Cleanup 'enable-dataplane-filter' feature flag

author: Bjørn Christian Seime <bjorncs@yahooinc.com> 2023-01-04 15:12:41 +0100
committer: Bjørn Christian Seime <bjorncs@yahooinc.com> 2023-01-04 16:25:51 +0100
commit: cb34e544c01fac09fe70b6ca2cc0c97293d066e7 (patch)
tree: e8f93e444c83f34cbe5fe4d9eb187dfcb6f17f41 /config-model
parent: 8fbcc378b4be4af4bea4aa2136731a61f185d1e7 (diff)
5 files changed, 8 insertions, 48 deletions
diff --git a/config-model/src/main/java/com/yahoo/config/model/deploy/TestProperties.java b/config-model/src/main/java/com/yahoo/config/model/deploy/TestProperties.java
index 328f1b19f10..6b8428a07ac 100644
--- a/config-model/src/main/java/com/yahoo/config/model/deploy/TestProperties.java
+++ b/config-model/src/main/java/com/yahoo/config/model/deploy/TestProperties.java
@@ -82,7 +82,6 @@ public class TestProperties implements ModelContext.Properties, ModelContext.Fea
     private Architecture adminClusterNodeResourcesArchitecture = Architecture.getDefault();
     private boolean useRestrictedDataPlaneBindings = false;
     private Optional<CloudAccount> cloudAccount = Optional.empty();
-    private boolean enableDataPlaneFilter = false;
 
     @Override public ModelContext.FeatureFlags featureFlags() { return this; }
     @Override public boolean multitenant() { return multitenant; }
@@ -138,7 +137,6 @@ public class TestProperties implements ModelContext.Properties, ModelContext.Fea
     @Override public boolean useTwoPhaseDocumentGc() { return useTwoPhaseDocumentGc; }
     @Override public boolean useRestrictedDataPlaneBindings() { return useRestrictedDataPlaneBindings; }
     @Override public Optional<CloudAccount> cloudAccount() { return cloudAccount; }
-    @Override public boolean enableDataPlaneFilter() { return enableDataPlaneFilter; }
 
     public TestProperties sharedStringRepoNoReclaim(boolean sharedStringRepoNoReclaim) {
         this.sharedStringRepoNoReclaim = sharedStringRepoNoReclaim;
@@ -368,11 +366,6 @@ public class TestProperties implements ModelContext.Properties, ModelContext.Fea
         return this;
     }
 
-    public TestProperties setEnableDataPlaneFilter(boolean enableDataPlaneFilter) {
-        this.enableDataPlaneFilter = enableDataPlaneFilter;
-        return this;
-    }
-
     public static class Spec implements ConfigServerSpec {
 
         private final String hostName;
diff --git a/config-model/src/main/java/com/yahoo/vespa/model/application/validation/CloudDataPlaneFilterValidator.java b/config-model/src/main/java/com/yahoo/vespa/model/application/validation/CloudDataPlaneFilterValidator.java
index 60705ad9b51..83f8ea7b510 100644
--- a/config-model/src/main/java/com/yahoo/vespa/model/application/validation/CloudDataPlaneFilterValidator.java
+++ b/config-model/src/main/java/com/yahoo/vespa/model/application/validation/CloudDataPlaneFilterValidator.java
@@ -25,7 +25,6 @@ public class CloudDataPlaneFilterValidator extends Validator {
     public void validate(VespaModel model, DeployState deployState) {
         if (!deployState.isHosted()) return;
         if (!deployState.zone().system().isPublic()) return;
-        if (!deployState.featureFlags().enableDataPlaneFilter()) return;
 
         validateUniqueCertificates(deployState);
     }
diff --git a/config-model/src/main/java/com/yahoo/vespa/model/container/xml/ContainerModelBuilder.java b/config-model/src/main/java/com/yahoo/vespa/model/container/xml/ContainerModelBuilder.java
index d3fb8837fcb..f48f91e8cd0 100644
--- a/config-model/src/main/java/com/yahoo/vespa/model/container/xml/ContainerModelBuilder.java
+++ b/config-model/src/main/java/com/yahoo/vespa/model/container/xml/ContainerModelBuilder.java
@@ -459,7 +459,7 @@ public class ContainerModelBuilder extends ConfigModelBuilder<ContainerModel> {
     }
 
     private static void addCloudDataPlaneFilter(DeployState deployState, ApplicationContainerCluster cluster) {
-        if (!deployState.isHosted() || !deployState.zone().system().isPublic() || !deployState.featureFlags().enableDataPlaneFilter()) return;
+        if (!deployState.isHosted() || !deployState.zone().system().isPublic()) return;
 
