diff options
author | Valerij Fredriksen <valerijf@verizonmedia.com> | 2019-09-05 18:28:53 +0200 |
---|---|---|
committer | Valerij Fredriksen <valerijf@verizonmedia.com> | 2019-09-05 18:28:53 +0200 |
commit | b2a503d3eb688aa4ec63371b605bda6597b21c44 (patch) | |
tree | c6596e63155e5c580eb2e1f9b484eb672d51a20a | |
parent | 92ce73794d7c7965fd469a54713d122d3269d814 (diff) |
Trust parent host
2 files changed, 5 insertions, 2 deletions
diff --git a/node-repository/src/main/java/com/yahoo/vespa/hosted/provision/NodeRepository.java b/node-repository/src/main/java/com/yahoo/vespa/hosted/provision/NodeRepository.java index db95915376b..1fbb83c7718 100644 --- a/node-repository/src/main/java/com/yahoo/vespa/hosted/provision/NodeRepository.java +++ b/node-repository/src/main/java/com/yahoo/vespa/hosted/provision/NodeRepository.java @@ -207,8 +207,10 @@ public class NodeRepository extends AbstractComponent { Set<String> trustedNetworks = new LinkedHashSet<>(); // For all cases below, trust: + // - parent host (for health checks and metrics) // - nodes in same application // - load balancers allocated to application + candidates.parentOf(node).ifPresent(trustedNodes::add); node.allocation().ifPresent(allocation -> { trustedNodes.addAll(candidates.owner(allocation.owner()).asList()); loadBalancers.owner(allocation.owner()).asList().stream() diff --git a/node-repository/src/test/java/com/yahoo/vespa/hosted/provision/provisioning/AclProvisioningTest.java b/node-repository/src/test/java/com/yahoo/vespa/hosted/provision/provisioning/AclProvisioningTest.java index dc0a001ca1d..24b12c4427f 100644 --- a/node-repository/src/test/java/com/yahoo/vespa/hosted/provision/provisioning/AclProvisioningTest.java +++ b/node-repository/src/test/java/com/yahoo/vespa/hosted/provision/provisioning/AclProvisioningTest.java @@ -51,10 +51,11 @@ public class AclProvisioningTest { // Get trusted nodes for the first active node Node node = activeNodes.get(0); + Node host = node.parentHostname().flatMap(tester.nodeRepository()::getNode).get(); Supplier<List<NodeAcl>> nodeAcls = () -> tester.nodeRepository().getNodeAcls(node, false); // Trusted nodes are active nodes in same application, proxy nodes and config servers - assertAcls(List.of(activeNodes, proxyNodes, configServers), + assertAcls(List.of(activeNodes, proxyNodes, configServers, List.of(host)), Set.of("10.2.3.0/24", "10.4.5.0/24"), nodeAcls.get()); } @@ -142,7 +143,7 @@ public class AclProvisioningTest { .findFirst() .orElseThrow(() -> new RuntimeException("Expected to find ACL for node " + dockerNode.hostname())); assertEquals(dockerHostNodeUnderTest.hostname(), dockerNode.parentHostname().get()); - assertAcls(List.of(configServers, dockerNodes), nodeAcl); + assertAcls(List.of(configServers, dockerNodes, List.of(dockerHostNodeUnderTest)), nodeAcl); } } |