Search in sources :

Example 16 with CloudStore

use of com.yahoo.athenz.zts.store.CloudStore in project athenz by yahoo.

the class CloudStoreTest method testLoadBootMetaDataInvalidIamInfoException.

@Test
public void testLoadBootMetaDataInvalidIamInfoException() throws InterruptedException, ExecutionException, TimeoutException {
    CloudStore store = new CloudStore(null);
    HttpClient httpClient = Mockito.mock(HttpClient.class);
    ContentResponse responseDoc = Mockito.mock(ContentResponse.class);
    Mockito.when(responseDoc.getStatus()).thenReturn(200);
    Mockito.when(responseDoc.getContentAsString()).thenReturn(AWS_INSTANCE_DOCUMENT);
    ContentResponse responseSig = Mockito.mock(ContentResponse.class);
    Mockito.when(responseSig.getStatus()).thenReturn(200);
    Mockito.when(responseSig.getContentAsString()).thenReturn("pkcs7-signature");
    ContentResponse responseInfo = Mockito.mock(ContentResponse.class);
    Mockito.when(responseInfo.getStatus()).thenReturn(200);
    Mockito.when(responseInfo.getContentAsString()).thenReturn("invalid-info");
    store.setHttpClient(httpClient);
    Mockito.when(httpClient.GET("http://169.254.169.254/latest/dynamic/instance-identity/document")).thenReturn(responseDoc);
    Mockito.when(httpClient.GET("http://169.254.169.254/latest/dynamic/instance-identity/pkcs7")).thenReturn(responseSig);
    Mockito.when(httpClient.GET("http://169.254.169.254/latest/meta-data/iam/info")).thenReturn(responseInfo);
    assertFalse(store.loadBootMetaData());
    store.close();
}
Also used : CloudStore(com.yahoo.athenz.zts.store.CloudStore) ContentResponse(org.eclipse.jetty.client.api.ContentResponse) HttpClient(org.eclipse.jetty.client.HttpClient) Test(org.testng.annotations.Test)

Example 17 with CloudStore

use of com.yahoo.athenz.zts.store.CloudStore in project athenz by yahoo.

the class CloudStoreTest method testParseIamRoleInfoMissingInstanceProfile.

@Test
public void testParseIamRoleInfoMissingInstanceProfile() {
    CloudStore store = new CloudStore(null);
    assertFalse(store.parseIamRoleInfo("{\"accountId\":\"012345678901\"}"));
    assertFalse(store.parseIamRoleInfo("{\"accountId\":\"012345678901\",\"InstanceProfileArn\":\"\"}"));
    store.close();
}
Also used : CloudStore(com.yahoo.athenz.zts.store.CloudStore) Test(org.testng.annotations.Test)

Example 18 with CloudStore

use of com.yahoo.athenz.zts.store.CloudStore in project athenz by yahoo.

the class CloudStoreTest method testInitializeAwsSupportInvalidCreds.

@Test
public void testInitializeAwsSupportInvalidCreds() throws InterruptedException, ExecutionException, TimeoutException {
    CloudStore store = new CloudStore(null);
    HttpClient httpClient = Mockito.mock(HttpClient.class);
    ContentResponse responseDoc = Mockito.mock(ContentResponse.class);
    Mockito.when(responseDoc.getStatus()).thenReturn(200);
    Mockito.when(responseDoc.getContentAsString()).thenReturn(AWS_INSTANCE_DOCUMENT);
    ContentResponse responseSig = Mockito.mock(ContentResponse.class);
    Mockito.when(responseSig.getStatus()).thenReturn(200);
    Mockito.when(responseSig.getContentAsString()).thenReturn("pkcs7-signature");
    ContentResponse responseInfo = Mockito.mock(ContentResponse.class);
    Mockito.when(responseInfo.getStatus()).thenReturn(200);
    Mockito.when(responseInfo.getContentAsString()).thenReturn(AWS_IAM_ROLE_INFO);
    ContentResponse responseCreds = Mockito.mock(ContentResponse.class);
    Mockito.when(responseCreds.getStatus()).thenReturn(200);
    Mockito.when(responseCreds.getContentAsString()).thenReturn("invalid-creds");
    store.setHttpClient(httpClient);
    Mockito.when(httpClient.GET("http://169.254.169.254/latest/dynamic/instance-identity/document")).thenReturn(responseDoc);
    Mockito.when(httpClient.GET("http://169.254.169.254/latest/dynamic/instance-identity/pkcs7")).thenReturn(responseSig);
    Mockito.when(httpClient.GET("http://169.254.169.254/latest/meta-data/iam/info")).thenReturn(responseInfo);
    Mockito.when(httpClient.GET("http://169.254.169.254/latest/meta-data/iam/security-credentials/athenz.zts")).thenReturn(responseCreds);
    try {
        store.awsEnabled = true;
        store.initializeAwsSupport();
        fail();
    } catch (ResourceException ex) {
        assertEquals(ex.getCode(), 500);
    }
    store.close();
}
Also used : CloudStore(com.yahoo.athenz.zts.store.CloudStore) ContentResponse(org.eclipse.jetty.client.api.ContentResponse) HttpClient(org.eclipse.jetty.client.HttpClient) ResourceException(com.yahoo.athenz.zts.ResourceException) Test(org.testng.annotations.Test)

