Search in sources :

Example 31 with X509CertRecord

use of com.yahoo.athenz.common.server.cert.X509CertRecord in project athenz by yahoo.

the class DynamoDBCertRecordStoreConnectionTest method testGetX509CertRecord.

@Test
public void testGetX509CertRecord() {
    Date now = new Date();
    long tstamp = mockNonNullableColumns(now, false);
    Mockito.doReturn(tstamp).when(item).getLong("lastNotifiedTime");
    Mockito.doReturn(tstamp).when(item).get("lastNotifiedTime");
    Mockito.doReturn("last-notified-server").when(item).getString("lastNotifiedServer");
    Mockito.doReturn(tstamp).when(item).getLong("expiryTime");
    Mockito.doReturn(tstamp).when(item).get("expiryTime");
    Mockito.doReturn("hostname").when(item).getString("hostName");
    DynamoDBCertRecordStoreConnection dbConn = getDBConnection();
    dbConn.setOperationTimeout(10);
    X509CertRecord certRecord = dbConn.getX509CertRecord("athenz.provider", "1234", "cn");
    assertNonNullableColumns(now, certRecord);
    assertEquals(certRecord.getLastNotifiedTime(), now);
    assertEquals(certRecord.getLastNotifiedServer(), "last-notified-server");
    assertEquals(certRecord.getExpiryTime(), now);
    assertEquals(certRecord.getHostName(), "hostname");
    assertEquals(certRecord.getClientCert(), false);
    dbConn.close();
}
Also used : X509CertRecord(com.yahoo.athenz.common.server.cert.X509CertRecord) Test(org.testng.annotations.Test)

Example 32 with X509CertRecord

use of com.yahoo.athenz.common.server.cert.X509CertRecord in project athenz by yahoo.

the class DynamoDBCertRecordStoreConnectionTest method testUpdateX509RecordNoHostName.

@Test
public void testUpdateX509RecordNoHostName() {
    DynamoDBCertRecordStoreConnection dbConn = getDBConnection();
    Date now = new Date();
    X509CertRecord certRecord = getRecordNonNullableColumns(now);
    certRecord.setLastNotifiedTime(now);
    certRecord.setLastNotifiedServer("last-notified-server");
    certRecord.setExpiryTime(now);
    certRecord.setSvcDataUpdateTime(now);
    UpdateItemSpec item = new UpdateItemSpec().withPrimaryKey("primaryKey", "athenz.provider:cn:1234").withAttributeUpdate(new AttributeUpdate("instanceId").put(certRecord.getInstanceId()), new AttributeUpdate("provider").put(certRecord.getProvider()), new AttributeUpdate("service").put(certRecord.getService()), new AttributeUpdate("currentSerial").put(certRecord.getCurrentSerial()), new AttributeUpdate("currentIP").put(certRecord.getCurrentIP()), new AttributeUpdate("currentTime").put(certRecord.getCurrentTime().getTime()), new AttributeUpdate("currentDate").put(DynamoDBUtils.getIso8601FromDate(certRecord.getCurrentTime())), new AttributeUpdate("prevSerial").put(certRecord.getPrevSerial()), new AttributeUpdate("prevIP").put(certRecord.getPrevIP()), new AttributeUpdate("prevTime").put(certRecord.getPrevTime().getTime()), new AttributeUpdate("clientCert").put(certRecord.getClientCert()), new AttributeUpdate("ttl").put(certRecord.getCurrentTime().getTime() / 1000L + 3660 * 720), new AttributeUpdate("svcDataUpdateTime").put(certRecord.getSvcDataUpdateTime().getTime()), new AttributeUpdate("expiryTime").put(certRecord.getExpiryTime().getTime()));
    Mockito.doReturn(updateOutcome).when(table).updateItem(item);
    boolean requestSuccess = dbConn.updateX509CertRecord(certRecord);
    assertTrue(requestSuccess);
    ArgumentCaptor<UpdateItemSpec> itemCaptor = ArgumentCaptor.forClass(UpdateItemSpec.class);
    Mockito.verify(table, times(1)).updateItem(itemCaptor.capture());
    List<UpdateItemSpec> allValues = itemCaptor.getAllValues();
    assertEquals(1, allValues.size());
    UpdateItemSpec capturedItem = allValues.get(0);
    assertEquals(capturedItem.getKeyComponents().toArray()[0].toString(), item.getKeyComponents().toArray()[0].toString());
    List<AttributeUpdate> capturedAttributes = capturedItem.getAttributeUpdate();
    List<AttributeUpdate> expectedAttributes = item.getAttributeUpdate();
    // Check everyone except the hostname (it will be filled with the primaryKey value as the hostName index doesn't allow nulls)
    for (int i = 0; i < capturedAttributes.size() - 1; ++i) {
        System.out.println("expected attr: " + expectedAttributes.get(i).getAttributeName() + ", value: " + expectedAttributes.get(i).getValue());
        assertEquals(capturedAttributes.get(i).getAttributeName(), expectedAttributes.get(i).getAttributeName());
        assertEquals(capturedAttributes.get(i).getValue(), expectedAttributes.get(i).getValue());
    }
    // Make sure hostName received the value of the primaryKey
    System.out.println("expected attr: hostName, value: athenz.provider:cn:1234");
    assertEquals(capturedAttributes.get(capturedAttributes.size() - 1).getAttributeName(), "hostName");
    assertEquals(capturedAttributes.get(capturedAttributes.size() - 1).getValue(), "athenz.provider:cn:1234");
    dbConn.close();
}
Also used : UpdateItemSpec(com.amazonaws.services.dynamodbv2.document.spec.UpdateItemSpec) X509CertRecord(com.yahoo.athenz.common.server.cert.X509CertRecord) Test(org.testng.annotations.Test)

