diff options
author | Bjørn Christian Seime <bjorncs@verizonmedia.com> | 2019-05-21 20:12:19 +0200 |
---|---|---|
committer | Bjørn Christian Seime <bjorncs@verizonmedia.com> | 2019-05-21 20:12:19 +0200 |
commit | bbb3cfe7da8c4ac492ac62d1c00ec3aaf9751b00 (patch) | |
tree | 5df7187604e7a0c834ca13a63aa2bd9d3bb00a70 /configserver | |
parent | 062aeb883489e3c5b7c4860aea42a0880c46e18c (diff) |
Revert "Wire in RpcAuthorizer to RpcServer"
This reverts commit 72e11e84e405cefb4e010091ead4148f6525181f.
Diffstat (limited to 'configserver')
7 files changed, 17 insertions, 93 deletions
diff --git a/configserver/src/main/java/com/yahoo/vespa/config/server/rpc/RpcServer.java b/configserver/src/main/java/com/yahoo/vespa/config/server/rpc/RpcServer.java index b12bfbf68a2..14c48687a40 100644 --- a/configserver/src/main/java/com/yahoo/vespa/config/server/rpc/RpcServer.java +++ b/configserver/src/main/java/com/yahoo/vespa/config/server/rpc/RpcServer.java @@ -3,12 +3,12 @@ package com.yahoo.vespa.config.server.rpc; import com.google.inject.Inject; import com.yahoo.cloud.config.ConfigserverConfig; -import com.yahoo.component.Version; import com.yahoo.concurrent.ThreadFactoryFactory; import com.yahoo.config.FileReference; import com.yahoo.config.provision.ApplicationId; import com.yahoo.config.provision.HostLivenessTracker; import com.yahoo.config.provision.TenantName; +import com.yahoo.component.Version; import com.yahoo.jrt.Acceptor; import com.yahoo.jrt.DataValue; import com.yahoo.jrt.Int32Value; @@ -28,17 +28,16 @@ import com.yahoo.vespa.config.protocol.ConfigResponse; import com.yahoo.vespa.config.protocol.JRTServerConfigRequest; import com.yahoo.vespa.config.protocol.JRTServerConfigRequestV3; import com.yahoo.vespa.config.protocol.Trace; -import com.yahoo.vespa.config.server.GetConfigContext; -import com.yahoo.vespa.config.server.ReloadListener; -import com.yahoo.vespa.config.server.RequestHandler; import com.yahoo.vespa.config.server.SuperModelRequestHandler; import com.yahoo.vespa.config.server.application.ApplicationSet; +import com.yahoo.vespa.config.server.GetConfigContext; import com.yahoo.vespa.config.server.filedistribution.FileServer; import com.yahoo.vespa.config.server.host.HostRegistries; import com.yahoo.vespa.config.server.host.HostRegistry; +import com.yahoo.vespa.config.server.ReloadListener; +import com.yahoo.vespa.config.server.RequestHandler; import com.yahoo.vespa.config.server.monitoring.MetricUpdater; import com.yahoo.vespa.config.server.monitoring.MetricUpdaterFactory; -import com.yahoo.vespa.config.server.rpc.security.RpcAuthorizer; import com.yahoo.vespa.config.server.tenant.TenantHandlerProvider; import com.yahoo.vespa.config.server.tenant.TenantListener; import com.yahoo.vespa.config.server.tenant.TenantRepository; @@ -100,7 +99,6 @@ public class RpcServer implements Runnable, ReloadListener, TenantListener { private final MetricUpdaterFactory metricUpdaterFactory; private final HostLivenessTracker hostLivenessTracker; private final FileServer fileServer; - private final RpcAuthorizer rpcAuthorizer; private final ThreadPoolExecutor executorService; private final FileDownloader downloader; @@ -123,7 +121,7 @@ public class RpcServer implements Runnable, ReloadListener, TenantListener { @Inject public RpcServer(ConfigserverConfig config, SuperModelRequestHandler superModelRequestHandler, MetricUpdaterFactory metrics, HostRegistries hostRegistries, - HostLivenessTracker hostLivenessTracker, FileServer fileServer, RpcAuthorizer rpcAuthorizer) { + HostLivenessTracker