Revert "Restrict data plane bindings"

This reverts commit 4f8bccce3a80181c5e745acedca0accc8bfa3d68.
author: Morten Tokle <mortent@yahooinc.com> 2022-09-12 15:42:06 +0200
committer: Morten Tokle <mortent@yahooinc.com> 2022-09-12 15:42:06 +0200
commit: 35730b501114ec7cd48b693c2ef327446d6b38aa (patch)
tree: a5e2e6460578b699b3a7a88d32963e111413ec74 /config-model/src/main/java/com/yahoo/vespa/model/container
parent: 2da00da4858b60c15b5126a0f26fd26de223d46c (diff)
4 files changed, 23 insertions, 48 deletions
diff --git a/config-model/src/main/java/com/yahoo/vespa/model/container/component/UserBindingPattern.java b/config-model/src/main/java/com/yahoo/vespa/model/container/component/UserBindingPattern.java
index 182eca835c1..5da11c06fb1 100644
--- a/config-model/src/main/java/com/yahoo/vespa/model/container/component/UserBindingPattern.java
+++ b/config-model/src/main/java/com/yahoo/vespa/model/container/component/UserBindingPattern.java
@@ -13,7 +13,6 @@ public class UserBindingPattern extends BindingPattern {
 
     public static UserBindingPattern fromHttpPath(String path) { return new UserBindingPattern("http", "*", null, path); }
     public static UserBindingPattern fromPattern(String binding) { return new UserBindingPattern(binding); }
-    public UserBindingPattern withPort(int port) { return new UserBindingPattern(scheme(), host(), Integer.toString(port), path()); }
 
     @Override
     public String toString() {
diff --git a/config-model/src/main/java/com/yahoo/vespa/model/container/http/ssl/HostedSslConnectorFactory.java b/config-model/src/main/java/com/yahoo/vespa/model/container/http/ssl/HostedSslConnectorFactory.java
index cb52f701da4..f55fb547bb0 100644
--- a/config-model/src/main/java/com/yahoo/vespa/model/container/http/ssl/HostedSslConnectorFactory.java
+++ b/config-model/src/main/java/com/yahoo/vespa/model/container/http/ssl/HostedSslConnectorFactory.java
@@ -32,10 +32,10 @@ public class HostedSslConnectorFactory extends ConnectorFactory {
      */
     public static HostedSslConnectorFactory withProvidedCertificate(
             String serverName, EndpointCertificateSecrets endpointCertificateSecrets, boolean enforceHandshakeClientAuth,
-            Collection<String> tlsCiphersOverride, boolean enableProxyProtocolMixedMode, int port) {
+            Collection<String> tlsCiphersOverride, boolean enableProxyProtocolMixedMode) {
         ConfiguredDirectSslProvider sslProvider = createConfiguredDirectSslProvider(
                 serverName, endpointCertificateSecrets, DEFAULT_HOSTED_TRUSTSTORE, /*tlsCaCertificates*/null, enforceHandshakeClientAuth);
-        return new HostedSslConnectorFactory(sslProvider, false, enforceHandshakeClientAuth, tlsCiphersOverride, enableProxyProtocolMixedMode, port);
+        return new HostedSslConnectorFactory(sslProvider, false, enforceHandshakeClientAuth, tlsCiphersOverride, enableProxyProtocolMixedMode);
     }
 
     /**
@@ -43,24 +43,24 @@ public class HostedSslConnectorFactory extends ConnectorFactory {
      */
     public static HostedSslConnectorFactory withProvidedCertificateAndTruststore(
             String serverName, EndpointCertificateSecrets endpointCertificateSecrets, String tlsCaCertificates,
-            Collection<String> tlsCiphersOverride, boolean enableProxyProtocolMixedMode, int port) {
+            Collection<String> tlsCiphersOverride, boolean enableProxyProtocolMixedMode) {
         ConfiguredDirectSslProvider sslProvider = createConfiguredDirectSslProvider(
                 serverName, endpointCertificateSecrets, /*tlsCaCertificatesPath*/null, tlsCaCertificates, false);
-        return new HostedSslConnectorFactory(sslProvider, true, false, tlsCiphersOverride, enableProxyProtocolMixedMode, port);
+        return new HostedSslConnectorFactory(sslProvider, true, false, tlsCiphersOverride, enableProxyProtocolMixedMode);
     }
 
