summaryrefslogtreecommitdiffstats
path: root/config-model
diff options
context:
space:
mode:
authorJon Bratseth <bratseth@oath.com>2019-09-09 20:20:58 +0200
committerGitHub <noreply@github.com>2019-09-09 20:20:58 +0200
commit1452a77c5c21a92992cfddc73bf27ed8a40000dd (patch)
treedf55dfc723dc265f5372ba03e232edf994fa6c6d /config-model
parentf21d059859994ed7ccb83506ded22a2d95e79353 (diff)
parent043e73fb0a84c918c3f7003fbe4f672daedb7e9c (diff)
Merge pull request #10571 from vespa-engine/bratseth/access-control-in-default-only
Don't enforce access control for non-default instances
Diffstat (limited to 'config-model')
-rw-r--r--config-model/src/main/java/com/yahoo/config/model/test/MockApplicationPackage.java3
-rw-r--r--config-model/src/main/java/com/yahoo/vespa/model/application/validation/first/AccessControlValidator.java4
2 files changed, 6 insertions, 1 deletions
diff --git a/config-model/src/main/java/com/yahoo/config/model/test/MockApplicationPackage.java b/config-model/src/main/java/com/yahoo/config/model/test/MockApplicationPackage.java
index 538b2f0f957..eb61bda83a6 100644
--- a/config-model/src/main/java/com/yahoo/config/model/test/MockApplicationPackage.java
+++ b/config-model/src/main/java/com/yahoo/config/model/test/MockApplicationPackage.java
@@ -99,6 +99,9 @@ public class MockApplicationPackage implements ApplicationPackage {
}
@Override
+ public ApplicationId getApplicationId() { return ApplicationId.from("default", getApplicationName(), "default"); }
+
+ @Override
public Reader getServices() {
return new StringReader(servicesS);
}
diff --git a/config-model/src/main/java/com/yahoo/vespa/model/application/validation/first/AccessControlValidator.java b/config-model/src/main/java/com/yahoo/vespa/model/application/validation/first/AccessControlValidator.java
index 972a83d7a2a..b7bbed7ffda 100644
--- a/config-model/src/main/java/com/yahoo/vespa/model/application/validation/first/AccessControlValidator.java
+++ b/config-model/src/main/java/com/yahoo/vespa/model/application/validation/first/AccessControlValidator.java
@@ -4,6 +4,7 @@ package com.yahoo.vespa.model.application.validation.first;
import com.yahoo.config.application.api.ValidationId;
import com.yahoo.config.model.ConfigModelContext.ApplicationType;
import com.yahoo.config.model.deploy.DeployState;
+import com.yahoo.config.provision.InstanceName;
import com.yahoo.vespa.model.VespaModel;
import com.yahoo.vespa.model.application.validation.Validator;
import com.yahoo.vespa.model.container.Container;
@@ -43,7 +44,8 @@ public class AccessControlValidator extends Validator {
if (hasHandlerThatNeedsProtection(cluster) || ! cluster.getAllServlets().isEmpty())
offendingClusters.add(cluster.getName());
}
- if (! offendingClusters.isEmpty())
+ if (! offendingClusters.isEmpty()
+ && deployState.getApplicationPackage().getApplicationId().instance().equals(InstanceName.defaultName()))
deployState.validationOverrides().invalid(ValidationId.accessControl,
"Access-control must be enabled for write operations to container clusters in production zones: " +
mkString(offendingClusters, "[", ", ", "]."), deployState.now());