diff options
| author | Morten Tokle <mortent@verizonmedia.com> | 2021-02-19 09:10:27 +0100 |
|---|---|---|
| committer | Morten Tokle <mortent@verizonmedia.com> | 2021-02-19 09:10:27 +0100 |
| commit | 356332d05693f6109e4a5ece8a63a0190f1cdaa0 (patch) | |
| tree | 65bcd79bd65ec035543e6c7be307fee227d03d02 /config-model | |
| parent | 0be286e9026e96f8a1b032a2f2a08e943cf771ec (diff) | |
Configure filter correctly when no endpoints given
Diffstat (limited to 'config-model')
2 files changed, 55 insertions, 10 deletions
diff --git a/config-model/src/main/java/com/yahoo/vespa/model/container/http/BlockFeedGlobalEndpointsFilter.java b/config-model/src/main/java/com/yahoo/vespa/model/container/http/BlockFeedGlobalEndpointsFilter.java index 8a3c8e7d336..1d9bf053331 100644 --- a/config-model/src/main/java/com/yahoo/vespa/model/container/http/BlockFeedGlobalEndpointsFilter.java +++ b/config-model/src/main/java/com/yahoo/vespa/model/container/http/BlockFeedGlobalEndpointsFilter.java @@ -42,16 +42,18 @@ public class BlockFeedGlobalEndpointsFilter extends Filter implements RuleBasedF Set<String> hostNames = endpoints.stream() .flatMap(e -> e.names().stream()) .collect(Collectors.toSet()); - RuleBasedFilterConfig.Rule.Builder rule = new RuleBasedFilterConfig.Rule.Builder() - .hostNames(hostNames) - .pathExpressions(ContainerCluster.RESERVED_URI_PREFIX + "/{*}") - .pathExpressions(ContainerDocumentApi.DOCUMENT_V1_PREFIX + "/{*}") - .methods(List.of(PUT, POST, DELETE)) - .action(BLOCK) - .name("block-feed-global-endpoints") - .blockResponseMessage("Feed to global endpoints are not allowed") - .blockResponseCode(404); - builder.rule(rule); + if(hostNames.size() > 0) { + RuleBasedFilterConfig.Rule.Builder rule = new RuleBasedFilterConfig.Rule.Builder() + .hostNames(hostNames) + .pathExpressions(ContainerCluster.RESERVED_URI_PREFIX + "/{*}") + .pathExpressions(ContainerDocumentApi.DOCUMENT_V1_PREFIX + "/{*}") + .methods(List.of(PUT, POST, DELETE)) + .action(BLOCK) + .name("block-feed-global-endpoints") + .blockResponseMessage("Feed to global endpoints are not allowed") + .blockResponseCode(404); + builder.rule(rule); + } builder.dryrun(dryRun); builder.defaultRule.action(ALLOW); } diff --git a/config-model/src/test/java/com/yahoo/vespa/model/container/http/BlockFeedGlobalEndpointsFilterTest.java b/config-model/src/test/java/com/yahoo/vespa/model/container/http/BlockFeedGlobalEndpointsFilterTest.java new file mode 100644 index 00000000000..deca2fda21c --- /dev/null +++ b/config-model/src/test/java/com/yahoo/vespa/model/container/http/BlockFeedGlobalEndpointsFilterTest.java @@ -0,0 +1,43 @@ +// Copyright Verizon Media. Licensed under the terms of the Apache 2.0 license. See LICENSE in the project root. + +package com.yahoo.vespa.model.container.http; + +import com.yahoo.config.model.api.ContainerEndpoint; +import com.yahoo.jdisc.http.filter.security.rule.RuleBasedFilterConfig; +import org.hamcrest.Matchers; +import org.junit.Assert; +import org.junit.Test; + +import java.util.Collections; +import java.util.List; +import java.util.Set; + +import static org.junit.Assert.assertEquals; +import static org.junit.Assert.assertThat; + +public class BlockFeedGlobalEndpointsFilterTest { + + @Test + public void setup_blocking_rule_when_endpoints_is_non_empty() { + var endpoints = Set.of(new ContainerEndpoint("default", List.of("foo", "bar"))); + var filter = new BlockFeedGlobalEndpointsFilter(endpoints, true); + var config = getConfig(filter); + assertEquals(1, config.rule().size()); + var rule = config.rule().get(0); + assertThat(rule.hostNames(), Matchers.containsInAnyOrder("foo", "bar")); + assertEquals(rule.action(), RuleBasedFilterConfig.Rule.Action.Enum.BLOCK); + } + + @Test + public void does_not_setup_blocking_rule_when_endpoints_empty() { + var filter = new BlockFeedGlobalEndpointsFilter(Collections.emptySet(), true); + var config = getConfig(filter); + assertEquals(0, config.rule().size()); + } + + private RuleBasedFilterConfig getConfig(BlockFeedGlobalEndpointsFilter filter) { + var configBuilder = new RuleBasedFilterConfig.Builder(); + filter.getConfig(configBuilder); + return configBuilder.build(); + } +} |