         // Setup secure filter chain
         var secureChain = new Chain<Filter>(FilterChains.emptyChainSpec(ComponentId.fromString("cloud-data-plane-secure")));
diff --git a/config-model/src/test/java/com/yahoo/vespa/model/application/validation/CloudDataPlaneFilterValidatorTest.java b/config-model/src/test/java/com/yahoo/vespa/model/application/validation/CloudDataPlaneFilterValidatorTest.java
index ed39260bdd2..515dd7cd75a 100644
--- a/config-model/src/test/java/com/yahoo/vespa/model/application/validation/CloudDataPlaneFilterValidatorTest.java
+++ b/config-model/src/test/java/com/yahoo/vespa/model/application/validation/CloudDataPlaneFilterValidatorTest.java
@@ -147,8 +147,7 @@ public class CloudDataPlaneFilterValidatorTest {
                 .properties(
                         new TestProperties()
                                 .setEndpointCertificateSecrets(Optional.of(new EndpointCertificateSecrets("CERT", "KEY")))
-                                .setHostedVespa(true)
-                                .setEnableDataPlaneFilter(true))
+                                .setHostedVespa(true))
                 .zone(new Zone(SystemName.PublicCd, Environment.dev, RegionName.defaultName()))
                 .build();
     }
diff --git a/config-model/src/test/java/com/yahoo/vespa/model/container/xml/CloudDataPlaneFilterTest.java b/config-model/src/test/java/com/yahoo/vespa/model/container/xml/CloudDataPlaneFilterTest.java
index 2490e3df72f..94d92b355f9 100644
--- a/config-model/src/test/java/com/yahoo/vespa/model/container/xml/CloudDataPlaneFilterTest.java
+++ b/config-model/src/test/java/com/yahoo/vespa/model/container/xml/CloudDataPlaneFilterTest.java
@@ -30,7 +30,6 @@ import javax.security.auth.x500.X500Principal;
 import java.io.File;
 import java.io.IOException;
 import java.math.BigInteger;
-import java.nio.charset.StandardCharsets;
 import java.nio.file.Files;
 import java.nio.file.Path;
 import java.security.KeyPair;
@@ -45,7 +44,6 @@ import static org.junit.jupiter.api.Assertions.assertFalse;
 import static org.junit.jupiter.api.Assertions.assertIterableEquals;
 import static org.junit.jupiter.api.Assertions.assertThrows;
 import static org.junit.jupiter.api.Assertions.assertTrue;
-import static org.junit.jupiter.api.Assertions.fail;
 
 public class CloudDataPlaneFilterTest extends ContainerModelBuilderTestBase {
 
@@ -78,7 +76,7 @@ public class CloudDataPlaneFilterTest extends ContainerModelBuilderTestBase {
                         .formatted(applicationFolder.toPath().relativize(certFile).toString()));
         X509Certificate certificate = createCertificate(certFile);
 
-        buildModel(true, clusterElem);
+        buildModel(clusterElem);
 
         CloudDataPlaneFilterConfig config = root.getConfig(CloudDataPlaneFilterConfig.class, cloudDataPlaneFilterConfigId);
         assertFalse(config.legacyMode());
@@ -106,7 +104,7 @@ public class CloudDataPlaneFilterTest extends ContainerModelBuilderTestBase {
         Element clusterElem = DomBuilderTest.parse("<container version='1.0' />");
         X509Certificate certificate = createCertificate(certFile);
 
-        buildModel(true, clusterElem);
+        buildModel(clusterElem);
 
         CloudDataPlaneFilterConfig config = root.getConfig(CloudDataPlaneFilterConfig.class, cloudDataPlaneFilterConfigId);
         assertTrue(config.legacyMode());
@@ -120,34 +118,6 @@ public class CloudDataPlaneFilterTest extends ContainerModelBuilderTestBase {
     }
 
