From 30bd176d07cfd5350a9a23335f4ea8ef70c2d158 Mon Sep 17 00:00:00 2001 From: Martin Polden Date: Tue, 18 Jul 2023 14:42:28 +0200 Subject: Fix credentials paths for hosted --- .../yahoo/vespa/testrunner/VespaCliTestRunner.java | 41 ++++++++++++++++++---- .../vespa/testrunner/VespaCliTestRunnerTest.java | 13 ++++--- 2 files changed, 43 insertions(+), 11 deletions(-) (limited to 'vespa-osgi-testrunner/src') diff --git a/vespa-osgi-testrunner/src/main/java/com/yahoo/vespa/testrunner/VespaCliTestRunner.java b/vespa-osgi-testrunner/src/main/java/com/yahoo/vespa/testrunner/VespaCliTestRunner.java index cf2a1700f28..e30931057f2 100644 --- a/vespa-osgi-testrunner/src/main/java/com/yahoo/vespa/testrunner/VespaCliTestRunner.java +++ b/vespa-osgi-testrunner/src/main/java/com/yahoo/vespa/testrunner/VespaCliTestRunner.java @@ -6,6 +6,8 @@ import com.yahoo.component.annotation.Inject; import com.yahoo.slime.Cursor; import com.yahoo.slime.Slime; import com.yahoo.slime.SlimeUtils; +import com.yahoo.vespa.athenz.api.AthenzIdentity; +import com.yahoo.vespa.athenz.utils.SiaUtils; import com.yahoo.vespa.defaults.Defaults; import java.io.BufferedReader; @@ -15,6 +17,7 @@ import java.io.UncheckedIOException; import java.nio.file.Files; import java.nio.file.Path; import java.util.Collection; +import java.util.List; import java.util.Optional; import java.util.SortedMap; import java.util.concurrent.CompletableFuture; @@ -23,6 +26,7 @@ import java.util.concurrent.atomic.AtomicReference; import java.util.logging.Level; import java.util.logging.LogRecord; import java.util.logging.Logger; +import java.util.stream.Collectors; import java.util.stream.Stream; import static com.yahoo.vespa.testrunner.TestRunner.Status.ERROR; @@ -44,17 +48,19 @@ public class VespaCliTestRunner implements TestRunner { private final Path artifactsPath; private final Path testsPath; private final AtomicReference status = new AtomicReference<>(Status.NOT_STARTED); + private final Path vespaHome; private Path vespaCliRoot = null; @Inject public VespaCliTestRunner(VespaCliTestRunnerConfig config) { - this(config.artifactsPath(), config.testsPath()); + this(config.artifactsPath(), config.testsPath(), Path.of(Defaults.getDefaults().vespaHome())); } - VespaCliTestRunner(Path artifactsPath, Path testsPath) { + VespaCliTestRunner(Path artifactsPath, Path testsPath, Path vespaHome) { this.artifactsPath = artifactsPath; this.testsPath = testsPath; + this.vespaHome = vespaHome; } @Override @@ -126,14 +132,35 @@ public class VespaCliTestRunner implements TestRunner { builder.environment().put("VESPA_CLI_HOME", ensureDirectoryForVespaCli("cli-home").toString()); builder.environment().put("VESPA_CLI_CACHE_DIR", ensureDirectoryForVespaCli("cli-cache").toString()); builder.environment().put("VESPA_CLI_ENDPOINTS", toEndpointsConfig(config)); - Path certRoot = certificateRoot(config); - builder.environment().put("VESPA_CLI_DATA_PLANE_KEY_FILE", certRoot.resolve("key").toAbsolutePath().toString()); - builder.environment().put("VESPA_CLI_DATA_PLANE_CERT_FILE", certRoot.resolve("cert").toAbsolutePath().toString()); + Credentials credentials = getCredentials(config); + builder.environment().put("VESPA_CLI_DATA_PLANE_KEY_FILE", credentials.privateKeyFile().toString()); + builder.environment().put("VESPA_CLI_DATA_PLANE_CERT_FILE", credentials.certificateFile().toString()); return builder; } - private Path certificateRoot(TestConfig config) { - return config.system().isPublic() ? artifactsPath : Path.of(Defaults.getDefaults().underVespaHome("var/vespa/sia")); + private