diff options
author | Morten Tokle <mortent@yahooinc.com> | 2022-09-13 15:20:12 +0200 |
---|---|---|
committer | Morten Tokle <mortent@yahooinc.com> | 2022-09-13 15:20:12 +0200 |
commit | d110e8cc51a8450eb340b875e31b5fc193f7797f (patch) | |
tree | 49ab62aa184ca047c0615df5f347aa6a3d5d6250 | |
parent | 8c1062b6fd62c6948610eb41b72617be581b7dbf (diff) |
Allow custom port binding when restricting data plane
2 files changed, 15 insertions, 5 deletions
diff --git a/config-model/src/main/java/com/yahoo/vespa/model/application/validation/UriBindingsValidator.java b/config-model/src/main/java/com/yahoo/vespa/model/application/validation/UriBindingsValidator.java index 718f1646126..a57a8fa9e70 100644 --- a/config-model/src/main/java/com/yahoo/vespa/model/application/validation/UriBindingsValidator.java +++ b/config-model/src/main/java/com/yahoo/vespa/model/application/validation/UriBindingsValidator.java @@ -41,7 +41,7 @@ class UriBindingsValidator extends Validator { private static void validateUserBinding(BindingPattern binding, VespaModel model, DeployState deployState) { validateScheme(binding, deployState); if (isHostedApplication(model, deployState)) { - validateHostedApplicationUserBinding(binding); + validateHostedApplicationUserBinding(binding, deployState); } } @@ -53,13 +53,14 @@ class UriBindingsValidator extends Validator { } } - private static void validateHostedApplicationUserBinding(BindingPattern binding) { + private static void validateHostedApplicationUserBinding(BindingPattern binding, DeployState deployState) { // only perform these validation for used-generated bindings // bindings produced by the hosted config model amender will violate some of the rules below if (binding instanceof SystemBindingPattern) return; - if (!binding.matchesAnyPort()) { - throw new IllegalArgumentException(createErrorMessage(binding, "binding with port is not allowed")); + // Allow binding to port if we are restricting data plane bindings + if (!binding.matchesAnyPort() && !deployState.featureFlags().useRestrictedDataPlaneBindings()) { + throw new IllegalArgumentException(createErrorMessage(binding, "binding with port is not allowed")); } if (!binding.host().equals(BindingPattern.WILDCARD_PATTERN)) { throw new IllegalArgumentException(createErrorMessage(binding, "only binding with wildcard ('*') for hostname is allowed")); diff --git a/config-model/src/test/java/com/yahoo/vespa/model/application/validation/UriBindingsValidatorTest.java b/config-model/src/test/java/com/yahoo/vespa/model/application/validation/UriBindingsValidatorTest.java index 7c16d3c99cf..ff9596f2062 100644 --- a/config-model/src/test/java/com/yahoo/vespa/model/application/validation/UriBindingsValidatorTest.java +++ b/config-model/src/test/java/com/yahoo/vespa/model/application/validation/UriBindingsValidatorTest.java @@ -58,6 +58,11 @@ public class UriBindingsValidatorTest { } @Test + void allows_portbinding_when_restricting_data_plane() throws IOException, SAXException { + runUriBindingValidator(new TestProperties().setHostedVespa(true).setUseRestrictedDataPlaneBindings(true), createServicesXmlWithHandler("http://*:4443/my-handler")); + } + + @Test void allows_user_binding_with_wildcard_port() throws IOException, SAXException { runUriBindingValidator(true, createServicesXmlWithHandler("http://*:*/my-handler")); } @@ -68,12 +73,16 @@ public class UriBindingsValidatorTest { } private void runUriBindingValidator(boolean isHosted, String servicesXml) throws IOException, SAXException { + runUriBindingValidator(new TestProperties().setHostedVespa(isHosted), servicesXml); + } + + private void runUriBindingValidator(TestProperties testProperties, String servicesXml) throws IOException, SAXException { ApplicationPackage app = new MockApplicationPackage.Builder() .withServices(servicesXml) .build(); DeployState deployState = new DeployState.Builder() .applicationPackage(app) - .properties(new TestProperties().setHostedVespa(isHosted)) + .properties(testProperties) .build(); VespaModel model = new VespaModel(new NullConfigModelRegistry(), deployState); new UriBindingsValidator().validate(model, deployState); |