diff options
author | Jon Bratseth <bratseth@verizonmedia.com> | 2019-09-09 16:02:00 +0200 |
---|---|---|
committer | Jon Bratseth <bratseth@verizonmedia.com> | 2019-09-09 16:02:00 +0200 |
commit | 9af672c4442b9cafa337fabc64b846069b055b79 (patch) | |
tree | 68211ec6c2b7929fb41a26f17cbacd3e242a5a89 /config-model | |
parent | ff2f0a1e434ad94ca4b05c51e603a32919f5a7b4 (diff) |
Don't enforce access control for non-default instances
This makes it easier to create additional instances for testing
other services against it.
Diffstat (limited to 'config-model')
2 files changed, 6 insertions, 1 deletions
diff --git a/config-model/src/main/java/com/yahoo/config/model/test/MockApplicationPackage.java b/config-model/src/main/java/com/yahoo/config/model/test/MockApplicationPackage.java index 538b2f0f957..eb61bda83a6 100644 --- a/config-model/src/main/java/com/yahoo/config/model/test/MockApplicationPackage.java +++ b/config-model/src/main/java/com/yahoo/config/model/test/MockApplicationPackage.java @@ -99,6 +99,9 @@ public class MockApplicationPackage implements ApplicationPackage { } @Override + public ApplicationId getApplicationId() { return ApplicationId.from("default", getApplicationName(), "default"); } + + @Override public Reader getServices() { return new StringReader(servicesS); } diff --git a/config-model/src/main/java/com/yahoo/vespa/model/application/validation/first/AccessControlValidator.java b/config-model/src/main/java/com/yahoo/vespa/model/application/validation/first/AccessControlValidator.java index 972a83d7a2a..b7bbed7ffda 100644 --- a/config-model/src/main/java/com/yahoo/vespa/model/application/validation/first/AccessControlValidator.java +++ b/config-model/src/main/java/com/yahoo/vespa/model/application/validation/first/AccessControlValidator.java @@ -4,6 +4,7 @@ package com.yahoo.vespa.model.application.validation.first; import com.yahoo.config.application.api.ValidationId; import com.yahoo.config.model.ConfigModelContext.ApplicationType; import com.yahoo.config.model.deploy.DeployState; +import com.yahoo.config.provision.InstanceName; import com.yahoo.vespa.model.VespaModel; import com.yahoo.vespa.model.application.validation.Validator; import com.yahoo.vespa.model.container.Container; @@ -43,7 +44,8 @@ public class AccessControlValidator extends Validator { if (hasHandlerThatNeedsProtection(cluster) || ! cluster.getAllServlets().isEmpty()) offendingClusters.add(cluster.getName()); } - if (! offendingClusters.isEmpty()) + if (! offendingClusters.isEmpty() + && deployState.getApplicationPackage().getApplicationId().instance().equals(InstanceName.defaultName())) deployState.validationOverrides().invalid(ValidationId.accessControl, "Access-control must be enabled for write operations to container clusters in production zones: " + mkString(offendingClusters, "[", ", ", "]."), deployState.now()); |