Search in sources :

Example 1 with DynamicConfigLong

use of com.yahoo.athenz.common.server.util.config.dynamic.DynamicConfigLong in project athenz by yahoo.

the class ZTSImplTest method testGetValidatedX509CertRecordForbidden.

@Test
public void testGetValidatedX509CertRecordForbidden() throws IOException {
    ChangeLogStore structStore = new ZMSFileChangeLogStore("/tmp/zts_server_unit_tests/zts_root", privateKey, "0");
    DataStore store = new DataStore(structStore, null, ztsMetric);
    ZTSImpl ztsImpl = new ZTSImpl(mockCloudStore, store);
    SignedDomain providerDomain = signedAuthorizedProviderDomain();
    store.processSignedDomain(providerDomain, false);
    SignedDomain tenantDomain = signedBootstrapTenantDomain("athenz.provider", "athenz", "production");
    store.processSignedDomain(tenantDomain, false);
    InstanceCertManager instanceCertManager = Mockito.mock(InstanceCertManager.class);
    Mockito.when(instanceCertManager.getX509CertRecord("athenz.provider", "1001", "athenz.production")).thenReturn(null);
    Mockito.when(instanceCertManager.insertX509CertRecord(Mockito.any())).thenReturn(false);
    ztsImpl.instanceCertManager = instanceCertManager;
    Path path = Paths.get("src/test/resources/athenz.instanceid.pem");
    String pem = new String(Files.readAllBytes(path));
    X509Certificate cert = Crypto.loadX509Certificate(pem);
    CertificateAuthority certAuthority = new CertificateAuthority();
    SimplePrincipal principal = (SimplePrincipal) SimplePrincipal.create("athenz", "production", "v=S1;d=athenz;n=production;s=signature", 0, certAuthority);
    ResourceContext context = createResourceContext(principal);
    ztsImpl.x509CertRefreshResetTime = new DynamicConfigLong(cert.getNotBefore().getTime() + 1);
    try {
        ztsImpl.getValidatedX509CertRecord(context, "athenz.provider", "1001", "athenz.production", cert, "caller", "athenz", "athenz", "localhost");
        fail();
    } catch (ResourceException ex) {
        assertEquals(403, ex.getCode());
    }
}
Also used : Path(java.nio.file.Path) InstanceCertManager(com.yahoo.athenz.zts.cert.InstanceCertManager) DynamicConfigLong(com.yahoo.athenz.common.server.util.config.dynamic.DynamicConfigLong) X509Certificate(java.security.cert.X509Certificate) ZMSFileChangeLogStore(com.yahoo.athenz.common.server.store.impl.ZMSFileChangeLogStore) ChangeLogStore(com.yahoo.athenz.common.server.store.ChangeLogStore) MockZMSFileChangeLogStore(com.yahoo.athenz.zts.store.MockZMSFileChangeLogStore) ZMSFileChangeLogStore(com.yahoo.athenz.common.server.store.impl.ZMSFileChangeLogStore) MockZMSFileChangeLogStore(com.yahoo.athenz.zts.store.MockZMSFileChangeLogStore) DataStore(com.yahoo.athenz.zts.store.DataStore) Test(org.testng.annotations.Test)

Example 2 with DynamicConfigLong

use of com.yahoo.athenz.common.server.util.config.dynamic.DynamicConfigLong in project athenz by yahoo.

the class ZTSImpl method loadConfigurationSettings.

