Remove 'configserver-rpc-authorizer' feature flag

3 files changed, 11 insertions, 32 deletions

diff --git a/configserver/src/main/java/com/yahoo/vespa/config/server/rpc/security/DefaultRpcAuthorizerProvider.java b/configserver/src/main/java/com/yahoo/vespa/config/server/rpc/security/DefaultRpcAuthorizerProvider.java
index c7bbecc157c..5c760f0a25a 100644
--- a/configserver/src/main/java/com/yahoo/vespa/config/server/rpc/security/DefaultRpcAuthorizerProvider.java
+++ b/configserver/src/main/java/com/yahoo/vespa/config/server/rpc/security/DefaultRpcAuthorizerProvider.java
@@ -24,25 +24,15 @@ public class DefaultRpcAuthorizerProvider implements Provider<RpcAuthorizer> {
     public DefaultRpcAuthorizerProvider(ConfigserverConfig config,
                                         NodeIdentifier nodeIdentifier,
                                         HostRegistries hostRegistries,
-                                        RequestHandlerProvider handlerProvider,
-                                        FlagSource flagSource) {
-        String authorizerMode = Flags.CONFIGSERVER_RPC_AUTHORIZER.bindTo(flagSource).value();
+                                        RequestHandlerProvider handlerProvider) {
         boolean useMultiTenantAuthorizer =
-                TransportSecurityUtils.isTransportSecurityEnabled() && config.multitenant() && config.hostedVespa() && !authorizerMode.equals("disable");
+                TransportSecurityUtils.isTransportSecurityEnabled() && config.multitenant() && config.hostedVespa();
         this.rpcAuthorizer =
                 useMultiTenantAuthorizer
-                        ? new MultiTenantRpcAuthorizer(nodeIdentifier, hostRegistries, handlerProvider, toMultiTenantRpcAuthorizerMode(authorizerMode), getThreadPoolSize(config))
+                        ? new MultiTenantRpcAuthorizer(nodeIdentifier, hostRegistries, handlerProvider, getThreadPoolSize(config))
                         : new NoopRpcAuthorizer();
     }
 
-    private static MultiTenantRpcAuthorizer.Mode toMultiTenantRpcAuthorizerMode(String authorizerMode) {
-        switch (authorizerMode) {
-            case "log-only": return MultiTenantRpcAuthorizer.Mode.LOG_ONLY;
-            case "enforce": return MultiTenantRpcAuthorizer.Mode.ENFORCE;
-            default: throw new IllegalArgumentException("Invalid authorizer mode: " + authorizerMode);
-        }
-    }
-
     private static int getThreadPoolSize(ConfigserverConfig config) {
         return config.numRpcThreads() != 0 ? config.numRpcThreads() : 8;
     }
diff --git a/configserver/src/main/java/com/yahoo/vespa/config/server/rpc/security/MultiTenantRpcAuthorizer.java b/configserver/src/main/java/com/yahoo/vespa/config/server/rpc/security/MultiTenantRpcAuthorizer.java
index 86fee1ab9bc..d20f9ed1abc 100644
--- a/configserver/src/main/java/com/yahoo/vespa/config/server/rpc/security/MultiTenantRpcAuthorizer.java
+++ b/configserver/src/main/java/com/yahoo/vespa/config/server/rpc/security/MultiTenantRpcAuthorizer.java
@@ -39,38 +39,31 @@ import java.util.logging.Logger;
  */
 public class MultiTenantRpcAuthorizer implements RpcAuthorizer {
 
-    public enum Mode { LOG_ONLY, ENFORCE }
-
     private static final Logger log = Logger.getLogger(MultiTenantRpcAuthorizer.class.getName());
 
     private final NodeIdentifier nodeIdentifier;
     private final HostRegistry<TenantName> hostRegistry;
     private final RequestHandlerProvider handlerProvider;
     private final Executor executor;
-    private final Mode mode;
 
     public MultiTenantRpcAuthorizer(NodeIdentifier nodeIdentifier,
                                     HostRegistries hostRegistries,
                                     RequestHandlerProvider handlerProvider,
-                                    Mode mode,
                                     int threadPoolSize) {
         this(nodeIdentifier,
              hostRegistries.getTenantHostRegistry(),
              handlerProvider,
-             Executors.newFixedThreadPool(threadPoolSize, new DaemonThreadFactory("multi-tenant-rpc-authorizer-")),
-             mode);
+             Executors.newFixedThreadPool(threadPoolSize, new DaemonThreadFactory("multi-tenant-rpc-authorizer-")));
     }
 
