Enforce UriBindingValidator in public, log in non-public

2 files changed, 41 insertions, 7 deletions

diff --git a/config-model/src/main/java/com/yahoo/vespa/model/application/validation/UriBindingsValidator.java b/config-model/src/main/java/com/yahoo/vespa/model/application/validation/UriBindingsValidator.java
index f869d578dcb..9ea79e0d4ea 100644
--- a/config-model/src/main/java/com/yahoo/vespa/model/application/validation/UriBindingsValidator.java
+++ b/config-model/src/main/java/com/yahoo/vespa/model/application/validation/UriBindingsValidator.java
@@ -14,6 +14,7 @@ import java.util.logging.Level;
 
 /**
  * Validates URI bindings for filters and handlers
+ * Enforced in public systems, log warning in non-public systems
  *
  * @author bjorncs
  */
@@ -58,13 +59,24 @@ class UriBindingsValidator extends Validator {
 
         // Allow binding to port if we are restricting data plane bindings
         if (!binding.matchesAnyPort()) {
-                throw new IllegalArgumentException(createErrorMessage(binding, "binding with port is not allowed"));
+            logOrThrow(createErrorMessage(binding, "binding with port is not allowed"), deployState);
         }
         if (!binding.host().equals(BindingPattern.WILDCARD_PATTERN)) {
-            throw new IllegalArgumentException(createErrorMessage(binding, "only binding with wildcard ('*') for hostname is allowed"));
+            logOrThrow(createErrorMessage(binding, "only binding with wildcard ('*') for hostname is allowed"), deployState);
         }
         if (!binding.scheme().equals("http") && !binding.scheme().equals("https")) {
-            throw new IllegalArgumentException(createErrorMessage(binding, "only 'http' is allowed as scheme"));
+            logOrThrow(createErrorMessage(binding, "only 'http' is allowed as scheme"), deployState);
+        }
+    }
+
+    /*
+     * Logs to deploy logger in non-public systems, throw otherwise
+     */
+    private static void logOrThrow(String message, DeployState deployState) {
+        if (deployState.zone().system().isPublic()) {
+            throw new IllegalArgumentException(message);
+        } else {
+            deployState.getDeployLogger().log(Level.WARNING, message);
         }
     }
 
diff --git a/config-model/src/test/java/com/yahoo/vespa/model/application/validation/UriBindingsValidatorTest.java b/config-model/src/test/java/com/yahoo/vespa/model/application/validation/UriBindingsValidatorTest.java
index a56b268eeab..6307bed28e6 100644
--- a/config-model/src/test/java/com/yahoo/vespa/model/application/validation/UriBindingsValidatorTest.java
+++ b/config-model/src/test/java/com/yahoo/vespa/model/application/validation/UriBindingsValidatorTest.java
@@ -2,23 +2,29 @@
 package com.yahoo.vespa.model.application.validation;// Copyright Yahoo. Licensed under the terms of the Apache 2.0 license. See LICENSE in the project root.
 
 import com.yahoo.config.application.api.ApplicationPackage;
+import com.yahoo.config.application.api.DeployLogger;
 import com.yahoo.config.model.NullConfigModelRegistry;
 import com.yahoo.config.model.deploy.DeployState;
 import com.yahoo.config.model.deploy.TestProperties;
 import com.yahoo.config.model.test.MockApplicationPackage;
+import com.yahoo.config.provision.Environment;
+import com.yahoo.config.provision.RegionName;
+import com.yahoo.config.provision.SystemName;
+import com.yahoo.config.provision.Zone;
 import com.yahoo.vespa.model.VespaModel;
 import org.junit.jupiter.api.Test;
 import org.xml.sax.SAXException;
 
 import java.io.IOException;
 
-import static org.junit.jupiter.api.Assertions.assertThrows;
-import static org.junit.jupiter.api.Assertions.assertTrue;
+import static org.junit.jupiter.api.Assertions.*;
 
 /**
  * @author bjorncs
  */
 public class UriBindingsValidatorTest {
+    Zone cdZone = new Zone(SystemName.cd, Environment.prod, RegionName.defaultName());
+    Zone publicCdZone = new Zone(SystemName.PublicCd, Environment.prod, RegionName.defaultName());
 
     @Test
     void fails_on_user_handler_binding_with_port() throws IOException, SAXException {
@@ -29,6 +35,17 @@ public class UriBindingsValidatorTest {
     }
 
     @Test
+    void non_public_logs_on_user_handler_binding_with_port() throws IOException, SAXException {
+        StringBuffer log = new StringBuffer();
+        DeployLogger logger = (__, message) -> {
+            System.out.println("message = " + message);
+            log.append(message).append('\n');
+        };
+        runUriBindingValidator(true, createServicesXmlWithHandler("http://*:4443/my-handler"), cdZone, logger);
+        assertTrue(log.toString().contains("For binding 'http://*:4443/my-handler': binding with port is not allowed"));
+    }
+
+    @Test
     void fails_on_user_handler_binding_with_hostname() throws IOException, SAXException {
         Throwable exception = assertThrows(IllegalArgumentException.class, () -> {
             runUriBindingValidator(true, createServicesXmlWithHandler("http://myhostname/my-handler"));
@@ -67,15 +84,20 @@ public class UriBindingsValidatorTest {
     }
 
     private void runUriBindingValidator(boolean isHosted, String servicesXml) throws IOException, SAXException {
-        runUriBindingValidator(new TestProperties().setHostedVespa(isHosted), servicesXml);
+        runUriBindingValidator(new TestProperties().setZone(publicCdZone).setHostedVespa(isHosted), servicesXml, (__, message) -> {});
+    }
+    private void runUriBindingValidator(boolean isHosted, String servicesXml, Zone zone, DeployLogger deployLogger) throws IOException, SAXException {
+        runUriBindingValidator(new TestProperties().setZone(zone).setHostedVespa(isHosted), servicesXml, deployLogger);
     }
 
-    private void runUriBindingValidator(TestProperties testProperties, String servicesXml) throws IOException, SAXException {
+    private void runUriBindingValidator(TestProperties testProperties, String servicesXml, DeployLogger deployLogger) throws IOException, SAXException {
         ApplicationPackage app = new MockApplicationPackage.Builder()
                 .withServices(servicesXml)
                 .build();
         DeployState deployState = new DeployState.Builder()
                 .applicationPackage(app)
+                .deployLogger(deployLogger)
+                .zone(testProperties.zone())
                 .properties(testProperties)
                 .build();
         VespaModel model = new VespaModel(new NullConfigModelRegistry(), deployState);