void loadConfigurationSettings() {
    // make sure all requests run in secure mode
    secureRequestsOnly = Boolean.parseBoolean(System.getProperty(ZTSConsts.ZTS_PROP_SECURE_REQUESTS_ONLY, "true"));
    // retrieve the regular and status ports
    httpPort = ConfigProperties.getPortNumber(ZTSConsts.ZTS_PROP_HTTP_PORT, ZTSConsts.ZTS_HTTP_PORT_DEFAULT);
    httpsPort = ConfigProperties.getPortNumber(ZTSConsts.ZTS_PROP_HTTPS_PORT, ZTSConsts.ZTS_HTTPS_PORT_DEFAULT);
    statusPort = ConfigProperties.getPortNumber(ZTSConsts.ZTS_PROP_STATUS_PORT, 0);
    successServerStatus = new Status().setCode(ResourceException.OK).setMessage("OK");
    statusCertSigner = Boolean.parseBoolean(System.getProperty(ZTSConsts.ZTS_PROP_STATUS_CERT_SIGNER, "false"));
    // check to see if we want to disable allowing clients to ask for role
    // tokens without role name thus violating the least privilege principle
    leastPrivilegePrincipal = Boolean.parseBoolean(System.getProperty(ZTSConsts.ZTS_PROP_LEAST_PRIVILEGE_PRINCIPLE, "false"));
    // Default Role Token timeout is 2 hours. If the client asks for role tokens
    // with a min expiry time of 1 hour, the setting of 2 hours allows the client
    // to at least cache the tokens for 1 hour. We're going to set the ZTS client's
    // min default value to 15 mins so that we can by default cache tokens for
    // an hour and 45 minutes.
    long timeout = TimeUnit.SECONDS.convert(2, TimeUnit.HOURS);
    roleTokenDefaultTimeout = Integer.parseInt(System.getProperty(ZTSConsts.ZTS_PROP_ROLE_TOKEN_DEFAULT_TIMEOUT, Long.toString(timeout)));
    // Max Timeout - 30 days
    timeout = TimeUnit.SECONDS.convert(30, TimeUnit.DAYS);
    roleTokenMaxTimeout = Integer.parseInt(System.getProperty(ZTSConsts.ZTS_PROP_ROLE_TOKEN_MAX_TIMEOUT, Long.toString(timeout)));
    // default (1hr) and max (12hrs) id token timeouts
    timeout = TimeUnit.SECONDS.convert(12, TimeUnit.HOURS);
    idTokenMaxTimeout = Integer.parseInt(System.getProperty(ZTSConsts.ZTS_PROP_ID_TOKEN_MAX_TIMEOUT, Long.toString(timeout)));
    timeout = TimeUnit.SECONDS.convert(1, TimeUnit.HOURS);
    idTokenDefaultTimeout = Integer.parseInt(System.getProperty(ZTSConsts.ZTS_PROP_ID_TOKEN_DEFAULT_TIMEOUT, Long.toString(timeout)));
    // signedPolicyTimeout is in milliseconds but the config setting should be in seconds
    // to be consistent with other configuration properties
    timeout = TimeUnit.SECONDS.convert(7, TimeUnit.DAYS);
    signedPolicyTimeout = 1000 * Long.parseLong(System.getProperty(ZTSConsts.ZTS_PROP_SIGNED_POLICY_TIMEOUT, Long.toString(timeout)));
    // default token timeout for issued tokens
    timeout = TimeUnit.SECONDS.convert(1, TimeUnit.DAYS);
    svcTokenTimeout = Integer.parseInt(System.getProperty(ZTSConsts.ZTS_PROP_INSTANCE_NTOKEN_TIMEOUT, Long.toString(timeout)));
    // retrieve the list of our authorized proxy users
    final String authorizedProxyUserList = System.getProperty(ZTSConsts.ZTS_PROP_AUTHORIZED_PROXY_USERS);
    if (authorizedProxyUserList != null) {
        authorizedProxyUsers = new HashSet<>(Arrays.asList(authorizedProxyUserList.split(",")));
    }
    userDomain = System.getProperty(PROP_USER_DOMAIN, ZTSConsts.ATHENZ_USER_DOMAIN);
    userDomainPrefix = userDomain + ".";
    userDomainAlias = System.getProperty(ZTSConsts.ZTS_PROP_USER_DOMAIN_ALIAS);
    if (userDomainAlias != null) {
        userDomainAliasPrefix = userDomainAlias + ".";
    }
    // get the list of uris that we want to allow an-authenticated access
    final String uriList = System.getProperty(ZTSConsts.ZTS_PROP_NOAUTH_URI_LIST);
    if (uriList != null) {
        authFreeUriSet = new HashSet<>();
        authFreeUriList = new ArrayList<>();
        String[] list = uriList.split(",");
        for (String uri : list) {
            if (uri.indexOf('+') != -1) {
                authFreeUriList.add(Pattern.compile(uri));
            } else {
                authFreeUriSet.add(uri);
            }
        }
    }
    // check to see if we need to include the complete role token flag
    includeRoleCompleteFlag = Boolean.parseBoolean(System.getProperty(ZTSConsts.ZTS_PROP_ROLE_COMPLETE_FLAG, "true"));
    // check if we need to run in maintenance read only mode
    readOnlyMode = new DynamicConfigBoolean(CONFIG_MANAGER, ZTSConsts.ZTS_PROP_READ_ONLY_MODE, false);
    // configure if we should verify the IP address that's included
    // in the certificate request
    verifyCertRequestIP = Boolean.parseBoolean(System.getProperty(ZTSConsts.ZTS_PROP_CERT_REQUEST_VERIFY_IP, "false"));
    // configure if we should validate subject ou fields to match
    // provider names
    verifyCertSubjectOU = Boolean.parseBoolean(System.getProperty(ZTSConsts.ZTS_PROP_CERT_REQUEST_VERIFY_SUBJECT_OU, "false"));
    // x509 certificate issue reset time if configured
    x509CertRefreshResetTime = new DynamicConfigLong(CONFIG_MANAGER, ZTSConsts.ZTS_PROP_CERT_REFRESH_RESET_TIME, 0L);
    // list of valid O and OU values for any certificate request
    final String validCertSubjectOrgValueList = System.getProperty(ZTSConsts.ZTS_PROP_CERT_ALLOWED_O_VALUES);
    if (validCertSubjectOrgValueList != null) {
        validCertSubjectOrgValues = new HashSet<>(Arrays.asList(validCertSubjectOrgValueList.split("\\|")));
    }
    final String validCertSubjectOrgUnitValueList = System.getProperty(ZTSConsts.ZTS_PROP_CERT_ALLOWED_OU_VALUES);
    if (validCertSubjectOrgUnitValueList != null) {
        validCertSubjectOrgUnitValues = new HashSet<>(Arrays.asList(validCertSubjectOrgUnitValueList.split("\\|")));
    }
    // retrieve our oauth settings
    ztsOAuthIssuer = System.getProperty(ZTSConsts.ZTS_PROP_OAUTH_ISSUER, serverHostName);
    ztsOpenIDIssuer = System.getProperty(ZTSConsts.ZTS_PROP_OPENID_ISSUER, ztsOAuthIssuer);
    // set up our health check file
    final String healthCheckPath = System.getProperty(ZTSConsts.ZTS_PROP_HEALTH_CHECK_PATH);
    if (!StringUtil.isEmpty(healthCheckPath)) {
        healthCheckFile = new File(healthCheckPath);
    }
    // get server region
    serverRegion = System.getProperty(ZTSConsts.ZTS_PROP_SERVER_REGION);
    // list of domains to be skipped when validating services for instance
    // register/refresh operations since the services in these domains are
    // dynamic - e.g. screwdriver projects
    final String skipDomains = System.getProperty(ZTSConsts.ZTS_PROP_VALIDATE_SERVICE_SKIP_DOMAINS, "");
    validateServiceSkipDomains = new HashSet<>(Arrays.asList(skipDomains.split(",")));
    validateInstanceServiceIdentity = new DynamicConfigBoolean(CONFIG_MANAGER, ZTSConsts.ZTS_PROP_VALIDATE_SERVICE_IDENTITY, true);
    // configured max length for authz details claims
    maxAuthzDetailsLength = Integer.parseInt(System.getProperty(ZTSConsts.ZTS_PROP_MAX_AUTHZ_DETAILS_LENGTH, "1024"));
    // if workloads store should be populated based on IPs from CSR
    enableWorkloadStore = Boolean.parseBoolean(System.getProperty(ZTSConsts.ZTS_PROP_WORKLOAD_ENABLE_STORE_FEATURE, "false"));
}
Also used : DynamicConfigLong(com.yahoo.athenz.common.server.util.config.dynamic.DynamicConfigLong) ConfigProviderFile(com.yahoo.athenz.common.server.util.config.providers.ConfigProviderFile) File(java.io.File) DynamicConfigBoolean(com.yahoo.athenz.common.server.util.config.dynamic.DynamicConfigBoolean)

