Only report known dimension values

2 files changed, 13 insertions, 2 deletions

diff --git a/config-model/src/main/java/com/yahoo/vespa/model/container/http/ssl/HostedSslConnectorFactory.java b/config-model/src/main/java/com/yahoo/vespa/model/container/http/ssl/HostedSslConnectorFactory.java
index c75aca7a5fa..20c3826721b 100644
--- a/config-model/src/main/java/com/yahoo/vespa/model/container/http/ssl/HostedSslConnectorFactory.java
+++ b/config-model/src/main/java/com/yahoo/vespa/model/container/http/ssl/HostedSslConnectorFactory.java
@@ -10,6 +10,7 @@ import java.time.Duration;
 import java.util.ArrayList;
 import java.util.Collection;
 import java.util.List;
+import java.util.Set;
 
 /**
  * Component specification for {@link com.yahoo.jdisc.http.server.jetty.ConnectorFactory} with hosted specific configuration.
@@ -25,6 +26,7 @@ public class HostedSslConnectorFactory extends ConnectorFactory {
     private final Duration endpointConnectionTtl;
     private final List<String> remoteAddressHeaders;
     private final List<String> remotePortHeaders;
+    private final Set<String> knownServerNames;
 
     public static Builder builder(String name, int listenPort) { return new Builder(name, listenPort); }
 
@@ -37,6 +39,7 @@ public class HostedSslConnectorFactory extends ConnectorFactory {
         this.endpointConnectionTtl = builder.endpointConnectionTtl;
         this.remoteAddressHeaders = List.copyOf(builder.remoteAddressHeaders);
         this.remotePortHeaders = List.copyOf(builder.remotePortHeaders);
+        this.knownServerNames = Set.copyOf(builder.knownServerNames);
     }
 
     private static SslProvider createSslProvider(Builder builder) {
@@ -70,7 +73,8 @@ public class HostedSslConnectorFactory extends ConnectorFactory {
                 .maxConnectionLife(endpointConnectionTtl != null ? endpointConnectionTtl.toSeconds() : 0)
                 .accessLog(new ConnectorConfig.AccessLog.Builder()
                                   .remoteAddressHeaders(remoteAddressHeaders)
-                                  .remotePortHeaders(remotePortHeaders));
+                                  .remotePortHeaders(remotePortHeaders))
+                .serverName.known(knownServerNames);
 
     }
 
@@ -89,6 +93,7 @@ public class HostedSslConnectorFactory extends ConnectorFactory {
         String tlsCaCertificatesPem;
         String tlsCaCertificatesPath;
         boolean tokenEndpoint;
+        Set<String> knownServerNames = Set.of();
 
         private Builder(String name, int port) { this.name = name; this.port = port; }
         public Builder clientAuth(SslClientAuth auth) { clientAuth = auth; return this; }
@@ -101,7 +106,7 @@ public class HostedSslConnectorFactory extends ConnectorFactory {
         public Builder tokenEndpoint(boolean enable) { this.tokenEndpoint = enable; return this; }
         public Builder remoteAddressHeader(String header) { this.remoteAddressHeaders.add(header); return this; }
         public Builder remotePortHeader(String header) { this.remotePortHeaders.add(header); return this; }
-
+        public Builder knownServerNames(Set<String> knownServerNames) { this.knownServerNames = Set.copyOf(knownServerNames); return this; }
         public HostedSslConnectorFactory build() { return new HostedSslConnectorFactory(this); }
     }
 }
diff --git a/config-model/src/main/java/com/yahoo/vespa/model/container/xml/ContainerModelBuilder.java b/config-model/src/main/java/com/yahoo/vespa/model/container/xml/ContainerModelBuilder.java
index 2093d0cfbe3..18020f5df5d 100644
--- a/config-model/src/main/java/com/yahoo/vespa/model/container/xml/ContainerModelBuilder.java
+++ b/config-model/src/main/java/com/yahoo/vespa/model/container/xml/ContainerModelBuilder.java
@@ -606,6 +606,11 @@ public class ContainerModelBuilder extends ConfigModelBuilder<ContainerModel> {
         var endpointCert = state.endpointCertificateSecrets().orElse(null);
         if (endpointCert != null) {
             builder.endpointCertificate(endpointCert);
+            Set<String> mtlsEndpointNames = state.getEndpoints().stream()
+                    .filter(endpoint -> endpoint.authMethod() == ApplicationClusterEndpoint.AuthMethod.mtls)
+                    .flatMap(endpoint -> endpoint.names().stream())
+                    .collect(Collectors.toSet());
+            builder.knownServerNames(mtlsEndpointNames);
             boolean isPublic = state.zone().system().isPublic();
             List<X509Certificate> clientCertificates = getClientCertificates(cluster);
             if (isPublic) {
@@ -659,6 +664,7 @@ public class ContainerModelBuilder extends ConfigModelBuilder<ContainerModel> {
                 .remoteAddressHeader("X-Forwarded-For")
                 .remotePortHeader("X-Forwarded-Port")
                 .clientAuth(SslClientAuth.NEED)
+                .knownServerNames(tokenEndpoints)
                 .build();
         server.addConnector(connector);