diff options
6 files changed, 25 insertions, 36 deletions
diff --git a/config-provisioning/src/main/java/com/yahoo/config/provision/ZoneEndpoint.java b/config-provisioning/src/main/java/com/yahoo/config/provision/ZoneEndpoint.java index 9f114610e32..7f54c907334 100644 --- a/config-provisioning/src/main/java/com/yahoo/config/provision/ZoneEndpoint.java +++ b/config-provisioning/src/main/java/com/yahoo/config/provision/ZoneEndpoint.java @@ -20,8 +20,6 @@ public class ZoneEndpoint { private final List<AllowedUrn> allowedUrns; public ZoneEndpoint(boolean isPublicEndpoint, boolean isPrivateEndpoint, List<AllowedUrn> allowedUrns) { - if ( ! allowedUrns.isEmpty() && ! isPrivateEndpoint) - throw new IllegalArgumentException("cannot list allowed urns, without also enabling private visibility"); this.isPublicEndpoint = isPublicEndpoint; this.isPrivateEndpoint = isPrivateEndpoint; this.allowedUrns = List.copyOf(allowedUrns); diff --git a/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/restapi/application/ApplicationApiHandler.java b/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/restapi/application/ApplicationApiHandler.java index 54d219a2a6d..7fcad017569 100644 --- a/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/restapi/application/ApplicationApiHandler.java +++ b/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/restapi/application/ApplicationApiHandler.java @@ -1993,8 +1993,7 @@ public class ApplicationApiHandler extends AuditLoggingRequestHandler { } Cursor endpointsArray = serviceObject.setArray("endpoints"); controller.serviceRegistry().vpcEndpointService() - .getConnections(new ClusterId(id, lb.cluster()), - controller.applications().decideCloudAccountOf(id, controller.applications().requireApplication(TenantAndApplicationId.from(tenantName, applicationName)).deploymentSpec())) + .getConnections(new ClusterId(id, lb.cluster()), lb.cloudAccount()) .forEach(endpoint -> { Cursor endpointObject = endpointsArray.addObject(); endpointObject.setString("endpointId", endpoint.endpointId()); diff --git a/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/restapi/controller/DecryptionTokenResealer.java b/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/restapi/controller/DecryptionTokenResealer.java index 7addf83c67c..b3d966d20c9 100644 --- a/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/restapi/controller/DecryptionTokenResealer.java +++ b/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/restapi/controller/DecryptionTokenResealer.java @@ -21,17 +21,18 @@ import static com.yahoo.vespa.hosted.controller.restapi.controller.RequestUtils. class DecryptionTokenResealer { private static int checkKeyNameAndExtractVersion(KeyId tokenKeyId, String expectedKeyName) { - String[] components = tokenKeyId.asString().split("\\."); - if (components.length != 2) { + String keyStr = tokenKeyId.asString(); + int versionSepIdx = keyStr.lastIndexOf('.'); + if (versionSepIdx == -1) { throw new IllegalArgumentException("Key ID is not of the form 'name.version'"); } - String keyName = components[0]; + String keyName = keyStr.substring(0, versionSepIdx); if (!expectedKeyName.equals(keyName)) { throw new IllegalArgumentException("Token is not generated for the expected key"); } int keyVersion; try { - keyVersion = Integer.parseInt(components[1]); + keyVersion = Integer.parseInt(keyStr.substring(versionSepIdx + 1)); } catch (IllegalArgumentException e) { throw new IllegalArgumentException("Key version is not a valid integer"); } diff --git a/controller-server/src/test/java/com/yahoo/vespa/hosted/controller/restapi/ControllerContainerTest.java b/controller-server/src/test/java/com/yahoo/vespa/hosted/controller/restapi/ControllerContainerTest.java index 48f9d46fefb..7522f42f91b 100644 --- a/controller-server/src/test/java/com/yahoo/vespa/hosted/controller/restapi/ControllerContainerTest.java +++ b/controller-server/src/test/java/com/yahoo/vespa/hosted/controller/restapi/ControllerContainerTest.java @@ -63,7 +63,7 @@ public class ControllerContainerTest { </rotations> </config> <config name="vespa.hosted.controller.config.core-dump-token-resealing"> - <resealingPrivateKeyName>a-really-cool-key</resealingPrivateKeyName> + <resealingPrivateKeyName>a.really.cool.key</resealingPrivateKeyName> </config> <accesslog type='disabled'/> diff --git a/controller-server/src/test/java/com/yahoo/vespa/hosted/controller/restapi/controller/ControllerApiTest.java b/controller-server/src/test/java/com/yahoo/vespa/hosted/controller/restapi/controller/ControllerApiTest.java index a4b18a06fb8..e3a0684771c 100644 --- a/controller-server/src/test/java/com/yahoo/vespa/hosted/controller/restapi/controller/ControllerApiTest.java +++ b/controller-server/src/test/java/com/yahoo/vespa/hosted/controller/restapi/controller/ControllerApiTest.java @@ -220,11 +220,11 @@ public class ControllerApiTest extends ControllerContainerTest { @Test void decryption_token_reseal_request_succeeds_when_matching_versioned_key_found() { - var reqData = createResealingRequestData("a-really-cool-key.123"); // Must match key name in config + var reqData = createResealingRequestData("a.really.cool.key.123"); // Must match key name in config var secret = hex(reqData.originalSecretSharedKey.secretKey().getEncoded()); var secretStore = (SecretStoreMock)tester.controller().secretStore(); - secretStore.setSecret("a-really-cool-key", KeyUtils.toBase58EncodedX25519PrivateKey((XECPrivateKey)reqData.originalReceiverKeyPair.getPrivate()), 123); + secretStore.setSecret("a.really.cool.key", KeyUtils.toBase58EncodedX25519PrivateKey((XECPrivateKey)reqData.originalReceiverKeyPair.getPrivate()), 123); tester.assertResponse( () -> operatorRequest("http://localhost:8080/controller/v1/access/cores/reseal", requestJsonOf(reqData), Request.Method.POST), @@ -238,7 +238,7 @@ public class ControllerApiTest extends ControllerContainerTest { @Test void decryption_token_reseal_request_fails_when_unexpected_key_name_is_supplied() { - var reqData = createResealingRequestData("a-really-cool-but-non-existing-key.123"); + var reqData = createResealingRequestData("a.really.cool.but.non.existing.key.123"); tester.assertResponse( () -> operatorRequest("http://localhost:8080/controller/v1/access/cores/reseal", requestJsonOf(reqData), Request.Method.POST), "{\"error-code\":\"BAD_REQUEST\",\"message\":\"Token is not generated for the expected key\"}", @@ -247,10 +247,10 @@ public class ControllerApiTest extends ControllerContainerTest { @Test void secret_key_lookup_does_not_use_key_id_provided_in_user_supplied_token() { - var reqData = createResealingRequestData("a-sneaky-key.123"); + var reqData = createResealingRequestData("a.sneaky.key.123"); var secretStore = (SecretStoreMock)tester.controller().secretStore(); // Token key ID is technically valid, but should not be used. Only config should be obeyed. - secretStore.setSecret("a-sneaky-key", KeyUtils.toBase58EncodedX25519PrivateKey((XECPrivateKey)reqData.originalReceiverKeyPair.getPrivate()), 123); + secretStore.setSecret("a.sneaky.key", KeyUtils.toBase58EncodedX25519PrivateKey((XECPrivateKey)reqData.originalReceiverKeyPair.getPrivate()), 123); tester.assertResponse( () -> operatorRequest("http://localhost:8080/controller/v1/access/cores/reseal", requestJsonOf(reqData), Request.Method.POST), @@ -281,17 +281,22 @@ public class ControllerApiTest extends ControllerContainerTest { 400); tester.assertResponse( () -> operatorRequest("http://localhost:8080/controller/v1/access/cores/reseal", - requestJsonOf(createResealingRequestData("a-really-cool-key.123asdf")), Request.Method.POST), + requestJsonOf(createResealingRequestData("a.really.cool.key.123asdf")), Request.Method.POST), "{\"error-code\":\"BAD_REQUEST\",\"message\":\"Key version is not a valid integer\"}", 400); tester.assertResponse( () -> operatorRequest("http://localhost:8080/controller/v1/access/cores/reseal", - requestJsonOf(createResealingRequestData("a-really-cool-key.