Example 33 with X509CertRecord

use of com.yahoo.athenz.common.server.cert.X509CertRecord in project athenz by yahoo.

the class DynamoDBCertRecordStoreConnectionTest method testUpdateUnrefreshedCertificatesNotificationTimestamp.

@Test
public void testUpdateUnrefreshedCertificatesNotificationTimestamp() {
    DynamoDBCertRecordStoreConnection dbConn = getDBConnection();
    Date now = new Date(1591706189000L);
    long nowL = now.getTime();
    long fiveDaysAgo = nowL - 5 * 24 * 60 * 60 * 1000;
    long sevenDaysAgo = nowL - 7 * 24 * 60 * 60 * 1000;
    Map<String, AttributeValue> unNotified = ZTSTestUtils.generateAttributeValues("home.test.service2", "unNotified", null, null, null, null, "testHost1");
    Map<String, AttributeValue> reNotified = ZTSTestUtils.generateAttributeValues("home.test.service3", "reNotified", Long.toString(fiveDaysAgo), Long.toString(fiveDaysAgo), "testServer", null, "testHost2");
    Map<String, AttributeValue> rebootstrapped = ZTSTestUtils.generateAttributeValues("home.test.service3", "rebootstrapped", Long.toString(sevenDaysAgo), Long.toString(sevenDaysAgo), "testServer", null, "testHost2");
    Map<String, AttributeValue> willBeUpdatedByOtherZts = ZTSTestUtils.generateAttributeValues("home.test.service4", "willBeUpdatedByOtherZts", Long.toString(fiveDaysAgo), Long.toString(fiveDaysAgo), "testServer", null, "testHost3");
    Item item1 = ItemUtils.toItem(unNotified);
    Item item2 = ItemUtils.toItem(reNotified);
    Item item3 = ItemUtils.toItem(willBeUpdatedByOtherZts);
    Item item4 = ItemUtils.toItem(rebootstrapped);
    ItemCollection<QueryOutcome> itemCollection = Mockito.mock(ItemCollection.class);
    IteratorSupport<Item, QueryOutcome> iteratorSupport = Mockito.mock(IteratorSupport.class);
    when(itemCollection.iterator()).thenReturn(iteratorSupport);
    when(iteratorSupport.hasNext()).thenReturn(true, true, true, true, false);
    when(iteratorSupport.next()).thenReturn(item1).thenReturn(item2).thenReturn(item3).thenReturn(item4);
    Mockito.doReturn(itemCollection).when(currentTimeIndex).query(any(QuerySpec.class));
    ItemCollection<QueryOutcome> itemCollection2 = Mockito.mock(ItemCollection.class);
    IteratorSupport<Item, QueryOutcome> iteratorSupport2 = Mockito.mock(IteratorSupport.class);
    when(itemCollection2.iterator()).thenReturn(iteratorSupport2);
    when(iteratorSupport2.hasNext()).thenReturn(// One record with host testHost1
    true, // One record with host testHost1
    false, // Two records with host testHost2
    true, // Two records with host testHost2
    true, // Two records with host testHost2
    false, // One record with host testHost3
    true, // One record with host testHost3
    false, true, true, // Two records with host testHost2
    false);
    when(iteratorSupport2.next()).thenReturn(item1).thenReturn(item2).thenReturn(item4).thenReturn(item3).thenReturn(item2).thenReturn(item4);
    Mockito.doReturn(itemCollection2).when(hostNameIndex).query(any(QuerySpec.class));
    AttributeValue lastNotifiedTimeAttrValue = new AttributeValue();
    lastNotifiedTimeAttrValue.setN(Long.toString(nowL));
    AttributeValue lastNotifiedServerAttrValue = new AttributeValue();
