Temporarily disable proxy-protocol for port 4443 in jdisc

author: Bjørn Christian Seime <bjorncs@verizonmedia.com> 2020-04-28 15:48:27 +0200
committer: Bjørn Christian Seime <bjorncs@verizonmedia.com> 2020-04-28 15:48:27 +0200
commit: a9e5c8b38d4b37862e38a43239720ccdf56470d2 (patch)
tree: 0458a71b062d604bc0518850aa3883f5ed054504 /config-model/src/test/java/com/yahoo
parent: 4d3c251083a14f21dde71bcce21561c22fa79acd (diff)
1 files changed, 35 insertions, 0 deletions
diff --git a/config-model/src/test/java/com/yahoo/vespa/model/container/xml/ContainerModelBuilderTest.java b/config-model/src/test/java/com/yahoo/vespa/model/container/xml/ContainerModelBuilderTest.java
index dcd1c46e52f..15966694f8d 100644
--- a/config-model/src/test/java/com/yahoo/vespa/model/container/xml/ContainerModelBuilderTest.java
+++ b/config-model/src/test/java/com/yahoo/vespa/model/container/xml/ContainerModelBuilderTest.java
@@ -832,6 +832,41 @@ public class ContainerModelBuilderTest extends ContainerModelBuilderTestBase {
                    connectorConfig.ssl().caCertificateFile(), equalTo("/opt/yahoo/share/ssl/certs/athenz_certificate_bundle.pem"));
         assertThat(connectorConfig.ssl().caCertificate(), isEmptyString());
     }
+    @Test
+
+    public void jdisc_proxy_protocol_disabled_in_public_systems() {
+        Element clusterElem = DomBuilderTest.parse(
+                "<container version='1.0'>",
+                nodesXml,
+                "</container>" );
+
+        var applicationPackage = new MockApplicationPackage.Builder()
+                .withRoot(applicationFolder.getRoot())
+                .build();
+
+        applicationPackage.getFile(Path.fromString("security")).createDirectory();
+        applicationPackage.getFile(Path.fromString("security/clients.pem")).writeFile(new StringReader("I am a very nice certificate"));
+
+        Zone zone = new Zone(SystemName.Public, Environment.prod, RegionName.defaultName());
+        DeployState state = new DeployState.Builder()
+                .zone(zone)
+                .applicationPackage(applicationPackage)
+                .properties(new TestProperties()
+                                    .setHostedVespa(true)
+                                    .setZone(zone)
+                                    .setEndpointCertificateSecrets(Optional.of(new EndpointCertificateSecrets("CERT", "KEY"))))
+                .build();
+        createModel(root, state, null, clusterElem);
+        ApplicationContainer container = (ApplicationContainer)root.getProducer("container/container.0");
+        ConnectorFactory tlsPort = container.getHttp().getHttpServer().get().getConnectorFactories().stream()
+                .filter(connectorFactory -> connectorFactory.getListenPort() == 4443)
+                .findFirst()
+                .orElseThrow();
+        ConnectorConfig.Builder builder = new ConnectorConfig.Builder();
+        tlsPort.getConfig(builder);
+        ConnectorConfig connectorConfig = new ConnectorConfig(builder);
+        assertFalse(connectorConfig.proxyProtocol().enabled());
+    }
 
 
     private Element generateContainerElementWithRenderer(String rendererId) {
author	Bjørn Christian Seime <bjorncs@verizonmedia.com>	2020-04-28 15:48:27 +0200
committer	Bjørn Christian Seime <bjorncs@verizonmedia.com>	2020-04-28 15:48:27 +0200
commit	a9e5c8b38d4b37862e38a43239720ccdf56470d2 (patch)
tree	0458a71b062d604bc0518850aa3883f5ed054504 /config-model/src/test/java/com/yahoo
parent	4d3c251083a14f21dde71bcce21561c22fa79acd (diff)