Skip to content

Commit

Permalink
set resource ownership when generating JWS domain
Browse files Browse the repository at this point in the history
  • Loading branch information
craman committed Sep 29, 2024
1 parent c97c1b5 commit bf75eb4
Show file tree
Hide file tree
Showing 2 changed files with 68 additions and 0 deletions.
Original file line number Diff line number Diff line change
Expand Up @@ -7042,6 +7042,7 @@ void setDomainDataAttributes(DomainData domainData, Domain domain) {
domainData.setCertDnsDomain(domain.getCertDnsDomain());
domainData.setMemberPurgeExpiryDays(domain.getMemberPurgeExpiryDays());
domainData.setContacts(domain.getContacts());
domainData.setResourceOwnership(domain.getResourceOwnership());
}

SignedDomain retrieveSignedDomain(Domain domain, final String metaAttr, boolean setMetaDataOnly, boolean masterCopy, boolean includeConditions) {
Expand Down
67 changes: 67 additions & 0 deletions servers/zms/src/test/java/com/yahoo/athenz/zms/ZMSImplTest.java
Original file line number Diff line number Diff line change
Expand Up @@ -23765,6 +23765,73 @@ public void testGetJWSDomainError() {
zmsImpl.privateKey = pkey;
}

@Test
public void testGetJWSDomainResourceOwnership() throws JsonProcessingException, ParseException, JOSEException {

final String domainName = "jws-domain-resource-owner";

ZMSImpl zmsImpl = zmsTestInitializer.getZms();
RsrcCtxWrapper ctx = zmsTestInitializer.getMockDomRsrcCtx();
final String auditRef = zmsTestInitializer.getAuditRef();

TopLevelDomain dom1 = zmsTestInitializer.createTopLevelDomainObject(domainName,
"Test Domain1", "testOrg", zmsTestInitializer.getAdminUser());
dom1.setMemberPurgeExpiryDays(90);

zmsImpl.postTopLevelDomain(ctx, auditRef, "unit-test", dom1);

Response response = zmsImpl.getJWSDomain(ctx, domainName, null, null);
JWSDomain jwsDomain = (JWSDomain) response.getEntity();
DomainData domainData = zmsTestInitializer.getDomainData(jwsDomain);

assertNotNull(domainData);
assertEquals(domainData.getName(), "jws-domain-resource-owner");
assertEquals(domainData.getMemberPurgeExpiryDays(), 90);
assertNotNull(domainData.getResourceOwnership());
assertEquals(domainData.getResourceOwnership().getObjectOwner(), "unit-test");
assertEquals(domainData.getResourceOwnership().getMetaOwner(), "unit-test");

Map<String, String> header = jwsDomain.getHeader();
assertEquals(header.get("kid"), "0");

// now we're going to ask for the same domain with the tag
// and make sure we get back 304

EntityTag tag = response.getEntityTag();
response = zmsImpl.getJWSDomain(ctx, domainName, Boolean.FALSE, tag.getValue());
assertEquals(response.getStatus(), ResourceException.NOT_MODIFIED);

// pass a timestamp a minute back and make sure we
// get back the domain

Timestamp tstamp = Timestamp.fromMillis(System.currentTimeMillis() - 3600);
response = zmsImpl.getJWSDomain(ctx, domainName, false, tstamp.toString());
jwsDomain = (JWSDomain) response.getEntity();
domainData = zmsTestInitializer.getDomainData(jwsDomain);

assertNotNull(domainData);
assertEquals(domainData.getName(), "jws-domain-resource-owner");
assertEquals(domainData.getMemberPurgeExpiryDays(), 90);
assertNotNull(domainData.getResourceOwnership());
assertEquals(domainData.getResourceOwnership().getObjectOwner(), "unit-test");
assertEquals(domainData.getResourceOwnership().getMetaOwner(), "unit-test");

// any invalid data is also treated as no etag

response = zmsImpl.getJWSDomain(ctx, domainName, null, "unknown-date");
jwsDomain = (JWSDomain) response.getEntity();
domainData = zmsTestInitializer.getDomainData(jwsDomain);

assertNotNull(domainData);
assertEquals(domainData.getName(), "jws-domain-resource-owner");
assertEquals(domainData.getMemberPurgeExpiryDays(), 90);
assertNotNull(domainData.getResourceOwnership());
assertEquals(domainData.getResourceOwnership().getObjectOwner(), "unit-test");
assertEquals(domainData.getResourceOwnership().getMetaOwner(), "unit-test");

zmsImpl.deleteTopLevelDomain(ctx, domainName, auditRef, "unit-test");
}

@Test
public void testValidateIntegerValue() {

Expand Down

0 comments on commit bf75eb4

Please sign in to comment.