diff options
author | Håkon Hallingstad <hakon@yahooinc.com> | 2023-07-04 17:28:59 +0200 |
---|---|---|
committer | Håkon Hallingstad <hakon@yahooinc.com> | 2023-07-04 17:28:59 +0200 |
commit | 34d88b552e807316581ca546e873bd4ec87bace5 (patch) | |
tree | 5b94b445c5071c55087c2bc81de0ff05fe42c24d /node-repository | |
parent | bf4e236e3f9722c9b95e4d5fef21b61fc5c9c93a (diff) |
Exclude private IP addresses in other cloud accounts in ACLs
Diffstat (limited to 'node-repository')
11 files changed, 181 insertions, 187 deletions
diff --git a/node-repository/src/main/java/com/yahoo/vespa/hosted/provision/node/IP.java b/node-repository/src/main/java/com/yahoo/vespa/hosted/provision/node/IP.java index cc7db3c138a..8e27e6d34a8 100644 --- a/node-repository/src/main/java/com/yahoo/vespa/hosted/provision/node/IP.java +++ b/node-repository/src/main/java/com/yahoo/vespa/hosted/provision/node/IP.java @@ -119,7 +119,7 @@ public record IP() { for (var other : sortedNodes) { if (node.equals(other)) continue; if (canAssignIpOf(other, node)) continue; - Predicate<String> sharedIpSpace = other.cloudAccount().equals(node.cloudAccount()) ? __ -> true : IP::isPublic; + Predicate<String> sharedIpSpace = ip -> inSharedIpSpace(ip, other.cloudAccount(), node.cloudAccount()); var addresses = new HashSet<>(node.ipConfig().primary()); var otherAddresses = new HashSet<>(other.ipConfig().primary()); @@ -473,4 +473,9 @@ public record IP() { return ! address.isLoopbackAddress() && ! address.isLinkLocalAddress() && ! address.isSiteLocalAddress(); } + /** Returns true if the IP address is in the IP space of both sourceCloudAccount and targetCloudAccount. */ + public static boolean inSharedIpSpace(String ip, CloudAccount sourceCloudAccount, CloudAccount targetCloudAccount) { + return sourceCloudAccount.equals(targetCloudAccount) || isPublic(ip); + } + } diff --git a/node-repository/src/main/java/com/yahoo/vespa/hosted/provision/node/NodeAcl.java b/node-repository/src/main/java/com/yahoo/vespa/hosted/provision/node/NodeAcl.java index 843ba240ce9..e71b2a56676 100644 --- a/node-repository/src/main/java/com/yahoo/vespa/hosted/provision/node/NodeAcl.java +++ b/node-repository/src/main/java/com/yahoo/vespa/hosted/provision/node/NodeAcl.java @@ -2,6 +2,7 @@ package com.yahoo.vespa.hosted.provision.node; import com.google.common.collect.ImmutableSet; +import com.yahoo.config.provision.CloudAccount; import com.yahoo.config.provision.NodeType; import com.yahoo.config.provision.Zone; import com.yahoo.vespa.hosted.provision.Node; @@ -17,6 +18,7 @@ import java.util.Objects; import java.util.Optional; import java.util.Set; import java.util.TreeSet; +import java.util.stream.Collectors; import java.util.stream.StreamSupport; /** @@ -56,9 +58,9 @@ public record NodeAcl(Node node, // - nodes in same application // - load balancers allocated to application trustedPorts.add(22); - allNodes.parentOf(node).map(TrustedNode::of).ifPresent(trustedNodes::add); + allNodes.parentOf(node).map(parent -> TrustedNode.of(parent, node.cloudAccount())).ifPresent(trustedNodes::add); node.allocation().ifPresent(allocation -> { - trustedNodes.addAll(TrustedNode.of(allNodes.owner(allocation.owner()))); + trustedNodes.addAll(TrustedNode.of(allNodes.owner(allocation.owner()), node.cloudAccount())); loadBalancers.list(allocation.owner()).asList() .stream() .map(LoadBalancer::instance) @@ -75,15 +77,15 @@ public record NodeAcl(Node node, // - parents of the nodes in the same application: If some nodes are on a different IP