diff options
author | Øyvind Grønnesby <oyving@verizonmedia.com> | 2019-08-13 14:05:40 +0200 |
---|---|---|
committer | Øyvind Grønnesby <oyving@verizonmedia.com> | 2019-08-13 14:05:40 +0200 |
commit | 8e9e48809ded9fe9178e620b7985f5e63ccf570d (patch) | |
tree | 55e36e0a6c96f56d19713b3584d6209cf0802bcd /config-model | |
parent | f68fae7329b21c87793909c1638b210a6784ca3e (diff) |
Check that we are configured to use certificates to validate
Diffstat (limited to 'config-model')
2 files changed, 17 insertions, 0 deletions
diff --git a/config-model/src/main/java/com/yahoo/vespa/model/container/ApplicationContainerCluster.java b/config-model/src/main/java/com/yahoo/vespa/model/container/ApplicationContainerCluster.java index 5656299b302..2b9cd18d64b 100644 --- a/config-model/src/main/java/com/yahoo/vespa/model/container/ApplicationContainerCluster.java +++ b/config-model/src/main/java/com/yahoo/vespa/model/container/ApplicationContainerCluster.java @@ -57,6 +57,7 @@ public final class ApplicationContainerCluster extends ContainerCluster<Applicat private Optional<TlsSecrets> tlsSecrets; private Optional<String> tlsClientAuthority; + private boolean useTlsClientAuthority = false; private final boolean enableGroupingSessionCache; private MbusParams mbusParams; @@ -211,6 +212,10 @@ public final class ApplicationContainerCluster extends ContainerCluster<Applicat null)))); } + public void useTlsClientAuthority(boolean value) { + this.useTlsClientAuthority = value; + } + public static class MbusParams { // the amount of the maxpendingbytes to process concurrently, typically 0.2 (20%) final Double maxConcurrentFactor; diff --git a/config-model/src/main/java/com/yahoo/vespa/model/container/xml/ContainerModelBuilder.java b/config-model/src/main/java/com/yahoo/vespa/model/container/xml/ContainerModelBuilder.java index a7a4e0fb540..70f49e60136 100644 --- a/config-model/src/main/java/com/yahoo/vespa/model/container/xml/ContainerModelBuilder.java +++ b/config-model/src/main/java/com/yahoo/vespa/model/container/xml/ContainerModelBuilder.java @@ -192,9 +192,21 @@ public class ContainerModelBuilder extends ConfigModelBuilder<ContainerModel> { addClientProviders(deployState, spec, cluster); addServerProviders(deployState, spec, cluster); + addTlsClientAuthority(deployState, spec, cluster); + addAthensCopperArgos(cluster, context); // Must be added after nodes. } + private void addTlsClientAuthority(DeployState deployState, Element spec, ApplicationContainerCluster cluster) { + var clientAuthorized = XML.getChild(spec, "client-authorize"); + if (clientAuthorized != null && deployState.tlsClientAuthority().isEmpty()) { + if (deployState.tlsClientAuthority().isEmpty()) { + throw new RuntimeException("client-authorize set, but security/clients.pem is missing"); + } + cluster.useTlsClientAuthority(true); + } + } + private void addSecretStore(ApplicationContainerCluster cluster, Element spec) { Element secretStoreElement = XML.getChild(spec, "secret-store"); if (secretStoreElement != null) { |