     @Test
-    public void it_generates_correct_config_when_filter_not_enabled () throws IOException {
-        Path certFile = securityFolder.resolve("clients.pem");
-        Element clusterElem = DomBuilderTest.parse(
-                """ 
-                        <container version='1.0'>
-                          <clients>
-                            <client id="foo" permissions="read,write">
-                                <certificate file="%s"/>
-                            </client>
-                          </clients>
-                        </container>
-                        """
-                        .formatted(applicationFolder.toPath().relativize(certFile).toString()));
-        X509Certificate certificate = createCertificate(certFile);
-
-        buildModel(false, clusterElem);
-
-        // Data plane filter config is not configured
-        assertFalse(root.getConfigIds().contains("container/component/com.yahoo.jdisc.http.filter.security.cloud.CloudDataPlaneFilter"));
-
-        // Connector config configures ca certs from security/clients.pem
-        ConnectorConfig connectorConfig = connectorConfig();
-        var caCerts = X509CertificateUtils.certificateListFromPem(connectorConfig.ssl().caCertificate());
-        assertEquals(1, caCerts.size());
-        assertEquals(List.of(certificate), caCerts);
-    }
-
-    @Test
     public void it_rejects_files_without_certificates() throws IOException {
         Path certFile = securityFolder.resolve("foo.pem");
         Element clusterElem = DomBuilderTest.parse(
@@ -163,7 +133,7 @@ public class CloudDataPlaneFilterTest extends ContainerModelBuilderTestBase {
                         .formatted(applicationFolder.toPath().relativize(certFile).toString()));
         Files.writeString(certFile, "effectively empty");
 
-        IllegalArgumentException exception = assertThrows(IllegalArgumentException.class, () -> buildModel(true, clusterElem));
+        IllegalArgumentException exception = assertThrows(IllegalArgumentException.class, () -> buildModel(clusterElem));
         assertEquals("File security/foo.pem does not contain any certificates.", exception.getMessage());
     }
 
@@ -179,7 +149,7 @@ public class CloudDataPlaneFilterTest extends ContainerModelBuilderTestBase {
                           </clients>
                         </container>
                         """);
-        IllegalArgumentException exception = assertThrows(IllegalArgumentException.class, () -> buildModel(true, clusterElem));
+        IllegalArgumentException exception = assertThrows(IllegalArgumentException.class, () -> buildModel(clusterElem));
         assertEquals("Invalid client id '_foo', id cannot start with '_'", exception.getMessage());
     }
 
@@ -209,7 +179,7 @@ public class CloudDataPlaneFilterTest extends ContainerModelBuilderTestBase {
         return certificate;
     }
 
-    public List<ContainerModel> buildModel(boolean enableFilter, Element... clusterElem) {
+    public List<ContainerModel> buildModel(Element... clusterElem) {
         var applicationPackage = new MockApplicationPackage.Builder()
                 .withRoot(applicationFolder)
                 .build();
@@ -219,8 +189,7 @@ public class CloudDataPlaneFilterTest extends ContainerModelBuilderTestBase {
                 .properties(
                         new TestProperties()
                                 .setEndpointCertificateSecrets(Optional.of(new EndpointCertificateSecrets("CERT", "KEY")))
-                                .setHostedVespa(true)
-                                .setEnableDataPlaneFilter(enableFilter))
+                                .setHostedVespa(true))
                 .zone(new Zone(SystemName.PublicCd, Environment.dev, RegionName.defaultName()))
                 .build();
         return createModel(root, state, null, clusterElem);
author	Bjørn Christian Seime <bjorncs@yahooinc.com>	2023-01-04 15:12:41 +0100
committer	Bjørn Christian Seime <bjorncs@yahooinc.com>	2023-01-04 16:25:51 +0100
commit	cb34e544c01fac09fe70b6ca2cc0c97293d066e7 (patch)
tree	e8f93e444c83f34cbe5fe4d9eb187dfcb6f17f41 /config-model
parent	8fbcc378b4be4af4bea4aa2136731a61f185d1e7 (diff)