diff options
author | Harald Musum <musum@yahooinc.com> | 2024-01-12 14:52:37 +0100 |
---|---|---|
committer | GitHub <noreply@github.com> | 2024-01-12 14:52:37 +0100 |
commit | 04d80345d7398a7d6e4dd0385d8af07e2d2c39b7 (patch) | |
tree | 0e238abe72b5a4008f3e4622e467c6eab24ae300 /config-model/src | |
parent | a5df6cac7248c074b381b64d8d6f064f5ff07ef9 (diff) | |
parent | 6e7403b46c6aab5e68364c74c5e22e27b8ad4ca6 (diff) |
Merge pull request #29878 from vespa-engine/hmusum/verify-no-exclusions-for-all-clouds
Fail if missing access control filter for all clouds
Diffstat (limited to 'config-model/src')
-rw-r--r-- | config-model/src/main/java/com/yahoo/vespa/model/application/validation/AccessControlFilterExcludeValidator.java | 10 |
1 files changed, 7 insertions, 3 deletions
diff --git a/config-model/src/main/java/com/yahoo/vespa/model/application/validation/AccessControlFilterExcludeValidator.java b/config-model/src/main/java/com/yahoo/vespa/model/application/validation/AccessControlFilterExcludeValidator.java index aee9ca83b08..f714ba43c50 100644 --- a/config-model/src/main/java/com/yahoo/vespa/model/application/validation/AccessControlFilterExcludeValidator.java +++ b/config-model/src/main/java/com/yahoo/vespa/model/application/validation/AccessControlFilterExcludeValidator.java @@ -6,8 +6,12 @@ import com.yahoo.vespa.model.application.validation.Validation.Context; import com.yahoo.vespa.model.container.http.AccessControl; import com.yahoo.vespa.model.container.http.Http; +import java.util.Set; import java.util.logging.Level; +import static com.yahoo.config.provision.CloudName.DEFAULT; +import static com.yahoo.config.provision.CloudName.YAHOO; + /** * Validates that 'access-control' does not include any exclusions unless explicitly allowed. * Logs in Yahoo clouds and fails in AWS clouds @@ -33,10 +37,10 @@ public class AccessControlFilterExcludeValidator implements Validator { private void verifyNoExclusions(String clusterId, AccessControl accessControl, Context context) { if (!accessControl.excludedBindings().isEmpty()) { String message = "Application cluster %s excludes paths from access control, this is not allowed and should be removed.".formatted(clusterId); - if (context.deployState().zone().cloud().name().equals(CloudName.AWS)) { - context.illegal(message); - } else { + if (Set.of(DEFAULT, YAHOO).contains(context.deployState().zone().cloud().name())) { context.deployState().getDeployLogger().log(Level.WARNING, message); + } else { + context.illegal(message); } } } |