Warn on 'https' bindings during deploy

author: Bjørn Christian Seime <bjorncs@verizonmedia.com> 2019-04-08 14:58:43 +0200
committer: Bjørn Christian Seime <bjorncs@verizonmedia.com> 2019-04-08 14:59:54 +0200
commit: c0af54fff05f04d664270c037b9af7fb3cdbf6eb (patch)
tree: f2703a54006447891b2a917ecfbce9de8740d474 /config-model
parent: ceee063299f3a10b37975152a0859afd2d5072a0 (diff)
3 files changed, 30 insertions, 12 deletions
diff --git a/config-model/src/main/java/com/yahoo/vespa/model/container/http/AccessControl.java b/config-model/src/main/java/com/yahoo/vespa/model/container/http/AccessControl.java
index 071411845ad..8fc33a1c4d6 100644
--- a/config-model/src/main/java/com/yahoo/vespa/model/container/http/AccessControl.java
+++ b/config-model/src/main/java/com/yahoo/vespa/model/container/http/AccessControl.java
@@ -4,6 +4,7 @@ package com.yahoo.vespa.model.container.http;
 import com.google.common.collect.ImmutableList;
 import com.yahoo.component.ComponentId;
 import com.yahoo.component.ComponentSpecification;
+import com.yahoo.config.application.api.DeployLogger;
 import com.yahoo.vespa.model.container.ContainerCluster;
 import com.yahoo.vespa.model.container.component.FileStatusHandlerComponent;
 import com.yahoo.vespa.model.container.component.Handler;
@@ -47,10 +48,12 @@ public final class AccessControl {
         private final Set<String> excludeBindings = new LinkedHashSet<>();
         private Collection<Handler<?>> handlers = Collections.emptyList();
         private Collection<Servlet> servlets = Collections.emptyList();
+        private final DeployLogger logger;
 
-        public Builder(String domain, String applicationId) {
+        public Builder(String domain, String applicationId, DeployLogger logger) {
             this.domain = domain;
             this.applicationId = applicationId;
+            this.logger = logger;
         }
 
         public Builder readEnabled(boolean readEnabled) {
@@ -85,7 +88,7 @@ public final class AccessControl {
 
         public AccessControl build() {
             return new AccessControl(domain, applicationId, writeEnabled, readEnabled,
-                                     excludeBindings, vespaDomain, servlets, handlers);
+                                     excludeBindings, vespaDomain, servlets, handlers, logger);
         }
     }
 
@@ -97,6 +100,7 @@ public final class AccessControl {
     private final Set<String> excludedBindings;
     private final Collection<Handler<?>> handlers;
     private final Collection<Servlet> servlets;
+    private final DeployLogger logger;
 
     private AccessControl(String domain,
                           String applicationId,
@@ -105,7 +109,8 @@ public final class AccessControl {
                           Set<String> excludedBindings,
                           Optional<String> vespaDomain,
                           Collection<Servlet> servlets,
-                          Collection<Handler<?>> handlers) {
+                          Collection<Handler<?>> handlers,
+                          DeployLogger logger) {
         this.domain = domain;
         this.applicationId = applicationId;
         this.readEnabled = readEnabled;
@@ -114,6 +119,7 @@ public final class AccessControl {
         this.vespaDomain = vespaDomain;
         this.handlers = handlers;
         this.servlets = servlets;
+        this.logger = logger;
     }
 
     public List<Binding> getBindings() {
@@ -125,14 +131,14 @@ public final class AccessControl {
         return handlers.stream()
                         .filter(this::shouldHandlerBeProtected)
                         .flatMap(handler -> handler.getServerBindings().stream())
-                        .map(AccessControl::accessControlBinding);
+                        .map(binding -> accessControlBinding(binding, logger));
     }
 
     private Stream<Binding> getServletBindings() {
         return servlets.stream()
                 .filter(this::shouldServletBeProtected)
                 .flatMap(AccessControl::servletBindings)
-                .map(AccessControl::accessControlBinding);
+                .map(binding -> accessControlBinding(binding, logger));
     }
 
     private boolean shouldHandlerBeProtected(Handler<?> handler) {
@@ -148,8 +154,8 @@ public final class AccessControl {
         return servletBindings(servlet).noneMatch(excludedBindings::contains);
     }
 