Example 3 with DynamicConfigLong

use of com.yahoo.athenz.common.server.util.config.dynamic.DynamicConfigLong in project athenz by yahoo.

the class InstanceAWSECSProvider method initialize.

@Override
public void initialize(String provider, String providerEndpoint, SSLContext sslcontext, KeyStore keyStore) {
    super.initialize(provider, providerEndpoint, sslcontext, keyStore);
    // for ECS support, we're not going to enforce the
    // boot time since we don't know when the container
    // was started and temporary aws iam assume role
    // validation is sufficient
    bootTimeOffsetSeconds = new DynamicConfigLong(0L);
    // our ECS provider must validate refresh requests
    supportRefresh = true;
}
Also used : DynamicConfigLong(com.yahoo.athenz.common.server.util.config.dynamic.DynamicConfigLong)

Example 4 with DynamicConfigLong

use of com.yahoo.athenz.common.server.util.config.dynamic.DynamicConfigLong in project athenz by yahoo.

the class InstanceAWSProvider method initialize.

@Override
public void initialize(String provider, String providerEndpoint, SSLContext sslContext, KeyStore keyStore) {
    String awsCertFileName = System.getProperty(AWS_PROP_PUBLIC_CERT, "");
    if (!awsCertFileName.isEmpty()) {
        File awsCertFile = new File(awsCertFileName);
        X509Certificate awsCert = Crypto.loadX509Certificate(awsCertFile);
        awsPublicKey = awsCert.getPublicKey();
    }
    if (awsPublicKey == null) {
        LOGGER.error("AWS Public Key not specified - no instance requests will be authorized");
    }
    // how long the instance must be booted in the past before we
    // stop validating the instance requests
    long timeout = TimeUnit.SECONDS.convert(5, TimeUnit.MINUTES);
    bootTimeOffsetSeconds = new DynamicConfigLong(CONFIG_MANAGER, AWS_PROP_BOOT_TIME_OFFSET, timeout);
    // determine the dns suffix. if this is not specified we'll
    // be rejecting all entries
    dnsSuffixes = new HashSet<>();
    final String dnsSuffix = System.getProperty(AWS_PROP_DNS_SUFFIX);
    if (StringUtil.isEmpty(dnsSuffix)) {
        LOGGER.error("AWS DNS Suffix not specified - no instance requests will be authorized");
    } else {
        dnsSuffixes.addAll(Arrays.asList(dnsSuffix.split(",")));
    }
    // default certificate expiry for requests without instance
    // identity document
    int certValidityDays = Integer.parseInt(System.getProperty(AWS_PROP_CERT_VALIDITY_STS_ONLY, "7"));
    certValidityTime = TimeUnit.MINUTES.convert(certValidityDays, TimeUnit.DAYS);
    // get the aws region
    awsRegion = System.getProperty(AWS_PROP_REGION_NAME);
}
Also used : DynamicConfigLong(com.yahoo.athenz.common.server.util.config.dynamic.DynamicConfigLong) File(java.io.File) X509Certificate(java.security.cert.X509Certificate)

Example 5 with DynamicConfigLong

use of com.yahoo.athenz.common.server.util.config.dynamic.DynamicConfigLong in project athenz by yahoo.

the class DynamicConfigTest method testStatic.

