diff options
author | Henning Baldersheim <balder@yahoo-inc.com> | 2023-01-16 18:46:54 +0100 |
---|---|---|
committer | GitHub <noreply@github.com> | 2023-01-16 18:46:54 +0100 |
commit | 09f909cb7f2c8468236e1403a094696801ea7518 (patch) | |
tree | 8224dad91c21ba7b897e5936eb3a4a8359d0a48f /node-admin/src/main/java/com/yahoo/vespa/hosted/node/admin/configserver/noderepository/RealNodeRepository.java | |
parent | c18caefd28001e38c49b3ba2f1cbd1ca030062c5 (diff) | |
parent | 2dd2e2b0be165492d1609f3a84eab29b3f1d2324 (diff) |
Merge pull request #25590 from vespa-engine/revert-25588-revert-25586-andreer/wg-wip-3v8.111.27
Reapply "open wireguard port for config servers"
Diffstat (limited to 'node-admin/src/main/java/com/yahoo/vespa/hosted/node/admin/configserver/noderepository/RealNodeRepository.java')
-rw-r--r-- | node-admin/src/main/java/com/yahoo/vespa/hosted/node/admin/configserver/noderepository/RealNodeRepository.java | 12 |
1 files changed, 10 insertions, 2 deletions
diff --git a/node-admin/src/main/java/com/yahoo/vespa/hosted/node/admin/configserver/noderepository/RealNodeRepository.java b/node-admin/src/main/java/com/yahoo/vespa/hosted/node/admin/configserver/noderepository/RealNodeRepository.java index 36a4703a415..c15998a48df 100644 --- a/node-admin/src/main/java/com/yahoo/vespa/hosted/node/admin/configserver/noderepository/RealNodeRepository.java +++ b/node-admin/src/main/java/com/yahoo/vespa/hosted/node/admin/configserver/noderepository/RealNodeRepository.java @@ -91,6 +91,12 @@ public class RealNodeRepository implements NodeRepository { GetAclResponse.Port::getTrustedBy, Collectors.mapping(port -> port.port, Collectors.toSet()))); + // Group UDP ports by container hostname that trusts them + Map<String, Set<Integer>> trustedUdpPorts = response.trustedUdpPorts.stream() + .collect(Collectors.groupingBy( + GetAclResponse.Port::getTrustedBy, + Collectors.mapping(port -> port.port, Collectors.toSet()))); + // Group node ip-addresses by container hostname that trusts them Map<String, Set<Acl.Node>> trustedNodes = response.trustedNodes.stream() .collect(Collectors.groupingBy( @@ -106,12 +112,14 @@ public class RealNodeRepository implements NodeRepository { // For each hostname create an ACL - return Stream.of(trustedNodes.keySet(), trustedPorts.keySet(), trustedNetworks.keySet()) + return Stream.of(trustedNodes.keySet(), trustedPorts.keySet(), trustedUdpPorts.keySet(), trustedNetworks.keySet()) .flatMap(Set::stream) .distinct() .collect(Collectors.toMap( Function.identity(), - hostname -> new Acl(trustedPorts.get(hostname), trustedNodes.get(hostname), + hostname -> new Acl(trustedPorts.get(hostname), + trustedUdpPorts.get(hostname), + trustedNodes.get(hostname), trustedNetworks.get(hostname)))); } |