diff options
author | Harald Musum <musum@verizonmedia.com> | 2021-01-12 16:41:40 +0100 |
---|---|---|
committer | GitHub <noreply@github.com> | 2021-01-12 16:41:40 +0100 |
commit | 4ef7df9811a221ccf50627cdb09ffcd6d5b70e46 (patch) | |
tree | 2f44161613e939c927dc6997c0c54820ce4e467a /configserver/src/main/java/com/yahoo/vespa/config/server/rpc/security/MultiTenantRpcAuthorizer.java | |
parent | 3af508945a49a03494e91aba2934d6bade6141cc (diff) |
Revert "Revert "Reapply "Remove unnecessary component" [run-systemtest]"""
Diffstat (limited to 'configserver/src/main/java/com/yahoo/vespa/config/server/rpc/security/MultiTenantRpcAuthorizer.java')
-rw-r--r-- | configserver/src/main/java/com/yahoo/vespa/config/server/rpc/security/MultiTenantRpcAuthorizer.java | 18 |
1 files changed, 8 insertions, 10 deletions
diff --git a/configserver/src/main/java/com/yahoo/vespa/config/server/rpc/security/MultiTenantRpcAuthorizer.java b/configserver/src/main/java/com/yahoo/vespa/config/server/rpc/security/MultiTenantRpcAuthorizer.java index 49a8df3d0e4..8353e3fab1f 100644 --- a/configserver/src/main/java/com/yahoo/vespa/config/server/rpc/security/MultiTenantRpcAuthorizer.java +++ b/configserver/src/main/java/com/yahoo/vespa/config/server/rpc/security/MultiTenantRpcAuthorizer.java @@ -1,4 +1,4 @@ -// Copyright 2019 Oath Inc. Licensed under the terms of the Apache 2.0 license. See LICENSE in the project root. +// Copyright Verizon Media. Licensed under the terms of the Apache 2.0 license. See LICENSE in the project root. package com.yahoo.vespa.config.server.rpc.security; import com.yahoo.cloud.config.SentinelConfig; @@ -16,7 +16,6 @@ import com.yahoo.security.tls.TransportSecurityUtils; import com.yahoo.vespa.config.ConfigKey; import com.yahoo.vespa.config.protocol.JRTServerConfigRequestV3; import com.yahoo.vespa.config.server.RequestHandler; -import com.yahoo.vespa.config.server.host.HostRegistries; import com.yahoo.vespa.config.server.host.HostRegistry; import com.yahoo.vespa.config.server.rpc.RequestHandlerProvider; @@ -34,7 +33,6 @@ import java.util.logging.Logger; import static com.yahoo.vespa.config.server.rpc.security.AuthorizationException.Type; import static com.yahoo.yolean.Exceptions.throwUnchecked; - /** * A {@link RpcAuthorizer} that perform access control for configserver RPC methods when TLS and multi-tenant mode are enabled. * @@ -45,22 +43,22 @@ public class MultiTenantRpcAuthorizer implements RpcAuthorizer { private static final Logger log = Logger.getLogger(MultiTenantRpcAuthorizer.class.getName()); private final NodeIdentifier nodeIdentifier; - private final HostRegistry<TenantName> hostRegistry; + private final HostRegistry hostRegistry; private final RequestHandlerProvider handlerProvider; private final Executor executor; public MultiTenantRpcAuthorizer(NodeIdentifier nodeIdentifier, - HostRegistries hostRegistries, + HostRegistry hostRegistry, RequestHandlerProvider handlerProvider, int threadPoolSize) { this(nodeIdentifier, - hostRegistries.getTenantHostRegistry(), + hostRegistry, handlerProvider, Executors.newFixedThreadPool(threadPoolSize, new DaemonThreadFactory("multi-tenant-rpc-authorizer-"))); } MultiTenantRpcAuthorizer(NodeIdentifier nodeIdentifier, - HostRegistry<TenantName> hostRegistry, + HostRegistry hostRegistry, RequestHandlerProvider handlerProvider, Executor executor) { this.nodeIdentifier = nodeIdentifier; @@ -108,14 +106,14 @@ public class MultiTenantRpcAuthorizer implements RpcAuthorizer { return; // global config access ok } else { String hostname = configRequest.getClientHostName(); - Optional<TenantName> tenantName = Optional.ofNullable(hostRegistry.getKeyForHost(hostname)); - if (tenantName.isEmpty()) { + ApplicationId applicationId = hostRegistry.getKeyForHost(hostname); + if (applicationId == null) { if (isConfigKeyForSentinelConfig(configKey)) { return; // config processor will return empty sentinel config for unknown nodes } throw new AuthorizationException(Type.SILENT, String.format("Host '%s' not found in host registry for [%s]", hostname, configKey)); } - RequestHandler tenantHandler = getTenantHandler(tenantName.get()); + RequestHandler tenantHandler = getTenantHandler(applicationId.tenant()); ApplicationId resolvedApplication = tenantHandler.resolveApplicationId(hostname); ApplicationId peerOwner = applicationId(peerIdentity); if (peerOwner.equals(resolvedApplication)) { |