Merge pull request #16439 from vespa-engine/freva/remove-port-80

Block port 80 on controller
author: Valerij Fredriksen <freva@users.noreply.github.com> 2021-02-08 15:32:13 +0100
committer: GitHub <noreply@github.com> 2021-02-08 15:32:13 +0100
commit: 71e7754a224dc97b16e2a04f3caa59ac762ddad3 (patch)
tree: 6bd3e4b2d1f913e6c97d9eeab3b2df18155b210d
parent: a00711aade1a015ca932d5080fa3987925bd4cf3 (diff)
parent: e728914b1c48a7f9828fc9b1238a0c32ada3ec90 (diff)
2 files changed, 1 insertions, 5 deletions
diff --git a/node-repository/src/main/java/com/yahoo/vespa/hosted/provision/node/NodeAcl.java b/node-repository/src/main/java/com/yahoo/vespa/hosted/provision/node/NodeAcl.java
index 83dba7f9856..4116d58f2d1 100644
--- a/node-repository/src/main/java/com/yahoo/vespa/hosted/provision/node/NodeAcl.java
+++ b/node-repository/src/main/java/com/yahoo/vespa/hosted/provision/node/NodeAcl.java
@@ -11,11 +11,9 @@ import com.yahoo.vespa.hosted.provision.lb.LoadBalancers;
 
 import java.util.Comparator;
 import java.util.LinkedHashSet;
-import java.util.List;
 import java.util.Objects;
 import java.util.Set;
 import java.util.TreeSet;
-import java.util.stream.Collectors;
 
 /**
  * A node ACL. The ACL contains the node which the ACL is valid for,
@@ -121,10 +119,8 @@ public class NodeAcl {
                 // Controllers:
                 // - port 4443 (HTTPS + Athenz) from the world
                 // - port 443 (HTTPS + Okta) from the world
-                // - port 80 (HTTP) from the world - for redirect to HTTPS/443 only
                 trustedPorts.add(4443);
                 trustedPorts.add(443);
-                trustedPorts.add(80);
                 break;
 
             default:
diff --git a/node-repository/src/test/java/com/yahoo/vespa/hosted/provision/provisioning/AclProvisioningTest.java b/node-repository/src/test/java/com/yahoo/vespa/hosted/provision/provisioning/AclProvisioningTest.java
index 86366e9a6d1..7ef13cc0be2 100644
--- a/node-repository/src/test/java/com/yahoo/vespa/hosted/provision/provisioning/AclProvisioningTest.java
+++ b/node-repository/src/test/java/com/yahoo/vespa/hosted/provision/provisioning/AclProvisioningTest.java
@@ -158,7 +158,7 @@ public class AclProvisioningTest {
         // Controllers and hosts all trust each other
         NodeAcl controllerAcl = controllers.get(0).acl(tester.nodeRepository().list(), tester.nodeRepository().loadBalancers());
         assertAcls(List.of(controllers), List.of(controllerAcl));
-        assertEquals(Set.of(22, 80, 4443, 443), controllerAcl.trustedPorts());
+        assertEquals(Set.of(22, 4443, 443), controllerAcl.trustedPorts());
     }
 
     @Test
author	Valerij Fredriksen <freva@users.noreply.github.com>	2021-02-08 15:32:13 +0100
committer	GitHub <noreply@github.com>	2021-02-08 15:32:13 +0100
commit	71e7754a224dc97b16e2a04f3caa59ac762ddad3 (patch)
tree	6bd3e4b2d1f913e6c97d9eeab3b2df18155b210d
parent	a00711aade1a015ca932d5080fa3987925bd4cf3 (diff)
parent	e728914b1c48a7f9828fc9b1238a0c32ada3ec90 (diff)