record Credentials(Path privateKeyFile, Path certificateFile) {} + + private Credentials getCredentials(TestConfig config) { + final Path privateKeyFile; + final Path certificateFile; + if (config.system().isPublic()) { + privateKeyFile = artifactsPath.resolve("key"); + certificateFile = artifactsPath.resolve("cert"); + } else { + Path siaRoot = vespaHome.resolve("var/vespa/sia"); + List services = SiaUtils.findSiaServices(siaRoot); + if (services.isEmpty()) { + throw new IllegalArgumentException("No service credentials in " + siaRoot + ". Application has no " + + "Athenz service, and may not access read / write protected resources"); + } + if (services.size() > 1) { + throw new IllegalStateException("More than one set of service credentials in " + siaRoot + ":\n" + + services.stream().map(AthenzIdentity::getFullName).collect(Collectors.joining("\n"))); + } + privateKeyFile = SiaUtils.getPrivateKeyFile(siaRoot, services.get(0)); + certificateFile = SiaUtils.getCertificateFile(siaRoot, services.get(0)); + } + return new Credentials(privateKeyFile.toAbsolutePath(), certificateFile.toAbsolutePath()); } private static String toSuiteDirectoryName(Suite suite) { diff --git a/vespa-osgi-testrunner/src/test/java/com/yahoo/vespa/testrunner/VespaCliTestRunnerTest.java b/vespa-osgi-testrunner/src/test/java/com/yahoo/vespa/testrunner/VespaCliTestRunnerTest.java index 288442eaf7d..a3e6203f645 100644 --- a/vespa-osgi-testrunner/src/test/java/com/yahoo/vespa/testrunner/VespaCliTestRunnerTest.java +++ b/vespa-osgi-testrunner/src/test/java/com/yahoo/vespa/testrunner/VespaCliTestRunnerTest.java @@ -26,7 +26,7 @@ class VespaCliTestRunnerTest { temp.toFile().deleteOnExit(); Path tests = Files.createDirectory(temp.resolve("tests")); Path artifacts = Files.createDirectory(temp.resolve("artifacts")); - VespaCliTestRunner runner = new VespaCliTestRunner(artifacts, tests); + VespaCliTestRunner runner = new VespaCliTestRunner(artifacts, tests, Files.createDirectory(temp.resolve("vespa"))); Path systemTests = Files.createDirectory(tests.resolve("system-test")); TestConfig testConfig = testConfig(SystemName.PublicCd); @@ -57,7 +57,12 @@ class VespaCliTestRunnerTest { temp.toFile().deleteOnExit(); Path tests = Files.createDirectory(temp.resolve("tests")); Path artifacts = Files.createDirectory(temp.resolve("artifacts")); - VespaCliTestRunner runner = new VespaCliTestRunner(artifacts, tests); + Path vespaHome = Files.createDirectory(temp.resolve("vespa")); + Path keyFile = vespaHome.resolve("var/vespa/sia/keys/my.domain.foo.key.pem"); + Path certFile = vespaHome.resolve("var/vespa/sia/certs/my.domain.foo.cert.pem"); + Files.createDirectories(keyFile.getParent()); + Files.createFile(keyFile); + VespaCliTestRunner runner = new VespaCliTestRunner(artifacts, tests, vespaHome); Path systemTests = Files.createDirectory(tests.resolve("system-test")); TestConfig testConfig = testConfig(SystemName.cd); @@ -76,9 +81,9 @@ class VespaCliTestRunnerTest { assertEquals("cd", builder.environment().get("VESPA_CLI_CLOUD_SYSTEM")); assertEquals("{\"endpoints\":[{\"cluster\":\"default\",\"url\":\"https://dev.endpoint:443/\"}]}", builder.environment().get("VESPA_CLI_ENDPOINTS")); - assertEquals("/opt/vespa/var/vespa/sia/key", + assertEquals(keyFile.toString(), builder.environment().get("VESPA_CLI_DATA_PLANE_KEY_FILE")); - assertEquals("/opt/vespa/var/vespa/sia/cert", + assertEquals(certFile.toString(), builder.environment().get("VESPA_CLI_DATA_PLANE_CERT_FILE")); } -- cgit v1.2.3