diff options
author | Bjørn Christian Seime <bjorn.christian@seime.no> | 2018-11-19 09:36:01 +0100 |
---|---|---|
committer | GitHub <noreply@github.com> | 2018-11-19 09:36:01 +0100 |
commit | 2624d7351da7524a7174168ed8804a8163c89659 (patch) | |
tree | ce7cf615dec0413238047ddb90529fe67f2c3127 /node-repository | |
parent | c5b0b5a5d3798e1b955f22065310b7a32dc8bdbf (diff) | |
parent | c947a1356105a611fbffb07da23b604d80e10bc1 (diff) |
Merge pull request #7684 from vespa-engine/bjorncs/controller-nat-setup
Add 443 and 8443 as trusted ports for controller
Diffstat (limited to 'node-repository')
2 files changed, 5 insertions, 2 deletions
diff --git a/node-repository/src/main/java/com/yahoo/vespa/hosted/provision/NodeRepository.java b/node-repository/src/main/java/com/yahoo/vespa/hosted/provision/NodeRepository.java index 5060510be20..ca6865300ee 100644 --- a/node-repository/src/main/java/com/yahoo/vespa/hosted/provision/NodeRepository.java +++ b/node-repository/src/main/java/com/yahoo/vespa/hosted/provision/NodeRepository.java @@ -224,8 +224,11 @@ public class NodeRepository extends AbstractComponent { case controller: // Controllers: - // - port 4443 (HTTPS) from the world + // - port 4443 (HTTPS + Athenz) from the world + // - port 443+8443 (HTTPS + Okta) from the world. NOTE: controller host has 443->8443 iptable mapping. trustedPorts.add(4443); + trustedPorts.add(443); + trustedPorts.add(8443); break; default: diff --git a/node-repository/src/test/java/com/yahoo/vespa/hosted/provision/provisioning/AclProvisioningTest.java b/node-repository/src/test/java/com/yahoo/vespa/hosted/provision/provisioning/AclProvisioningTest.java index 5d8bde960d8..e2f3df97314 100644 --- a/node-repository/src/test/java/com/yahoo/vespa/hosted/provision/provisioning/AclProvisioningTest.java +++ b/node-repository/src/test/java/com/yahoo/vespa/hosted/provision/provisioning/AclProvisioningTest.java @@ -161,7 +161,7 @@ public class AclProvisioningTest { // Controllers and hosts all trust each other List<NodeAcl> controllerAcls = tester.nodeRepository().getNodeAcls(controllers.get(0), false); assertAcls(Collections.singletonList(controllers), controllerAcls); - assertEquals(ImmutableSet.of(22, 4443), controllerAcls.get(0).trustedPorts()); + assertEquals(ImmutableSet.of(22, 4443, 443, 8443), controllerAcls.get(0).trustedPorts()); } @Test |