diff options
author | Valerij Fredriksen <freva@users.noreply.github.com> | 2021-02-08 15:32:13 +0100 |
---|---|---|
committer | GitHub <noreply@github.com> | 2021-02-08 15:32:13 +0100 |
commit | 71e7754a224dc97b16e2a04f3caa59ac762ddad3 (patch) | |
tree | 6bd3e4b2d1f913e6c97d9eeab3b2df18155b210d | |
parent | a00711aade1a015ca932d5080fa3987925bd4cf3 (diff) | |
parent | e728914b1c48a7f9828fc9b1238a0c32ada3ec90 (diff) |
Merge pull request #16439 from vespa-engine/freva/remove-port-80
Block port 80 on controller
2 files changed, 1 insertions, 5 deletions
diff --git a/node-repository/src/main/java/com/yahoo/vespa/hosted/provision/node/NodeAcl.java b/node-repository/src/main/java/com/yahoo/vespa/hosted/provision/node/NodeAcl.java index 83dba7f9856..4116d58f2d1 100644 --- a/node-repository/src/main/java/com/yahoo/vespa/hosted/provision/node/NodeAcl.java +++ b/node-repository/src/main/java/com/yahoo/vespa/hosted/provision/node/NodeAcl.java @@ -11,11 +11,9 @@ import com.yahoo.vespa.hosted.provision.lb.LoadBalancers; import java.util.Comparator; import java.util.LinkedHashSet; -import java.util.List; import java.util.Objects; import java.util.Set; import java.util.TreeSet; -import java.util.stream.Collectors; /** * A node ACL. The ACL contains the node which the ACL is valid for, @@ -121,10 +119,8 @@ public class NodeAcl { // Controllers: // - port 4443 (HTTPS + Athenz) from the world // - port 443 (HTTPS + Okta) from the world - // - port 80 (HTTP) from the world - for redirect to HTTPS/443 only trustedPorts.add(4443); trustedPorts.add(443); - trustedPorts.add(80); break; default: diff --git a/node-repository/src/test/java/com/yahoo/vespa/hosted/provision/provisioning/AclProvisioningTest.java b/node-repository/src/test/java/com/yahoo/vespa/hosted/provision/provisioning/AclProvisioningTest.java index 86366e9a6d1..7ef13cc0be2 100644 --- a/node-repository/src/test/java/com/yahoo/vespa/hosted/provision/provisioning/AclProvisioningTest.java +++ b/node-repository/src/test/java/com/yahoo/vespa/hosted/provision/provisioning/AclProvisioningTest.java @@ -158,7 +158,7 @@ public class AclProvisioningTest { // Controllers and hosts all trust each other NodeAcl controllerAcl = controllers.get(0).acl(tester.nodeRepository().list(), tester.nodeRepository().loadBalancers()); assertAcls(List.of(controllers), List.of(controllerAcl)); - assertEquals(Set.of(22, 80, 4443, 443), controllerAcl.trustedPorts()); + assertEquals(Set.of(22, 4443, 443), controllerAcl.trustedPorts()); } @Test |