diff options
author | Harald Musum <musum@yahooinc.com> | 2024-04-02 19:48:25 +0200 |
---|---|---|
committer | GitHub <noreply@github.com> | 2024-04-02 19:48:25 +0200 |
commit | 9bd91f0de45277ccf7974862fa3edd00a916e5cb (patch) | |
tree | 9b66adaacddd56adfabe3acf35f1cf4b55e1caae | |
parent | 3154cce4fcb23b2deef7498124b377b2bc35559a (diff) | |
parent | 6aaba9703a6b545e9785ad48ab8bb70c067d070b (diff) |
Merge pull request #30785 from vespa-engine/hakonhall/certificate-expiry-checker-depends-on-proxy-protocol
Move useProxyProtocol to Cloud'
3 files changed, 12 insertions, 12 deletions
diff --git a/config-model/src/main/java/com/yahoo/vespa/model/container/xml/ContainerModelBuilder.java b/config-model/src/main/java/com/yahoo/vespa/model/container/xml/ContainerModelBuilder.java index 20a16f7c7a4..db848d13f5a 100644 --- a/config-model/src/main/java/com/yahoo/vespa/model/container/xml/ContainerModelBuilder.java +++ b/config-model/src/main/java/com/yahoo/vespa/model/container/xml/ContainerModelBuilder.java @@ -25,7 +25,6 @@ import com.yahoo.config.model.producer.TreeConfigProducer; import com.yahoo.config.provision.AthenzDomain; import com.yahoo.config.provision.AthenzService; import com.yahoo.config.provision.Capacity; -import com.yahoo.config.provision.CloudName; import com.yahoo.config.provision.ClusterMembership; import com.yahoo.config.provision.ClusterSpec; import com.yahoo.config.provision.DataplaneToken; @@ -599,7 +598,7 @@ public class ContainerModelBuilder extends ConfigModelBuilder<ContainerModel> { // If the deployment contains certificate/private key reference, setup TLS port var builder = HostedSslConnectorFactory.builder(serverName, getMtlsDataplanePort(state)) - .proxyProtocol(useProxyProtocol(state.zone())) + .proxyProtocol(state.zone().cloud().useProxyProtocol()) .tlsCiphersOverride(state.getProperties().tlsCiphersOverride()) .endpointConnectionTtl(state.getProperties().endpointConnectionTtl()); var endpointCert = state.endpointCertificateSecrets().orElse(null); @@ -634,10 +633,6 @@ public class ContainerModelBuilder extends ConfigModelBuilder<ContainerModel> { server.addConnector(connectorFactory); } - private static boolean useProxyProtocol(Zone zone) { - return !zone.cloud().name().equals(CloudName.AZURE); - } - private void addCloudTokenSupport(DeployState state, ApplicationContainerCluster cluster) { var server = cluster.getHttp().getHttpServer().get(); if (!enableTokenSupport(state)) return; @@ -662,7 +657,7 @@ public class ContainerModelBuilder extends ConfigModelBuilder<ContainerModel> { // Setup dedicated connector var connector = HostedSslConnectorFactory.builder(server.getComponentId().getName()+"-token", tokenPort) .tokenEndpoint(true) - .proxyProtocol(useProxyProtocol(state.zone())) + .proxyProtocol(state.zone().cloud().useProxyProtocol()) .endpointCertificate(endpointCert) .remoteAddressHeader("X-Forwarded-For") .remotePortHeader("X-Forwarded-Port") diff --git a/config-provisioning/src/main/java/com/yahoo/config/provision/Cloud.java b/config-provisioning/src/main/java/com/yahoo/config/provision/Cloud.java index 38705b02a28..463d9edcdad 100644 --- a/config-provisioning/src/main/java/com/yahoo/config/provision/Cloud.java +++ b/config-provisioning/src/main/java/com/yahoo/config/provision/Cloud.java @@ -57,6 +57,11 @@ public class Cloud { return account; } + /** Returns whether load balancers use proxy protocol v1 or not (e.g. use source NAT). */ + public boolean useProxyProtocol() { + return !name.equals(CloudName.AZURE); + } + /** For testing purposes only */ public static Cloud defaultCloud() { return new Builder().build(); diff --git a/config-provisioning/src/main/java/com/yahoo/config/provision/Zone.java b/config-provisioning/src/main/java/com/yahoo/config/provision/Zone.java index 30392c17896..73c6010f514 100644 --- a/config-provisioning/src/main/java/com/yahoo/config/provision/Zone.java +++ b/config-provisioning/src/main/java/com/yahoo/config/provision/Zone.java @@ -54,11 +54,6 @@ public class Zone { this.region = region; } - // TODO(mpolden): For compatibility with older config models. Remove when versions < 8.327 are gone - public Cloud getCloud() { - return cloud(); - } - /** Returns the current cloud */ public Cloud cloud() { return cloud; } @@ -102,5 +97,10 @@ public class Zone { return Objects.hash(environment, region); } + // TODO(mpolden): For compatibility with older config models. Remove when versions < 8.327 are gone + @Deprecated(forRemoval = true) + public Cloud getCloud() { + return cloud(); + } } |