Remove feature flag for connection life and hardcode 45 sec

author: Bjørn Christian Seime <bjorncs@verizonmedia.com> 2021-11-16 14:27:27 +0100
committer: Bjørn Christian Seime <bjorncs@verizonmedia.com> 2021-11-16 14:27:27 +0100
commit: 20f7820061d67bd843ece0c5ecb45fab64a79577 (patch)
tree: 947dd4645c58ebc831029c3c25f0c1280c44e00e /config-model/src/main/java/com/yahoo/vespa/model/container/http/ssl/HostedSslConnectorFactory.java
parent: 4b155495f7d05176364ccfb86b12f2a7ac1f37cf (diff)
1 files changed, 8 insertions, 12 deletions
diff --git a/config-model/src/main/java/com/yahoo/vespa/model/container/http/ssl/HostedSslConnectorFactory.java b/config-model/src/main/java/com/yahoo/vespa/model/container/http/ssl/HostedSslConnectorFactory.java
index 3eba4ad84a6..b7bacb34b05 100644
--- a/config-model/src/main/java/com/yahoo/vespa/model/container/http/ssl/HostedSslConnectorFactory.java
+++ b/config-model/src/main/java/com/yahoo/vespa/model/container/http/ssl/HostedSslConnectorFactory.java
@@ -25,17 +25,16 @@ public class HostedSslConnectorFactory extends ConnectorFactory {
     private final boolean enforceClientAuth;
     private final boolean enforceHandshakeClientAuth;
     private final Collection<String> tlsCiphersOverride;
-    private final Duration maxConnectionLife;
 
     /**
      * Create connector factory that uses a certificate provided by the config-model / configserver and default hosted Vespa truststore.
      */
     public static HostedSslConnectorFactory withProvidedCertificate(
             String serverName, EndpointCertificateSecrets endpointCertificateSecrets, boolean enforceHandshakeClientAuth,
-            Collection<String> tlsCiphersOverride, Duration maxConnectionLife) {
+            Collection<String> tlsCiphersOverride) {
         ConfiguredDirectSslProvider sslProvider = createConfiguredDirectSslProvider(
                 serverName, endpointCertificateSecrets, DEFAULT_HOSTED_TRUSTSTORE, /*tlsCaCertificates*/null, enforceHandshakeClientAuth);
-        return new HostedSslConnectorFactory(sslProvider, false, enforceHandshakeClientAuth, tlsCiphersOverride, maxConnectionLife);
+        return new HostedSslConnectorFactory(sslProvider, false, enforceHandshakeClientAuth, tlsCiphersOverride);
     }
 
     /**
@@ -43,28 +42,25 @@ public class HostedSslConnectorFactory extends ConnectorFactory {
      */
     public static HostedSslConnectorFactory withProvidedCertificateAndTruststore(
             String serverName, EndpointCertificateSecrets endpointCertificateSecrets, String tlsCaCertificates,
-            Collection<String> tlsCiphersOverride, Duration maxConnectionLife) {
+            Collection<String> tlsCiphersOverride) {
         ConfiguredDirectSslProvider sslProvider = createConfiguredDirectSslProvider(
                 serverName, endpointCertificateSecrets, /*tlsCaCertificatesPath*/null, tlsCaCertificates, false);
-        return new HostedSslConnectorFactory(sslProvider, true, false, tlsCiphersOverride, maxConnectionLife);
+        return new HostedSslConnectorFactory(sslProvider, true, false, tlsCiphersOverride);
     }
 
     /**
      * Create connector factory that uses the default certificate and truststore provided by Vespa (through Vespa-global TLS configuration).
      */
-    public static HostedSslConnectorFactory withDefaultCertificateAndTruststore(
-            String serverName, Collection<String> tlsCiphersOverride, Duration maxConnectionLife) {
-        return new HostedSslConnectorFactory(new DefaultSslProvider(serverName), true, false, tlsCiphersOverride, maxConnectionLife);
+    public static HostedSslConnectorFactory withDefaultCertificateAndTruststore(String serverName, Collection<String> tlsCiphersOverride) {
+        return new HostedSslConnectorFactory(new DefaultSslProvider(serverName), true, false, tlsCiphersOverride);
     }
 
     private HostedSslConnectorFactory(SslProvider sslProvider, boolean enforceClientAuth,
-                                      boolean enforceHandshakeClientAuth, Collection<String> tlsCiphersOverride,
-                                      Duration maxConnectionLife) {
+                                      boolean enforceHandshakeClientAuth, Collection<String> tlsCiphersOverride) {
         super(new Builder("tls4443", 4443).sslProvider(sslProvider));
         this.enforceClientAuth = enforceClientAuth;
         this.enforceHandshakeClientAuth = enforceHandshakeClientAuth;
         this.tlsCiphersOverride = tlsCiphersOverride;
-        this.maxConnectionLife = maxConnectionLife;
     }
 
     private static ConfiguredDirectSslProvider createConfiguredDirectSslProvider(
@@ -100,6 +96,6 @@ public class HostedSslConnectorFactory extends ConnectorFactory {
         connectorBuilder
                 .proxyProtocol(new ConnectorConfig.ProxyProtocol.Builder().enabled(true).mixedMode(true))
                 .idleTimeout(Duration.ofSeconds(30).toSeconds())
-                .maxConnectionLife(maxConnectionLife.toSeconds());
+                .maxConnectionLife(Duration.ofSeconds(45).toSeconds());
     }
 }
author	Bjørn Christian Seime <bjorncs@verizonmedia.com>	2021-11-16 14:27:27 +0100
committer	Bjørn Christian Seime <bjorncs@verizonmedia.com>	2021-11-16 14:27:27 +0100
commit	20f7820061d67bd843ece0c5ecb45fab64a79577 (patch)
tree	947dd4645c58ebc831029c3c25f0c1280c44e00e /config-model/src/main/java/com/yahoo/vespa/model/container/http/ssl/HostedSslConnectorFactory.java
parent	4b155495f7d05176364ccfb86b12f2a7ac1f37cf (diff)