyPair = rsa.genKeyPair(); + } catch (NoSuchAlgorithmException e) { + throw new RuntimeException(e); + } + } + + @Override + public PrivateKey getPrivateKey(int version) { + return keyPair.getPrivate(); + } + + @Override + public PublicKey getPublicKey(int version) { + return keyPair.getPublic(); + } + + public KeyPair getKeyPair() { + return keyPair; + } +} diff --git a/athenz-identity-provider-service/src/test/java/com/yahoo/vespa/hosted/athenz/instanceproviderservice/TestUtils.java b/athenz-identity-provider-service/src/test/java/com/yahoo/vespa/hosted/athenz/instanceproviderservice/TestUtils.java new file mode 100644 index 00000000000..c851ca2d6c3 --- /dev/null +++ b/athenz-identity-provider-service/src/test/java/com/yahoo/vespa/hosted/athenz/instanceproviderservice/TestUtils.java @@ -0,0 +1,35 @@ +// Copyright 2017 Yahoo Holdings. Licensed under the terms of the Apache 2.0 license. See LICENSE in the project root. +package com.yahoo.vespa.hosted.athenz.instanceproviderservice; + +import com.google.common.collect.ImmutableMap; +import com.yahoo.config.provision.Zone; +import com.yahoo.vespa.hosted.athenz.instanceproviderservice.config.AthenzProviderServiceConfig; + +/** + * @author bjorncs + */ +public class TestUtils { + + private static final int PORT = 12345; + + public static AthenzProviderServiceConfig getAthenzProviderConfig(String domain, + String service, + String dnsSuffix, + Zone zone) { + AthenzProviderServiceConfig.Zones.Builder zoneConfig = + new AthenzProviderServiceConfig.Zones.Builder() + .serviceName(service) + .secretVersion(0) + .domain(domain) + .secretName("s3cr3t"); + return new AthenzProviderServiceConfig( + new AthenzProviderServiceConfig.Builder() + .zones(ImmutableMap.of(zone.environment().value() + "." + zone.region().value(), zoneConfig)) + .port(PORT) + .certDnsSuffix(dnsSuffix) + .ztsUrl("localhost/zts") + .athenzPrincipalHeaderName("Athenz-Principal-Auth") + .apiPath("")); + } + +} diff --git a/athenz-identity-provider-service/src/test/java/com/yahoo/vespa/hosted/athenz/instanceproviderservice/impl/IdentityDocumentGeneratorTest.java b/athenz-identity-provider-service/src/test/java/com/yahoo/vespa/hosted/athenz/instanceproviderservice/impl/IdentityDocumentGeneratorTest.java index ae725e6ac06..f18af3f3db8 100644 --- a/athenz-identity-provider-service/src/test/java/com/yahoo/vespa/hosted/athenz/instanceproviderservice/impl/IdentityDocumentGeneratorTest.java +++ b/athenz-identity-provider-service/src/test/java/com/yahoo/vespa/hosted/athenz/instanceproviderservice/impl/IdentityDocumentGeneratorTest.java @@ -13,7 +13,7 @@ import com.yahoo.config.provision.RegionName; import com.yahoo.config.provision.SystemName; import com.yahoo.config.provision.TenantName; import com.yahoo.config.provision.Zone; -import com.yahoo.vespa.hosted.athenz.instanceproviderservice.AthenzInstanceProviderServiceTest.AutoGeneratedKeyProvider; +import com.yahoo.vespa.hosted.athenz.instanceproviderservice.AutoGeneratedKeyProvider; import com.yahoo.vespa.hosted.athenz.instanceproviderservice.config.AthenzProviderServiceConfig; import com.yahoo.vespa.hosted.athenz.instanceproviderservice.impl.model.ProviderUniqueId; import com.yahoo.vespa.hosted.athenz.instanceproviderservice.impl.model.SignedIdentityDocument; @@ -27,8 +27,8 @@ import org.junit.Test; import java.util.HashSet; import java.util.Optional; -import static com.yahoo.vespa.hosted.athenz.instanceproviderservice.AthenzInstanceProviderServiceTest.getAthenzProviderConfig; -import static com.yahoo.vespa.hosted.athenz.instanceproviderservice.AthenzInstanceProviderServiceTest.getZoneConfig; +import static com.yahoo.vespa.hosted.athenz.instanceproviderservice.TestUtils.getAthenzProviderConfig; +import static com.yahoo.vespa.hosted.athenz.instanceproviderservice.impl.Utils.getZoneConfig; import static org.junit.Assert.assertEquals; import static org.junit.Assert.assertTrue; import static org.mockito.Matchers.eq; diff --git a/athenz-identity-provider-service/src/test/java/com/yahoo/vespa/hosted/athenz/instanceproviderservice/impl/InstanceValidatorTest.java b/athenz-identity-provider-service/src/test/java/com/yahoo/vespa/hosted/athenz/instanceproviderservice/impl/InstanceValidatorTest.java index c1fab319ebf..91c2bc22293 100644 --- a/athenz-identity-provider-service/src/test/java/com/yahoo/vespa/hosted/athenz/instanceproviderservice/impl/InstanceValidatorTest.java +++ b/athenz-identity-provider-service/src/test/java/com/yahoo/vespa/hosted/athenz/instanceproviderservice/impl/InstanceValidatorTest.java @@ -8,7 +8,7 @@ import com.yahoo.config.model.api.ServiceInfo; import com.yahoo.config.model.api.SuperModel; import com.yahoo.config.model.api.SuperModelProvider; import com.yahoo.config.provision.ApplicationId; -import com.yahoo.vespa.hosted.athenz.instanceproviderservice.AthenzInstanceProviderServiceTest.AutoGeneratedKeyProvider; +import com.yahoo.vespa.hosted.athenz.instanceproviderservice.AutoGeneratedKeyProvider; import com.yahoo.vespa.hosted.athenz.instanceproviderservice.impl.model.IdentityDocument; import com.yahoo.vespa.hosted.athenz.instanceproviderservice.impl.model.InstanceConfirmation; import com.yahoo.vespa.hosted.athenz.instanceproviderservice.impl.model.ProviderUniqueId; @@ -168,4 +168,4 @@ public class InstanceValidatorTest { return new ApplicationInfo(appId, 0, model); } -}
\ No newline at end of file +} |