Do not ignore missing ACL

author: Valerij Fredriksen <valerij92@gmail.com> 2019-06-14 21:17:58 +0200
committer: Valerij Fredriksen <valerij92@gmail.com> 2019-06-14 21:22:00 +0200
commit: 9d9f823be15f50a1881ded2b2a70826ea42a386f (patch)
tree: 80bc01ecfd410d6999a3c60855a33571f612cbb7 /node-admin
parent: 5d4a7acb4bb04a0a6dd0ae89267154428f3ea296 (diff)
1 files changed, 31 insertions, 37 deletions
diff --git a/node-admin/src/main/java/com/yahoo/vespa/hosted/node/admin/configserver/noderepository/RealNodeRepository.java b/node-admin/src/main/java/com/yahoo/vespa/hosted/node/admin/configserver/noderepository/RealNodeRepository.java
index ca52eca13d2..d7ddc7656f5 100644
--- a/node-admin/src/main/java/com/yahoo/vespa/hosted/node/admin/configserver/noderepository/RealNodeRepository.java
+++ b/node-admin/src/main/java/com/yahoo/vespa/hosted/node/admin/configserver/noderepository/RealNodeRepository.java
@@ -80,43 +80,37 @@ public class RealNodeRepository implements NodeRepository {
      */
     @Override
     public Map<String, Acl> getAcls(String hostName) {
-        try {
-            String path = String.format("/nodes/v2/acl/%s?children=true", hostName);
-            GetAclResponse response = configServerApi.get(path, GetAclResponse.class);
-
-            // Group ports by container hostname that trusts them
-            Map<String, Set<Integer>> trustedPorts = response.trustedPorts.stream()
-                    .collect(Collectors.groupingBy(
-                            GetAclResponse.Port::getTrustedBy,
-                            Collectors.mapping(port -> port.port, Collectors.toSet())));
-
-            // Group node ip-addresses by container hostname that trusts them
-            Map<String, Set<Acl.Node>> trustedNodes = response.trustedNodes.stream()
-                    .collect(Collectors.groupingBy(
-                            GetAclResponse.Node::getTrustedBy,
-                            Collectors.mapping(
-                                    node -> new Acl.Node(node.hostname, node.ipAddress),
-                                    Collectors.toSet())));
-
-            // Group trusted networks by container hostname that trusts them
-            Map<String, Set<String>> trustedNetworks = response.trustedNetworks.stream()
-                     .collect(Collectors.groupingBy(GetAclResponse.Network::getTrustedBy,
-                                                    Collectors.mapping(node -> node.network, Collectors.toSet())));
-
-
-            // For each hostname create an ACL
-            return Stream.of(trustedNodes.keySet(), trustedPorts.keySet(), trustedNetworks.keySet())
-                         .flatMap(Set::stream)
-                         .distinct()
-                         .collect(Collectors.toMap(
-                                 Function.identity(),
-                                 hostname -> new Acl(trustedPorts.get(hostname), trustedNodes.get(hostname),
-                                                     trustedNetworks.get(hostname))));
-        } catch (HttpException.NotFoundException e) {
-            NODE_ADMIN_LOGGER.warning("Failed to fetch ACLs for " + hostName + " No ACL will be applied");
-        }
-
-        return Collections.emptyMap();
+        String path = String.format("/nodes/v2/acl/%s?children=true", hostName);
+        GetAclResponse response = configServerApi.get(path, GetAclResponse.class);
+
+        // Group ports by container hostname that trusts them
+        Map<String, Set<Integer>> trustedPorts = response.trustedPorts.stream()
+                .collect(Collectors.groupingBy(
+                        GetAclResponse.Port::getTrustedBy,
+                        Collectors.mapping(port -> port.port, Collectors.toSet())));
+
+        // Group node ip-addresses by container hostname that trusts them
+        Map<String, Set<Acl.Node>> trustedNodes = response.trustedNodes.stream()
+                .collect(Collectors.groupingBy(
+                        GetAclResponse.Node::getTrustedBy,
+                        Collectors.mapping(
+                                node -> new Acl.Node(node.hostname, node.ipAddress),
+                                Collectors.toSet())));
+
+        // Group trusted networks by container hostname that trusts them
+        Map<String, Set<String>> trustedNetworks = response.trustedNetworks.stream()
+                 .collect(Collectors.groupingBy(GetAclResponse.Network::getTrustedBy,
+                                                Collectors.mapping(node -> node.network, Collectors.toSet())));
+
+
+        // For each hostname create an ACL
+        return Stream.of(trustedNodes.keySet(), trustedPorts.keySet(), trustedNetworks.keySet())
+                     .flatMap(Set::stream)
+                     .distinct()
+                     .collect(Collectors.toMap(
+                             Function.identity(),
+                             hostname -> new Acl(trustedPorts.get(hostname), trustedNodes.get(hostname),
+                                                 trustedNetworks.get(hostname))));
     }
 
     @Override
author	Valerij Fredriksen <valerij92@gmail.com>	2019-06-14 21:17:58 +0200
committer	Valerij Fredriksen <valerij92@gmail.com>	2019-06-14 21:22:00 +0200
commit	9d9f823be15f50a1881ded2b2a70826ea42a386f (patch)
tree	80bc01ecfd410d6999a3c60855a33571f612cbb7 /node-admin
parent	5d4a7acb4bb04a0a6dd0ae89267154428f3ea296 (diff)