     MultiTenantRpcAuthorizer(NodeIdentifier nodeIdentifier,
                              HostRegistry<TenantName> hostRegistry,
                              RequestHandlerProvider handlerProvider,
-                             Executor executor,
-                             Mode mode) {
+                             Executor executor) {
         this.nodeIdentifier = nodeIdentifier;
         this.hostRegistry = hostRegistry;
         this.handlerProvider = handlerProvider;
         this.executor = executor;
-        this.mode = mode;
     }
 
     @Override
@@ -158,15 +151,13 @@ public class MultiTenantRpcAuthorizer implements RpcAuthorizer {
     }
 
     private void handleAuthorizationFailure(Request request, Throwable throwable) {
-        String errorMessage = String.format("For request '%s' from '%s' (mode=%s): %s", request.methodName(), request.target().toString(), mode.toString(), throwable.getMessage());
+        String errorMessage = String.format("For request '%s' from '%s': %s", request.methodName(), request.target().toString(), throwable.getMessage());
         log.log(LogLevel.INFO, errorMessage);
         log.log(LogLevel.DEBUG, throwable, throwable::getMessage);
-        if (mode == Mode.ENFORCE) {
-            JrtErrorCode error = throwable instanceof AuthorizationException ? JrtErrorCode.UNAUTHORIZED : JrtErrorCode.AUTHORIZATION_FAILED;
-            request.setError(error.code, errorMessage);
-            request.returnRequest();
-            throwUnchecked(throwable); // rethrow exception to ensure that subsequent completion stages are not executed (don't execute implementation of rpc method).
-        }
+        JrtErrorCode error = throwable instanceof AuthorizationException ? JrtErrorCode.UNAUTHORIZED : JrtErrorCode.AUTHORIZATION_FAILED;
+        request.setError(error.code, errorMessage);
+        request.returnRequest();
+        throwUnchecked(throwable); // rethrow exception to ensure that subsequent completion stages are not executed (don't execute implementation of rpc method).
     }
 
     // TODO Make peer identity mandatory once TLS mixed mode is removed
diff --git a/configserver/src/test/java/com/yahoo/vespa/config/server/rpc/security/MultiTenantRpcAuthorizerTest.java b/configserver/src/test/java/com/yahoo/vespa/config/server/rpc/security/MultiTenantRpcAuthorizerTest.java
index 9f5a297103d..5a7ac665463 100644
--- a/configserver/src/test/java/com/yahoo/vespa/config/server/rpc/security/MultiTenantRpcAuthorizerTest.java
+++ b/configserver/src/test/java/com/yahoo/vespa/config/server/rpc/security/MultiTenantRpcAuthorizerTest.java
@@ -44,7 +44,6 @@ import java.util.Set;
 import java.util.concurrent.ExecutionException;
 import java.util.concurrent.Executor;
 
-import static com.yahoo.vespa.config.server.rpc.security.MultiTenantRpcAuthorizer.Mode.ENFORCE;
 import static java.time.temporal.ChronoUnit.DAYS;
 import static org.hamcrest.core.IsInstanceOf.instanceOf;
 import static org.mockito.Mockito.mock;
@@ -236,8 +235,7 @@ public class MultiTenantRpcAuthorizerTest {
                 new StaticNodeIdentifier(identity),
                 hostRegistry,
                 createRequestHandlerProviderMock(),
-                new DirectExecutor(),
-                ENFORCE);
+                new DirectExecutor());
     }
 
     private static Request createConfigRequest(ConfigKey<?> configKey, HostName hostName) {