diff options
author | Bjørn Christian Seime <bjorncs@yahooinc.com> | 2023-01-04 15:12:41 +0100 |
---|---|---|
committer | Bjørn Christian Seime <bjorncs@yahooinc.com> | 2023-01-04 16:25:51 +0100 |
commit | cb34e544c01fac09fe70b6ca2cc0c97293d066e7 (patch) | |
tree | e8f93e444c83f34cbe5fe4d9eb187dfcb6f17f41 /config-model | |
parent | 8fbcc378b4be4af4bea4aa2136731a61f185d1e7 (diff) |
Cleanup 'enable-dataplane-filter' feature flag
Diffstat (limited to 'config-model')
5 files changed, 8 insertions, 48 deletions
diff --git a/config-model/src/main/java/com/yahoo/config/model/deploy/TestProperties.java b/config-model/src/main/java/com/yahoo/config/model/deploy/TestProperties.java index 328f1b19f10..6b8428a07ac 100644 --- a/config-model/src/main/java/com/yahoo/config/model/deploy/TestProperties.java +++ b/config-model/src/main/java/com/yahoo/config/model/deploy/TestProperties.java @@ -82,7 +82,6 @@ public class TestProperties implements ModelContext.Properties, ModelContext.Fea private Architecture adminClusterNodeResourcesArchitecture = Architecture.getDefault(); private boolean useRestrictedDataPlaneBindings = false; private Optional<CloudAccount> cloudAccount = Optional.empty(); - private boolean enableDataPlaneFilter = false; @Override public ModelContext.FeatureFlags featureFlags() { return this; } @Override public boolean multitenant() { return multitenant; } @@ -138,7 +137,6 @@ public class TestProperties implements ModelContext.Properties, ModelContext.Fea @Override public boolean useTwoPhaseDocumentGc() { return useTwoPhaseDocumentGc; } @Override public boolean useRestrictedDataPlaneBindings() { return useRestrictedDataPlaneBindings; } @Override public Optional<CloudAccount> cloudAccount() { return cloudAccount; } - @Override public boolean enableDataPlaneFilter() { return enableDataPlaneFilter; } public TestProperties sharedStringRepoNoReclaim(boolean sharedStringRepoNoReclaim) { this.sharedStringRepoNoReclaim = sharedStringRepoNoReclaim; @@ -368,11 +366,6 @@ public class TestProperties implements ModelContext.Properties, ModelContext.Fea return this; } - public TestProperties setEnableDataPlaneFilter(boolean enableDataPlaneFilter) { - this.enableDataPlaneFilter = enableDataPlaneFilter; - return this; - } - public static class Spec implements ConfigServerSpec { private final String hostName; diff --git a/config-model/src/main/java/com/yahoo/vespa/model/application/validation/CloudDataPlaneFilterValidator.java b/config-model/src/main/java/com/yahoo/vespa/model/application/validation/CloudDataPlaneFilterValidator.java index 60705ad9b51..83f8ea7b510 100644 --- a/config-model/src/main/java/com/yahoo/vespa/model/application/validation/CloudDataPlaneFilterValidator.java +++ b/config-model/src/main/java/com/yahoo/vespa/model/application/validation/CloudDataPlaneFilterValidator.java @@ -25,7 +25,6 @@ public class CloudDataPlaneFilterValidator extends Validator { public void validate(VespaModel model, DeployState deployState) { if (!deployState.isHosted()) return; if (!deployState.zone().system().isPublic()) return; - if (!deployState.featureFlags().enableDataPlaneFilter()) return; validateUniqueCertificates(deployState); } diff --git a/config-model/src/main/java/com/yahoo/vespa/model/container/xml/ContainerModelBuilder.java b/config-model/src/main/java/com/yahoo/vespa/model/container/xml/ContainerModelBuilder.java index d3fb8837fcb..f48f91e8cd0 100644 --- a/config-model/src/main/java/com/yahoo/vespa/model/container/xml/ContainerModelBuilder.java +++ b/config-model/src/main/java/com/yahoo/vespa/model/container/xml/ContainerModelBuilder.java @@ -459,7 +459,7 @@ public class ContainerModelBuilder extends ConfigModelBuilder<ContainerModel> { } private static void addCloudDataPlaneFilter(DeployState deployState, ApplicationContainerCluster cluster) { - if (!deployState.isHosted() || !deployState.zone().system().isPublic() || !deployState.featureFlags().enableDataPlaneFilter()) return; + if (!deployState.isHosted() || !deployState.zone().system().isPublic()) return; // Setup secure filter chain var secureChain = new Chain<Filter>(FilterChains.emptyChainSpec(ComponentId.fromString("cloud-data-plane-secure"))); diff --git a/config-model/src/test/java/com/yahoo/vespa/model/application/validation/CloudDataPlaneFilterValidatorTest.java b/config-model/src/test/java/com/yahoo/vespa/model/application/validation/CloudDataPlaneFilterValidatorTest.java index ed39260bdd2..515dd7cd75a 100644 --- a/config-model/src/test/java/com/yahoo/vespa/model/application/validation/CloudDataPlaneFilterValidatorTest.java +++ b/config-model/src/test/java/com/yahoo/vespa/model/application/validation/CloudDataPlaneFilterValidatorTest.java @@ -147,8 +147,7 @@ public class CloudDataPlaneFilterValidatorTest { .properties( new TestProperties() .setEndpointCertificateSecrets(Optional.of(new EndpointCertificateSecrets("CERT", "KEY"))) - .setHostedVespa(true) - .setEnableDataPlaneFilter(true)) + .setHostedVespa(true)) .zone(new Zone(SystemName.PublicCd, Environment.dev, RegionName.defaultName())) .build(); } diff --git