diff options
-rw-r--r-- | controller-server/src/main/java/com/yahoo/vespa/hosted/controller/restapi/application/ApplicationApiHandler.java | 5 | ||||
-rw-r--r-- | flags/src/main/java/com/yahoo/vespa/flags/Flags.java | 6 |
2 files changed, 2 insertions, 9 deletions
diff --git a/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/restapi/application/ApplicationApiHandler.java b/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/restapi/application/ApplicationApiHandler.java index a8ec4e6f979..09803dbcf2c 100644 --- a/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/restapi/application/ApplicationApiHandler.java +++ b/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/restapi/application/ApplicationApiHandler.java @@ -173,7 +173,6 @@ public class ApplicationApiHandler extends AuditLoggingRequestHandler { private final Controller controller; private final AccessControlRequests accessControlRequests; private final TestConfigSerializer testConfigSerializer; - private final ListFlag<String> allowedServiceViewProxy; @Inject public ApplicationApiHandler(LoggingRequestHandler.Context parentCtx, @@ -183,7 +182,6 @@ public class ApplicationApiHandler extends AuditLoggingRequestHandler { this.controller = controller; this.accessControlRequests = accessControlRequests; this.testConfigSerializer = new TestConfigSerializer(controller.system()); - allowedServiceViewProxy = Flags.ALLOWED_SERVICE_VIEW_APIS.bindTo(controller.flagSource()); } @Override @@ -1719,7 +1717,8 @@ public class ApplicationApiHandler extends AuditLoggingRequestHandler { } String normalizedRestPath = URI.create(restPath).normalize().toString(); - if (allowedServiceViewProxy.value().stream().noneMatch(normalizedRestPath::startsWith)) { + // Only state/v1 is allowed + if (! normalizedRestPath.startsWith("state/v1/")) { return ErrorResponse.forbidden("Access denied"); } diff --git a/flags/src/main/java/com/yahoo/vespa/flags/Flags.java b/flags/src/main/java/com/yahoo/vespa/flags/Flags.java index ebd6f230fc7..67c4d3d4218 100644 --- a/flags/src/main/java/com/yahoo/vespa/flags/Flags.java +++ b/flags/src/main/java/com/yahoo/vespa/flags/Flags.java @@ -249,12 +249,6 @@ public class Flags { "Takes effect at redeployment", ZONE_ID, APPLICATION_ID); - public static final UnboundListFlag<String> ALLOWED_SERVICE_VIEW_APIS = defineListFlag( - "allowed-service-view-apis", List.of("state/v1/"), String.class, - List.of("mortent"), "2021-08-05", "2022-01-01", - "Apis allowed to proxy through the service view api", - "Takes effect immediately"); - public static final UnboundBooleanFlag SEPARATE_TENANT_IAM_ROLES = defineFeatureFlag( "separate-tenant-iam-roles", false, List.of("mortent"), "2021-08-12", "2022-01-01", |