diff options
author | Harald Musum <musum@verizonmedia.com> | 2020-02-07 14:48:26 +0100 |
---|---|---|
committer | Harald Musum <musum@verizonmedia.com> | 2020-02-07 14:48:26 +0100 |
commit | c0e0e4d6126195dda3e1b2d99b7270742b7c1982 (patch) | |
tree | c8d57cfc2267ab55c16749fc811dd07927fba5f2 /controller-server | |
parent | bde5d17c9af003f2375c9368a97159f9dc660813 (diff) |
Remove http setup for tester app, just use standard setup
Diffstat (limited to 'controller-server')
3 files changed, 7 insertions, 98 deletions
diff --git a/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/deployment/InternalStepRunner.java b/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/deployment/InternalStepRunner.java index a6ebea7fbdf..61dc249feaa 100644 --- a/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/deployment/InternalStepRunner.java +++ b/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/deployment/InternalStepRunner.java @@ -714,8 +714,7 @@ public class InternalStepRunner implements StepRunner { ZoneId zone = id.type().zone(controller.system()); boolean useTesterCertificate = controller.system().isPublic() && id.type().environment().isTest(); - byte[] servicesXml = servicesXml(controller.zoneRegistry().accessControlDomain(), - ! controller.system().isPublic(), + byte[] servicesXml = servicesXml(! controller.system().isPublic(), useTesterCertificate, testerResourcesFor(zone, spec.requireInstance(id.application().instance()))); byte[] testPackage = controller.applications().applicationStore().getTester(id.application().tenant(), id.application().application(), version); @@ -766,8 +765,7 @@ public class InternalStepRunner implements StepRunner { } /** Returns the generated services.xml content for the tester application. */ - static byte[] servicesXml(AthenzDomain domain, boolean systemUsesAthenz, boolean useTesterCertificate, - NodeResources resources) { + static byte[] servicesXml(boolean systemUsesAthenz, boolean useTesterCertificate, NodeResources resources) { int jdiscMemoryGb = 2; // 2Gb memory for tester application (excessive?). int jdiscMemoryPct = (int) Math.ceil(100 * jdiscMemoryGb / resources.memoryGb()); @@ -778,7 +776,6 @@ public class InternalStepRunner implements StepRunner { "<resources vcpu=\"%.2f\" memory=\"%.2fGb\" disk=\"%.2fGb\" disk-speed=\"%s\" storage-type=\"%s\"/>", resources.vcpu(), resources.memoryGb(), resources.diskGb(), resources.diskSpeed().name(), resources.storageType().name()); - AthenzDomain idDomain = ("vespa.vespa.cd".equals(domain.value()) ? AthenzDomain.from("vespa.vespa") : domain); String servicesXml = "<?xml version='1.0' encoding='UTF-8'?>\n" + "<services xmlns:deploy='vespa' version='1.0'>\n" + @@ -797,51 +794,6 @@ public class InternalStepRunner implements StepRunner { " <binding>http://*/tester/v1/*</binding>\n" + " </handler>\n" + "\n" + - " <http>\n" + - " <!-- Make sure 4080 is the first port. This will be used by the config server. -->\n" + - " <server id='default' port='4080'/>\n" + - " <server id='testertls4443' port='4443'>\n" + - " <config name=\"jdisc.http.connector\">\n" + - " <tlsClientAuthEnforcer>\n" + - " <enable>true</enable>\n" + - " <pathWhitelist>\n" + - " <item>/status.html</item>\n" + - " <item>/state/v1/config</item>\n" + - " </pathWhitelist>\n" + - " </tlsClientAuthEnforcer>\n" + - " </config>\n" + - " <ssl>\n" + - " <private-key-file>/var/lib/sia/keys/" + idDomain.value() + ".tenant.key.pem</private-key-file>\n" + - " <certificate-file>/var/lib/sia/certs/" + idDomain.value() + ".tenant.cert.pem</certificate-file>\n" + - " <ca-certificates-file>/opt/yahoo/share/ssl/certs/athenz_certificate_bundle.pem</ca-certificates-file>\n" + - " <client-authentication>want</client-authentication>\n" + - " </ssl>\n" + - " </server>\n" + - " <filtering>\n" + - (systemUsesAthenz ? - " <access-control domain='" + domain.value() + "'>\n" + // Set up dummy access control to pass validation :/ - " <exclude>\n" + - " <binding>http://*/tester/v1/*</binding>\n" + - " </exclude>\n" + - " </access-control>\n" - : "") + - " <request-chain id=\"testrunner-api\">\n" + - " <filter id='authz-filter' class='com.yahoo.jdisc.http.filter.security.athenz.AthenzAuthorizationFilter' bundle=\"jdisc-security-filters\">\n" + - " <config name=\"jdisc.http.filter.security.athenz.athenz-authorization-filter\">\n" + - " <credentialsToVerify>TOKEN_ONLY</credentialsToVerify>\n" + - " <roleTokenHeaderName>Yahoo-Role-Auth</roleTokenHeaderName>\n" + - " </config>\n" + - " <component