@Test
public void testStatic() throws IOException {
    File configFile = File.createTempFile("ConfigProviderFileTest.testStatic", ".conf");
    writeFile(configFile, "" + "string-key-ok: string-value\n" + "\n" + "int-key-ok: 100\n" + "int-key-too-big: 10000000000\n" + "int-key-invalid-1: x100\n" + "int-key-invalid-2: 100x\n" + "\n" + "long-key-ok: 100\n" + "long-key-too-big: 100000000000000000000\n" + "long-key-invalid-1: x100\n" + "long-key-invalid-2: 100x\n" + "\n" + "float-key-ok-1: 100\n" + "float-key-ok-2: 12.34\n" + "float-key-invalid-1: x100\n" + "float-key-invalid-2: 100x\n" + "\n" + "double-key-ok-1: 100\n" + "double-key-ok-2: 12.34\n" + "double-key-invalid-1: x100\n" + "double-key-invalid-2: 100x\n" + "\n" + "boolean-key-true:    true\n" + "boolean-key-yes:     yes\n" + "boolean-key-on:      on\n" + "boolean-key-false:   false\n" + "boolean-key-no:      no\n" + "boolean-key-off:     off\n" + "boolean-key-invalid: hmm...\n" + "\n" + "duration-key-reload: 10\n" + "duration-key-short: 100\n" + "duration-key-long: 100000\n" + "duration-key-too-big: 100000000000000000000\n" + "duration-key-invalid-1: x100\n" + "duration-key-invalid-2: 100x\n" + "\n" + "csv-key-ok: aaa,111,1234567890123456789,12.34,bbb\n");
    try (ConfigManager configManager = new ConfigManager("duration-key-reload", 10, TimeUnit.MILLISECONDS).addProvider(new ConfigProviderFile()).addConfigSource("prop-file://" + configFile)) {
        DynamicConfigString dynamicConfigStringOk = new DynamicConfigString(configManager, "string-key-ok", "default-value");
        DynamicConfigString dynamicConfigStringMissing = new DynamicConfigString(configManager, "string-key-missing", "default-value");
        DynamicConfigString dynamicConfigStringFixed = new DynamicConfigString("default-value");
        DynamicConfigInteger dynamicConfigIntegerOk = new DynamicConfigInteger(configManager, "int-key-ok", 123456, 10, 1000);
        DynamicConfigInteger dynamicConfigIntegerOverflow = new DynamicConfigInteger(configManager, "int-key-ok", 123456, 0, 10);
        DynamicConfigInteger dynamicConfigIntegerUnderflow = new DynamicConfigInteger(configManager, "int-key-ok", 123456, 1000, 10000);
        DynamicConfigInteger dynamicConfigIntegerTooBig = new DynamicConfigInteger(configManager, "int-key-too-big", 123456);
        DynamicConfigInteger dynamicConfigIntegerInvalid1 = new DynamicConfigInteger(configManager, "int-key-invalid-1", 123456);
        DynamicConfigInteger dynamicConfigIntegerInvalid2 = new DynamicConfigInteger(configManager, "int-key-invalid-2", 123456);
        DynamicConfigInteger dynamicConfigIntegerMissing = new DynamicConfigInteger(configManager, "int-key-missing", 123456);
        DynamicConfigInteger dynamicConfigIntegerFixed = new DynamicConfigInteger(123456);
        DynamicConfigLong dynamicConfigLongOk = new DynamicConfigLong(configManager, "long-key-ok", 123456L, 10L, 1000L);
        DynamicConfigLong dynamicConfigLongOverflow = new DynamicConfigLong(configManager, "long-key-ok", 123456L, 0L, 10L);
        DynamicConfigLong dynamicConfigLongUnderflow = new DynamicConfigLong(configManager, "long-key-ok", 123456L, 1000L, 10000L);
        DynamicConfigLong dynamicConfigLongTooBig = new DynamicConfigLong(configManager, "long-key-too-big", 123456L);
        DynamicConfigLong dynamicConfigLongInvalid1 = new DynamicConfigLong(configManager, "long-key-invalid-1", 123456L);
        DynamicConfigLong dynamicConfigLongInvalid2 = new DynamicConfigLong(configManager, "long-key-invalid-2", 123456L);
        DynamicConfigLong dynamicConfigLongMissing = new DynamicConfigLong(configManager, "long-key-missing", 123456L);
        DynamicConfigLong dynamicConfigLongFixed = new DynamicConfigLong(123456L);
        DynamicConfigFloat dynamicConfigFloatOk1 = new DynamicConfigFloat(configManager, "float-key-ok-1", 1.23F, 10F, 1000F);
        DynamicConfigFloat dynamicConfigFloatOk2 = new DynamicConfigFloat(configManager, "float-key-ok-2", 1.23F);
        DynamicConfigFloat dynamicConfigFloatOverflow = new DynamicConfigFloat(configManager, "float-key-ok-1", 1.23F, 0F, 10F);
        DynamicConfigFloat dynamicConfigFloatUnderflow = new DynamicConfigFloat(configManager, "float-key-ok-1", 1.23F, 1000F, 10000F);