    lastNotifiedServerAttrValue.setS("localhost");
    AttributeValue lastNotifiedOtherServerAttrValue = new AttributeValue();
    lastNotifiedOtherServerAttrValue.setS("SomeOtherZTS");
    unNotified.put("lastNotifiedTime", lastNotifiedTimeAttrValue);
    unNotified.put("lastNotifiedServer", lastNotifiedServerAttrValue);
    reNotified.put("lastNotifiedTime", lastNotifiedTimeAttrValue);
    reNotified.put("lastNotifiedServer", lastNotifiedServerAttrValue);
    willBeUpdatedByOtherZts.put("lastNotifiedTime", lastNotifiedTimeAttrValue);
    willBeUpdatedByOtherZts.put("lastNotifiedServer", lastNotifiedOtherServerAttrValue);
    Item updatedItem1 = ItemUtils.toItem(unNotified);
    Item updatedItem2 = ItemUtils.toItem(reNotified);
    Item updatedItem3 = ItemUtils.toItem(willBeUpdatedByOtherZts);
    UpdateItemOutcome updateItemOutcome1 = Mockito.mock(UpdateItemOutcome.class);
    when(updateItemOutcome1.getItem()).thenReturn(updatedItem1);
    UpdateItemOutcome updateItemOutcome2 = Mockito.mock(UpdateItemOutcome.class);
    when(updateItemOutcome2.getItem()).thenReturn(updatedItem2);
    UpdateItemOutcome updateItemOutcome3 = Mockito.mock(UpdateItemOutcome.class);
    when(updateItemOutcome3.getItem()).thenReturn(updatedItem3);
    when(table.updateItem(any(UpdateItemSpec.class))).thenReturn(updateItemOutcome1).thenReturn(updateItemOutcome2).thenReturn(updateItemOutcome3);
    List<X509CertRecord> records = dbConn.updateUnrefreshedCertificatesNotificationTimestamp("localhost", nowL, "provider");
    ArgumentCaptor<UpdateItemSpec> updateArguments = ArgumentCaptor.forClass(UpdateItemSpec.class);
    Mockito.verify(table, Mockito.times(3)).updateItem(updateArguments.capture());
    // Assert get filtered records
    List<UpdateItemSpec> allUpdateArguments = updateArguments.getAllValues();
    assertEquals(3, allUpdateArguments.size());
    assertEquals("{primaryKey: provider:home.test.service2:unNotified}", allUpdateArguments.get(0).getKeyComponents().toArray()[0].toString());
    assertEquals("{primaryKey: provider:home.test.service3:reNotified}", allUpdateArguments.get(1).getKeyComponents().toArray()[0].toString());
    assertEquals("{primaryKey: provider:home.test.service4:willBeUpdatedByOtherZts}", allUpdateArguments.get(2).getKeyComponents().toArray()[0].toString());
    // Assert Update
    assertEquals(records.size(), 2);
    assertNull(records.get(0).getCurrentTime());
    assertEquals(records.get(0).getService(), "home.test.service2");
    assertEquals(records.get(0).getLastNotifiedTime(), now);
    assertEquals(records.get(1).getCurrentTime().getTime(), fiveDaysAgo);
    assertEquals(records.get(1).getService(), "home.test.service3");
    assertEquals(records.get(1).getLastNotifiedTime(), now);
}
Also used : AttributeValue(com.amazonaws.services.dynamodbv2.model.AttributeValue) UpdateItemSpec(com.amazonaws.services.dynamodbv2.document.spec.UpdateItemSpec) ArgumentMatchers.anyString(org.mockito.ArgumentMatchers.anyString) X509CertRecord(com.yahoo.athenz.common.server.cert.X509CertRecord) QuerySpec(com.amazonaws.services.dynamodbv2.document.spec.QuerySpec) Test(org.testng.annotations.Test)