hostLivenessTracker, FileServer fileServer) { this.superModelRequestHandler = superModelRequestHandler; metricUpdaterFactory = metrics; supervisor.setMaxOutputBufferSize(config.maxoutputbuffersize()); @@ -142,7 +140,6 @@ public class RpcServer implements Runnable, ReloadListener, TenantListener { this.hostedVespa = config.hostedVespa(); this.canReturnEmptySentinelConfig = config.canReturnEmptySentinelConfig(); this.fileServer = fileServer; - this.rpcAuthorizer = rpcAuthorizer; downloader = fileServer.downloader(); setUpHandlers(); } @@ -156,8 +153,7 @@ public class RpcServer implements Runnable, ReloadListener, TenantListener { log.log(LogLevel.SPAM, getConfigMethodName); } req.detach(); - rpcAuthorizer.authorizeConfigRequest(req) - .thenRun(() -> addToRequestQueue(JRTServerConfigRequestV3.createFromRequest(req))); + addToRequestQueue(JRTServerConfigRequestV3.createFromRequest(req)); } /** @@ -547,24 +543,17 @@ public class RpcServer implements Runnable, ReloadListener, TenantListener { public final void serveFile(Request request) { request.detach(); - rpcAuthorizer.authorizeFileRequest(request) - .thenRun(() -> { // okay to do in authorizer thread as serveFile is async - FileServer.Receiver receiver = new ChunkedFileReceiver(request.target()); - fileServer.serveFile(request.parameters().get(0).asString(), request.parameters().get(1).asInt32() == 0, request, receiver); - }); + FileServer.Receiver receiver = new ChunkedFileReceiver(request.target()); + fileServer.serveFile(request.parameters().get(0).asString(), request.parameters().get(1).asInt32() == 0, request, receiver); } public final void setFileReferencesToDownload(Request req) { - req.detach(); - rpcAuthorizer.authorizeFileRequest(req) - .thenRun(() -> { // okay to do in authorizer thread as downloadIfNeeded is async - String[] fileReferenceStrings = req.parameters().get(0).asStringArray(); - Stream.of(fileReferenceStrings) - .map(FileReference::new) - .forEach(fileReference -> downloader.downloadIfNeeded( - new FileReferenceDownload(fileReference, false /* downloadFromOtherSourceIfNotFound */))); - req.returnValues().add(new Int32Value(0)); - }); + String[] fileReferenceStrings = req.parameters().get(0).asStringArray(); + Stream.of(fileReferenceStrings) + .map(FileReference::new) + .forEach(fileReference -> downloader.downloadIfNeeded( + new FileReferenceDownload(fileReference, false /* downloadFromOtherSourceIfNotFound */))); + req.returnValues().add(new Int32Value(0)); } HostLivenessTracker hostLivenessTracker() { diff --git a/configserver/src/main/java/com/yahoo/vespa/config/server/rpc/security/DefaultRpcAuthorizerProvider.java b/configserver/src/main/java/com/yahoo/vespa/config/server/rpc/security/DefaultRpcAuthorizerProvider.java deleted file mode 100644 index 2e8b8182c3f..00000000000 --- a/configserver/src/main/java/com/yahoo/vespa/config/server/rpc/security/DefaultRpcAuthorizerProvider.java +++ /dev/null @@ -1,36 +0,0 @@ -// Copyright 2019 Oath Inc. Licensed under the terms of the Apache 2.0 license. See LICENSE in the project root. -package com.yahoo.vespa.config.server.rpc.security; - -import com.google.inject.Inject; -import com.google.inject.Provider; -import com.yahoo.cloud.config.ConfigserverConfig; -import com.yahoo.config.provision.security.NodeIdentifier; -import com.yahoo.security.tls.TransportSecurityUtils; -import com.yahoo.vespa.config.server.host.HostRegistries; -import com.yahoo.vespa.config.server.tenant.TenantRepository; - -/** - * A provider for {@link RpcAuthorizer}. The instance