diff options
author | Bjørn Christian Seime <bjorncs@verizonmedia.com> | 2019-04-08 14:58:43 +0200 |
---|---|---|
committer | Bjørn Christian Seime <bjorncs@verizonmedia.com> | 2019-04-08 14:59:54 +0200 |
commit | c0af54fff05f04d664270c037b9af7fb3cdbf6eb (patch) | |
tree | f2703a54006447891b2a917ecfbce9de8740d474 /config-model | |
parent | ceee063299f3a10b37975152a0859afd2d5072a0 (diff) |
Warn on 'https' bindings during deploy
Diffstat (limited to 'config-model')
3 files changed, 30 insertions, 12 deletions
diff --git a/config-model/src/main/java/com/yahoo/vespa/model/container/http/AccessControl.java b/config-model/src/main/java/com/yahoo/vespa/model/container/http/AccessControl.java index 071411845ad..8fc33a1c4d6 100644 --- a/config-model/src/main/java/com/yahoo/vespa/model/container/http/AccessControl.java +++ b/config-model/src/main/java/com/yahoo/vespa/model/container/http/AccessControl.java @@ -4,6 +4,7 @@ package com.yahoo.vespa.model.container.http; import com.google.common.collect.ImmutableList; import com.yahoo.component.ComponentId; import com.yahoo.component.ComponentSpecification; +import com.yahoo.config.application.api.DeployLogger; import com.yahoo.vespa.model.container.ContainerCluster; import com.yahoo.vespa.model.container.component.FileStatusHandlerComponent; import com.yahoo.vespa.model.container.component.Handler; @@ -47,10 +48,12 @@ public final class AccessControl { private final Set<String> excludeBindings = new LinkedHashSet<>(); private Collection<Handler<?>> handlers = Collections.emptyList(); private Collection<Servlet> servlets = Collections.emptyList(); + private final DeployLogger logger; - public Builder(String domain, String applicationId) { + public Builder(String domain, String applicationId, DeployLogger logger) { this.domain = domain; this.applicationId = applicationId; + this.logger = logger; } public Builder readEnabled(boolean readEnabled) { @@ -85,7 +88,7 @@ public final class AccessControl { public AccessControl build() { return new AccessControl(domain, applicationId, writeEnabled, readEnabled, - excludeBindings, vespaDomain, servlets, handlers); + excludeBindings, vespaDomain, servlets, handlers, logger); } } @@ -97,6 +100,7 @@ public final class AccessControl { private final Set<String> excludedBindings; private final Collection<Handler<?>> handlers; private final Collection<Servlet> servlets; + private final DeployLogger logger; private AccessControl(String domain, String applicationId, @@ -105,7 +109,8 @@ public final class AccessControl { Set<String> excludedBindings, Optional<String> vespaDomain, Collection<Servlet> servlets, - Collection<Handler<?>> handlers) { + Collection<Handler<?>> handlers, + DeployLogger logger) { this.domain = domain; this.applicationId = applicationId; this.readEnabled = readEnabled; @@ -114,6 +119,7 @@ public final class AccessControl { this.vespaDomain = vespaDomain; this.handlers = handlers; this.servlets = servlets; + this.logger = logger; } public List<Binding> getBindings() { @@ -125,14 +131,14 @@ public final class AccessControl { return handlers.stream() .filter(this::shouldHandlerBeProtected) .flatMap(handler -> handler.getServerBindings().stream()) - .map(AccessControl::accessControlBinding); + .map(binding -> accessControlBinding(binding, logger)); } private Stream<Binding> getServletBindings() { return servlets.stream() .filter(this::shouldServletBeProtected) .flatMap(AccessControl::servletBindings) - .map(AccessControl::accessControlBinding); + .map(binding -> accessControlBinding(binding, logger)); } private boolean shouldHandlerBeProtected(Handler<?