version // or only a subset of them are dual-stacked, the communication between the nodes may be NAT-ed // via parent's IP address - trustedNodes.addAll(TrustedNode.of(allNodes.nodeType(NodeType.config))); - trustedNodes.addAll(TrustedNode.of(allNodes.nodeType(NodeType.proxy))); - node.allocation().ifPresent(allocation -> trustedNodes.addAll(TrustedNode.of(allNodes.parentsOf(allNodes.owner(allocation.owner()))))); + trustedNodes.addAll(TrustedNode.of(allNodes.nodeType(NodeType.config), node.cloudAccount())); + trustedNodes.addAll(TrustedNode.of(allNodes.nodeType(NodeType.proxy), node.cloudAccount())); + node.allocation().ifPresent(allocation -> trustedNodes.addAll(TrustedNode.of(allNodes.parentsOf(allNodes.owner(allocation.owner())), node.cloudAccount()))); if (node.state() == Node.State.ready) { // Tenant nodes in state ready, trust: // - All tenant nodes in zone. When a ready node is allocated to an application there's a brief // window where current ACLs have not yet been applied on the node. To avoid service disruption // during this window, ready tenant nodes trust all other tenant nodes - trustedNodes.addAll(TrustedNode.of(allNodes.nodeType(NodeType.tenant))); + trustedNodes.addAll(TrustedNode.of(allNodes.nodeType(NodeType.tenant), node.cloudAccount())); } } case config -> { @@ -94,7 +96,8 @@ public record NodeAcl(Node node, // - udp port 51820 from the world trustedNodes.addAll(TrustedNode.of(allNodes.nodeType(NodeType.host, NodeType.tenant, NodeType.proxyhost, NodeType.proxy), - RPC_PORTS)); + RPC_PORTS, + node.cloudAccount())); trustedPorts.add(4443); if (zone.system().isPublic() && zone.cloud().allowEnclave()) { trustedUdpPorts.add(WIREGUARD_PORT); @@ -104,7 +107,7 @@ public record NodeAcl(Node node, // Proxy nodes trust: // - config servers // - all connections from the world on 443 (production traffic) and 4443 (health checks) - trustedNodes.addAll(TrustedNode.of(allNodes.nodeType(NodeType.config))); + trustedNodes.addAll(TrustedNode.of(allNodes.nodeType(NodeType.config), node.cloudAccount())); trustedPorts.add(443); trustedPorts.add(4443); } @@ -123,24 +126,29 @@ public record NodeAcl(Node node, public record TrustedNode(String hostname, NodeType type, Set<String> ipAddresses, Set<Integer> ports) { - /** Trust given ports from node */ - public static TrustedNode of(Node node, Set<Integer> ports) { - return new TrustedNode(node.hostname(), node.type(), node.ipConfig().primary(), ports); + /** Trust given ports from node, and primary IP addresses shared with given cloud account */ + public static TrustedNode of(Node node, Set<Integer> ports, CloudAccount cloudAccount) { + Set<String> ipAddresses = node.ipConfig() + .primary() + .stream() + .filter(ip -> IP.inSharedIpSpace(ip, node.cloudAccount(), cloudAccount)) + .collect(Collectors.toSet()); + return new TrustedNode(node.hostname(), node.type(), ipAddresses, ports); } /** Trust all ports from given node */ - public static TrustedNode of(Node node) { - return of(node, Set.of()); + public static TrustedNode of(Node node, CloudAccount cloudAccount) { + return of(node, Set.of(), cloudAccount); } - public static List<TrustedNode> of(Iterable<Node> nodes, Set<Integer> ports) { + public static List<TrustedNode> of(Iterable<Node> nodes, Set<Integer> ports, CloudAccount cloudAccount) { return StreamSupport.stream(nodes.spliterator(), false) - .map(node -> TrustedNode.of(node, ports)) + .map(node -> TrustedNode.of(node, ports, cloudAccount)) .toList(); } - public static