Handle Docker hosts being part of zone app and not

* Update comments, simplify test a bit
author: Harald Musum <musum@yahoo-inc.com> 2017-02-06 14:21:01 +0100
committer: Harald Musum <musum@yahoo-inc.com> 2017-02-06 14:21:01 +0100
commit: beb875d18317d3725f3ea31d567e18150b0430e5 (patch)
tree: 576c8c2db26b2ddf5033a88a71d2ea09df05b098 /node-repository
parent: 856eb42280a2bcde415bf4cbce7b68c3439f8992 (diff)
2 files changed, 15 insertions, 22 deletions
diff --git a/node-repository/src/main/java/com/yahoo/vespa/hosted/provision/NodeRepository.java b/node-repository/src/main/java/com/yahoo/vespa/hosted/provision/NodeRepository.java
index d9b663bfabc..76218af9a80 100644
--- a/node-repository/src/main/java/com/yahoo/vespa/hosted/provision/NodeRepository.java
+++ b/node-repository/src/main/java/com/yahoo/vespa/hosted/provision/NodeRepository.java
@@ -168,16 +168,18 @@ public class NodeRepository extends AbstractComponent {
                 break;
 
             case proxy:
-                // Proxy nodes trust Docker hosts, config servers and other proxy nodes. They also trust any traffic to ports
+                // Proxy nodes trust nodes in same application and config servers. They also trust any traffic to ports
                 // 4080/4443, but these static rules are configured by the node itself
                 trustedNodes.addAll(getConfigNodes());
-                trustedNodes.addAll(getNodes(NodeType.proxy));
+                if ( ! node.allocation().isPresent()) // TODO: Remove when proxy nodes are in zone app everywhere
+                    trustedNodes.addAll(getNodes(NodeType.proxy));
                 break;
 
             case host:
-                // Docker hosts trust all proxy nodes, all config servers and all Docker hosts
+                // Docker hosts trust nodes in same application and config servers
                 trustedNodes.addAll(getConfigNodes());
-                trustedNodes.addAll(getNodes(NodeType.host));
+                if ( ! node.allocation().isPresent()) // TODO: Remove when Docker hosts are in zone app everywhere
+                    trustedNodes.addAll(getNodes(NodeType.host));
                 break;
 
             default:
diff --git a/node-repository/src/test/java/com/yahoo/vespa/hosted/provision/provisioning/AclProvisioningTest.java b/node-repository/src/test/java/com/yahoo/vespa/hosted/provision/provisioning/AclProvisioningTest.java
index 8f9bef1241b..1ed2bcd47ff 100644
--- a/node-repository/src/test/java/com/yahoo/vespa/hosted/provision/provisioning/AclProvisioningTest.java
+++ b/node-repository/src/test/java/com/yahoo/vespa/hosted/provision/provisioning/AclProvisioningTest.java
@@ -11,7 +11,6 @@ import com.yahoo.vespa.curator.mock.MockCurator;
 import com.yahoo.vespa.hosted.provision.Node;
 import com.yahoo.vespa.hosted.provision.node.NodeAcl;
 import com.yahoo.vespa.hosted.provision.testutils.MockNameResolver;
-import org.glassfish.jersey.jaxb.internal.XmlCollectionJaxbProvider;
 import org.junit.Before;
 import org.junit.Test;
 
@@ -145,25 +144,17 @@ public class AclProvisioningTest {
         List<Node> activeProxyNodes = allocateNodes(NodeType.proxy, applicationId);
         assertEquals(3, activeProxyNodes.size());
         // Allocate 2 Docker hosts, a total of 5 hosts
-        List<Node> activeDockerHosts = allocateNodes(NodeType.host, applicationId);
-        assertEquals(5, activeDockerHosts.size());
-
-        // Get trusted nodes for first proxy node
-        Node proxyNode = activeProxyNodes.get(0);
-        List<NodeAcl> proxyNodeAcls = tester.nodeRepository().getNodeAcls(proxyNode, false);
-
-        // Trusted nodes are all Docker hosts, all proxy nodes and all config servers
-        assertAcls(Arrays.asList(activeDockerHosts, activeProxyNodes, configServers), proxyNodeAcls);
-
-        // Get trusted nodes for first Docker host
-        Node dockerHost = activeDockerHosts.get(0);
-        List<NodeAcl> dockerHostNodeAcls = tester.nodeRepository().getNodeAcls(dockerHost, false);
-
-        // Trusted nodes are all Docker hosts, all proxy nodes and all config servers
-        assertAcls(Arrays.asList(activeDockerHosts, activeProxyNodes, configServers), dockerHostNodeAcls);
+        List<Node> activeDockerHostsAndProxyNodes = allocateNodes(NodeType.host, applicationId);
+        assertEquals(5, activeDockerHostsAndProxyNodes.size());
+
+        // Check trusted nodes for all nodes
+        activeDockerHostsAndProxyNodes.forEach(node -> {
+            System.out.println("Checking node " + node);
+            List<NodeAcl> nodeAcls = tester.nodeRepository().getNodeAcls(node, false);
+            assertAcls(Arrays.asList(activeDockerHostsAndProxyNodes, configServers), nodeAcls);
+        });
     }
 
-
     @Test
     public void trusted_nodes_for_child_nodes_of_docker_host() {
         List<Node> configServers = setConfigServers("cfg1:1234,cfg2:1234,cfg3:1234");
author	Harald Musum <musum@yahoo-inc.com>	2017-02-06 14:21:01 +0100
committer	Harald Musum <musum@yahoo-inc.com>	2017-02-06 14:21:01 +0100
commit	beb875d18317d3725f3ea31d567e18150b0430e5 (patch)
tree	576c8c2db26b2ddf5033a88a71d2ea09df05b098 /node-repository
parent	856eb42280a2bcde415bf4cbce7b68c3439f8992 (diff)