Merge pull request #25590 from vespa-engine/revert-25588-revert-25586-andreer/wg-wip-3v8.111.27

Reapply "open wireguard port for config servers"
author: Henning Baldersheim <balder@yahoo-inc.com> 2023-01-16 18:46:54 +0100
committer: GitHub <noreply@github.com> 2023-01-16 18:46:54 +0100
commit: 09f909cb7f2c8468236e1403a094696801ea7518 (patch)
tree: 8224dad91c21ba7b897e5936eb3a4a8359d0a48f /node-admin/src/main/java/com/yahoo/vespa/hosted/node/admin/configserver/noderepository/RealNodeRepository.java
parent: c18caefd28001e38c49b3ba2f1cbd1ca030062c5 (diff)
parent: 2dd2e2b0be165492d1609f3a84eab29b3f1d2324 (diff)
1 files changed, 10 insertions, 2 deletions
diff --git a/node-admin/src/main/java/com/yahoo/vespa/hosted/node/admin/configserver/noderepository/RealNodeRepository.java b/node-admin/src/main/java/com/yahoo/vespa/hosted/node/admin/configserver/noderepository/RealNodeRepository.java
index 36a4703a415..c15998a48df 100644
--- a/node-admin/src/main/java/com/yahoo/vespa/hosted/node/admin/configserver/noderepository/RealNodeRepository.java
+++ b/node-admin/src/main/java/com/yahoo/vespa/hosted/node/admin/configserver/noderepository/RealNodeRepository.java
@@ -91,6 +91,12 @@ public class RealNodeRepository implements NodeRepository {
                         GetAclResponse.Port::getTrustedBy,
                         Collectors.mapping(port -> port.port, Collectors.toSet())));
 
+        // Group UDP ports by container hostname that trusts them
+        Map<String, Set<Integer>> trustedUdpPorts = response.trustedUdpPorts.stream()
+                .collect(Collectors.groupingBy(
+                        GetAclResponse.Port::getTrustedBy,
+                        Collectors.mapping(port -> port.port, Collectors.toSet())));
+
         // Group node ip-addresses by container hostname that trusts them
         Map<String, Set<Acl.Node>> trustedNodes = response.trustedNodes.stream()
                 .collect(Collectors.groupingBy(
@@ -106,12 +112,14 @@ public class RealNodeRepository implements NodeRepository {
 
 
         // For each hostname create an ACL
-        return Stream.of(trustedNodes.keySet(), trustedPorts.keySet(), trustedNetworks.keySet())
+        return Stream.of(trustedNodes.keySet(), trustedPorts.keySet(), trustedUdpPorts.keySet(), trustedNetworks.keySet())
                      .flatMap(Set::stream)
                      .distinct()
                      .collect(Collectors.toMap(
                              Function.identity(),
-                             hostname -> new Acl(trustedPorts.get(hostname), trustedNodes.get(hostname),
+                             hostname -> new Acl(trustedPorts.get(hostname),
+                                                 trustedUdpPorts.get(hostname),
+                                                 trustedNodes.get(hostname),
                                                  trustedNetworks.get(hostname))));
     }
author	Henning Baldersheim <balder@yahoo-inc.com>	2023-01-16 18:46:54 +0100
committer	GitHub <noreply@github.com>	2023-01-16 18:46:54 +0100
commit	09f909cb7f2c8468236e1403a094696801ea7518 (patch)
tree	8224dad91c21ba7b897e5936eb3a4a8359d0a48f /node-admin/src/main/java/com/yahoo/vespa/hosted/node/admin/configserver/noderepository/RealNodeRepository.java
parent	c18caefd28001e38c49b3ba2f1cbd1ca030062c5 (diff)
parent	2dd2e2b0be165492d1609f3a84eab29b3f1d2324 (diff)