        DynamicConfigFloat dynamicConfigFloatInvalid1 = new DynamicConfigFloat(configManager, "float-key-invalid-1", 1.23F);
        DynamicConfigFloat dynamicConfigFloatInvalid2 = new DynamicConfigFloat(configManager, "float-key-invalid-2", 1.23F);
        DynamicConfigFloat dynamicConfigFloatMissing = new DynamicConfigFloat(configManager, "float-key-missing", 1.23F);
        DynamicConfigFloat dynamicConfigFloatFixed = new DynamicConfigFloat(1.23F);
        DynamicConfigDouble dynamicConfigDoubleOk1 = new DynamicConfigDouble(configManager, "double-key-ok-1", 123.456, 10.0, 1000.0);
        DynamicConfigDouble dynamicConfigDoubleOk2 = new DynamicConfigDouble(configManager, "double-key-ok-2", 123.456);
        DynamicConfigDouble dynamicConfigDoubleOverflow = new DynamicConfigDouble(configManager, "double-key-ok-1", 123.456, 0.0, 10.0);
        DynamicConfigDouble dynamicConfigDoubleUnderflow = new DynamicConfigDouble(configManager, "double-key-ok-1", 123.456, 1000.0, 10000.0);
        DynamicConfigDouble dynamicConfigDoubleInvalid1 = new DynamicConfigDouble(configManager, "double-key-invalid-1", 123.456);
        DynamicConfigDouble dynamicConfigDoubleInvalid2 = new DynamicConfigDouble(configManager, "double-key-invalid-2", 123.456);
        DynamicConfigDouble dynamicConfigDoubleMissing = new DynamicConfigDouble(configManager, "double-key-missing", 123.456);
        DynamicConfigDouble dynamicConfigDoubleFixed = new DynamicConfigDouble(123.456);
        DynamicConfigBoolean dynamicConfigBooleanTrueTrue = new DynamicConfigBoolean(configManager, "boolean-key-true", true);
        DynamicConfigBoolean dynamicConfigBooleanTrueYes = new DynamicConfigBoolean(configManager, "boolean-key-yes", true);
        DynamicConfigBoolean dynamicConfigBooleanTrueOn = new DynamicConfigBoolean(configManager, "boolean-key-on", true);
        DynamicConfigBoolean dynamicConfigBooleanTrueFalse = new DynamicConfigBoolean(configManager, "boolean-key-false", true);
        DynamicConfigBoolean dynamicConfigBooleanTrueNo = new DynamicConfigBoolean(configManager, "boolean-key-no", true);
        DynamicConfigBoolean dynamicConfigBooleanTrueOff = new DynamicConfigBoolean(configManager, "boolean-key-off", true);
        DynamicConfigBoolean dynamicConfigBooleanTrueInvalid = new DynamicConfigBoolean(configManager, "boolean-key-invalid", true);
        DynamicConfigBoolean dynamicConfigBooleanTrueMissing = new DynamicConfigBoolean(configManager, "boolean-key-missing", true);
        DynamicConfigBoolean dynamicConfigBooleanTrueFixed = new DynamicConfigBoolean(true);
        DynamicConfigBoolean dynamicConfigBooleanFalseTrue = new DynamicConfigBoolean(configManager, "boolean-key-true", false);
        DynamicConfigBoolean dynamicConfigBooleanFalseYes = new DynamicConfigBoolean(configManager, "boolean-key-yes", false);
        DynamicConfigBoolean dynamicConfigBooleanFalseOn = new DynamicConfigBoolean(configManager, "boolean-key-on", false);
        DynamicConfigBoolean dynamicConfigBooleanFalseFalse = new DynamicConfigBoolean(configManager, "boolean-key-false", false);
        DynamicConfigBoolean dynamicConfigBooleanFalseNo = new DynamicConfigBoolean(configManager, "boolean-key-no", false);
        DynamicConfigBoolean dynamicConfigBooleanFalseOff = new DynamicConfigBoolean(configManager, "boolean-key-off", false);
        DynamicConfigBoolean dynamicConfigBooleanFalseInvalid = new DynamicConfigBoolean(configManager, "boolean-key-invalid", false);
        DynamicConfigBoolean dynamicConfigBooleanFalseMissing = new DynamicConfigBoolean(configManager, "boolean-key-missing", false);
        DynamicConfigBoolean dynamicConfigBooleanFalseFixed = new DynamicConfigBoolean(false);
        DynamicConfigDuration dynamicConfigDurationShort = new DynamicConfigDuration(configManager, "duration-key-short", 123456, TimeUnit.SECONDS);
        DynamicConfigDuration dynamicConfigDurationLong = new DynamicConfigDuration(configManager, "duration-key-long", 123456, TimeUnit.SECONDS);
        DynamicConfigDuration dynamicConfigDurationTooBig = new DynamicConfigDuration(configManager, "duration-key-too-big", 123456, TimeUnit.SECONDS);
