diff options
author | gjoranv <gv@oath.com> | 2018-03-19 15:22:36 +0100 |
---|---|---|
committer | gjoranv <gv@oath.com> | 2018-03-19 15:37:42 +0100 |
commit | 6e4c8d474fe4ab802bd5602069d4fd1ca0f6ffa1 (patch) | |
tree | ac60d25b1b7d39acbd7b23370f75d2af7921b373 /config-model | |
parent | 6a3c6ba874bd1977829f030d9d6f03f783f9e184 (diff) |
Skip validation of non-user applications.
Diffstat (limited to 'config-model')
2 files changed, 30 insertions, 16 deletions
diff --git a/config-model/src/main/java/com/yahoo/vespa/model/application/validation/first/AccessControlValidator.java b/config-model/src/main/java/com/yahoo/vespa/model/application/validation/first/AccessControlValidator.java index 6e53634639c..26a1478d0a7 100644 --- a/config-model/src/main/java/com/yahoo/vespa/model/application/validation/first/AccessControlValidator.java +++ b/config-model/src/main/java/com/yahoo/vespa/model/application/validation/first/AccessControlValidator.java @@ -1,6 +1,7 @@ // Copyright 2018 Yahoo Holdings. Licensed under the terms of the Apache 2.0 license. See LICENSE in the project root. package com.yahoo.vespa.model.application.validation.first; +import com.yahoo.config.model.ConfigModelContext.ApplicationType; import com.yahoo.config.model.deploy.DeployState; import com.yahoo.vespa.model.VespaModel; import com.yahoo.vespa.model.application.validation.Validator; @@ -23,23 +24,23 @@ public class AccessControlValidator extends Validator { @Override public void validate(VespaModel model, DeployState deployState) { - // TODO: what about zone application? (HOSTED_INFRASTRUCTURE) - - if (deployState.isHosted() && deployState.zone().environment().isProduction()) { - List<String> offendingClusters = new ArrayList<>(); - for (ContainerCluster cluster : model.getContainerClusters().values()) { - if (cluster.getHttp() == null - || ! cluster.getHttp().getAccessControl().isPresent() - || ! cluster.getHttp().getAccessControl().get().writeEnabled) - - if (hasHandlerThatNeedsProtection(cluster) || ! cluster.getAllServlets().isEmpty()) - offendingClusters.add(cluster.getName()); - } - if (! offendingClusters.isEmpty()) - throw new IllegalArgumentException( - "Access-control must be enabled for write operations to container clusters in production zones: " + - mkString(offendingClusters, "[", ", ", "].")); + if (! deployState.isHosted()) return; + if (! deployState.zone().environment().isProduction()) return; + if (model.getAdmin().getApplicationType() != ApplicationType.DEFAULT) return; + + List<String> offendingClusters = new ArrayList<>(); + for (ContainerCluster cluster : model.getContainerClusters().values()) { + if (cluster.getHttp() == null + || ! cluster.getHttp().getAccessControl().isPresent() + || ! cluster.getHttp().getAccessControl().get().writeEnabled) + + if (hasHandlerThatNeedsProtection(cluster) || ! cluster.getAllServlets().isEmpty()) + offendingClusters.add(cluster.getName()); } + if (! offendingClusters.isEmpty()) + throw new IllegalArgumentException( + "Access-control must be enabled for write operations to container clusters in production zones: " + + mkString(offendingClusters, "[", ", ", "].")); } private boolean hasHandlerThatNeedsProtection(ContainerCluster cluster) { diff --git a/config-model/src/test/java/com/yahoo/vespa/model/application/validation/first/AccessControlValidatorTest.java b/config-model/src/test/java/com/yahoo/vespa/model/application/validation/first/AccessControlValidatorTest.java index a313aa1051d..4845d66aeda 100644 --- a/config-model/src/test/java/com/yahoo/vespa/model/application/validation/first/AccessControlValidatorTest.java +++ b/config-model/src/test/java/com/yahoo/vespa/model/application/validation/first/AccessControlValidatorTest.java @@ -117,6 +117,19 @@ public class AccessControlValidatorTest { new AccessControlValidator().validate(model, deployState); } + @Test + public void write_protection_is_not_required_for_non_default_application_type() throws IOException, SAXException{ + String servicesXml = joinLines("<services version='1.0' application-type='hosted-infrastructure'>", + " <container id='default' version='1.0'>", + httpHandlerXml, + " </container>", + "</services>"); + DeployState deployState = deployState(servicesXml); + VespaModel model = new VespaModel(new NullConfigModelRegistry(), deployState); + + new AccessControlValidator().validate(model, deployState); + } + private static DeployState deployState(String servicesXml) { ApplicationPackage app = new MockApplicationPackage.Builder() .withServices(servicesXml) |