a/config-model/src/test/java/com/yahoo/vespa/model/container/xml/CloudDataPlaneFilterTest.java b/config-model/src/test/java/com/yahoo/vespa/model/container/xml/CloudDataPlaneFilterTest.java index 2490e3df72f..94d92b355f9 100644 --- a/config-model/src/test/java/com/yahoo/vespa/model/container/xml/CloudDataPlaneFilterTest.java +++ b/config-model/src/test/java/com/yahoo/vespa/model/container/xml/CloudDataPlaneFilterTest.java @@ -30,7 +30,6 @@ import javax.security.auth.x500.X500Principal; import java.io.File; import java.io.IOException; import java.math.BigInteger; -import java.nio.charset.StandardCharsets; import java.nio.file.Files; import java.nio.file.Path; import java.security.KeyPair; @@ -45,7 +44,6 @@ import static org.junit.jupiter.api.Assertions.assertFalse; import static org.junit.jupiter.api.Assertions.assertIterableEquals; import static org.junit.jupiter.api.Assertions.assertThrows; import static org.junit.jupiter.api.Assertions.assertTrue; -import static org.junit.jupiter.api.Assertions.fail; public class CloudDataPlaneFilterTest extends ContainerModelBuilderTestBase { @@ -78,7 +76,7 @@ public class CloudDataPlaneFilterTest extends ContainerModelBuilderTestBase { .formatted(applicationFolder.toPath().relativize(certFile).toString())); X509Certificate certificate = createCertificate(certFile); - buildModel(true, clusterElem); + buildModel(clusterElem); CloudDataPlaneFilterConfig config = root.getConfig(CloudDataPlaneFilterConfig.class, cloudDataPlaneFilterConfigId); assertFalse(config.legacyMode()); @@ -106,7 +104,7 @@ public class CloudDataPlaneFilterTest extends ContainerModelBuilderTestBase { Element clusterElem = DomBuilderTest.parse("<container version='1.0' />"); X509Certificate certificate = createCertificate(certFile); - buildModel(true, clusterElem); + buildModel(clusterElem); CloudDataPlaneFilterConfig config = root.getConfig(CloudDataPlaneFilterConfig.class, cloudDataPlaneFilterConfigId); assertTrue(config.legacyMode()); @@ -120,34 +118,6 @@ public class CloudDataPlaneFilterTest extends ContainerModelBuilderTestBase { } @Test - public void it_generates_correct_config_when_filter_not_enabled () throws IOException { - Path certFile = securityFolder.resolve("clients.pem"); - Element clusterElem = DomBuilderTest.parse( - """ - <container version='1.0'> - <clients> - <client id="foo" permissions="read,write"> - <certificate file="%s"/> - </client> - </clients> - </container> - """ - .formatted(applicationFolder.toPath().relativize(certFile).toString())); - X509Certificate certificate = createCertificate(certFile); - - buildModel(false, clusterElem); - - // Data plane filter config is not configured - assertFalse(root.getConfigIds().contains("container/component/com.yahoo.jdisc.http.filter.security.cloud.CloudDataPlaneFilter")); - - // Connector config configures ca certs from security/clients.pem - ConnectorConfig connectorConfig = connectorConfig(); - var caCerts = X509CertificateUtils.certificateListFromPem(connectorConfig.ssl().caCertificate()); - assertEquals(1, caCerts.size()); - assertEquals(List.of(certificate), caCerts); - } - - @Test public void it_rejects_files_without_certificates() throws IOException { Path certFile = securityFolder.resolve("foo.pem"); Element clusterElem = DomBuilderTest.parse( @@ -163,7 +133,7 @@ public class CloudDataPlaneFilterTest extends ContainerModelBuilderTestBase { .formatted(applicationFolder.toPath().relativize(certFile).toString())); Files.writeString(certFile, "effectively empty"); - IllegalArgumentException exception = assertThrows(IllegalArgumentException.class, () -> buildModel(true, clusterElem)); + IllegalArgumentException exception = assertThrows(IllegalArgumentException.class, () -> buildModel(clusterElem)); assertEquals("File security/foo.pem does not contain any certificates.", exception.getMessage()); } @@ -179,7 +149,7 @@ public class CloudDataPlaneFilterTest extends ContainerModelBuilderTestBase { </clients> </container> """); - IllegalArgumentException exception = assertThrows(IllegalArgumentException.class, () -> buildModel(true, clusterElem)); + IllegalArgumentException exception = assertThrows(IllegalArgumentException.class, () -> buildModel(clusterElem)); assertEquals("Invalid client id '_foo', id cannot start with '_'", exception.getMessage()); } @@ -209,7 +179,7 @@ public class CloudDataPlaneFilterTest extends ContainerModelBuilderTestBase { return certificate; } - public List<ContainerModel> buildModel(boolean enableFilter, Element... clusterElem) { + public List<ContainerModel> buildModel(Element... clusterElem) { var applicationPackage = new MockApplicationPackage.Builder() .withRoot(applicationFolder) .build(); @@ -219,8 +189,7 @@ public class CloudDataPlaneFilterTest extends ContainerModelBuilderTestBase { .properties( new TestProperties() .setEndpointCertificateSecrets(Optional.of(new EndpointCertificateSecrets("CERT", "KEY"))) - .setHostedVespa(true) - .setEnableDataPlaneFilter(enableFilter)) + .setHostedVespa(true)) .zone(new Zone(SystemName.PublicCd, Environment.dev, RegionName.defaultName())) .build(); return createModel(root, state, null, clusterElem); |