        DynamicConfigDuration dynamicConfigDurationInvalid1 = new DynamicConfigDuration(configManager, "duration-key-invalid-1", 123456, TimeUnit.SECONDS);
        DynamicConfigDuration dynamicConfigDurationInvalid2 = new DynamicConfigDuration(configManager, "duration-key-invalid-2", 123456, TimeUnit.SECONDS);
        DynamicConfigDuration dynamicConfigDurationMissing = new DynamicConfigDuration(configManager, "duration-key-missing", 123456, TimeUnit.SECONDS);
        DynamicConfigDuration dynamicConfigDurationFixed = new DynamicConfigDuration(123456, TimeUnit.SECONDS);
        DynamicConfigCsv dynamicConfigCsvOk = new DynamicConfigCsv(configManager, "csv-key-ok", "default-value-a,default-value-b");
        DynamicConfigCsv dynamicConfigCsvMissing = new DynamicConfigCsv(configManager, "csv-key-missing", "default-value-a,default-value-b");
        DynamicConfigCsv dynamicConfigCsvFixed = new DynamicConfigCsv("fixed-value-a,fixed-value-b");
        assertEquals("string-value", dynamicConfigStringOk.toString());
        assertEquals("string-value", dynamicConfigStringOk.get());
        assertEquals("default-value", dynamicConfigStringMissing.get());
        assertEquals("default-value", dynamicConfigStringFixed.get());
        assertEquals("100", dynamicConfigIntegerOk.toString());
        assertEquals(Integer.valueOf(100), dynamicConfigIntegerOk.get());
        assertEquals(Integer.valueOf(123456), dynamicConfigIntegerOverflow.get());
        assertEquals(Integer.valueOf(123456), dynamicConfigIntegerUnderflow.get());
        assertEquals(Integer.valueOf(123456), dynamicConfigIntegerTooBig.get());
        assertEquals(Integer.valueOf(123456), dynamicConfigIntegerInvalid1.get());
        assertEquals(Integer.valueOf(123456), dynamicConfigIntegerInvalid2.get());
        assertEquals(Integer.valueOf(123456), dynamicConfigIntegerMissing.get());
        assertEquals(Integer.valueOf(123456), dynamicConfigIntegerFixed.get());
        assertEquals("100", dynamicConfigLongOk.toString());
        assertEquals(Long.valueOf(100L), dynamicConfigLongOk.get());
        assertEquals(Long.valueOf(123456L), dynamicConfigLongOverflow.get());
        assertEquals(Long.valueOf(123456L), dynamicConfigLongUnderflow.get());
        assertEquals(Long.valueOf(123456L), dynamicConfigLongTooBig.get());
        assertEquals(Long.valueOf(123456L), dynamicConfigLongInvalid1.get());
        assertEquals(Long.valueOf(123456L), dynamicConfigLongInvalid2.get());
        assertEquals(Long.valueOf(123456L), dynamicConfigLongMissing.get());
        assertEquals(Long.valueOf(123456L), dynamicConfigLongFixed.get());
        assertEquals("12.34", dynamicConfigFloatOk2.toString());
        assertEquals(Float.valueOf(100F), dynamicConfigFloatOk1.get());
        assertEquals(Float.valueOf(12.34F), dynamicConfigFloatOk2.get());
        assertEquals(Float.valueOf(1.23F), dynamicConfigFloatOverflow.get());
        assertEquals(Float.valueOf(1.23F), dynamicConfigFloatUnderflow.get());
        assertEquals(Float.valueOf(1.23F), dynamicConfigFloatInvalid1.get());
        assertEquals(Float.valueOf(1.23F), dynamicConfigFloatInvalid2.get());
        assertEquals(Float.valueOf(1.23F), dynamicConfigFloatMissing.get());
        assertEquals(Float.valueOf(1.23F), dynamicConfigFloatFixed.get());
        assertEquals("12.34", dynamicConfigDoubleOk2.toString());
        assertEquals(Double.valueOf(100.0), dynamicConfigDoubleOk1.get());
        assertEquals(Double.valueOf(12.34), dynamicConfigDoubleOk2.get());
        assertEquals(Double.valueOf(123.456), dynamicConfigDoubleOverflow.get());
        assertEquals(Double.valueOf(123.456), dynamicConfigDoubleUnderflow.get());
        assertEquals(Double.valueOf(123.456), dynamicConfigDoubleInvalid1.get());
        assertEquals(Double.valueOf(123.456), dynamicConfigDoubleInvalid2.get());
        assertEquals(Double.valueOf(123.456), dynamicConfigDoubleMissing.get());
        assertEquals(Double.valueOf(123.456), dynamicConfigDoubleFixed.get());
        assertEquals("true", dynamicConfigBooleanTrueTrue.toString());
        assertEquals(Boolean.TRUE, dynamicConfigBooleanTrueTrue.get());
        assertEquals(Boolean.TRUE, dynamicConfigBooleanTrueYes.get());
