controller-server/src/test/resources/test_runner_services.xml-cd


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65

<?xml version='1.0' encoding='UTF-8'?>
<services xmlns:deploy='vespa' version='1.0'>
    <container version='1.0' id='tester'>

        <component id="com.yahoo.vespa.hosted.testrunner.TestRunner" bundle="vespa-testrunner-components">
            <config name="com.yahoo.vespa.hosted.testrunner.test-runner">
                <artifactsPath>artifacts</artifactsPath>
                <surefireMemoryMb>5120</surefireMemoryMb>
                <useAthenzCredentials>true</useAthenzCredentials>
                <useTesterCertificate>false</useTesterCertificate>
            </config>
        </component>

        <handler id="com.yahoo.vespa.hosted.testrunner.TestRunnerHandler" bundle="vespa-testrunner-components">
            <binding>http://*/tester/v1/*</binding>
        </handler>

        <http>
            <!-- Make sure 4080 is the first port. This will be used by the config server. -->
            <server id='default' port='4080'/>
            <server id='testertls4443' port='4443'>
                <config name="jdisc.http.connector">
                    <tlsClientAuthEnforcer>
                        <enable>true</enable>
                        <pathWhitelist>
                            <item>/status.html</item>
                            <item>/state/v1/config</item>
                        </pathWhitelist>
                    </tlsClientAuthEnforcer>
                </config>
                <ssl>
                    <private-key-file>/var/lib/sia/keys/vespa.vespa.tenant.key.pem</private-key-file>
                    <certificate-file>/var/lib/sia/certs/vespa.vespa.tenant.cert.pem</certificate-file>
                    <ca-certificates-file>/opt/yahoo/share/ssl/certs/athenz_certificate_bundle.pem</ca-certificates-file>
                    <client-authentication>want</client-authentication>
                </ssl>
            </server>
            <filtering>
                <access-control domain='vespa.vespa.cd'>
                    <exclude>
                        <binding>http://*/tester/v1/*</binding>
                    </exclude>
                </access-control>
                <request-chain id="testrunner-api">
                    <filter id='authz-filter' class='com.yahoo.jdisc.http.filter.security.athenz.AthenzAuthorizationFilter' bundle="jdisc-security-filters">
                        <config name="jdisc.http.filter.security.athenz.athenz-authorization-filter">
                            <credentialsToVerify>TOKEN_ONLY</credentialsToVerify>
                            <roleTokenHeaderName>Yahoo-Role-Auth</roleTokenHeaderName>
                        </config>
                        <component id="com.yahoo.jdisc.http.filter.security.athenz.StaticRequestResourceMapper" bundle="jdisc-security-filters">
                            <config name="jdisc.http.filter.security.athenz.static-request-resource-mapper">
                                <resourceName>vespa.vespa.cd:tester-application</resourceName>
                                <action>deploy</action>
                            </config>
                        </component>
                    </filter>
                </request-chain>
            </filtering>
        </http>

        <nodes count="1" allocated-memory="17%">
            <resources vcpu="2.00" memory="12.00Gb" disk="75.00Gb" disk-speed="fast"/>
        </nodes>
    </container>
</services>