diff options
author | Valerij Fredriksen <valerijf@verizonmedia.com> | 2021-02-08 15:19:55 +0100 |
---|---|---|
committer | Valerij Fredriksen <valerijf@verizonmedia.com> | 2021-02-08 15:19:55 +0100 |
commit | e728914b1c48a7f9828fc9b1238a0c32ada3ec90 (patch) | |
tree | 3b394f07c24dcc83389269ac1823360763b3823e | |
parent | 0193fea01d91cde1be6fe6e92b93e5d100c030a9 (diff) |
Block port 80 on controller
2 files changed, 1 insertions, 5 deletions
diff --git a/node-repository/src/main/java/com/yahoo/vespa/hosted/provision/node/NodeAcl.java b/node-repository/src/main/java/com/yahoo/vespa/hosted/provision/node/NodeAcl.java index 83dba7f9856..4116d58f2d1 100644 --- a/node-repository/src/main/java/com/yahoo/vespa/hosted/provision/node/NodeAcl.java +++ b/node-repository/src/main/java/com/yahoo/vespa/hosted/provision/node/NodeAcl.java @@ -11,11 +11,9 @@ import com.yahoo.vespa.hosted.provision.lb.LoadBalancers; import java.util.Comparator; import java.util.LinkedHashSet; -import java.util.List; import java.util.Objects; import java.util.Set; import java.util.TreeSet; -import java.util.stream.Collectors; /** * A node ACL. The ACL contains the node which the ACL is valid for, @@ -121,10 +119,8 @@ public class NodeAcl { // Controllers: // - port 4443 (HTTPS + Athenz) from the world // - port 443 (HTTPS + Okta) from the world - // - port 80 (HTTP) from the world - for redirect to HTTPS/443 only trustedPorts.add(4443); trustedPorts.add(443); - trustedPorts.add(80); break; default: diff --git a/node-repository/src/test/java/com/yahoo/vespa/hosted/provision/provisioning/AclProvisioningTest.java b/node-repository/src/test/java/com/yahoo/vespa/hosted/provision/provisioning/AclProvisioningTest.java index 86366e9a6d1..7ef13cc0be2 100644 --- a/node-repository/src/test/java/com/yahoo/vespa/hosted/provision/provisioning/AclProvisioningTest.java +++ b/node-repository/src/test/java/com/yahoo/vespa/hosted/provision/provisioning/AclProvisioningTest.java @@ -158,7 +158,7 @@ public class AclProvisioningTest { // Controllers and hosts all trust each other NodeAcl controllerAcl = controllers.get(0).acl(tester.nodeRepository().list(), tester.nodeRepository().loadBalancers()); assertAcls(List.of(controllers), List.of(controllerAcl)); - assertEquals(Set.of(22, 80, 4443, 443), controllerAcl.trustedPorts()); + assertEquals(Set.of(22, 4443, 443), controllerAcl.trustedPorts()); } @Test |