provided is dependent on the configuration of the configserver. - * - * @author bjorncs - */ -public class DefaultRpcAuthorizerProvider implements Provider<RpcAuthorizer> { - - private final RpcAuthorizer rpcAuthorizer; - - @Inject - public DefaultRpcAuthorizerProvider(ConfigserverConfig config, - NodeIdentifier nodeIdentifier, - HostRegistries hostRegistries, - TenantRepository tenantRepository) { - this.rpcAuthorizer = - TransportSecurityUtils.isTransportSecurityEnabled() && config.multitenant() - ? new MultiTenantRpcAuthorizer(nodeIdentifier, hostRegistries, tenantRepository) - : new NoopRpcAuthorizer(); - } - - @Override - public RpcAuthorizer get() { - return rpcAuthorizer; - } -} diff --git a/configserver/src/main/java/com/yahoo/vespa/config/server/rpc/security/NoopRpcAuthorizer.java b/configserver/src/main/java/com/yahoo/vespa/config/server/rpc/security/NoopRpcAuthorizer.java deleted file mode 100644 index 5eb35b70d0f..00000000000 --- a/configserver/src/main/java/com/yahoo/vespa/config/server/rpc/security/NoopRpcAuthorizer.java +++ /dev/null @@ -1,24 +0,0 @@ -// Copyright 2019 Oath Inc. Licensed under the terms of the Apache 2.0 license. See LICENSE in the project root. -package com.yahoo.vespa.config.server.rpc.security; - -import com.yahoo.jrt.Request; - -import java.util.concurrent.CompletableFuture; - -/** - * A {@link RpcAuthorizer} that allow all RPC requests. - * - * @author bjorncs - */ -public class NoopRpcAuthorizer implements RpcAuthorizer { - - @Override - public CompletableFuture<Void> authorizeConfigRequest(Request request) { - return CompletableFuture.completedFuture(null); - } - - @Override - public CompletableFuture<Void> authorizeFileRequest(Request request) { - return CompletableFuture.completedFuture(null); - } -} diff --git a/configserver/src/main/resources/configserver-app/services.xml b/configserver/src/main/resources/configserver-app/services.xml index 640257f6fbf..a7fd0f696b3 100644 --- a/configserver/src/main/resources/configserver-app/services.xml +++ b/configserver/src/main/resources/configserver-app/services.xml @@ -39,7 +39,6 @@ <component id="com.yahoo.vespa.config.server.filedistribution.FileServer" bundle="configserver" /> <component id="com.yahoo.vespa.config.server.maintenance.ConfigServerMaintenance" bundle="configserver" /> <component id="com.yahoo.config.provision.security.DummyNodeIdentifierProvider" bundle="config-provisioning" /> - <component id="com.yahoo.vespa.config.server.rpc.security.DefaultRpcAuthorizerProvider" bundle="configserver" /> <component id="com.yahoo.vespa.serviceview.ConfigServerLocation" bundle="configserver" /> diff --git a/configserver/src/test/java/com/yahoo/vespa/config/server/InjectedGlobalComponentRegistryTest.java b/configserver/src/test/java/com/yahoo/vespa/config/server/InjectedGlobalComponentRegistryTest.java index 2c14c3f96b7..476f77ae1db 100644 --- a/configserver/src/test/java/com/yahoo/vespa/config/server/InjectedGlobalComponentRegistryTest.java +++ b/configserver/src/test/java/com/yahoo/vespa/config/server/InjectedGlobalComponentRegistryTest.java @@ -14,7 +14,6 @@ import com.yahoo.vespa.config.server.modelfactory.ModelFactoryRegistry; import com.yahoo.vespa.config.server.monitoring.Metrics; import com.yahoo.vespa.config.server.provision.HostProvisionerProvider; import com.yahoo.vespa.config.server.rpc.RpcServer; -import com.yahoo.vespa.config.server.rpc.security.NoopRpcAuthorizer; import com.yahoo.vespa.config.server.session.SessionPreparer; import com.yahoo.vespa.config.server.session.SessionTest; import