diff options
author | Harald Musum <musum@verizonmedia.com> | 2019-05-27 17:33:54 +0200 |
---|---|---|
committer | Harald Musum <musum@verizonmedia.com> | 2019-05-27 17:33:54 +0200 |
commit | d0aae35c427f7a4777c9cf7df03928eda18aeab4 (patch) | |
tree | 019adae5de10bab6f99d1b19a94f872522bf6648 /config-model/src | |
parent | 83d0d125433ab8a4e7dbc40cd21d2188d95961d8 (diff) |
Add validation override for access control
Diffstat (limited to 'config-model/src')
2 files changed, 25 insertions, 5 deletions
diff --git a/config-model/src/main/java/com/yahoo/vespa/model/application/validation/first/AccessControlValidator.java b/config-model/src/main/java/com/yahoo/vespa/model/application/validation/first/AccessControlValidator.java index a89f96453fb..9a272a08fec 100644 --- a/config-model/src/main/java/com/yahoo/vespa/model/application/validation/first/AccessControlValidator.java +++ b/config-model/src/main/java/com/yahoo/vespa/model/application/validation/first/AccessControlValidator.java @@ -1,6 +1,7 @@ // Copyright 2018 Yahoo Holdings. Licensed under the terms of the Apache 2.0 license. See LICENSE in the project root. package com.yahoo.vespa.model.application.validation.first; +import com.yahoo.config.application.api.ValidationId; import com.yahoo.config.model.ConfigModelContext.ApplicationType; import com.yahoo.config.model.deploy.DeployState; import com.yahoo.vespa.model.VespaModel; @@ -42,9 +43,9 @@ public class AccessControlValidator extends Validator { offendingClusters.add(cluster.getName()); } if (! offendingClusters.isEmpty()) - throw new IllegalArgumentException( - "Access-control must be enabled for write operations to container clusters in production zones: " + - mkString(offendingClusters, "[", ", ", "].")); + deployState.validationOverrides().invalid(ValidationId.accessControl, + "Access-control must be enabled for write operations to container clusters in production zones: " + + mkString(offendingClusters, "[", ", ", "]."), deployState.now()); } private boolean hasHandlerThatNeedsProtection(ApplicationContainerCluster cluster) { diff --git a/config-model/src/test/java/com/yahoo/vespa/model/application/validation/first/AccessControlValidatorTest.java b/config-model/src/test/java/com/yahoo/vespa/model/application/validation/first/AccessControlValidatorTest.java index 84a5b69c5f2..17ca0e2dd07 100644 --- a/config-model/src/test/java/com/yahoo/vespa/model/application/validation/first/AccessControlValidatorTest.java +++ b/config-model/src/test/java/com/yahoo/vespa/model/application/validation/first/AccessControlValidatorTest.java @@ -16,6 +16,10 @@ import org.junit.rules.ExpectedException; import org.xml.sax.SAXException; import java.io.IOException; +import java.time.Instant; +import java.time.LocalDate; +import java.time.ZoneOffset; +import java.time.format.DateTimeFormatter; import static com.yahoo.config.model.test.TestUtil.joinLines; import static com.yahoo.config.provision.Environment.prod; @@ -85,7 +89,6 @@ public class AccessControlValidatorTest { VespaModel model = new VespaModel(new NullConfigModelRegistry(), deployState); new AccessControlValidator().validate(model, deployState); - } @Test @@ -133,15 +136,31 @@ public class AccessControlValidatorTest { new AccessControlValidator().validate(model, deployState); } + @Test + public void write_protection_is_not_required_with_validation_override() throws IOException, SAXException{ + DeployState deployState = deployState(servicesXml(true, false), + "<validation-overrides><allow until='2000-01-30'>access-control</allow></validation-overrides>", + LocalDate.parse("2000-01-01", DateTimeFormatter.ISO_DATE).atStartOfDay().atZone(ZoneOffset.UTC).toInstant()); + VespaModel model = new VespaModel(new NullConfigModelRegistry(), deployState); + + new AccessControlValidator().validate(model, deployState); + } + private static DeployState deployState(String servicesXml) { + return deployState(servicesXml, "<validation-overrides></validation-overrides>", Instant.now()); + } + + private static DeployState deployState(String servicesXml, String validationOverrides, Instant now) { ApplicationPackage app = new MockApplicationPackage.Builder() .withServices(servicesXml) + .withValidationOverrides(validationOverrides) .build(); DeployState.Builder builder = new DeployState.Builder() .applicationPackage(app) .zone(new Zone(Environment.prod, RegionName.from("foo")) ) - .properties(new TestProperties().setHostedVespa(true)); + .properties(new TestProperties().setHostedVespa(true)) + .now(now); final DeployState deployState = builder.build(); assertTrue("Test must emulate a hosted deployment.", deployState.isHosted()); |