> handler) { @@ -148,8 +154,8 @@ public final class AccessControl { return servletBindings(servlet).noneMatch(excludedBindings::contains); } - private static Binding accessControlBinding(String binding) { - return new Binding(new ComponentSpecification(ACCESS_CONTROL_CHAIN_ID.stringValue()), binding); + private static Binding accessControlBinding(String binding, DeployLogger logger) { + return Binding.create(new ComponentSpecification(ACCESS_CONTROL_CHAIN_ID.stringValue()), binding, logger); } private static Stream<String> servletBindings(Servlet servlet) { diff --git a/config-model/src/main/java/com/yahoo/vespa/model/container/http/Http.java b/config-model/src/main/java/com/yahoo/vespa/model/container/http/Http.java index 9e85a889075..334b7ff24f2 100644 --- a/config-model/src/main/java/com/yahoo/vespa/model/container/http/Http.java +++ b/config-model/src/main/java/com/yahoo/vespa/model/container/http/Http.java @@ -3,6 +3,7 @@ package com.yahoo.vespa.model.container.http; import com.yahoo.component.ComponentSpecification; import com.yahoo.component.provider.ComponentRegistry; +import com.yahoo.config.application.api.DeployLogger; import com.yahoo.config.model.producer.AbstractConfigProducer; import com.yahoo.jdisc.http.ServerConfig; import com.yahoo.vespa.model.container.component.chain.Chain; @@ -12,6 +13,7 @@ import java.util.Collection; import java.util.Collections; import java.util.List; import java.util.Optional; +import java.util.logging.Level; /** * Represents the http servers and filters of a Jdisc cluster. @@ -24,10 +26,20 @@ public class Http extends AbstractConfigProducer<AbstractConfigProducer<?>> impl public final ComponentSpecification filterId; public final String binding; - public Binding(ComponentSpecification filterId, String binding) { + private Binding(ComponentSpecification filterId, String binding) { this.filterId = filterId; this.binding = binding; } + + public static Binding create(ComponentSpecification filterId, String binding, DeployLogger logger) { + if (binding.startsWith("https://")) { + logger.log(Level.WARNING, String.format( + "For binding '%s' on '%s': 'https' bindings are deprecated, " + + "use 'http' instead to bind to both http and https traffic.", + binding, filterId)); + } + return new Binding(filterId, binding); + } } private FilterChains filterChains; diff --git a/config-model/src/main/java/com/yahoo/vespa/model/container/http/xml/HttpBuilder.java b/config-model/src/main/java/com/yahoo/vespa/model/container/http/xml/HttpBuilder.java index 08268f5085d..bea5489a112 100644 --- a/config-model/src/main/java/com/yahoo/vespa/model/container/http/xml/HttpBuilder.java +++ b/config-model/src/main/java/com/yahoo/vespa/model/container/http/xml/HttpBuilder.java @@ -41,7 +41,7 @@ public class HttpBuilder extends VespaDomBuilder.DomConfigProducerBuilder<Http> Element filteringElem = XML.getChild(spec, "filtering"); if (filteringElem != null) { filterChains = new FilterChainsBuilder().build(deployState, ancestor, filteringElem); - bindings = readFilterBindings(filteringElem); + bindings = readFilterBindings(filteringElem, deployState.getDeployLogger()); Element accessControlElem = XML.getChild(filteringElem, "access-control"); if (accessControlElem != null) { @@ -65,7 +65,7 @@ public class HttpBuilder extends VespaDomBuilder.DomConfigProducerBuilder<Http> String application = XmlHelper.getOptionalChildValue(accessControlElem, "application") .orElse(getDeployedApplicationId(deployState, ancestor).value()); - AccessControl.Builder builder = new AccessControl.Builder(accessControlElem.getAttribute("domain"), application); + AccessControl.Builder builder = new AccessControl.Builder(accessControlElem.getAttribute("domain"), application, deployState.getDeployLogger()); getContainerCluster(ancestor).ifPresent(cluster -> { builder.setHandlers(cluster.getHandlers()); @@ -106,7 +106,7 @@ public class HttpBuilder extends VespaDomBuilder.DomConfigProducerBuilder<Http> return Optional.of((ApplicationContainerCluster) currentProducer); } - private List<Binding> readFilterBindings(Element filteringSpec) { + private List<Binding> readFilterBindings(Element filteringSpec, DeployLogger logger) { List<Binding> result = new ArrayList<>(); for (Element child: XML.getChildren(filteringSpec)) { @@ -116,7 +116,7 @@ public class HttpBuilder extends VespaDomBuilder.DomConfigProducerBuilder<Http> for (Element bindingSpec: XML.getChildren(child, "binding")) { String binding = XML.getValue(bindingSpec); - result.add(new Binding(chainId, binding)); + result.add(Binding.create(chainId, binding, logger)); } } } |