diff options
author | Andreas Eriksen <andreer@yahooinc.com> | 2023-03-24 12:10:15 +0100 |
---|---|---|
committer | Andreas Eriksen <andreer@yahooinc.com> | 2023-03-24 12:10:15 +0100 |
commit | d0aae9f76f48ed10ccf4d751ce93ed9907baee63 (patch) | |
tree | b4738fa23046243d9458f80a9810e60a88b8df0e | |
parent | 57f5e9706a982d91fc8317996648b9ffbd29b5ff (diff) |
WireGuard UDP port is trusted in Public AWS zones
2 files changed, 16 insertions, 5 deletions
diff --git a/node-repository/src/test/java/com/yahoo/vespa/hosted/provision/provisioning/AclProvisioningTest.java b/node-repository/src/test/java/com/yahoo/vespa/hosted/provision/provisioning/AclProvisioningTest.java index 67f734eede2..0f6962087a8 100644 --- a/node-repository/src/test/java/com/yahoo/vespa/hosted/provision/provisioning/AclProvisioningTest.java +++ b/node-repository/src/test/java/com/yahoo/vespa/hosted/provision/provisioning/AclProvisioningTest.java @@ -4,9 +4,16 @@ package com.yahoo.vespa.hosted.provision.provisioning; import com.yahoo.component.Version; import com.yahoo.config.provision.ApplicationId; import com.yahoo.config.provision.Capacity; +import com.yahoo.config.provision.Cloud; +import com.yahoo.config.provision.CloudAccount; +import com.yahoo.config.provision.CloudName; import com.yahoo.config.provision.ClusterResources; +import com.yahoo.config.provision.Environment; import com.yahoo.config.provision.NodeResources; import com.yahoo.config.provision.NodeType; +import com.yahoo.config.provision.RegionName; +import com.yahoo.config.provision.SystemName; +import com.yahoo.config.provision.Zone; import com.yahoo.vespa.hosted.provision.Node; import com.yahoo.vespa.hosted.provision.NodeList; import com.yahoo.vespa.hosted.provision.node.NodeAcl; @@ -110,7 +117,15 @@ public class AclProvisioningTest { Set.of("10.2.3.0/24", "10.4.5.0/24"), List.of(nodeAcl)); assertEquals(Set.of(22, 4443), nodeAcl.trustedPorts()); - assertEquals(Set.of(51820), nodeAcl.trustedUdpPorts()); + assertEquals(Set.of(), nodeAcl.trustedUdpPorts()); + + // WireGuard UDP port is trusted in Public AWS zones + var publicTester = new ProvisioningTester.Builder().zone(new Zone(Cloud.builder().name(CloudName.AWS).account(CloudAccount.from("000000000000")).build(), SystemName.Public, Environment.defaultEnvironment(), RegionName.defaultName())).build(); + publicTester.makeConfigServers(3, "default", Version.fromString("6.123.456")); + Node publicCfgNode = publicTester.nodeRepository().nodes().node("cfg1") + .orElseThrow(() -> new RuntimeException("Failed to find cfg1")); + NodeAcl publicNodeAcl = publicCfgNode.acl(nodes, publicTester.nodeRepository().loadBalancers(), publicTester.nodeRepository().zone()); + assertEquals(Set.of(51820), publicNodeAcl.trustedUdpPorts()); } @Test diff --git a/node-repository/src/test/java/com/yahoo/vespa/hosted/provision/restapi/responses/acl-config-server.json b/node-repository/src/test/java/com/yahoo/vespa/hosted/provision/restapi/responses/acl-config-server.json index 39e3b8c4921..1800dcacc3d 100644 --- a/node-repository/src/test/java/com/yahoo/vespa/hosted/provision/restapi/responses/acl-config-server.json +++ b/node-repository/src/test/java/com/yahoo/vespa/hosted/provision/restapi/responses/acl-config-server.json @@ -277,9 +277,5 @@ } ], "trustedUdpPorts": [ - { - "port": 51820, - "trustedBy": "cfg1.yahoo.com" - } ] } |