diff options
| author | Øyvind Grønnesby <oyving@verizonmedia.com> | 2019-10-29 12:38:10 +0100 |
|---|---|---|
| committer | Øyvind Grønnesby <oyving@verizonmedia.com> | 2019-10-29 12:38:10 +0100 |
| commit | 2837e9a6448a0e37ba348e105663efb7ecf95177 (patch) | |
| tree | b3862f55c77d5963b0c1d84ef46886761c839461 /config-model/src/main | |
| parent | e8932525b4f6039b2164bf7cebcba1fa2db50284 (diff) | |
Require security/clients.pem in public systems
Diffstat (limited to 'config-model/src/main')
| -rw-r--r-- | config-model/src/main/java/com/yahoo/config/model/deploy/TestProperties.java | 1 | ||||
| -rw-r--r-- | config-model/src/main/java/com/yahoo/vespa/model/container/xml/ContainerModelBuilder.java | 12 |
2 files changed, 6 insertions, 7 deletions
diff --git a/config-model/src/main/java/com/yahoo/config/model/deploy/TestProperties.java b/config-model/src/main/java/com/yahoo/config/model/deploy/TestProperties.java index dc64bec964e..cfa61560b29 100644 --- a/config-model/src/main/java/com/yahoo/config/model/deploy/TestProperties.java +++ b/config-model/src/main/java/com/yahoo/config/model/deploy/TestProperties.java @@ -63,6 +63,7 @@ public class TestProperties implements ModelContext.Properties { defaultTermwiseLimit = limit; return this; } + public TestProperties setApplicationId(ApplicationId applicationId) { this.applicationId = applicationId; return this; diff --git a/config-model/src/main/java/com/yahoo/vespa/model/container/xml/ContainerModelBuilder.java b/config-model/src/main/java/com/yahoo/vespa/model/container/xml/ContainerModelBuilder.java index cc78b92c260..81e0b48090d 100644 --- a/config-model/src/main/java/com/yahoo/vespa/model/container/xml/ContainerModelBuilder.java +++ b/config-model/src/main/java/com/yahoo/vespa/model/container/xml/ContainerModelBuilder.java @@ -316,16 +316,14 @@ public class ContainerModelBuilder extends ConfigModelBuilder<ContainerModel> { } // If the deployment contains certificate/private key reference, setup TLS port if (deployState.tlsSecrets().isPresent()) { - addTlsPort(deployState, spec, cluster); + addTlsPort(deployState, cluster); } } - private void addTlsPort(DeployState deployState, Element spec, ApplicationContainerCluster cluster) { - boolean authorizeClient = XML.getChild(spec, "client-authorize") != null; - if (authorizeClient) { - if (deployState.tlsClientAuthority().isEmpty()) { - throw new RuntimeException("client-authorize set, but security/clients.pem is missing"); - } + private void addTlsPort(DeployState deployState, ApplicationContainerCluster cluster) { + boolean authorizeClient = deployState.zone().system().isPublic(); + if (authorizeClient && deployState.tlsClientAuthority().isEmpty()) { + throw new RuntimeException("Client certificate authority security/clients.pem is missing - see: https://vespa.ai/documentation/security-model#data-plane"); } if(cluster.getHttp() == null) { Http http = new Http(Collections.emptyList()); |