diff options
author | gjoranv <gv@verizonmedia.com> | 2020-03-03 11:49:59 +0100 |
---|---|---|
committer | gjoranv <gv@verizonmedia.com> | 2020-03-03 11:49:59 +0100 |
commit | 3cf78ada2bf6d6c6feebb609d17533a5b69b4680 (patch) | |
tree | d398f5d995a138dc242f2ea9bc911e489e3417b9 /config-model/src/main/java/com/yahoo | |
parent | a47851efade7fd1b3acf8afe15b71ee8b972fdfa (diff) |
Move utilitiy functions to AccessControl
Diffstat (limited to 'config-model/src/main/java/com/yahoo')
2 files changed, 16 insertions, 15 deletions
diff --git a/config-model/src/main/java/com/yahoo/vespa/model/application/validation/first/AccessControlOnFirstDeploymentValidator.java b/config-model/src/main/java/com/yahoo/vespa/model/application/validation/first/AccessControlOnFirstDeploymentValidator.java index 97153e42ee5..52c0057d156 100644 --- a/config-model/src/main/java/com/yahoo/vespa/model/application/validation/first/AccessControlOnFirstDeploymentValidator.java +++ b/config-model/src/main/java/com/yahoo/vespa/model/application/validation/first/AccessControlOnFirstDeploymentValidator.java @@ -7,16 +7,15 @@ import com.yahoo.config.model.deploy.DeployState; import com.yahoo.config.provision.InstanceName; import com.yahoo.vespa.model.VespaModel; import com.yahoo.vespa.model.application.validation.Validator; +import com.yahoo.vespa.model.container.ApplicationContainerCluster; import com.yahoo.vespa.model.container.Container; import com.yahoo.vespa.model.container.ContainerCluster; -import com.yahoo.vespa.model.container.ApplicationContainerCluster; -import com.yahoo.vespa.model.container.component.Handler; import java.util.ArrayList; import java.util.List; import static com.yahoo.collections.CollectionUtil.mkString; -import static com.yahoo.vespa.model.container.http.AccessControl.isBuiltinGetOnly; +import static com.yahoo.vespa.model.container.http.AccessControl.hasHandlerThatNeedsProtection; /** * Validates that hosted applications in prod zones have write protection enabled. @@ -51,16 +50,4 @@ public class AccessControlOnFirstDeploymentValidator extends Validator { mkString(offendingClusters, "[", ", ", "]."), deployState.now()); } - private boolean hasHandlerThatNeedsProtection(ApplicationContainerCluster cluster) { - return cluster.getHandlers().stream().anyMatch(this::handlerNeedsProtection); - } - - private boolean handlerNeedsProtection(Handler<?> handler) { - return ! isBuiltinGetOnly(handler) && hasNonMbusBinding(handler); - } - - private boolean hasNonMbusBinding(Handler<?> handler) { - return handler.getServerBindings().stream().anyMatch(binding -> ! binding.startsWith("mbus")); - } - } diff --git a/config-model/src/main/java/com/yahoo/vespa/model/container/http/AccessControl.java b/config-model/src/main/java/com/yahoo/vespa/model/container/http/AccessControl.java index 67c7b67ad9e..70b862acbf7 100644 --- a/config-model/src/main/java/com/yahoo/vespa/model/container/http/AccessControl.java +++ b/config-model/src/main/java/com/yahoo/vespa/model/container/http/AccessControl.java @@ -4,6 +4,7 @@ package com.yahoo.vespa.model.container.http; import com.yahoo.component.ComponentId; import com.yahoo.component.ComponentSpecification; import com.yahoo.config.application.api.DeployLogger; +import com.yahoo.vespa.model.application.validation.first.AccessControlOnFirstDeploymentValidator; import com.yahoo.vespa.model.container.ApplicationContainerCluster; import com.yahoo.vespa.model.container.ContainerCluster; import com.yahoo.vespa.model.container.component.FileStatusHandlerComponent; @@ -160,4 +161,17 @@ public final class AccessControl { private static Stream<String> servletBindings(Servlet servlet) { return Stream.of("http://*/").map(protocol -> protocol + servlet.bindingPath); } + + public static boolean hasHandlerThatNeedsProtection(ApplicationContainerCluster cluster) { + return cluster.getHandlers().stream().anyMatch(AccessControl::handlerNeedsProtection); + } + + private static boolean handlerNeedsProtection(Handler<?> handler) { + return ! isBuiltinGetOnly(handler) && hasNonMbusBinding(handler); + } + + private static boolean hasNonMbusBinding(Handler<?> handler) { + return handler.getServerBindings().stream().anyMatch(binding -> ! binding.startsWith("mbus")); + } + } |