Merge pull request #7684 from vespa-engine/bjorncs/controller-nat-setup

Add 443 and 8443 as trusted ports for controller
author: Bjørn Christian Seime <bjorn.christian@seime.no> 2018-11-19 09:36:01 +0100
committer: GitHub <noreply@github.com> 2018-11-19 09:36:01 +0100
commit: 2624d7351da7524a7174168ed8804a8163c89659 (patch)
tree: ce7cf615dec0413238047ddb90529fe67f2c3127 /node-repository
parent: c5b0b5a5d3798e1b955f22065310b7a32dc8bdbf (diff)
parent: c947a1356105a611fbffb07da23b604d80e10bc1 (diff)
2 files changed, 5 insertions, 2 deletions
diff --git a/node-repository/src/main/java/com/yahoo/vespa/hosted/provision/NodeRepository.java b/node-repository/src/main/java/com/yahoo/vespa/hosted/provision/NodeRepository.java
index 5060510be20..ca6865300ee 100644
--- a/node-repository/src/main/java/com/yahoo/vespa/hosted/provision/NodeRepository.java
+++ b/node-repository/src/main/java/com/yahoo/vespa/hosted/provision/NodeRepository.java
@@ -224,8 +224,11 @@ public class NodeRepository extends AbstractComponent {
 
             case controller:
                 // Controllers:
-                // - port 4443 (HTTPS) from the world
+                // - port 4443 (HTTPS + Athenz) from the world
+                // - port 443+8443 (HTTPS + Okta) from the world. NOTE: controller host has 443->8443 iptable mapping.
                 trustedPorts.add(4443);
+                trustedPorts.add(443);
+                trustedPorts.add(8443);
                 break;
 
             default:
diff --git a/node-repository/src/test/java/com/yahoo/vespa/hosted/provision/provisioning/AclProvisioningTest.java b/node-repository/src/test/java/com/yahoo/vespa/hosted/provision/provisioning/AclProvisioningTest.java
index 5d8bde960d8..e2f3df97314 100644
--- a/node-repository/src/test/java/com/yahoo/vespa/hosted/provision/provisioning/AclProvisioningTest.java
+++ b/node-repository/src/test/java/com/yahoo/vespa/hosted/provision/provisioning/AclProvisioningTest.java
@@ -161,7 +161,7 @@ public class AclProvisioningTest {
         // Controllers and hosts all trust each other
         List<NodeAcl> controllerAcls = tester.nodeRepository().getNodeAcls(controllers.get(0), false);
         assertAcls(Collections.singletonList(controllers), controllerAcls);
-        assertEquals(ImmutableSet.of(22, 4443), controllerAcls.get(0).trustedPorts());
+        assertEquals(ImmutableSet.of(22, 4443, 443, 8443), controllerAcls.get(0).trustedPorts());
     }
 
     @Test
author	Bjørn Christian Seime <bjorn.christian@seime.no>	2018-11-19 09:36:01 +0100
committer	GitHub <noreply@github.com>	2018-11-19 09:36:01 +0100
commit	2624d7351da7524a7174168ed8804a8163c89659 (patch)
tree	ce7cf615dec0413238047ddb90529fe67f2c3127 /node-repository
parent	c5b0b5a5d3798e1b955f22065310b7a32dc8bdbf (diff)
parent	c947a1356105a611fbffb07da23b604d80e10bc1 (diff)