     /**
      * Create connector factory that uses the default certificate and truststore provided by Vespa (through Vespa-global TLS configuration).
      */
     public static HostedSslConnectorFactory withDefaultCertificateAndTruststore(String serverName, Collection<String> tlsCiphersOverride,
-                                                                                boolean enableProxyProtocolMixedMode, int port) {
-        return new HostedSslConnectorFactory(new DefaultSslProvider(serverName), true, false, tlsCiphersOverride, enableProxyProtocolMixedMode, port);
+                                                                                boolean enableProxyProtocolMixedMode) {
+        return new HostedSslConnectorFactory(new DefaultSslProvider(serverName), true, false, tlsCiphersOverride, enableProxyProtocolMixedMode);
     }
 
     private HostedSslConnectorFactory(SslProvider sslProvider, boolean enforceClientAuth,
                                       boolean enforceHandshakeClientAuth, Collection<String> tlsCiphersOverride,
-                                      boolean enableProxyProtocolMixedMode, int port) {
-        super(new Builder("tls"+port, port).sslProvider(sslProvider));
+                                      boolean enableProxyProtocolMixedMode) {
+        super(new Builder("tls4443", 4443).sslProvider(sslProvider));
         this.enforceClientAuth = enforceClientAuth;
         this.enforceHandshakeClientAuth = enforceHandshakeClientAuth;
         this.tlsCiphersOverride = tlsCiphersOverride;
diff --git a/config-model/src/main/java/com/yahoo/vespa/model/container/xml/ContainerModelBuilder.java b/config-model/src/main/java/com/yahoo/vespa/model/container/xml/ContainerModelBuilder.java
index 4c94708d892..0bf586a089f 100644
--- a/config-model/src/main/java/com/yahoo/vespa/model/container/xml/ContainerModelBuilder.java
+++ b/config-model/src/main/java/com/yahoo/vespa/model/container/xml/ContainerModelBuilder.java
@@ -97,7 +97,6 @@ import java.util.LinkedHashSet;
 import java.util.List;
 import java.util.Map;
 import java.util.Optional;
-import java.util.OptionalInt;
 import java.util.Set;
 import java.util.function.Consumer;
 import java.util.logging.Level;
@@ -115,9 +114,6 @@ public class ContainerModelBuilder extends ConfigModelBuilder<ContainerModel> {
     // Default path to vip status file for container in Hosted Vespa.
     static final String HOSTED_VESPA_STATUS_FILE = Defaults.getDefaults().underVespaHome("var/vespa/load-balancer/status.html");
 
-    // Data plane port for hosted Vespa
-    static final int HOSTED_VESPA_DATAPLANE_PORT = 4443;
-
     //Path to vip status file for container in Hosted Vespa. Only used if set, else use HOSTED_VESPA_STATUS_FILE
     private static final String HOSTED_VESPA_STATUS_FILE_SETTING = "VESPA_LB_STATUS_FILE";
 
@@ -454,11 +450,11 @@ public class ContainerModelBuilder extends ConfigModelBuilder<ContainerModel> {
 
             connectorFactory = authorizeClient
                     ? HostedSslConnectorFactory.withProvidedCertificateAndTruststore(
-                    serverName, endpointCertificateSecrets, getTlsClientAuthorities(deployState), tlsCiphersOverride, proxyProtocolMixedMode, HOSTED_VESPA_DATAPLANE_PORT)
+                            serverName, endpointCertificateSecrets,  getTlsClientAuthorities(deployState), tlsCiphersOverride, proxyProtocolMixedMode)
                     : HostedSslConnectorFactory.withProvidedCertificate(
-                    serverName, endpointCertificateSecrets, enforceHandshakeClientAuth, tlsCiphersOverride, proxyProtocolMixedMode, HOSTED_VESPA_DATAPLANE_PORT);
+                            serverName, endpointCertificateSecrets, enforceHandshakeClientAuth, tlsCiphersOverride, proxyProtocolMixedMode);
         } else {
-            connectorFactory = HostedSslConnectorFactory.withDefaultCertificateAndTruststore(serverName, tlsCiphersOverride, proxyProtocolMixedMode, HOSTED_VESPA_DATAPLANE_PORT);
+            connectorFactory = HostedSslConnectorFactory.withDefaultCertificateAndTruststore(serverName, tlsCiphersOverride, proxyProtocolMixedMode);
         }
         cluster.getHttp().getAccessControl().ifPresent(accessControl -> accessControl.configureHostedConnector(connectorFactory));
         server.addConnector(connectorFactory);
@@ -544,7 +540,7 @@ public class ContainerModelBuilder extends ConfigModelBuilder<ContainerModel> {
         addIncludes(searchElement);
         cluster.setSearch(buildSearch(deployState, cluster, searchElement));
 