List<TrustedNode> of(Iterable<Node> nodes) { - return of(nodes, Set.of()); + public static List<TrustedNode> of(Iterable<Node> nodes, CloudAccount cloudAccount) { + return of(nodes, Set.of(), cloudAccount); } } diff --git a/node-repository/src/main/java/com/yahoo/vespa/hosted/provision/testutils/MockNodeRepository.java b/node-repository/src/main/java/com/yahoo/vespa/hosted/provision/testutils/MockNodeRepository.java index b7d6e0a9dd9..676adbf3d73 100644 --- a/node-repository/src/main/java/com/yahoo/vespa/hosted/provision/testutils/MockNodeRepository.java +++ b/node-repository/src/main/java/com/yahoo/vespa/hosted/provision/testutils/MockNodeRepository.java @@ -171,9 +171,11 @@ public class MockNodeRepository extends NodeRepository { // Config servers nodes.add(Node.create("cfg1", ipConfig(201), "cfg1.yahoo.com", flavors.getFlavorOrThrow("default"), NodeType.config) - .wireguardPubKey(WireguardKey.from("lololololololololololololololololololololoo=")).build()); + .cloudAccount(defaultCloudAccount) + .wireguardPubKey(WireguardKey.from("lololololololololololololololololololololoo=")).build()); nodes.add(Node.create("cfg2", ipConfig(202), "cfg2.yahoo.com", flavors.getFlavorOrThrow("default"), NodeType.config) - .build()); + .cloudAccount(defaultCloudAccount) + .build()); // Ready all nodes, except 7 and 55 nodes = nodes().addNodes(nodes, Agent.system); @@ -243,8 +245,8 @@ public class MockNodeRepository extends NodeRepository { activate(provisioner.prepare(app3, cluster3, Capacity.from(new ClusterResources(2, 1, new NodeResources(1, 4, 100, 1)), false, true), null), app3, provisioner); List<Node> largeNodes = new ArrayList<>(); - largeNodes.add(Node.create("node13", ipConfig(13), "host13.yahoo.com", resources(10, 48, 500, 1, fast, local), NodeType.tenant).build()); - largeNodes.add(Node.create("node14", ipConfig(14), "host14.yahoo.com", resources(10, 48, 500, 1, fast, local), NodeType.tenant).build()); + largeNodes.add(Node.create("node13", ipConfig(13), "host13.yahoo.com", resources(10, 48, 500, 1, fast, local), NodeType.tenant).cloudAccount(defaultCloudAccount).build()); + largeNodes.add(Node.create("node14", ipConfig(14), "host14.yahoo.com", resources(10, 48, 500, 1, fast, local), NodeType.tenant).cloudAccount(defaultCloudAccount).build()); nodes().addNodes(largeNodes, Agent.system); largeNodes.forEach(node -> nodes().setReady(new NodeMutex(node, () -> {}), Agent.system, getClass().getSimpleName())); ApplicationId app4 = ApplicationId.from(TenantName.from("tenant4"), ApplicationName.from("application4"), InstanceName.from("instance4")); diff --git a/node-repository/src/test/java/com/yahoo/vespa/hosted/provision/provisioning/AclProvisioningTest.java b/node-repository/src/test/java/com/yahoo/vespa/hosted/provision/provisioning/AclProvisioningTest.java index ab99a44cbab..87b9a85edcd 100644 --- a/node-repository/src/test/java/com/yahoo/vespa/hosted/provision/provisioning/AclProvisioningTest.java +++ b/node-repository/src/test/java/com/yahoo/vespa/hosted/provision/provisioning/AclProvisioningTest.java @@ -61,7 +61,7 @@ public class AclProvisioningTest { Supplier<NodeAcl> nodeAcls = () -> node.acl(tester.nodeRepository().nodes().list(), tester.nodeRepository().loadBalancers(), tester.nodeRepository().zone()); // Trusted nodes are active nodes in same application, proxy nodes and config servers - assertAcls(trustedNodesOf(List.of(activeNodes, proxyNodes, configServers.asList(), hostOfNode)), + assertAcls(trustedNodesOf(List.of(activeNodes, proxyNodes, configServers.asList(), hostOfNode), node.cloudAccount()), Set.of("10.2.3.0/24", "10.4.5.0/24"), List.of(nodeAcls.get())); } @@ -83,7 +83,7 @@ public class AclProvisioningTest { NodeList tenantNodes = tester.nodeRepository().nodes().list().nodeType(NodeType.tenant); // Trusted nodes are all proxy-, config-, and, tenant-nodes - assertAcls(trustedNodesOf(List.of(proxyNodes, configServers.asList(), tenantNodes.asList())), List.of(nodeAcl)); + assertAcls(trustedNodesOf(List.of(proxyNodes, configServers.asList(), tenantNodes.asList()), node.cloudAccount()), List.of(nodeAcl)); } @Test @@ -108,11 +108,11 @@ public class AclProvisioningTest { NodeAcl nodeAcl = node.acl(nodes, tester.nodeRepository().loadBalancers(), tester.nodeRepository().zone()); // Trusted nodes is all tenant nodes+hosts, all proxy nodes+hosts, all config servers and load balancer subnets - assertAcls(List.of(TrustedNode.of(tenantHosts, Set.of(19070)), - TrustedNode.of(tenantNodes, Set.of(19070)), - TrustedNode.of(proxyHosts, Set.of(19070)), - TrustedNode.of(proxyNodes, Set.of(19070)), - TrustedNode.of(configNodes)), + assertAcls(List.of(TrustedNode.of(tenantHosts, Set.of(19070), node.cloudAccount()), + TrustedNode.of(tenantNodes, Set.of(19070), node.cloudAccount()), + TrustedNode.of(proxyHosts, Set.of(19070), node.cloudAccount()), + TrustedNode.of(proxyNodes, Set.of(19070), node.cloudAccount()), + TrustedNode.of(configNodes, node.cloudAccount())), Set.of("10.2.3.0/24", "10.4.5.0/24"), List.of(nodeAcl)); assertEquals(Set.of(22, 4443), nodeAcl.trustedPorts()); @@ -145,7 +145,7 @@ public class AclProvisioningTest { NodeAcl nodeAcl = node.acl(tester.nodeRepository().nodes().list(), tester.nodeRepository().loadBalancers(), tester.nodeRepository().zone()); // Trusted nodes is all config servers and all proxy nodes - assertAcls(trustedNodesOf(List.of(proxyNodes.asList(), configServers.asList())), List.of(nodeAcl)); + assertAcls(trustedNodesOf(List.of(proxyNodes.asList(), configServers.asList()), node.cloudAccount()), List.of(nodeAcl)); assertEquals(Set.of(22, 443, 4443), nodeAcl.trustedPorts()); assertEquals(Set.of(), nodeAcl.trustedUdpPorts()); } @@ -171,7 +171,7 @@ public class AclProvisioningTest { .findFirst() .orElseThrow(() -> new RuntimeException("Expected to find ACL for node " + node.hostname())); assertEquals(host.hostname(), node.parentHostname().get()); - assertAcls(trustedNodesOf(List.of(configServers.asList(), nodes, List.of(host))), nodeAcl); + assertAcls(trustedNodesOf(List.of(configServers.asList(), nodes, List.of(host)), node.cloudAccount()), nodeAcl); } } @@ -185,7 +185,7 @@ public class AclProvisioningTest { // Controllers and hosts all trust each other NodeAcl controllerAcl = controllers.get(0).acl(tester.nodeRepository().nodes().list(), tester.nodeRepository().loadBalancers(), tester.nodeRepository().zone()); - assertAcls(trustedNodesOf(List.of(controllers)), Set.of("10.2.3.0/24", "10.4.5.0/24"), List.of(controllerAcl)); + assertAcls(trustedNodesOf(List.of(controllers), controllers.get(0).cloudAccount()), Set.of("10.2.3.0/24", "10.4.5.0/24"), List.of(controllerAcl)); assertEquals(Set.of(22, 4443, 443), controllerAcl.trustedPorts()); assertEquals(Set.of(), controllerAcl.trustedUdpPorts()); } @@ -238,12 +238,12 @@ public class AclProvisioningTest { nodeAcl.trustedNodes().stream().map(TrustedNode::ipAddresses).toList()); } - private static List<List<TrustedNode>> trustedNodesOf(List<List<Node>> nodes, Set<Integer> ports) { - return nodes.stream().map(node -> TrustedNode.of(node, ports)).toList(); + private