        assertEquals(Boolean.TRUE, dynamicConfigBooleanTrueOn.get());
        assertEquals(Boolean.FALSE, dynamicConfigBooleanTrueFalse.get());
        assertEquals(Boolean.FALSE, dynamicConfigBooleanTrueNo.get());
        assertEquals(Boolean.FALSE, dynamicConfigBooleanTrueOff.get());
        assertEquals(Boolean.TRUE, dynamicConfigBooleanTrueInvalid.get());
        assertEquals(Boolean.TRUE, dynamicConfigBooleanTrueMissing.get());
        assertEquals(Boolean.TRUE, dynamicConfigBooleanTrueFixed.get());
        assertEquals(Boolean.TRUE, dynamicConfigBooleanFalseTrue.get());
        assertEquals(Boolean.TRUE, dynamicConfigBooleanFalseYes.get());
        assertEquals(Boolean.TRUE, dynamicConfigBooleanFalseOn.get());
        assertEquals(Boolean.FALSE, dynamicConfigBooleanFalseFalse.get());
        assertEquals(Boolean.FALSE, dynamicConfigBooleanFalseNo.get());
        assertEquals(Boolean.FALSE, dynamicConfigBooleanFalseOff.get());
        assertEquals(Boolean.FALSE, dynamicConfigBooleanFalseInvalid.get());
        assertEquals(Boolean.FALSE, dynamicConfigBooleanFalseMissing.get());
        assertEquals(Boolean.FALSE, dynamicConfigBooleanFalseFixed.get());
        assertEquals(100_000L, dynamicConfigDurationShort.getMilliseconds());
        assertEquals(100000_000L, dynamicConfigDurationLong.getMilliseconds());
        assertEquals(123456_000L, dynamicConfigDurationTooBig.getMilliseconds());
        assertEquals(123456_000L, dynamicConfigDurationInvalid1.getMilliseconds());
        assertEquals(123456_000L, dynamicConfigDurationInvalid2.getMilliseconds());
        assertEquals(123456_000L, dynamicConfigDurationMissing.getMilliseconds());
        assertEquals(123456_000L, dynamicConfigDurationFixed.getMilliseconds());
        assertEquals("[\"aaa\",\"111\",\"1234567890123456789\",\"12.34\",\"bbb\"]", Utils.jsonSerializeForLog(dynamicConfigCsvOk.getStringsList()));
        assertEquals("[111.0,1.23456789012345677E18,12.34]", Utils.jsonSerializeForLog(dynamicConfigCsvOk.getDoublesList()));
        assertEquals("[111.0,1.23456794E18,12.34]", Utils.jsonSerializeForLog(dynamicConfigCsvOk.getFloatsList()));
        assertEquals("[111,1234567890123456789]", Utils.jsonSerializeForLog(dynamicConfigCsvOk.getLongsList()));
        assertEquals("[111]", Utils.jsonSerializeForLog(dynamicConfigCsvOk.getIntegersList()));
        assertEquals("[\"default-value-a\",\"default-value-b\"]", Utils.jsonSerializeForLog(dynamicConfigCsvMissing.getStringsList()));
        assertEquals("[\"fixed-value-a\",\"fixed-value-b\"]", Utils.jsonSerializeForLog(dynamicConfigCsvFixed.getStringsList()));
        assertTrue(dynamicConfigCsvOk.hasItem("aaa"));
        assertFalse(dynamicConfigCsvOk.hasItem("ccc"));
        assertTrue(dynamicConfigCsvOk.hasItem(12.34));
        assertFalse(dynamicConfigCsvOk.hasItem(23.45));
        assertTrue(dynamicConfigCsvOk.hasItem(12.34f));
        assertFalse(dynamicConfigCsvOk.hasItem(23.45f));
        assertTrue(dynamicConfigCsvOk.hasItem(1234567890123456789L));
        assertFalse(dynamicConfigCsvOk.hasItem(222L));
        assertTrue(dynamicConfigCsvOk.hasItem(111));
        assertFalse(dynamicConfigCsvOk.hasItem(222));
    }
    @SuppressWarnings("unused") boolean deleted = configFile.delete();
}
Also used : DynamicConfigDuration(com.yahoo.athenz.common.server.util.config.dynamic.DynamicConfigDuration) ConfigProviderFile(com.yahoo.athenz.common.server.util.config.providers.ConfigProviderFile) DynamicConfigLong(com.yahoo.athenz.common.server.util.config.dynamic.DynamicConfigLong) DynamicConfigString(com.yahoo.athenz.common.server.util.config.dynamic.DynamicConfigString) DynamicConfigDouble(com.yahoo.athenz.common.server.util.config.dynamic.DynamicConfigDouble) DynamicConfigBoolean(com.yahoo.athenz.common.server.util.config.dynamic.DynamicConfigBoolean) DynamicConfigFloat(com.yahoo.athenz.common.server.util.config.dynamic.DynamicConfigFloat) DynamicConfigCsv(com.yahoo.athenz.common.server.util.config.dynamic.DynamicConfigCsv) ConfigProviderFile(com.yahoo.athenz.common.server.util.config.providers.ConfigProviderFile) File(java.io.File) DynamicConfigInteger(com.yahoo.athenz.common.server.util.config.dynamic.DynamicConfigInteger) Test(org.testng.annotations.Test)