-        addSearchHandler(deployState, cluster, searchElement);
+        addSearchHandler(cluster, searchElement);
 
         validateAndAddConfiguredComponents(deployState, cluster, searchElement, "renderer", ContainerModelBuilder::validateRendererElement);
     }
@@ -595,7 +591,7 @@ public class ContainerModelBuilder extends ConfigModelBuilder<ContainerModel> {
         cluster.addSearchAndDocprocBundles();
         addIncludes(processingElement);
         cluster.setProcessingChains(new DomProcessingBuilder(null).build(deployState, cluster, processingElement),
-                                    serverBindings(deployState, processingElement, ProcessingChains.defaultBindings).toArray(BindingPattern[]::new));
+                                    serverBindings(processingElement, ProcessingChains.defaultBindings).toArray(BindingPattern[]::new));
         validateAndAddConfiguredComponents(deployState, cluster, processingElement, "renderer", ContainerModelBuilder::validateRendererElement);
     }
 
@@ -620,7 +616,7 @@ public class ContainerModelBuilder extends ConfigModelBuilder<ContainerModel> {
     private void addUserHandlers(DeployState deployState, ApplicationContainerCluster cluster, Element spec) {
         for (Element component: XML.getChildren(spec, "handler")) {
             cluster.addComponent(
-                    new DomHandlerBuilder(cluster, OptionalInt.of(HOSTED_VESPA_DATAPLANE_PORT)).build(deployState, cluster, component));
+                    new DomHandlerBuilder(cluster).build(deployState, cluster, component));
         }
     }
 
@@ -879,13 +875,9 @@ public class ContainerModelBuilder extends ConfigModelBuilder<ContainerModel> {
             container.setPreLoad(nodesElement.getAttribute(VespaDomBuilder.PRELOAD_ATTRIB_NAME));
     }
 
-    private void addSearchHandler(DeployState deployState, ApplicationContainerCluster cluster, Element searchElement) {
-        BindingPattern bindingPattern = SearchHandler.DEFAULT_BINDING;
-        if (deployState.isHosted() && deployState.featureFlags().useRestrictedDataPlaneBindings()) {
-            bindingPattern = SearchHandler.bindingPattern(Optional.of(Integer.toString(HOSTED_VESPA_DATAPLANE_PORT)));
-        }
+    private void addSearchHandler(ApplicationContainerCluster cluster, Element searchElement) {
         SearchHandler searchHandler = new SearchHandler(cluster,
-                                                        serverBindings(deployState, searchElement, bindingPattern),
+                                                        serverBindings(searchElement, SearchHandler.DEFAULT_BINDING),
                                                         ContainerThreadpool.UserOptions.fromXml(searchElement).orElse(null));
         cluster.addComponent(searchHandler);
 
@@ -893,31 +885,25 @@ public class ContainerModelBuilder extends ConfigModelBuilder<ContainerModel> {
         searchHandler.addComponent(Component.fromClassAndBundle(SearchHandler.EXECUTION_FACTORY_CLASS, PlatformBundles.SEARCH_AND_DOCPROC_BUNDLE));
     }
 
-    private List<BindingPattern> serverBindings(DeployState deployState, Element searchElement, BindingPattern... defaultBindings) {
+    private List<BindingPattern> serverBindings(Element searchElement, BindingPattern... defaultBindings) {
         List<Element> bindings = XML.getChildren(searchElement, "binding");
         if (bindings.isEmpty())
             return List.of(defaultBindings);
 
-        return toBindingList(deployState, bindings);
+        return toBindingList(bindings);
     }
 
