diff options
author | Harald Musum <musum@yahooinc.com> | 2024-01-12 13:53:37 +0100 |
---|---|---|
committer | Harald Musum <musum@yahooinc.com> | 2024-01-12 13:53:37 +0100 |
commit | 6e7403b46c6aab5e68364c74c5e22e27b8ad4ca6 (patch) | |
tree | 265db3863953a53261da00c0af53e4a378c4e284 /config-model/src | |
parent | a26038a5e54b1c25f95a2e345b41a6816e46dcca (diff) |
Fail if missing access control filter for all clouds
Diffstat (limited to 'config-model/src')
-rw-r--r-- | config-model/src/main/java/com/yahoo/vespa/model/application/validation/AccessControlFilterExcludeValidator.java | 10 |
1 files changed, 7 insertions, 3 deletions
diff --git a/config-model/src/main/java/com/yahoo/vespa/model/application/validation/AccessControlFilterExcludeValidator.java b/config-model/src/main/java/com/yahoo/vespa/model/application/validation/AccessControlFilterExcludeValidator.java index aee9ca83b08..f714ba43c50 100644 --- a/config-model/src/main/java/com/yahoo/vespa/model/application/validation/AccessControlFilterExcludeValidator.java +++ b/config-model/src/main/java/com/yahoo/vespa/model/application/validation/AccessControlFilterExcludeValidator.java @@ -6,8 +6,12 @@ import com.yahoo.vespa.model.application.validation.Validation.Context; import com.yahoo.vespa.model.container.http.AccessControl; import com.yahoo.vespa.model.container.http.Http; +import java.util.Set; import java.util.logging.Level; +import static com.yahoo.config.provision.CloudName.DEFAULT; +import static com.yahoo.config.provision.CloudName.YAHOO; + /** * Validates that 'access-control' does not include any exclusions unless explicitly allowed. * Logs in Yahoo clouds and fails in AWS clouds @@ -33,10 +37,10 @@ public class AccessControlFilterExcludeValidator implements Validator { private void verifyNoExclusions(String clusterId, AccessControl accessControl, Context context) { if (!accessControl.excludedBindings().isEmpty()) { String message = "Application cluster %s excludes paths from access control, this is not allowed and should be removed.".formatted(clusterId); - if (context.deployState().zone().cloud().name().equals(CloudName.AWS)) { - context.illegal(message); - } else { + if (Set.of(DEFAULT, YAHOO).contains(context.deployState().zone().cloud().name())) { context.deployState().getDeployLogger().log(Level.WARNING, message); + } else { + context.illegal(message); } } } |