Example 19 with CloudStore

use of com.yahoo.athenz.zts.store.CloudStore in project athenz by yahoo.

the class CloudStoreTest method testParseInstanceInfoRegion.

@Test
public void testParseInstanceInfoRegion() {
    // first this should fail since we have no region
    // override and the document has no region
    CloudStore store = new CloudStore(null);
    assertFalse(store.parseInstanceInfo("{\"accountId\":\"012345678901\"}"));
    // now we're going to use the same doc with override
    System.setProperty(ZTSConsts.ZTS_PROP_AWS_REGION_NAME, "us-west-3");
    store.close();
    store = new CloudStore(null);
    assertTrue(store.parseInstanceInfo("{\"accountId\":\"012345678901\"}"));
    assertEquals(store.awsRegion, "us-west-3");
    System.clearProperty(ZTSConsts.ZTS_PROP_AWS_REGION_NAME);
    store.close();
}
Also used : CloudStore(com.yahoo.athenz.zts.store.CloudStore) Test(org.testng.annotations.Test)

Example 20 with CloudStore

use of com.yahoo.athenz.zts.store.CloudStore in project athenz by yahoo.

the class CloudStoreTest method testLoadBootMetaDataInvalidDocumentException.

@Test
public void testLoadBootMetaDataInvalidDocumentException() throws InterruptedException, ExecutionException, TimeoutException {
    CloudStore store = new CloudStore(null);
    HttpClient httpClient = Mockito.mock(HttpClient.class);
    ContentResponse response = Mockito.mock(ContentResponse.class);
    Mockito.when(response.getStatus()).thenReturn(200);
    Mockito.when(response.getContentAsString()).thenReturn("json-document");
    store.setHttpClient(httpClient);
    Mockito.when(httpClient.GET("http://169.254.169.254/latest/dynamic/instance-identity/document")).thenReturn(response);
    assertFalse(store.loadBootMetaData());
    store.close();
}
Also used : CloudStore(com.yahoo.athenz.zts.store.CloudStore) ContentResponse(org.eclipse.jetty.client.api.ContentResponse) HttpClient(org.eclipse.jetty.client.HttpClient) Test(org.testng.annotations.Test)

Aggregations

CloudStore (com.yahoo.athenz.zts.store.CloudStore)45 Test (org.testng.annotations.Test)44 HttpClient (org.eclipse.jetty.client.HttpClient)17 ContentResponse (org.eclipse.jetty.client.api.ContentResponse)16 MockCloudStore (com.yahoo.athenz.zts.store.MockCloudStore)6 Principal (com.yahoo.athenz.auth.Principal)5 SimplePrincipal (com.yahoo.athenz.auth.impl.SimplePrincipal)5 SignedDomain (com.yahoo.athenz.zms.SignedDomain)5 ResourceException (com.yahoo.athenz.zts.ResourceException)5 BasicSessionCredentials (com.amazonaws.auth.BasicSessionCredentials)2 File (java.io.File)2 AssumeRoleRequest (com.amazonaws.services.securitytoken.model.AssumeRoleRequest)1 CertSigner (com.yahoo.athenz.common.server.cert.CertSigner)1 SelfCertSigner (com.yahoo.athenz.zts.cert.impl.SelfCertSigner)1 ChangeLogStore (com.yahoo.athenz.zts.store.ChangeLogStore)1 DataStore (com.yahoo.athenz.zts.store.DataStore)1 MockZMSFileChangeLogStore (com.yahoo.athenz.zts.store.impl.MockZMSFileChangeLogStore)1 ZMSFileChangeLogStore (com.yahoo.athenz.zts.store.impl.ZMSFileChangeLogStore)1 PrivateKey (java.security.PrivateKey)1 X509Certificate (java.security.cert.X509Certificate)1