-    private List<BindingPattern> toBindingList(DeployState deployState, List<Element> bindingElements) {
+    private List<BindingPattern> toBindingList(List<Element> bindingElements) {
         List<BindingPattern> result = new ArrayList<>();
-        OptionalInt port = deployState.isHosted() && deployState.featureFlags().useRestrictedDataPlaneBindings() ? OptionalInt.of(HOSTED_VESPA_DATAPLANE_PORT) : OptionalInt.empty();
+
         for (Element element: bindingElements) {
             String text = element.getTextContent().trim();
             if (!text.isEmpty())
-                result.add(userBindingPattern(text, port));
+                result.add(UserBindingPattern.fromPattern(text));
         }
 
         return result;
     }
-    private static UserBindingPattern userBindingPattern(String path, OptionalInt port) {
-        UserBindingPattern bindingPattern = UserBindingPattern.fromPattern(path);
-        return port.isPresent()
-                ? bindingPattern.withPort(port.getAsInt())
-                : bindingPattern;
-    }
 
     private ContainerDocumentApi buildDocumentApi(ApplicationContainerCluster cluster, Element spec) {
         Element documentApiElement = XML.getChild(spec, "document-api");
@@ -925,9 +911,8 @@ public class ContainerModelBuilder extends ConfigModelBuilder<ContainerModel> {
 
         ContainerDocumentApi.HandlerOptions documentApiOptions = DocumentApiOptionsBuilder.build(documentApiElement);
         Element ignoreUndefinedFields = XML.getChild(documentApiElement, "ignore-undefined-fields");
-        OptionalInt portBindingOverride = cluster.isHostedVespa()? OptionalInt.of(HOSTED_VESPA_DATAPLANE_PORT) : OptionalInt.empty();
         return new ContainerDocumentApi(cluster, documentApiOptions,
-                                        "true".equals(XML.getValue(ignoreUndefinedFields)), portBindingOverride);
+                                        "true".equals(XML.getValue(ignoreUndefinedFields)));
     }
 
     private ContainerDocproc buildDocproc(DeployState deployState, ApplicationContainerCluster cluster, Element spec) {
diff --git a/config-model/src/main/java/com/yahoo/vespa/model/container/xml/SearchHandler.java b/config-model/src/main/java/com/yahoo/vespa/model/container/xml/SearchHandler.java
index 596375ea93a..54cd061d2c5 100644
--- a/config-model/src/main/java/com/yahoo/vespa/model/container/xml/SearchHandler.java
+++ b/config-model/src/main/java/com/yahoo/vespa/model/container/xml/SearchHandler.java
@@ -11,8 +11,6 @@ import com.yahoo.vespa.model.container.component.chain.ProcessingHandler;
 import com.yahoo.vespa.model.container.search.searchchain.SearchChains;
 
 import java.util.List;
-import java.util.Optional;
-import java.util.OptionalInt;
 
 import static com.yahoo.container.bundle.BundleInstantiationSpecification.fromSearchAndDocproc;
 
@@ -27,7 +25,7 @@ class SearchHandler extends ProcessingHandler<SearchChains> {
     static final String EXECUTION_FACTORY_CLASS = com.yahoo.search.searchchain.ExecutionFactory.class.getName();
 
     static final BundleInstantiationSpecification HANDLER_SPEC = fromSearchAndDocproc(HANDLER_CLASS);
-    static final BindingPattern DEFAULT_BINDING = bindingPattern(Optional.empty());
+    static final BindingPattern DEFAULT_BINDING = SystemBindingPattern.fromHttpPath("/search/*");
 
     SearchHandler(ApplicationContainerCluster cluster,
                   List<BindingPattern> bindings,
@@ -36,13 +34,6 @@ class SearchHandler extends ProcessingHandler<SearchChains> {
         bindings.forEach(this::addServerBindings);
     }
 
-    static BindingPattern bindingPattern(Optional<String> port) {
-        String path = "/search/*";
-        return port
-                .filter(s -> !s.isBlank())
-                .map(s -> SystemBindingPattern.fromHttpPortAndPath(s, path))
-                .orElseGet(() -> SystemBindingPattern.fromHttpPath(path));
-    }
 
     private static class Threadpool extends ContainerThreadpool {
author	Morten Tokle <mortent@yahooinc.com>	2022-09-12 15:42:06 +0200
committer	Morten Tokle <mortent@yahooinc.com>	2022-09-12 15:42:06 +0200
commit	35730b501114ec7cd48b693c2ef327446d6b38aa (patch)
tree	a5e2e6460578b699b3a7a88d32963e111413ec74 /config-model/src/main/java/com/yahoo/vespa/model/container
parent	2da00da4858b60c15b5126a0f26fd26de223d46c (diff)