-123")), Request.Method.POST), + requestJsonOf(createResealingRequestData("a.really.cool.key.")), Request.Method.POST), + "{\"error-code\":\"BAD_REQUEST\",\"message\":\"Key version is not a valid integer\"}", + 400); + tester.assertResponse( + () -> operatorRequest("http://localhost:8080/controller/v1/access/cores/reseal", + requestJsonOf(createResealingRequestData("a.really.cool.key.-123")), Request.Method.POST), "{\"error-code\":\"BAD_REQUEST\",\"message\":\"Key version is out of range\"}", 400); tester.assertResponse( () -> operatorRequest("http://localhost:8080/controller/v1/access/cores/reseal", - requestJsonOf(createResealingRequestData("a-really-cool-key.%d".formatted((long)Integer.MAX_VALUE + 1))), Request.Method.POST), + requestJsonOf(createResealingRequestData("a.really.cool.key.%d".formatted((long)Integer.MAX_VALUE + 1))), Request.Method.POST), "{\"error-code\":\"BAD_REQUEST\",\"message\":\"Key version is not a valid integer\"}", 400); } diff --git a/vespamalloc/src/vespamalloc/malloc/overload.h b/vespamalloc/src/vespamalloc/malloc/overload.h index e209d1b6df5..abfe376b38b 100644 --- a/vespamalloc/src/vespamalloc/malloc/overload.h +++ b/vespamalloc/src/vespamalloc/malloc/overload.h @@ -15,10 +15,7 @@ public: vespamalloc::createAllocator(); } private: -#ifdef __clang__ - [[maybe_unused]] -#endif - unsigned _initialized; + [[maybe_unused]] unsigned _initialized; }; static CreateAllocator _CreateAllocator __attribute__ ((init_priority (543))); @@ -229,33 +226,22 @@ size_t malloc_usable_size (void * ptr) __THROW { } #define ALIAS(x) __attribute__ ((weak, alias (x), visibility ("default"))) -#ifdef __clang__ -void* __libc_malloc(size_t sz) __THROW __attribute__((malloc, alloc_size(1))) ALIAS("malloc"); -void* __libc_realloc(void* ptr, size_t sz) __THROW __attribute__((malloc, alloc_size(2))) ALIAS("realloc"); -void* __libc_reallocarray(void* ptr, size_t nemb, size_t sz) __THROW __attribute__((malloc, alloc_size(2,3))) ALIAS("reallocarray"); -void* __libc_calloc(size_t n, size_t sz) __THROW __attribute__((malloc, alloc_size(1,2))) ALIAS("calloc"); -void cfree(void *) __THROW ALIAS("free"); -void __libc_free(void* ptr) __THROW ALIAS("free"); -#pragma clang diagnostic push -#pragma clang diagnostic ignored "-Wignored-attributes" -void __libc_cfree(void* ptr) __THROW ALIAS("cfree"); -#pragma clang diagnostic pop -#else + void* __libc_malloc(size_t sz) __THROW __attribute__((leaf, malloc, alloc_size(1))) ALIAS("malloc"); void* __libc_realloc(void* ptr, size_t sz) __THROW __attribute__((leaf, malloc, alloc_size(2))) ALIAS("realloc"); void* __libc_reallocarray(void* ptr, size_t nemb, size_t sz) __THROW __attribute__((leaf, malloc, alloc_size(2,3))) ALIAS("reallocarray"); void* __libc_calloc(size_t n, size_t sz) __THROW __attribute__((leaf, malloc, alloc_size(1,2))) ALIAS("calloc"); -void cfree(void *) __THROW __attribute__((leaf)) ALIAS("free"); void __libc_free(void* ptr) __THROW __attribute__((leaf)) ALIAS("free"); -void __libc_cfree(void* ptr) __THROW __attribute__((leaf)) ALIAS("cfree"); -#endif size_t __libc_malloc_usable_size(void *ptr) __THROW ALIAS("malloc_usable_size"); + #if __GLIBC_PREREQ(2, 34) void* __libc_memalign(size_t align, size_t s) __THROW __attribute__((leaf, malloc, alloc_align(1), alloc_size(2))) ALIAS("memalign"); #else void* __libc_memalign(size_t align, size_t s) __THROW __attribute__((leaf, malloc, alloc_size(2))) ALIAS("memalign"); #endif + int __posix_memalign(void** r, size_t a, size_t s) __THROW __nonnull((1)) ALIAS("posix_memalign"); + #if __GLIBC_PREREQ(2, 33) struct mallinfo2 __libc_mallinfo2() __THROW ALIAS("mallinfo2"); #else |