static List<List<TrustedNode>> trustedNodesOf(List<List<Node>> nodes, Set<Integer> ports, CloudAccount cloudAccount) { + return nodes.stream().map(node -> TrustedNode.of(node, ports, cloudAccount)).toList(); } - private static List<List<TrustedNode>> trustedNodesOf(List<List<Node>> nodes) { - return trustedNodesOf(nodes, Set.of()); + private static List<List<TrustedNode>> trustedNodesOf(List<List<Node>> nodes, CloudAccount cloudAccount) { + return trustedNodesOf(nodes, Set.of(), cloudAccount); } private List<Node> deploy(int nodeCount) { diff --git a/node-repository/src/test/java/com/yahoo/vespa/hosted/provision/restapi/NodesV2ApiTest.java b/node-repository/src/test/java/com/yahoo/vespa/hosted/provision/restapi/NodesV2ApiTest.java index 0ef80cbe6f5..d93c8e3cbeb 100644 --- a/node-repository/src/test/java/com/yahoo/vespa/hosted/provision/restapi/NodesV2ApiTest.java +++ b/node-repository/src/test/java/com/yahoo/vespa/hosted/provision/restapi/NodesV2ApiTest.java @@ -459,7 +459,7 @@ public class NodesV2ApiTest { } @Test - public void acl_request_by_tenant_node() throws Exception { + public void acls_for_exclave_tenant_host() throws Exception { assertFile(new Request("http://localhost:8080/nodes/v2/acl/host3.yahoo.com"), "acl-tenant-node.json"); } diff --git a/node-repository/src/test/java/com/yahoo/vespa/hosted/provision/restapi/responses/acl-config-server.json b/node-repository/src/test/java/com/yahoo/vespa/hosted/provision/restapi/responses/acl-config-server.json index 1800dcacc3d..c5094e03348 100644 --- a/node-repository/src/test/java/com/yahoo/vespa/hosted/provision/restapi/responses/acl-config-server.json +++ b/node-repository/src/test/java/com/yahoo/vespa/hosted/provision/restapi/responses/acl-config-server.json @@ -3,256 +3,304 @@ { "hostname": "cfg1.yahoo.com", "type": "config", - "ipAddress": "127.0.201.1", + "ipAddress": "::201:1", "trustedBy": "cfg1.yahoo.com" }, { "hostname": "cfg1.yahoo.com", "type": "config", - "ipAddress": "::201:1", + "ipAddress": "127.0.201.1", "trustedBy": "cfg1.yahoo.com" }, { "hostname": "cfg2.yahoo.com", "type": "config", - "ipAddress": "127.0.202.1", + "ipAddress": "::202:1", "trustedBy": "cfg1.yahoo.com" }, { "hostname": "cfg2.yahoo.com", "type": "config", - "ipAddress": "::202:1", - "trustedBy": "cfg1.yahoo.com" - }, - { - "hostname": "dockerhost1.yahoo.com", - "type": "host", - "ipAddress": "127.0.100.1", - "ports": [19070], + "ipAddress": "127.0.202.1", "trustedBy": "cfg1.yahoo.com" }, { "hostname": "dockerhost1.yahoo.com", "type": "host", "ipAddress": "::100:1", - "ports": [19070], + "ports": [ + 19070 + ], "trustedBy": "cfg1.yahoo.com" }, { - "hostname": "dockerhost2.yahoo.com", + "hostname": "dockerhost1.yahoo.com", "type": "host", - "ipAddress": "127.0.101.1", - "ports": [19070], + "ipAddress": "127.0.100.1", + "ports": [ + 19070 + ], "trustedBy": "cfg1.yahoo.com" }, { "hostname": "dockerhost2.yahoo.com", "type": "host", "ipAddress": "::101:1", - "ports": [19070], + "ports": [ + 19070 + ], "trustedBy": "cfg1.yahoo.com" }, { "hostname": "dockerhost3.yahoo.com", "type": "host", - "ipAddress": "127.0.102.1", - "ports": [19070], + "ipAddress": "::102:1", + "ports": [ + 19070 + ], "trustedBy": "cfg1.yahoo.com" }, { "hostname": "dockerhost3.yahoo.com", "type": "host", - "ipAddress": "::102:1", - "ports": [19070], + "ipAddress": "127.0.102.1", + "ports": [ + 19070 + ], "trustedBy": "cfg1.yahoo.com" }, { "hostname": "dockerhost4.yahoo.com", "type": "host", - "ipAddress": "127.0.103.1", - "ports": [19070], + "ipAddress": "::103:1", + "ports": [ + 19070 + ], "trustedBy": "cfg1.yahoo.com" }, { "hostname": "dockerhost4.yahoo.com", "type": "host", - "ipAddress": "::103:1", - "ports": [19070], + "ipAddress": "127.0.103.1", + "ports": [ + 19070 + ], "trustedBy": "cfg1.yahoo.com" }, { "hostname": "dockerhost5.yahoo.com", "type": "host", - "ipAddress": "127.0.104.1", - "ports": [19070], + "ipAddress": "::104:1", + "ports": [ + 19070 + ], "trustedBy": "cfg1.yahoo.com" }, { "hostname": "dockerhost5.yahoo.com", "type": "host", - "ipAddress": "::104:1", - "ports": [19070], + "ipAddress": "127.0.104.1", + "ports": [ + 19070 + ], "trustedBy": "cfg1.yahoo.com" }, { "hostname": "host1.yahoo.com", "type": "tenant", - "ipAddress": "127.0.1.1", - "ports": [19070], + "ipAddress": "::1:1", + "ports": [ + 19070 + ], "trustedBy": "cfg1.yahoo.com" }, { "hostname": "host1.yahoo.com", "type": "tenant", - "ipAddress": "::1:1", - "ports": [19070], + "ipAddress": "127.0.1.1", + "ports": [ + 19070 + ], "trustedBy": "cfg1.yahoo.com" }, { "hostname": "host10.yahoo.com", "type": "tenant", - "ipAddress": "127.0.10.1", - "ports": [19070], + "ipAddress": "::10:1", + "ports": [ + 19070 + ], "trustedBy": "cfg1.yahoo.com" }, { "hostname": "host10.yahoo.com", "type": "tenant", - "ipAddress": "::10:1", - "ports": [19070], + "ipAddress": "127.0.10.1", + "ports": [ + 19070 + ], "trustedBy": "cfg1.yahoo.com" }, { "hostname": "host13.yahoo.com", "type": "tenant", "ipAddress": "127.0.13.1", - "ports": [19070], + "ports": [ + 19070 + ], "trustedBy": "cfg1.yahoo.com" }, { "hostname": "host13.yahoo.com", "type": "tenant", "ipAddress": "::13:1", - "ports": [19070], - "trustedBy": "cfg1.yahoo.com" - }, - { - "hostname": "host14.yahoo.com", - "type": "tenant", - "ipAddress": "127.0.14.1", - "ports": [19070], + "ports": [ + 19070 + ], "trustedBy": "cfg1.yahoo.com" }, { "hostname": "host14.yahoo.com", "type": "tenant", "ipAddress": "::14:1", - "ports": [19070], + "ports": [ + 19070 + ], "trustedBy": "cfg1.yahoo.com" }, { - "hostname": "host2.yahoo.com", + "hostname": "host14.yahoo.com", "type": "tenant", - "ipAddress": "127.0.2.1", - "ports": [19070], + "ipAddress": "127.0.14.1", + "ports": [ + 19070 + ], "trustedBy": "cfg1.yahoo.com" }, { "hostname": "host2.yahoo.com", "type": "tenant", "ipAddress": "::2:1", - "ports": [19070], + "ports": [ + 19070 + ], "trustedBy": "cfg1.yahoo.com" }, { - "hostname": "host3.yahoo.com", + "hostname": "host2.yahoo.com", "type": "tenant", - "ipAddress": "127.0.3.1", - "ports": [19070], + "ipAddress": "127.0.2.1", + "ports": [ + 19070 + ], "trustedBy": "cfg1.yahoo.com" }, { "hostname": "host3.yahoo.com", "type": "tenant", "ipAddress": "::3:1", - "ports": [19070], + "ports": [ + 19070 + ], "trustedBy": "cfg1.yahoo.com" }, { "hostname": "host4.yahoo.com", "type": "tenant", "ipAddress": "127.0.4.1", - "ports": [19070], + "ports": [ + 19070 + ], "trustedBy": "cfg1.yahoo.com" }, { "hostname": "host4.yahoo.com", "type": "tenant", "ipAddress": "::4:1", - "ports": [19070], + "ports": [ + 19070 + ], "trustedBy": "cfg1.yahoo.com" }, { "hostname": "host5.yahoo.com", "type": "tenant", - "ipAddress": "127.0.5.1", - "ports": [19070], + "ipAddress": "::5:1", + "ports": [ + 19070 + ], "trustedBy": "cfg1.yahoo.com" }, { "hostname": "host5.yahoo.com", "type": "tenant", - "ipAddress": "::5:1", - "ports": [19070], + "ipAddress": "127.0.5.1", + "ports": [ + 19070 + ], "trustedBy": "cfg1.yahoo.com" }, { "hostname": "host55.yahoo.com", "type": "tenant", - "ipAddress": "127.0.55.1", - "ports": [19070], + "ipAddress": "::55:1", + "ports": [ + 19070 + ], "trustedBy": "cfg1.yahoo.com" }, { "hostname": "host55.yahoo.com", "type": "tenant", - "ipAddress": "::55:1", - "ports": [19070], + "ipAddress": "127.0.55.1", + "ports": [ + 19070 + ], "trustedBy": "cfg1.yahoo.com" }, { "hostname": "host6.yahoo.com", "type": "tenant", "ipAddress": "127.0.6.1", - "ports": [19070], + "ports": [ + 19070 + ], "trustedBy": "cfg1.yahoo.com" }, { "hostname": "host6.yahoo.com", "type": "tenant", "ipAddress": "::6:1", - "ports": [19070], + "ports": [ + 19070 + ], "trustedBy": "cfg1.yahoo.com" }, { "hostname": "host7.yahoo.com", "type": "tenant", - "ipAddress": "127.0.7.1", - "ports": [19070], + "ipAddress": "::7:1", + "ports": [ + 19070 + ], "trustedBy": "cfg1.yahoo.com" }, { "hostname": "host7.yahoo.com", "type": "tenant", - "ipAddress": "::7:1", - "ports": [19070], + "ipAddress": "127.0.7.1", + "ports": [ + 19070 + ], "trustedBy": "cfg1.yahoo.com" }, { "hostname": "test-node-pool-102-2", "type": "tenant", "ipAddress": "::102:2", - "ports": [19070], + "ports": [ + 19070 + ], "trustedBy": "cfg1.yahoo.com" } ], @@ -268,14 +316,13 @@ ], "trustedPorts": [ { - "port":22, - "trustedBy":"cfg1.yahoo.com" + "port": 22, + "trustedBy": "cfg1.yahoo.com" }, { "port": 4443, "trustedBy": "cfg1.yahoo.com" } ], - "trustedUdpPorts": [ - ] + "trustedUdpPorts": [] } diff --git a/node-repository/src/test/java/com/yahoo/vespa/hosted/provision/restapi/responses/acl-tenant-node.json b/node-repository/src/test/java/com/yahoo/vespa/hosted/provision/restapi/responses/acl-tenant-node.json index bdc0dc21c95..f947540f7c5 100644 --- a/node-repository/src/test/java/com/yahoo/vespa/hosted/provision/restapi/responses/acl-tenant-node.json +++ b/node-repository/src/test/java/com/yahoo/vespa/hosted/provision/restapi/responses/acl-tenant-node.json @@ -3,84 +3,42 @@ { "hostname": "cfg1.yahoo.com", "type": "config", - "ipAddress": "127.0.201.1", - "trustedBy": "host3.yahoo.com" - }, - { - "hostname": "cfg1.yahoo.com", - "type": "config", "ipAddress": "::201:1", "trustedBy": "host3.yahoo.com" }, { "hostname": "cfg2.yahoo.com", "type": "config", - "ipAddress": "127.0.202.1", - "trustedBy": "host3.yahoo.com" - }, - { - "hostname": "cfg2.yahoo.com", - "type": "config", "ipAddress": "::202:1", "trustedBy": "host3.yahoo.com" }, { "hostname": "host1.yahoo.com", "type": "tenant", - "ipAddress": "127.0.1.1", - "trustedBy": "host3.yahoo.com" - }, - { - "hostname": "host1.yahoo.com", - "type": "tenant", "ipAddress": "::1:1", "trustedBy": "host3.yahoo.com" }, { "hostname": "host10.yahoo.com", "type": "tenant", - "ipAddress": "127.0.10.1", - "trustedBy": "host3.yahoo.com" - }, - { - "hostname": "host10.yahoo.com", - "type": "tenant", "ipAddress": "::10:1", "trustedBy": "host3.yahoo.com" }, { "hostname": "host13.yahoo.com", "type": "tenant", - "ipAddress": "127.0.13.1", - "trustedBy": "host3.yahoo.com" - }, - { - "hostname": "host13.yahoo.com", - "type": "tenant", "ipAddress": "::13:1", "trustedBy": "host3.yahoo.com" }, { "hostname": "host14.yahoo.com", "type": "tenant", - "ipAddress": "127.0.14.1", - "trustedBy": "host3.yahoo.com" - }, - { - "hostname": "host14.yahoo.com", - "type": "tenant", "ipAddress": "::14:1", "trustedBy": "host3.yahoo.com" }, { "hostname": "host2.yahoo.com", "type": "tenant", - "ipAddress": "127.0.2.1", - "trustedBy": "host3.yahoo.com" - }, - { - "hostname": "host2.yahoo.com", - "type": "tenant", "ipAddress": "::2:1", "trustedBy": "host3.yahoo.com" }, @@ -99,60 +57,30 @@ { "hostname": "host4.yahoo.com", "type": "tenant", - "ipAddress": "127.0.4.1", - "trustedBy": "host3.yahoo.com" - }, - { - "hostname": "host4.yahoo.com", - "type": "tenant", "ipAddress": "::4:1", "trustedBy": "host3.yahoo.com" }, { "hostname": "host5.yahoo.com", "type": "tenant", - "ipAddress": "127.0.5.1", - "trustedBy": "host3.yahoo.com" - }, - { - "hostname": "host5.yahoo.com", - "type": "tenant", "ipAddress": "::5:1", "trustedBy": "host3.yahoo.com" }, { "hostname": "host55.yahoo.com", "type": "tenant", - "ipAddress": "127.0.55.1", - "trustedBy": "host3.yahoo.com" - }, - { - "hostname": "host55.yahoo.com", - "type": "tenant", "ipAddress": "::55:1", "trustedBy": "host3.yahoo.com" }, { "hostname": "host6.yahoo.com", "type": "tenant", - "ipAddress": "127.0.6.1", - "trustedBy": "host3.yahoo.com" - }, - { - "hostname": "host6.yahoo.com", - "type": "tenant", "ipAddress": "::6:1", "trustedBy": "host3.yahoo.com" }, { "hostname": "host7.yahoo.com", "type": "tenant", - "ipAddress": "127.0.7.1", - "trustedBy": "host3.yahoo.com" - }, - { - "hostname": "host7.yahoo.com", - "type": "tenant", "ipAddress": "::7:1", "trustedBy": "host3.yahoo.com" }, diff --git a/node-repository/src/test/java/com/yahoo/vespa/hosted/provision/restapi/responses/cfg1.json b/node-repository/src/test/java/com/yahoo/vespa/hosted/provision/restapi/responses/cfg1.json index 60c19ec040b..52da67da9bf 100644 --- a/node-repository/src/test/java/com/yahoo/vespa/hosted/provision/restapi/responses/cfg1.json +++ b/node-repository/src/test/java/com/yahoo/vespa/hosted/provision/restapi/responses/cfg1.json @@ -117,5 +117,6 @@ "::201:1" ], "additionalIpAddresses": [], + "cloudAccount": "aws:111222333444", "wireguardPubkey":"lololololololololololololololololololololoo=" } diff --git a/node-repository/src/test/java/com/yahoo/vespa/hosted/provision/restapi/responses/cfg2.json b/node-repository/src/test/java/com/yahoo/vespa/hosted/provision/restapi/responses/cfg2.json index 3bd45acb856..bc1d04546e6 100644 --- a/node-repository/src/test/java/com/yahoo/vespa/hosted/provision/restapi/responses/cfg2.json +++ b/node-repository/src/test/java/com/yahoo/vespa/hosted/provision/restapi/responses/cfg2.json @@ -116,5 +116,6 @@ "127.0.202.1", "::202:1" ], - "additionalIpAddresses": [] + "additionalIpAddresses": [], + "cloudAccount": "aws:111222333444" } diff --git a/node-repository/src/test/java/com/yahoo/vespa/hosted/provision/restapi/responses/node13.json b/node-repository/src/test/java/com/yahoo/vespa/hosted/provision/restapi/responses/node13.json index f5152efd7cb..d0907ac5163 100644 --- a/node-repository/src/test/java/com/yahoo/vespa/hosted/provision/restapi/responses/node13.json +++ b/node-repository/src/test/java/com/yahoo/vespa/hosted/provision/restapi/responses/node13.json @@ -76,5 +76,6 @@ "127.0.13.1", "::13:1" ], - "additionalIpAddresses": [] + "additionalIpAddresses": [], + "cloudAccount": "aws:111222333444" } diff --git a/node-repository/src/test/java/com/yahoo/vespa/hosted/provision/restapi/responses/node14.json b/node-repository/src/test/java/com/yahoo/vespa/hosted/provision/restapi/responses/node14.json index f48e52b18bf..c80656800f0 100644 --- a/node-repository/src/test/java/com/yahoo/vespa/hosted/provision/restapi/responses/node14.json +++ b/node-repository/src/test/java/com/yahoo/vespa/hosted/provision/restapi/responses/node14.json @@ -76,5 +76,6 @@ "127.0.14.1", "::14:1" ], - "additionalIpAddresses": [] + "additionalIpAddresses": [], + "cloudAccount": "aws:111222333444" } |