diff options
author | Morten Tokle <mortent@yahooinc.com> | 2023-10-23 15:22:17 +0200 |
---|---|---|
committer | Morten Tokle <mortent@yahooinc.com> | 2023-10-23 15:22:17 +0200 |
commit | ca2087c3711ff4514d44a272b2a1798877e9873a (patch) | |
tree | bdd1ef83d4adc35836ccbfb1fac0319e575f85f7 /config-model/src/main/java/com/yahoo/vespa | |
parent | f70f96660c1cfc53fda1a69efa7e8d61a2402373 (diff) |
Only report known dimension values
Diffstat (limited to 'config-model/src/main/java/com/yahoo/vespa')
2 files changed, 13 insertions, 2 deletions
diff --git a/config-model/src/main/java/com/yahoo/vespa/model/container/http/ssl/HostedSslConnectorFactory.java b/config-model/src/main/java/com/yahoo/vespa/model/container/http/ssl/HostedSslConnectorFactory.java index c75aca7a5fa..20c3826721b 100644 --- a/config-model/src/main/java/com/yahoo/vespa/model/container/http/ssl/HostedSslConnectorFactory.java +++ b/config-model/src/main/java/com/yahoo/vespa/model/container/http/ssl/HostedSslConnectorFactory.java @@ -10,6 +10,7 @@ import java.time.Duration; import java.util.ArrayList; import java.util.Collection; import java.util.List; +import java.util.Set; /** * Component specification for {@link com.yahoo.jdisc.http.server.jetty.ConnectorFactory} with hosted specific configuration. @@ -25,6 +26,7 @@ public class HostedSslConnectorFactory extends ConnectorFactory { private final Duration endpointConnectionTtl; private final List<String> remoteAddressHeaders; private final List<String> remotePortHeaders; + private final Set<String> knownServerNames; public static Builder builder(String name, int listenPort) { return new Builder(name, listenPort); } @@ -37,6 +39,7 @@ public class HostedSslConnectorFactory extends ConnectorFactory { this.endpointConnectionTtl = builder.endpointConnectionTtl; this.remoteAddressHeaders = List.copyOf(builder.remoteAddressHeaders); this.remotePortHeaders = List.copyOf(builder.remotePortHeaders); + this.knownServerNames = Set.copyOf(builder.knownServerNames); } private static SslProvider createSslProvider(Builder builder) { @@ -70,7 +73,8 @@ public class HostedSslConnectorFactory extends ConnectorFactory { .maxConnectionLife(endpointConnectionTtl != null ? endpointConnectionTtl.toSeconds() : 0) .accessLog(new ConnectorConfig.AccessLog.Builder() .remoteAddressHeaders(remoteAddressHeaders) - .remotePortHeaders(remotePortHeaders)); + .remotePortHeaders(remotePortHeaders)) + .serverName.known(knownServerNames); } @@ -89,6 +93,7 @@ public class HostedSslConnectorFactory extends ConnectorFactory { String tlsCaCertificatesPem; String tlsCaCertificatesPath; boolean tokenEndpoint; + Set<String> knownServerNames = Set.of(); private Builder(String name, int port) { this.name = name; this.port = port; } public Builder clientAuth(SslClientAuth auth) { clientAuth = auth; return this; } @@ -101,7 +106,7 @@ public class HostedSslConnectorFactory extends ConnectorFactory { public Builder tokenEndpoint(boolean enable) { this.tokenEndpoint = enable; return this; } public Builder remoteAddressHeader(String header) { this.remoteAddressHeaders.add(header); return this; } public Builder remotePortHeader(String header) { this.remotePortHeaders.add(header); return this; } - + public Builder knownServerNames(Set<String> knownServerNames) { this.knownServerNames = Set.copyOf(knownServerNames); return this; } public HostedSslConnectorFactory build() { return new HostedSslConnectorFactory(this); } } } diff --git a/config-model/src/main/java/com/yahoo/vespa/model/container/xml/ContainerModelBuilder.java b/config-model/src/main/java/com/yahoo/vespa/model/container/xml/ContainerModelBuilder.java index 2093d0cfbe3..18020f5df5d 100644 --- a/config-model/src/main/java/com/yahoo/vespa/model/container/xml/ContainerModelBuilder.java +++ b/config-model/src/main/java/com/yahoo/vespa/model/container/xml/ContainerModelBuilder.java @@ -606,6 +606,11 @@ public class ContainerModelBuilder extends ConfigModelBuilder<ContainerModel> { var endpointCert = state.endpointCertificateSecrets().orElse(null); if (endpointCert != null) { builder.endpointCertificate(endpointCert); + Set<String> mtlsEndpointNames = state.getEndpoints().stream() + .filter(endpoint -> endpoint.authMethod() == ApplicationClusterEndpoint.AuthMethod.mtls) + .flatMap(endpoint -> endpoint.names().stream()) + .collect(Collectors.toSet()); + builder.knownServerNames(mtlsEndpointNames); boolean isPublic = state.zone().system().isPublic(); List<X509Certificate> clientCertificates = getClientCertificates(cluster); if (isPublic) { @@ -659,6 +664,7 @@ public class ContainerModelBuilder extends ConfigModelBuilder<ContainerModel> { .remoteAddressHeader("X-Forwarded-For") .remotePortHeader("X-Forwarded-Port") .clientAuth(SslClientAuth.NEED) + .knownServerNames(tokenEndpoints) .build(); server.addConnector(connector); |