Merge pull request #7423 from vespa-engine/hmusum/remove-check-for-allowed-zk-clients-in-hosted

No need for restricting access to zookeeper in hosted vespa

3 files changed, 8 insertions, 25 deletions

diff --git a/zkfacade/src/main/java/com/yahoo/vespa/zookeeper/RestrictedServerCnxnFactory.java b/zkfacade/src/main/java/com/yahoo/vespa/zookeeper/RestrictedServerCnxnFactory.java
index d7f42c7e6e9..dab9ddb243b 100644
--- a/zkfacade/src/main/java/com/yahoo/vespa/zookeeper/RestrictedServerCnxnFactory.java
+++ b/zkfacade/src/main/java/com/yahoo/vespa/zookeeper/RestrictedServerCnxnFactory.java
@@ -16,7 +16,8 @@ import java.util.Set;
 import java.util.logging.Logger;
 
 /**
- * This class is created by zookeeper by reflection, see the ZooKeeperServer constructor.
+ * This class is created by zookeeper by reflection, see the ZooKeeperServer constructor. It will only work
+ * when using ZooKeeper 3.4
  * 
  * @author bratseth
  */
@@ -66,9 +67,8 @@ public class RestrictedServerCnxnFactory extends NIOServerCnxnFactory {
         String environmentAllowedZooKeeperClients = System.getenv("vespa_zkfacade__restrict");
         if (environmentAllowedZooKeeperClients != null) 
             return ImmutableSet.copyOf(toHostnameSet(environmentAllowedZooKeeperClients));
-
-        // No environment setting -> use static field
-        return ZooKeeperServer.getAllowedClientHostnames();
+        else
+            return ImmutableSet.of();
     }
 
     private Set<String> toHostnameSet(String hostnamesString) {
diff --git a/zkfacade/src/main/java/com/yahoo/vespa/zookeeper/ZooKeeperServer.java b/zkfacade/src/main/java/com/yahoo/vespa/zookeeper/ZooKeeperServer.java
index c42c1793c41..9c580b4f9ce 100644
--- a/zkfacade/src/main/java/com/yahoo/vespa/zookeeper/ZooKeeperServer.java
+++ b/zkfacade/src/main/java/com/yahoo/vespa/zookeeper/ZooKeeperServer.java
@@ -1,9 +1,7 @@
 // Copyright 2017 Yahoo Holdings. Licensed under the terms of the Apache 2.0 license. See LICENSE in the project root.
 package com.yahoo.vespa.zookeeper;
 
-import com.google.common.collect.ImmutableSet;
 import com.google.inject.Inject;
-import com.yahoo.cloud.config.ConfigserverConfig;
 import com.yahoo.cloud.config.ZookeeperServerConfig;
 import com.yahoo.component.AbstractComponent;
 import com.yahoo.log.LogLevel;
@@ -23,29 +21,18 @@ import java.util.stream.Collectors;
  */
 public class ZooKeeperServer extends AbstractComponent implements Runnable {
 
-    /** 
-     * The set of hosts which can access the ZooKeeper server in this VM, or empty
-     * to allow access from anywhere.
-     * This belongs logically to the server instance and is final, but must be static to make it accessible
-     * from RestrictedServerCnxnFactory, which is created by ZK through reflection.
-     */
-    private static ImmutableSet<String> allowedClientHostnames = ImmutableSet.of();
-
     private static final java.util.logging.Logger log = java.util.logging.Logger.getLogger(ZooKeeperServer.class.getName());
     private static final String ZOOKEEPER_JMX_LOG4J_DISABLE = "zookeeper.jmx.log4j.disable";
     static final String ZOOKEEPER_JUTE_MAX_BUFFER = "jute.maxbuffer";
     private final Thread zkServerThread;
     private final ZookeeperServerConfig zookeeperServerConfig;
 
-    ZooKeeperServer(ZookeeperServerConfig zookeeperServerConfig, ConfigserverConfig configserverConfig, boolean startServer) {
+    ZooKeeperServer(ZookeeperServerConfig zookeeperServerConfig, boolean startServer) {
         this.zookeeperServerConfig = zookeeperServerConfig;
         System.setProperty("zookeeper.jmx.log4j.disable", "true");
         System.setProperty(ZOOKEEPER_JUTE_MAX_BUFFER, "" + zookeeperServerConfig.juteMaxBuffer());
         System.setProperty("zookeeper.serverCnxnFactory", "com.yahoo.vespa.zookeeper.RestrictedServerCnxnFactory");
 
-        if (configserverConfig.hostedVespa()) // restrict access to config servers only
-            allowedClientHostnames =  ImmutableSet.copyOf(zookeeperServerHostnames(zookeeperServerConfig));
-
         writeConfigToDisk(zookeeperServerConfig);
         zkServerThread = new Thread(this, "zookeeper server");
         if (startServer) {
@@ -54,13 +41,10 @@ public class ZooKeeperServer extends AbstractComponent implements Runnable {
     }
 
     @Inject
-    public ZooKeeperServer(ZookeeperServerConfig zookeeperServerConfig, ConfigserverConfig configserverConfig) {
-        this(zookeeperServerConfig, configserverConfig, true);
+    public ZooKeeperServer(ZookeeperServerConfig zookeeperServerConfig) {
+        this(zookeeperServerConfig, true);
     }
 
-    /** Returns the hosts which are allowed to access this ZooKeeper server, or empty to allow access from anywhere */
-    public static ImmutableSet<String> getAllowedClientHostnames() { return allowedClientHostnames; }
-    
     private void writeConfigToDisk(ZookeeperServerConfig config) {
        String configFilePath = getDefaults().underVespaHome(config.zooKeeperConfigFile());
        new File(configFilePath).getParentFile().mkdirs();
diff --git a/zkfacade/src/test/java/com/yahoo/vespa/zookeeper/ZooKeeperServerTest.java b/zkfacade/src/test/java/com/yahoo/vespa/zookeeper/ZooKeeperServerTest.java
index 362ea901534..db1852d9d2a 100644
--- a/zkfacade/src/test/java/com/yahoo/vespa/zookeeper/ZooKeeperServerTest.java
+++ b/zkfacade/src/test/java/com/yahoo/vespa/zookeeper/ZooKeeperServerTest.java
@@ -1,7 +1,6 @@
 // Copyright 2017 Yahoo Holdings. Licensed under the terms of the Apache 2.0 license. See LICENSE in the project root.
 package com.yahoo.vespa.zookeeper;
 
-import com.yahoo.cloud.config.ConfigserverConfig;
 import com.yahoo.cloud.config.ZookeeperServerConfig;
 import com.yahoo.io.IOUtils;
 import org.junit.Rule;
@@ -54,7 +53,7 @@ public class ZooKeeperServerTest {
     }
 
     private void createServer(ZookeeperServerConfig.Builder builder) {
-        new ZooKeeperServer(new ZookeeperServerConfig(builder), new ConfigserverConfig(new ConfigserverConfig.Builder()), false);
+        new ZooKeeperServer(new ZookeeperServerConfig(builder), false);
     }
 
     @Test(expected = RuntimeException.class)