-    private static Binding accessControlBinding(String binding) {
-        return new Binding(new ComponentSpecification(ACCESS_CONTROL_CHAIN_ID.stringValue()), binding);
+    private static Binding accessControlBinding(String binding, DeployLogger logger) {
+        return Binding.create(new ComponentSpecification(ACCESS_CONTROL_CHAIN_ID.stringValue()), binding, logger);
     }
 
     private static Stream<String> servletBindings(Servlet servlet) {
diff --git a/config-model/src/main/java/com/yahoo/vespa/model/container/http/Http.java b/config-model/src/main/java/com/yahoo/vespa/model/container/http/Http.java
index 9e85a889075..334b7ff24f2 100644
--- a/config-model/src/main/java/com/yahoo/vespa/model/container/http/Http.java
+++ b/config-model/src/main/java/com/yahoo/vespa/model/container/http/Http.java
@@ -3,6 +3,7 @@ package com.yahoo.vespa.model.container.http;
 
 import com.yahoo.component.ComponentSpecification;
 import com.yahoo.component.provider.ComponentRegistry;
+import com.yahoo.config.application.api.DeployLogger;
 import com.yahoo.config.model.producer.AbstractConfigProducer;
 import com.yahoo.jdisc.http.ServerConfig;
 import com.yahoo.vespa.model.container.component.chain.Chain;
@@ -12,6 +13,7 @@ import java.util.Collection;
 import java.util.Collections;
 import java.util.List;
 import java.util.Optional;
+import java.util.logging.Level;
 
 /**
  * Represents the http servers and filters of a Jdisc cluster.
@@ -24,10 +26,20 @@ public class Http extends AbstractConfigProducer<AbstractConfigProducer<?>> impl
         public final ComponentSpecification filterId;
         public final String binding;
 
-        public Binding(ComponentSpecification filterId, String binding) {
+        private Binding(ComponentSpecification filterId, String binding) {
             this.filterId = filterId;
             this.binding = binding;
         }
+
+        public static Binding create(ComponentSpecification filterId, String binding, DeployLogger logger) {
+            if (binding.startsWith("https://")) {
+                logger.log(Level.WARNING, String.format(
+                        "For binding '%s' on '%s': 'https' bindings are deprecated, " +
+                                "use 'http' instead to bind to both http and https traffic.",
+                        binding, filterId));
+            }
+            return new Binding(filterId, binding);
+        }
     }
 
     private FilterChains filterChains;
diff --git a/config-model/src/main/java/com/yahoo/vespa/model/container/http/xml/HttpBuilder.java b/config-model/src/main/java/com/yahoo/vespa/model/container/http/xml/HttpBuilder.java
index 08268f5085d..bea5489a112 100644
--- a/config-model/src/main/java/com/yahoo/vespa/model/container/http/xml/HttpBuilder.java
+++ b/config-model/src/main/java/com/yahoo/vespa/model/container/http/xml/HttpBuilder.java
@@ -41,7 +41,7 @@ public class HttpBuilder extends VespaDomBuilder.DomConfigProducerBuilder<Http>
         Element filteringElem = XML.getChild(spec, "filtering");
         if (filteringElem != null) {
             filterChains = new FilterChainsBuilder().build(deployState, ancestor, filteringElem);
-            bindings = readFilterBindings(filteringElem);
+            bindings = readFilterBindings(filteringElem, deployState.getDeployLogger());
 
             Element accessControlElem = XML.getChild(filteringElem, "access-control");
             if (accessControlElem != null) {
@@ -65,7 +65,7 @@ public class HttpBuilder extends VespaDomBuilder.DomConfigProducerBuilder<Http>
         String application = XmlHelper.getOptionalChildValue(accessControlElem, "application")
                 .orElse(getDeployedApplicationId(deployState, ancestor).value());
 
-        AccessControl.Builder builder = new AccessControl.Builder(accessControlElem.getAttribute("domain"), application);
+        AccessControl.Builder builder = new AccessControl.Builder(accessControlElem.getAttribute("domain"), application, deployState.getDeployLogger());
 
         getContainerCluster(ancestor).ifPresent(cluster -> {
             builder.setHandlers(cluster.getHandlers());
@@ -106,7 +106,7 @@ public class HttpBuilder extends VespaDomBuilder.DomConfigProducerBuilder<Http>
         return Optional.of((ApplicationContainerCluster) currentProducer);
     }
 
-    private List<Binding> readFilterBindings(Element filteringSpec) {
+    private List<Binding> readFilterBindings(Element filteringSpec, DeployLogger logger) {
         List<Binding> result = new ArrayList<>();
 
         for (Element child: XML.getChildren(filteringSpec)) {
@@ -116,7 +116,7 @@ public class HttpBuilder extends VespaDomBuilder.DomConfigProducerBuilder<Http>
 
                 for (Element bindingSpec: XML.getChildren(child, "binding")) {
                     String binding = XML.getValue(bindingSpec);
-                    result.add(new Binding(chainId, binding));
+                    result.add(Binding.create(chainId, binding, logger));
                 }
             }
         }
author	Bjørn Christian Seime <bjorncs@verizonmedia.com>	2019-04-08 14:58:43 +0200
committer	Bjørn Christian Seime <bjorncs@verizonmedia.com>	2019-04-08 14:59:54 +0200
commit	c0af54fff05f04d664270c037b9af7fb3cdbf6eb (patch)
tree	f2703a54006447891b2a917ecfbce9de8740d474 /config-model
parent	ceee063299f3a10b37975152a0859afd2d5072a0 (diff)