Aggregations

DynamicConfigLong (com.yahoo.athenz.common.server.util.config.dynamic.DynamicConfigLong)7 X509Certificate (java.security.cert.X509Certificate)4 Test (org.testng.annotations.Test)4 ChangeLogStore (com.yahoo.athenz.common.server.store.ChangeLogStore)3 ZMSFileChangeLogStore (com.yahoo.athenz.common.server.store.impl.ZMSFileChangeLogStore)3 InstanceCertManager (com.yahoo.athenz.zts.cert.InstanceCertManager)3 DataStore (com.yahoo.athenz.zts.store.DataStore)3 MockZMSFileChangeLogStore (com.yahoo.athenz.zts.store.MockZMSFileChangeLogStore)3 File (java.io.File)3 Path (java.nio.file.Path)3 X509CertRecord (com.yahoo.athenz.common.server.cert.X509CertRecord)2 DynamicConfigBoolean (com.yahoo.athenz.common.server.util.config.dynamic.DynamicConfigBoolean)2 ConfigProviderFile (com.yahoo.athenz.common.server.util.config.providers.ConfigProviderFile)2 DynamicConfigCsv (com.yahoo.athenz.common.server.util.config.dynamic.DynamicConfigCsv)1 DynamicConfigDouble (com.yahoo.athenz.common.server.util.config.dynamic.DynamicConfigDouble)1 DynamicConfigDuration (com.yahoo.athenz.common.server.util.config.dynamic.DynamicConfigDuration)1 DynamicConfigFloat (com.yahoo.athenz.common.server.util.config.dynamic.DynamicConfigFloat)1 DynamicConfigInteger (com.yahoo.athenz.common.server.util.config.dynamic.DynamicConfigInteger)1 DynamicConfigString (com.yahoo.athenz.common.server.util.config.dynamic.DynamicConfigString)1 InstanceConfirmation (com.yahoo.athenz.instance.provider.InstanceConfirmation)1