Example 34 with X509CertRecord

use of com.yahoo.athenz.common.server.cert.X509CertRecord in project athenz by yahoo.

the class DynamoDBCertRecordStoreConnectionTest method testInsertX509RecordNoHostname.

@Test
public void testInsertX509RecordNoHostname() {
    DynamoDBCertRecordStoreConnection dbConn = new DynamoDBCertRecordStoreConnection(dynamoDB, tableName, currentTimeIndexName, hostNameIndexName);
    Date now = new Date();
    String dateIsoFormat = DynamoDBUtils.getIso8601FromDate(now);
    X509CertRecord certRecord = getRecordNonNullableColumns(now);
    certRecord.setLastNotifiedTime(now);
    certRecord.setLastNotifiedServer("last-notified-server");
    certRecord.setExpiryTime(now);
    Item item = new Item().withPrimaryKey("primaryKey", "athenz.provider:cn:1234").withString("instanceId", certRecord.getInstanceId()).withString("provider", certRecord.getProvider()).withString("service", certRecord.getService()).withString("currentSerial", certRecord.getCurrentSerial()).withString("currentIP", certRecord.getCurrentIP()).withLong("currentTime", certRecord.getCurrentTime().getTime()).withString("currentDate", dateIsoFormat).withString("prevSerial", certRecord.getPrevSerial()).withString("prevIP", certRecord.getPrevIP()).withLong("prevTime", certRecord.getPrevTime().getTime()).withBoolean("clientCert", certRecord.getClientCert()).withLong("ttl", certRecord.getCurrentTime().getTime() / 1000L + 3660 * 720).withLong("lastNotifiedTime", certRecord.getLastNotifiedTime().getTime()).withString("lastNotifiedServer", certRecord.getLastNotifiedServer()).withLong("expiryTime", certRecord.getExpiryTime().getTime());
    Mockito.doReturn(putOutcome).when(table).putItem(item);
    boolean requestSuccess = dbConn.insertX509CertRecord(certRecord);
    assertTrue(requestSuccess);
    ArgumentCaptor<Item> itemCaptor = ArgumentCaptor.forClass(Item.class);
    Mockito.verify(table, times(1)).putItem(itemCaptor.capture());
    List<Item> allValues = itemCaptor.getAllValues();
    assertEquals(1, allValues.size());
    assertEquals(allValues.get(0).get("primaryKey"), item.get("primaryKey"));
    assertEquals(allValues.get(0).get("provider"), item.get("provider"));
    assertEquals(allValues.get(0).get("instanceId"), item.get("instanceId"));
    assertEquals(allValues.get(0).get("service"), item.get("service"));
    assertEquals(allValues.get(0).get("expiryTime"), item.get("expiryTime"));
    // When hostname is null, primaryKey will be used
    assertEquals(allValues.get(0).get("hostName"), item.get("primaryKey"));
    dbConn.close();
}
Also used : ArgumentMatchers.anyString(org.mockito.ArgumentMatchers.anyString) X509CertRecord(com.yahoo.athenz.common.server.cert.X509CertRecord) Test(org.testng.annotations.Test)

Example 35 with X509CertRecord

use of com.yahoo.athenz.common.server.cert.X509CertRecord in project athenz by yahoo.

the class DynamoDBCertRecordStoreConnectionTest method testUpdateUnrefreshedCertificatesNotificationTimestampHostException.

