summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorValerij Fredriksen <valerijf@verizonmedia.com>2021-02-08 15:19:55 +0100
committerValerij Fredriksen <valerijf@verizonmedia.com>2021-02-08 15:19:55 +0100
commite728914b1c48a7f9828fc9b1238a0c32ada3ec90 (patch)
tree3b394f07c24dcc83389269ac1823360763b3823e
parent0193fea01d91cde1be6fe6e92b93e5d100c030a9 (diff)
Block port 80 on controller
-rw-r--r--node-repository/src/main/java/com/yahoo/vespa/hosted/provision/node/NodeAcl.java4
-rw-r--r--node-repository/src/test/java/com/yahoo/vespa/hosted/provision/provisioning/AclProvisioningTest.java2
2 files changed, 1 insertions, 5 deletions
diff --git a/node-repository/src/main/java/com/yahoo/vespa/hosted/provision/node/NodeAcl.java b/node-repository/src/main/java/com/yahoo/vespa/hosted/provision/node/NodeAcl.java
index 83dba7f9856..4116d58f2d1 100644
--- a/node-repository/src/main/java/com/yahoo/vespa/hosted/provision/node/NodeAcl.java
+++ b/node-repository/src/main/java/com/yahoo/vespa/hosted/provision/node/NodeAcl.java
@@ -11,11 +11,9 @@ import com.yahoo.vespa.hosted.provision.lb.LoadBalancers;
import java.util.Comparator;
import java.util.LinkedHashSet;
-import java.util.List;
import java.util.Objects;
import java.util.Set;
import java.util.TreeSet;
-import java.util.stream.Collectors;
/**
* A node ACL. The ACL contains the node which the ACL is valid for,
@@ -121,10 +119,8 @@ public class NodeAcl {
// Controllers:
// - port 4443 (HTTPS + Athenz) from the world
// - port 443 (HTTPS + Okta) from the world
- // - port 80 (HTTP) from the world - for redirect to HTTPS/443 only
trustedPorts.add(4443);
trustedPorts.add(443);
- trustedPorts.add(80);
break;
default:
diff --git a/node-repository/src/test/java/com/yahoo/vespa/hosted/provision/provisioning/AclProvisioningTest.java b/node-repository/src/test/java/com/yahoo/vespa/hosted/provision/provisioning/AclProvisioningTest.java
index 86366e9a6d1..7ef13cc0be2 100644
--- a/node-repository/src/test/java/com/yahoo/vespa/hosted/provision/provisioning/AclProvisioningTest.java
+++ b/node-repository/src/test/java/com/yahoo/vespa/hosted/provision/provisioning/AclProvisioningTest.java
@@ -158,7 +158,7 @@ public class AclProvisioningTest {
// Controllers and hosts all trust each other
NodeAcl controllerAcl = controllers.get(0).acl(tester.nodeRepository().list(), tester.nodeRepository().loadBalancers());
assertAcls(List.of(controllers), List.of(controllerAcl));
- assertEquals(Set.of(22, 80, 4443, 443), controllerAcl.trustedPorts());
+ assertEquals(Set.of(22, 4443, 443), controllerAcl.trustedPorts());
}
@Test