com.yahoo.vespa.config.server.zookeeper.ConfigCurator; @@ -67,7 +66,7 @@ public class InjectedGlobalComponentRegistryTest { .configDefinitionsDir(temporaryFolder.newFolder("configdefinitions").getAbsolutePath())); sessionPreparer = new SessionTest.MockSessionPreparer(); rpcServer = new RpcServer(configserverConfig, null, Metrics.createTestMetrics(), - new HostRegistries(), new ConfigRequestHostLivenessTracker(), new FileServer(temporaryFolder.newFolder("filereferences")), new NoopRpcAuthorizer()); + new HostRegistries(), new ConfigRequestHostLivenessTracker(), new FileServer(temporaryFolder.newFolder("filereferences"))); generationCounter = new SuperModelGenerationCounter(curator); defRepo = new StaticConfigDefinitionRepo(); permanentApplicationPackage = new PermanentApplicationPackage(configserverConfig); diff --git a/configserver/src/test/java/com/yahoo/vespa/config/server/rpc/MockRpc.java b/configserver/src/test/java/com/yahoo/vespa/config/server/rpc/MockRpc.java index 027636df350..0f8bfa5068c 100644 --- a/configserver/src/test/java/com/yahoo/vespa/config/server/rpc/MockRpc.java +++ b/configserver/src/test/java/com/yahoo/vespa/config/server/rpc/MockRpc.java @@ -11,7 +11,6 @@ import com.yahoo.vespa.config.server.filedistribution.FileServer; import com.yahoo.vespa.config.server.host.ConfigRequestHostLivenessTracker; import com.yahoo.vespa.config.server.host.HostRegistries; import com.yahoo.vespa.config.server.monitoring.Metrics; -import com.yahoo.vespa.config.server.rpc.security.NoopRpcAuthorizer; import com.yahoo.vespa.config.server.tenant.MockTenantProvider; import java.io.File; @@ -39,7 +38,7 @@ public class MockRpc extends RpcServer { public MockRpc(int port, boolean createDefaultTenant, boolean pretendToHaveLoadedAnyApplication, File tempDir) { super(createConfig(port), null, Metrics.createTestMetrics(), - new HostRegistries(), new ConfigRequestHostLivenessTracker(), new FileServer(tempDir), new NoopRpcAuthorizer()); + new HostRegistries(), new ConfigRequestHostLivenessTracker(), new FileServer(tempDir)); if (createDefaultTenant) { onTenantCreate(TenantName.from("default"), new MockTenantProvider(pretendToHaveLoadedAnyApplication)); } diff --git a/configserver/src/test/java/com/yahoo/vespa/config/server/rpc/RpcTester.java b/configserver/src/test/java/com/yahoo/vespa/config/server/rpc/RpcTester.java index 01417bbc0b1..dd66f720b1f 100644 --- a/configserver/src/test/java/com/yahoo/vespa/config/server/rpc/RpcTester.java +++ b/configserver/src/test/java/com/yahoo/vespa/config/server/rpc/RpcTester.java @@ -16,7 +16,6 @@ import com.yahoo.vespa.config.server.filedistribution.FileServer; import com.yahoo.vespa.config.server.host.ConfigRequestHostLivenessTracker; import com.yahoo.vespa.config.server.host.HostRegistries; import com.yahoo.vespa.config.server.monitoring.Metrics; -import com.yahoo.vespa.config.server.rpc.security.NoopRpcAuthorizer; import com.yahoo.vespa.config.server.tenant.MockTenantProvider; import com.yahoo.vespa.config.server.tenant.TenantHandlerProvider; import com.yahoo.vespa.flags.InMemoryFlagSource; @@ -98,8 +97,7 @@ public class RpcTester implements AutoCloseable { generationCounter, new InMemoryFlagSource())), Metrics.createTestMetrics(), new HostRegistries(), - hostLivenessTracker, new FileServer(temporaryFolder.newFolder()), - new NoopRpcAuthorizer()); + hostLivenessTracker, new FileServer(temporaryFolder.newFolder())); rpcServer.onTenantCreate(TenantName.from("default"), tenantProvider); t = new Thread(rpcServer); t.start(); |