diff options
author | Bjørn Christian Seime <bjorncs@yahooinc.com> | 2022-07-19 11:22:47 +0200 |
---|---|---|
committer | Bjørn Christian Seime <bjorncs@yahooinc.com> | 2022-07-20 13:56:33 +0200 |
commit | aedcb7eaea2ee9f059ff55f819a6b8f91aaa15ae (patch) | |
tree | 7123c48a22628922962fef424059fc4ac18a9b47 | |
parent | 46ba1b00aa19e937e2c257b34c23417adeef56eb (diff) |
Add environment variable for capabilities enforcement mode
-rw-r--r-- | security-utils/src/main/java/com/yahoo/security/tls/CapabilityMode.java | 26 | ||||
-rw-r--r-- | security-utils/src/main/java/com/yahoo/security/tls/TransportSecurityUtils.java | 7 |
2 files changed, 33 insertions, 0 deletions
diff --git a/security-utils/src/main/java/com/yahoo/security/tls/CapabilityMode.java b/security-utils/src/main/java/com/yahoo/security/tls/CapabilityMode.java new file mode 100644 index 00000000000..c2fa11ce7f7 --- /dev/null +++ b/security-utils/src/main/java/com/yahoo/security/tls/CapabilityMode.java @@ -0,0 +1,26 @@ +// Copyright Yahoo. Licensed under the terms of the Apache 2.0 license. See LICENSE in the project root. +package com.yahoo.security.tls; + +import java.util.Arrays; + +/** + * @author bjorncs + */ +public enum CapabilityMode { + DISABLE("disable"), LOG_ONLY("log_only"), ENFORCE("enforce"); + + private final String configValue; + + CapabilityMode(String configValue) { this.configValue = configValue; } + + public String configValue() { return configValue; } + + /** @return Default value when mode is not explicitly specified */ + public static CapabilityMode defaultValue() { return DISABLE; } + + public static CapabilityMode fromConfigValue(String configValue) { + return Arrays.stream(values()) + .filter(c -> c.configValue.equals(configValue)) + .findFirst().orElseThrow(() -> new IllegalArgumentException("Unknown value: " + configValue)); + } +} diff --git a/security-utils/src/main/java/com/yahoo/security/tls/TransportSecurityUtils.java b/security-utils/src/main/java/com/yahoo/security/tls/TransportSecurityUtils.java index cbd3857d2d5..21d97613f95 100644 --- a/security-utils/src/main/java/com/yahoo/security/tls/TransportSecurityUtils.java +++ b/security-utils/src/main/java/com/yahoo/security/tls/TransportSecurityUtils.java @@ -18,6 +18,7 @@ public class TransportSecurityUtils { public static final String CONFIG_FILE_ENVIRONMENT_VARIABLE = "VESPA_TLS_CONFIG_FILE"; public static final String INSECURE_MIXED_MODE_ENVIRONMENT_VARIABLE = "VESPA_TLS_INSECURE_MIXED_MODE"; public static final String INSECURE_AUTHORIZATION_MODE_ENVIRONMENT_VARIABLE = "VESPA_TLS_INSECURE_AUTHORIZATION_MODE"; + public static final String CAPABILITIES_ENV_VAR = "VESPA_TLS_CAPABILITIES_ENFORCEMENT_MODE"; private TransportSecurityUtils() {} @@ -49,6 +50,12 @@ public class TransportSecurityUtils { .orElse(AuthorizationMode.defaultValue()); } + public static CapabilityMode getCapabilityMode() { + return getEnvironmentVariable(System.getenv(), CAPABILITIES_ENV_VAR) + .map(CapabilityMode::fromConfigValue) + .orElse(CapabilityMode.defaultValue()); + } + public static Optional<Path> getConfigFile() { return getConfigFile(System.getenv()); } |