diff options
author | Jon Bratseth <bratseth@verizonmedia.com> | 2019-09-09 16:02:00 +0200 |
---|---|---|
committer | Jon Bratseth <bratseth@verizonmedia.com> | 2019-09-09 16:02:00 +0200 |
commit | 9af672c4442b9cafa337fabc64b846069b055b79 (patch) | |
tree | 68211ec6c2b7929fb41a26f17cbacd3e242a5a89 | |
parent | ff2f0a1e434ad94ca4b05c51e603a32919f5a7b4 (diff) |
Don't enforce access control for non-default instances
This makes it easier to create additional instances for testing
other services against it.
5 files changed, 16 insertions, 1 deletions
diff --git a/config-application-package/src/main/java/com/yahoo/config/model/application/provider/FilesApplicationPackage.java b/config-application-package/src/main/java/com/yahoo/config/model/application/provider/FilesApplicationPackage.java index 2859d9f89fc..8c3ccdc4c0b 100644 --- a/config-application-package/src/main/java/com/yahoo/config/model/application/provider/FilesApplicationPackage.java +++ b/config-application-package/src/main/java/com/yahoo/config/model/application/provider/FilesApplicationPackage.java @@ -155,6 +155,9 @@ public class FilesApplicationPackage implements ApplicationPackage { } @Override + public ApplicationId getApplicationId() { return metaData.getApplicationId(); } + + @Override public List<NamedReader> getFiles(Path relativePath, String suffix, boolean recurse) { return getFiles(relativePath, "", suffix, recurse); } diff --git a/config-model-api/src/main/java/com/yahoo/config/application/api/ApplicationPackage.java b/config-model-api/src/main/java/com/yahoo/config/application/api/ApplicationPackage.java index 48dd3663cc6..db3d391d19b 100644 --- a/config-model-api/src/main/java/com/yahoo/config/application/api/ApplicationPackage.java +++ b/config-model-api/src/main/java/com/yahoo/config/application/api/ApplicationPackage.java @@ -3,6 +3,7 @@ package com.yahoo.config.application.api; import com.yahoo.config.provision.AllocatedHosts; import com.yahoo.component.Version; +import com.yahoo.config.provision.ApplicationId; import com.yahoo.config.provision.Zone; import com.yahoo.io.IOUtils; import com.yahoo.io.reader.NamedReader; @@ -90,6 +91,8 @@ public interface ApplicationPackage { @Deprecated // TODO: Remove on Vespa 8 String getApplicationName(); + ApplicationId getApplicationId(); + /** * Contents of services.xml. Caller must close reader after use. * diff --git a/config-model/src/main/java/com/yahoo/config/model/test/MockApplicationPackage.java b/config-model/src/main/java/com/yahoo/config/model/test/MockApplicationPackage.java index 538b2f0f957..eb61bda83a6 100644 --- a/config-model/src/main/java/com/yahoo/config/model/test/MockApplicationPackage.java +++ b/config-model/src/main/java/com/yahoo/config/model/test/MockApplicationPackage.java @@ -99,6 +99,9 @@ public class MockApplicationPackage implements ApplicationPackage { } @Override + public ApplicationId getApplicationId() { return ApplicationId.from("default", getApplicationName(), "default"); } + + @Override public Reader getServices() { return new StringReader(servicesS); } diff --git a/config-model/src/main/java/com/yahoo/vespa/model/application/validation/first/AccessControlValidator.java b/config-model/src/main/java/com/yahoo/vespa/model/application/validation/first/AccessControlValidator.java index 972a83d7a2a..b7bbed7ffda 100644 --- a/config-model/src/main/java/com/yahoo/vespa/model/application/validation/first/AccessControlValidator.java +++ b/config-model/src/main/java/com/yahoo/vespa/model/application/validation/first/AccessControlValidator.java @@ -4,6 +4,7 @@ package com.yahoo.vespa.model.application.validation.first; import com.yahoo.config.application.api.ValidationId; import com.yahoo.config.model.ConfigModelContext.ApplicationType; import com.yahoo.config.model.deploy.DeployState; +import com.yahoo.config.provision.InstanceName; import com.yahoo.vespa.model.VespaModel; import com.yahoo.vespa.model.application.validation.Validator; import com.yahoo.vespa.model.container.Container; @@ -43,7 +44,8 @@ public class AccessControlValidator extends Validator { if (hasHandlerThatNeedsProtection(cluster) || ! cluster.getAllServlets().isEmpty()) offendingClusters.add(cluster.getName()); } - if (! offendingClusters.isEmpty()) + if (! offendingClusters.isEmpty() + && deployState.getApplicationPackage().getApplicationId().instance().equals(InstanceName.defaultName())) deployState.validationOverrides().invalid(ValidationId.accessControl, "Access-control must be enabled for write operations to container clusters in production zones: " + mkString(offendingClusters, "[", ", ", "]."), deployState.now()); diff --git a/configserver/src/main/java/com/yahoo/vespa/config/server/zookeeper/ZKApplicationPackage.java b/configserver/src/main/java/com/yahoo/vespa/config/server/zookeeper/ZKApplicationPackage.java index 858952727ae..bcb958c4b58 100644 --- a/configserver/src/main/java/com/yahoo/vespa/config/server/zookeeper/ZKApplicationPackage.java +++ b/configserver/src/main/java/com/yahoo/vespa/config/server/zookeeper/ZKApplicationPackage.java @@ -12,6 +12,7 @@ import com.yahoo.config.application.api.UnparsedConfigDefinition; import com.yahoo.config.codegen.DefParser; import com.yahoo.config.model.application.provider.PreGeneratedFileRegistry; import com.yahoo.config.provision.AllocatedHosts; +import com.yahoo.config.provision.ApplicationId; import com.yahoo.config.provision.NodeFlavors; import com.yahoo.config.provision.serialization.AllocatedHostsSerializer; import com.yahoo.io.IOUtils; @@ -122,6 +123,9 @@ public class ZKApplicationPackage implements ApplicationPackage { } @Override + public ApplicationId getApplicationId() { return metaData.getApplicationId(); } + + @Override public Reader getServices() { return getUserAppData(SERVICES); } |