id=\"com.yahoo.jdisc.http.filter.security.athenz.StaticRequestResourceMapper\" bundle=\"jdisc-security-filters\">\n" + - " <config name=\"jdisc.http.filter.security.athenz.static-request-resource-mapper\">\n" + - " <resourceName>" + domain.value() + ":tester-application</resourceName>\n" + - " <action>deploy</action>\n" + - " </config>\n" + - " </component>\n" + - " </filter>\n" + - " </request-chain>\n" + - " </filtering>\n" + - " </http>\n" + - "\n" + " <nodes count=\"1\" allocated-memory=\"" + jdiscMemoryPct + "%\">\n" + " " + resourceString + "\n" + " </nodes>\n" + diff --git a/controller-server/src/test/java/com/yahoo/vespa/hosted/controller/deployment/InternalStepRunnerTest.java b/controller-server/src/test/java/com/yahoo/vespa/hosted/controller/deployment/InternalStepRunnerTest.java index 8ecdd63fa8f..db07aff34e5 100644 --- a/controller-server/src/test/java/com/yahoo/vespa/hosted/controller/deployment/InternalStepRunnerTest.java +++ b/controller-server/src/test/java/com/yahoo/vespa/hosted/controller/deployment/InternalStepRunnerTest.java @@ -4,7 +4,6 @@ package com.yahoo.vespa.hosted.controller.deployment; import com.google.common.collect.ImmutableList; import com.yahoo.component.Version; import com.yahoo.config.application.api.DeploymentSpec; -import com.yahoo.config.provision.AthenzDomain; import com.yahoo.config.provision.HostName; import com.yahoo.config.provision.NodeResources; import com.yahoo.config.provision.SystemName; @@ -487,10 +486,11 @@ public class InternalStepRunnerTest { @Test public void generates_correct_services_xml_test() { - assertFile("test_runner_services.xml-cd", new String(InternalStepRunner.servicesXml(AthenzDomain.from("vespa.vespa.cd"), - true, - false, - new NodeResources(2, 12, 75, 1, NodeResources.DiskSpeed.fast, NodeResources.StorageType.local)))); + assertFile("test_runner_services.xml-cd", + new String(InternalStepRunner.servicesXml( + true, + false, + new NodeResources(2, 12, 75, 1, NodeResources.DiskSpeed.fast, NodeResources.StorageType.local)))); } private void assertFile(String resourceName, String actualContent) { diff --git a/controller-server/src/test/resources/test_runner_services.xml-cd b/controller-server/src/test/resources/test_runner_services.xml-cd index 235ca7cb698..125c5004d25 100644 --- a/controller-server/src/test/resources/test_runner_services.xml-cd +++ b/controller-server/src/test/resources/test_runner_services.xml-cd @@ -15,49 +15,6 @@ <binding>http://*/tester/v1/*</binding> </handler> - <http> - <!-- Make sure 4080 is the first port. This will be used by the config server. --> - <server id='default' port='4080'/> - <server id='testertls4443' port='4443'> - <config name="jdisc.http.connector"> - <tlsClientAuthEnforcer> - <enable>true</enable> - <pathWhitelist> - <item>/status.html</item> - <item>/state/v1/config</item> - </pathWhitelist> - </tlsClientAuthEnforcer> - </config> - <ssl> - <private-key-file>/var/lib/sia/keys/vespa.vespa.tenant.key.pem</private-key-file> - <certificate-file>/var/lib/sia/certs/vespa.vespa.tenant.cert.pem</certificate-file> - <ca-certificates-file>/opt/yahoo/share/ssl/certs/athenz_certificate_bundle.pem</ca-certificates-file> - <client-authentication>want</client-authentication> - </ssl> - </server> - <filtering> - <access-control domain='vespa.vespa.cd'> - <exclude> - <binding>http://*/tester/v1/*</binding> - </exclude> - </access-control> - <request-chain id="testrunner-api"> - <filter id='authz-filter' class='com.yahoo.jdisc.http.filter.security.athenz.AthenzAuthorizationFilter' bundle="jdisc-security-filters"> - <config name="jdisc.http.filter.security.athenz.athenz-authorization-filter"> - <credentialsToVerify>TOKEN_ONLY</credentialsToVerify> - <roleTokenHeaderName>Yahoo-Role-Auth</roleTokenHeaderName> - </config> - <component id="com.yahoo.jdisc.http.filter.security.athenz.StaticRequestResourceMapper" bundle="jdisc-security-filters"> - <config name="jdisc.http.filter.security.athenz.static-request-resource-mapper"> - <resourceName>vespa.vespa.cd:tester-application</resourceName> - <action>deploy</action> - </config> - </component> - </filter> - </request-chain> - </filtering> - </http> - <nodes count="1" allocated-memory="17%"> <resources vcpu="2.00" memory="12.00Gb" disk="75.00Gb" disk-speed="fast" storage-type="local"/> </nodes> |