diff options
author | Jon Bratseth <bratseth@oath.com> | 2019-09-09 20:20:58 +0200 |
---|---|---|
committer | GitHub <noreply@github.com> | 2019-09-09 20:20:58 +0200 |
commit | 1452a77c5c21a92992cfddc73bf27ed8a40000dd (patch) | |
tree | df55dfc723dc265f5372ba03e232edf994fa6c6d /config-model | |
parent | f21d059859994ed7ccb83506ded22a2d95e79353 (diff) | |
parent | 043e73fb0a84c918c3f7003fbe4f672daedb7e9c (diff) |
Merge pull request #10571 from vespa-engine/bratseth/access-control-in-default-only
Don't enforce access control for non-default instances
Diffstat (limited to 'config-model')
2 files changed, 6 insertions, 1 deletions
diff --git a/config-model/src/main/java/com/yahoo/config/model/test/MockApplicationPackage.java b/config-model/src/main/java/com/yahoo/config/model/test/MockApplicationPackage.java index 538b2f0f957..eb61bda83a6 100644 --- a/config-model/src/main/java/com/yahoo/config/model/test/MockApplicationPackage.java +++ b/config-model/src/main/java/com/yahoo/config/model/test/MockApplicationPackage.java @@ -99,6 +99,9 @@ public class MockApplicationPackage implements ApplicationPackage { } @Override + public ApplicationId getApplicationId() { return ApplicationId.from("default", getApplicationName(), "default"); } + + @Override public Reader getServices() { return new StringReader(servicesS); } diff --git a/config-model/src/main/java/com/yahoo/vespa/model/application/validation/first/AccessControlValidator.java b/config-model/src/main/java/com/yahoo/vespa/model/application/validation/first/AccessControlValidator.java index 972a83d7a2a..b7bbed7ffda 100644 --- a/config-model/src/main/java/com/yahoo/vespa/model/application/validation/first/AccessControlValidator.java +++ b/config-model/src/main/java/com/yahoo/vespa/model/application/validation/first/AccessControlValidator.java @@ -4,6 +4,7 @@ package com.yahoo.vespa.model.application.validation.first; import com.yahoo.config.application.api.ValidationId; import com.yahoo.config.model.ConfigModelContext.ApplicationType; import com.yahoo.config.model.deploy.DeployState; +import com.yahoo.config.provision.InstanceName; import com.yahoo.vespa.model.VespaModel; import com.yahoo.vespa.model.application.validation.Validator; import com.yahoo.vespa.model.container.Container; @@ -43,7 +44,8 @@ public class AccessControlValidator extends Validator { if (hasHandlerThatNeedsProtection(cluster) || ! cluster.getAllServlets().isEmpty()) offendingClusters.add(cluster.getName()); } - if (! offendingClusters.isEmpty()) + if (! offendingClusters.isEmpty() + && deployState.getApplicationPackage().getApplicationId().instance().equals(InstanceName.defaultName())) deployState.validationOverrides().invalid(ValidationId.accessControl, "Access-control must be enabled for write operations to container clusters in production zones: " + mkString(offendingClusters, "[", ", ", "]."), deployState.now()); |