Example 11 with NToken
use of com.yahoo.vespa.athenz.api.NToken in project vespa by vespa-engine.
the class DnsMaintainerTest method removes_record_for_unassigned_rotation.
@Test
public void removes_record_for_unassigned_rotation() {
DeploymentTester tester = new DeploymentTester();
Application application = tester.createApplication("app1", "tenant1", 1, 1L);
DnsMaintainer dnsMaintainer = new DnsMaintainer(tester.controller(), Duration.ofHours(12), new JobControl(new MockCuratorDb()), tester.controllerTester().nameService());
ApplicationPackage applicationPackage = new ApplicationPackageBuilder().environment(Environment.prod).globalServiceId("foo").region("us-west-1").region("us-central-1").build();
// Deploy application
tester.deployCompletely(application, applicationPackage);
assertEquals(2, tester.controllerTester().nameService().records().size());
Optional<Record> record = tester.controllerTester().nameService().findRecord(Record.Type.CNAME, RecordName.from("app1--tenant1.global.vespa.yahooapis.com"));
assertTrue(record.isPresent());
assertEquals("app1--tenant1.global.vespa.yahooapis.com", record.get().name().asString());
assertEquals("rotation-fqdn-01.", record.get().data().asString());
record = tester.controllerTester().nameService().findRecord(Record.Type.CNAME, RecordName.from("app1.tenant1.global.vespa.yahooapis.com"));
assertTrue(record.isPresent());
assertEquals("app1.tenant1.global.vespa.yahooapis.com", record.get().name().asString());
assertEquals("rotation-fqdn-01.", record.get().data().asString());
// DnsMaintainer does nothing
dnsMaintainer.maintain();
assertTrue("DNS record is not removed", tester.controllerTester().nameService().findRecord(Record.Type.CNAME, RecordName.from("app1--tenant1.global.vespa.yahooapis.com")).isPresent());
assertTrue("DNS record is not removed", tester.controllerTester().nameService().findRecord(Record.Type.CNAME, RecordName.from("app1.tenant1.global.vespa.yahooapis.com")).isPresent());
// Remove application
applicationPackage = new ApplicationPackageBuilder().environment(Environment.prod).allow(ValidationId.deploymentRemoval).build();
tester.jobCompletion(component).application(application).nextBuildNumber().uploadArtifact(applicationPackage).submit();
tester.deployAndNotify(application, applicationPackage, true, systemTest);
tester.applications().deactivate(application, ZoneId.from(Environment.test, RegionName.from("us-east-1")));
tester.applications().deactivate(application, ZoneId.from(Environment.staging, RegionName.from("us-east-3")));
tester.applications().deleteApplication(application.id(), Optional.of(new NToken("ntoken")));
// DnsMaintainer removes records
dnsMaintainer.maintain();
assertFalse("DNS record removed", tester.controllerTester().nameService().findRecord(Record.Type.CNAME, RecordName.from("app1--tenant1.global.vespa.yahooapis.com")).isPresent());
dnsMaintainer.maintain();
assertFalse("DNS record removed", tester.controllerTester().nameService().findRecord(Record.Type.CNAME, RecordName.from("app1.tenant1.global.vespa.yahooapis.com")).isPresent());
}
Also used :
MockCuratorDb(com.yahoo.vespa.hosted.controller.persistence.MockCuratorDb)
NToken(com.yahoo.vespa.athenz.api.NToken)
DeploymentTester(com.yahoo.vespa.hosted.controller.deployment.DeploymentTester)
ApplicationPackageBuilder(com.yahoo.vespa.hosted.controller.deployment.ApplicationPackageBuilder)
Record(com.yahoo.vespa.hosted.controller.api.integration.dns.Record)
Application(com.yahoo.vespa.hosted.controller.Application)
ApplicationPackage(com.yahoo.vespa.hosted.controller.application.ApplicationPackage)
Test(org.junit.Test)
JobType.systemTest(com.yahoo.vespa.hosted.controller.application.DeploymentJobs.JobType.systemTest)
Example 12 with NToken
use of com.yahoo.vespa.athenz.api.NToken in project vespa by vespa-engine.
the class UserAuthWithAthenzPrincipalFilter method rewriteUserPrincipalToAthenz.
private void rewriteUserPrincipalToAthenz(DiscFilterRequest request) {
Principal userPrincipal = request.getUserPrincipal();
log.log(LogLevel.DEBUG, () -> "Original user principal: " + userPrincipal.toString());
UserId userId = new UserId(userPrincipal.getName());
AthenzUser athenzIdentity = AthenzUser.fromUserId(userId.id());
request.setRemoteUser(athenzIdentity.getFullName());
NToken nToken = Optional.ofNullable(request.getHeader(principalHeaderName)).map(NToken::new).orElse(null);
request.setUserPrincipal(new AthenzPrincipal(athenzIdentity, nToken));
}
Also used :
UserId(com.yahoo.vespa.hosted.controller.api.identifiers.UserId)
NToken(com.yahoo.vespa.athenz.api.NToken)
AthenzPrincipal(com.yahoo.vespa.athenz.api.AthenzPrincipal)
AthenzUser(com.yahoo.vespa.athenz.api.AthenzUser)
Principal(java.security.Principal)
AthenzPrincipal(com.yahoo.vespa.athenz.api.AthenzPrincipal)
Aggregations
NToken (com.yahoo.vespa.athenz.api.NToken)12
Test (org.junit.Test)7
AthenzPrincipal (com.yahoo.vespa.athenz.api.AthenzPrincipal)4
PrincipalToken (com.yahoo.athenz.auth.token.PrincipalToken)2
ApplicationId (com.yahoo.config.provision.ApplicationId)2
AthenzIdentity (com.yahoo.vespa.athenz.api.AthenzIdentity)2
AthenzUser (com.yahoo.vespa.athenz.api.AthenzUser)2
Tenant (com.yahoo.vespa.hosted.controller.api.Tenant)2
TenantId (com.yahoo.vespa.hosted.controller.api.identifiers.TenantId)2
Record (com.yahoo.vespa.hosted.controller.api.integration.dns.Record)2
Optional (java.util.Optional)2
ImmutableList (com.google.common.collect.ImmutableList)1
Pair (com.yahoo.collections.Pair)1
Version (com.yahoo.component.Version)1
DeploymentSpec (com.yahoo.config.application.api.DeploymentSpec)1
ValidationId (com.yahoo.config.application.api.ValidationId)1
Environment (com.yahoo.config.provision.Environment)1
TenantName (com.yahoo.config.provision.TenantName)1
Inspector (com.yahoo.slime.Inspector)1
AthenzDomain (com.yahoo.vespa.athenz.api.AthenzDomain)1
