diff options
author | Morten Tokle <mortent@yahooinc.com> | 2023-08-24 00:03:42 +0200 |
---|---|---|
committer | Morten Tokle <mortent@yahooinc.com> | 2023-08-24 00:03:42 +0200 |
commit | 753af4ad78ea24190b91ad9e124efe54a211e1f9 (patch) | |
tree | 2c87d363c78d3a00baaf6f3c5aca924af5f6d106 /config-model | |
parent | c2095ab49826d3a7b0d6ca7d66002d2b0a2a96d4 (diff) |
Enforce UriBindingValidator in public, log in non-public
Diffstat (limited to 'config-model')
2 files changed, 41 insertions, 7 deletions
diff --git a/config-model/src/main/java/com/yahoo/vespa/model/application/validation/UriBindingsValidator.java b/config-model/src/main/java/com/yahoo/vespa/model/application/validation/UriBindingsValidator.java index f869d578dcb..9ea79e0d4ea 100644 --- a/config-model/src/main/java/com/yahoo/vespa/model/application/validation/UriBindingsValidator.java +++ b/config-model/src/main/java/com/yahoo/vespa/model/application/validation/UriBindingsValidator.java @@ -14,6 +14,7 @@ import java.util.logging.Level; /** * Validates URI bindings for filters and handlers + * Enforced in public systems, log warning in non-public systems * * @author bjorncs */ @@ -58,13 +59,24 @@ class UriBindingsValidator extends Validator { // Allow binding to port if we are restricting data plane bindings if (!binding.matchesAnyPort()) { - throw new IllegalArgumentException(createErrorMessage(binding, "binding with port is not allowed")); + logOrThrow(createErrorMessage(binding, "binding with port is not allowed"), deployState); } if (!binding.host().equals(BindingPattern.WILDCARD_PATTERN)) { - throw new IllegalArgumentException(createErrorMessage(binding, "only binding with wildcard ('*') for hostname is allowed")); + logOrThrow(createErrorMessage(binding, "only binding with wildcard ('*') for hostname is allowed"), deployState); } if (!binding.scheme().equals("http") && !binding.scheme().equals("https")) { - throw new IllegalArgumentException(createErrorMessage(binding, "only 'http' is allowed as scheme")); + logOrThrow(createErrorMessage(binding, "only 'http' is allowed as scheme"), deployState); + } + } + + /* + * Logs to deploy logger in non-public systems, throw otherwise + */ + private static void logOrThrow(String message, DeployState deployState) { + if (deployState.zone().system().isPublic()) { + throw new IllegalArgumentException(message); + } else { + deployState.getDeployLogger().log(Level.WARNING, message); } } diff --git a/config-model/src/test/java/com/yahoo/vespa/model/application/validation/UriBindingsValidatorTest.java b/config-model/src/test/java/com/yahoo/vespa/model/application/validation/UriBindingsValidatorTest.java index a56b268eeab..6307bed28e6 100644 --- a/config-model/src/test/java/com/yahoo/vespa/model/application/validation/UriBindingsValidatorTest.java +++ b/config-model/src/test/java/com/yahoo/vespa/model/application/validation/UriBindingsValidatorTest.java @@ -2,23 +2,29 @@ package com.yahoo.vespa.model.application.validation;// Copyright Yahoo. Licensed under the terms of the Apache 2.0 license. See LICENSE in the project root. import com.yahoo.config.application.api.ApplicationPackage; +import com.yahoo.config.application.api.DeployLogger; import com.yahoo.config.model.NullConfigModelRegistry; import com.yahoo.config.model.deploy.DeployState; import com.yahoo.config.model.deploy.TestProperties; import com.yahoo.config.model.test.MockApplicationPackage; +import com.yahoo.config.provision.Environment; +import com.yahoo.config.provision.RegionName; +import com.yahoo.config.provision.SystemName; +import com.yahoo.config.provision.Zone; import com.yahoo.vespa.model.VespaModel; import org.junit.jupiter.api.Test; import org.xml.sax.SAXException; import java.io.IOException; -import static org.junit.jupiter.api.Assertions.assertThrows; -import static org.junit.jupiter.api.Assertions.assertTrue; +import static org.junit.jupiter.api.Assertions.*; /** * @author bjorncs */ public class UriBindingsValidatorTest { + Zone cdZone = new Zone(SystemName.cd, Environment.prod, RegionName.defaultName()); + Zone publicCdZone = new Zone(SystemName.PublicCd, Environment.prod, RegionName.defaultName()); @Test void fails_on_user_handler_binding_with_port() throws IOException, SAXException { @@ -29,6 +35,17 @@ public class UriBindingsValidatorTest { } @Test + void non_public_logs_on_user_handler_binding_with_port() throws IOException, SAXException { + StringBuffer log = new StringBuffer(); + DeployLogger logger = (__, message) -> { + System.out.println("message = " + message); + log.append(message).append('\n'); + }; + runUriBindingValidator(true, createServicesXmlWithHandler("http://*:4443/my-handler"), cdZone, logger); + assertTrue(log.toString().contains("For binding 'http://*:4443/my-handler': binding with port is not allowed")); + } + + @Test void fails_on_user_handler_binding_with_hostname() throws IOException, SAXException { Throwable exception = assertThrows(IllegalArgumentException.class, () -> { runUriBindingValidator(true, createServicesXmlWithHandler("http://myhostname/my-handler")); @@ -67,15 +84,20 @@ public class UriBindingsValidatorTest { } private void runUriBindingValidator(boolean isHosted, String servicesXml) throws IOException, SAXException { - runUriBindingValidator(new TestProperties().setHostedVespa(isHosted), servicesXml); + runUriBindingValidator(new TestProperties().setZone(publicCdZone).setHostedVespa(isHosted), servicesXml, (__, message) -> {}); + } + private void runUriBindingValidator(boolean isHosted, String servicesXml, Zone zone, DeployLogger deployLogger) throws IOException, SAXException { + runUriBindingValidator(new TestProperties().setZone(zone).setHostedVespa(isHosted), servicesXml, deployLogger); } - private void runUriBindingValidator(TestProperties testProperties, String servicesXml) throws IOException, SAXException { + private void runUriBindingValidator(TestProperties testProperties, String servicesXml, DeployLogger deployLogger) throws IOException, SAXException { ApplicationPackage app = new MockApplicationPackage.Builder() .withServices(servicesXml) .build(); DeployState deployState = new DeployState.Builder() .applicationPackage(app) + .deployLogger(deployLogger) + .zone(testProperties.zone()) .properties(testProperties) .build(); VespaModel model = new VespaModel(new NullConfigModelRegistry(), deployState); |