@Test
public void testUpdateUnrefreshedCertificatesNotificationTimestampHostException() {
    DynamoDBCertRecordStoreConnection dbConn = getDBConnection();
    Date now = new Date(1591706189000L);
    long nowL = now.getTime();
    long fiveDaysAgo = nowL - 5 * 24 * 60 * 60 * 1000;
    Map<String, AttributeValue> reNotified = ZTSTestUtils.generateAttributeValues("home.test.service3", "reNotified", Long.toString(fiveDaysAgo), Long.toString(fiveDaysAgo), "testServer", null, "testHost2");
    Item item1 = ItemUtils.toItem(reNotified);
    ItemCollection<QueryOutcome> itemCollection = Mockito.mock(ItemCollection.class);
    IteratorSupport<Item, QueryOutcome> iteratorSupport = Mockito.mock(IteratorSupport.class);
    when(itemCollection.iterator()).thenReturn(iteratorSupport);
    when(iteratorSupport.hasNext()).thenReturn(true, false);
    when(iteratorSupport.next()).thenReturn(item1);
    Mockito.doReturn(itemCollection).when(currentTimeIndex).query(any(QuerySpec.class));
    Mockito.doThrow(new TransactionConflictException("error")).when(hostNameIndex).query(any(QuerySpec.class));
    List<X509CertRecord> result = dbConn.updateUnrefreshedCertificatesNotificationTimestamp("serverTest", 1591706189000L, "providerTest");
    assertEquals(result.size(), 0);
    dbConn.close();
}
Also used : AttributeValue(com.amazonaws.services.dynamodbv2.model.AttributeValue) TransactionConflictException(com.amazonaws.services.dynamodbv2.model.TransactionConflictException) ArgumentMatchers.anyString(org.mockito.ArgumentMatchers.anyString) X509CertRecord(com.yahoo.athenz.common.server.cert.X509CertRecord) QuerySpec(com.amazonaws.services.dynamodbv2.document.spec.QuerySpec) Test(org.testng.annotations.Test)

Aggregations

X509CertRecord (com.yahoo.athenz.common.server.cert.X509CertRecord)80 Test (org.testng.annotations.Test)64 DataStore (com.yahoo.athenz.zts.store.DataStore)25 InstanceCertManager (com.yahoo.athenz.zts.cert.InstanceCertManager)23 ChangeLogStore (com.yahoo.athenz.common.server.store.ChangeLogStore)22 ZMSFileChangeLogStore (com.yahoo.athenz.common.server.store.impl.ZMSFileChangeLogStore)22 MockZMSFileChangeLogStore (com.yahoo.athenz.zts.store.MockZMSFileChangeLogStore)22 Path (java.nio.file.Path)22 X509Certificate (java.security.cert.X509Certificate)22 InstanceProvider (com.yahoo.athenz.instance.provider.InstanceProvider)18 InstanceConfirmation (com.yahoo.athenz.instance.provider.InstanceConfirmation)16 Date (java.util.Date)13 Notification (com.yahoo.athenz.common.server.notification.Notification)10 UpdateItemSpec (com.amazonaws.services.dynamodbv2.document.spec.UpdateItemSpec)7 ArgumentMatchers.anyString (org.mockito.ArgumentMatchers.anyString)7 QuerySpec (com.amazonaws.services.dynamodbv2.document.spec.QuerySpec)5 File (java.io.File)5 Timestamp (java.sql.Timestamp)5 AmazonDynamoDBException (com.amazonaws.services.dynamodbv2.model.AmazonDynamoDBException)4 AttributeValue (com.amazonaws.services.dynamodbv2.model.AttributeValue)4