diff options
author | Harald Musum <musum@yahoo-inc.com> | 2017-02-06 14:21:01 +0100 |
---|---|---|
committer | Harald Musum <musum@yahoo-inc.com> | 2017-02-06 14:21:01 +0100 |
commit | beb875d18317d3725f3ea31d567e18150b0430e5 (patch) | |
tree | 576c8c2db26b2ddf5033a88a71d2ea09df05b098 /node-repository | |
parent | 856eb42280a2bcde415bf4cbce7b68c3439f8992 (diff) |
Handle Docker hosts being part of zone app and not
* Update comments, simplify test a bit
Diffstat (limited to 'node-repository')
2 files changed, 15 insertions, 22 deletions
diff --git a/node-repository/src/main/java/com/yahoo/vespa/hosted/provision/NodeRepository.java b/node-repository/src/main/java/com/yahoo/vespa/hosted/provision/NodeRepository.java index d9b663bfabc..76218af9a80 100644 --- a/node-repository/src/main/java/com/yahoo/vespa/hosted/provision/NodeRepository.java +++ b/node-repository/src/main/java/com/yahoo/vespa/hosted/provision/NodeRepository.java @@ -168,16 +168,18 @@ public class NodeRepository extends AbstractComponent { break; case proxy: - // Proxy nodes trust Docker hosts, config servers and other proxy nodes. They also trust any traffic to ports + // Proxy nodes trust nodes in same application and config servers. They also trust any traffic to ports // 4080/4443, but these static rules are configured by the node itself trustedNodes.addAll(getConfigNodes()); - trustedNodes.addAll(getNodes(NodeType.proxy)); + if ( ! node.allocation().isPresent()) // TODO: Remove when proxy nodes are in zone app everywhere + trustedNodes.addAll(getNodes(NodeType.proxy)); break; case host: - // Docker hosts trust all proxy nodes, all config servers and all Docker hosts + // Docker hosts trust nodes in same application and config servers trustedNodes.addAll(getConfigNodes()); - trustedNodes.addAll(getNodes(NodeType.host)); + if ( ! node.allocation().isPresent()) // TODO: Remove when Docker hosts are in zone app everywhere + trustedNodes.addAll(getNodes(NodeType.host)); break; default: diff --git a/node-repository/src/test/java/com/yahoo/vespa/hosted/provision/provisioning/AclProvisioningTest.java b/node-repository/src/test/java/com/yahoo/vespa/hosted/provision/provisioning/AclProvisioningTest.java index 8f9bef1241b..1ed2bcd47ff 100644 --- a/node-repository/src/test/java/com/yahoo/vespa/hosted/provision/provisioning/AclProvisioningTest.java +++ b/node-repository/src/test/java/com/yahoo/vespa/hosted/provision/provisioning/AclProvisioningTest.java @@ -11,7 +11,6 @@ import com.yahoo.vespa.curator.mock.MockCurator; import com.yahoo.vespa.hosted.provision.Node; import com.yahoo.vespa.hosted.provision.node.NodeAcl; import com.yahoo.vespa.hosted.provision.testutils.MockNameResolver; -import org.glassfish.jersey.jaxb.internal.XmlCollectionJaxbProvider; import org.junit.Before; import org.junit.Test; @@ -145,25 +144,17 @@ public class AclProvisioningTest { List<Node> activeProxyNodes = allocateNodes(NodeType.proxy, applicationId); assertEquals(3, activeProxyNodes.size()); // Allocate 2 Docker hosts, a total of 5 hosts - List<Node> activeDockerHosts = allocateNodes(NodeType.host, applicationId); - assertEquals(5, activeDockerHosts.size()); - - // Get trusted nodes for first proxy node - Node proxyNode = activeProxyNodes.get(0); - List<NodeAcl> proxyNodeAcls = tester.nodeRepository().getNodeAcls(proxyNode, false); - - // Trusted nodes are all Docker hosts, all proxy nodes and all config servers - assertAcls(Arrays.asList(activeDockerHosts, activeProxyNodes, configServers), proxyNodeAcls); - - // Get trusted nodes for first Docker host - Node dockerHost = activeDockerHosts.get(0); - List<NodeAcl> dockerHostNodeAcls = tester.nodeRepository().getNodeAcls(dockerHost, false); - - // Trusted nodes are all Docker hosts, all proxy nodes and all config servers - assertAcls(Arrays.asList(activeDockerHosts, activeProxyNodes, configServers), dockerHostNodeAcls); + List<Node> activeDockerHostsAndProxyNodes = allocateNodes(NodeType.host, applicationId); + assertEquals(5, activeDockerHostsAndProxyNodes.size()); + + // Check trusted nodes for all nodes + activeDockerHostsAndProxyNodes.forEach(node -> { + System.out.println("Checking node " + node); + List<NodeAcl> nodeAcls = tester.nodeRepository().getNodeAcls(node, false); + assertAcls(Arrays.asList(activeDockerHostsAndProxyNodes, configServers), nodeAcls); + }); } - @Test public void trusted_nodes_for_child_nodes_of_docker_host() { List<Node> configServers = setConfigServers("cfg1:1234,cfg2:1234,cfg3:1234"); |