summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat
-rw-r--r--controller-server/src/main/java/com/yahoo/vespa/hosted/controller/restapi/application/ApplicationApiHandler.java5
-rw-r--r--flags/src/main/java/com/yahoo/vespa/flags/Flags.java6
2 files changed, 2 insertions, 9 deletions
diff --git a/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/restapi/application/ApplicationApiHandler.java b/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/restapi/application/ApplicationApiHandler.java
index a8ec4e6f979..09803dbcf2c 100644
--- a/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/restapi/application/ApplicationApiHandler.java
+++ b/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/restapi/application/ApplicationApiHandler.java
@@ -173,7 +173,6 @@ public class ApplicationApiHandler extends AuditLoggingRequestHandler {
private final Controller controller;
private final AccessControlRequests accessControlRequests;
private final TestConfigSerializer testConfigSerializer;
- private final ListFlag<String> allowedServiceViewProxy;
@Inject
public ApplicationApiHandler(LoggingRequestHandler.Context parentCtx,
@@ -183,7 +182,6 @@ public class ApplicationApiHandler extends AuditLoggingRequestHandler {
this.controller = controller;
this.accessControlRequests = accessControlRequests;
this.testConfigSerializer = new TestConfigSerializer(controller.system());
- allowedServiceViewProxy = Flags.ALLOWED_SERVICE_VIEW_APIS.bindTo(controller.flagSource());
}
@Override
@@ -1719,7 +1717,8 @@ public class ApplicationApiHandler extends AuditLoggingRequestHandler {
}
String normalizedRestPath = URI.create(restPath).normalize().toString();
- if (allowedServiceViewProxy.value().stream().noneMatch(normalizedRestPath::startsWith)) {
+ // Only state/v1 is allowed
+ if (! normalizedRestPath.startsWith("state/v1/")) {
return ErrorResponse.forbidden("Access denied");
}
diff --git a/flags/src/main/java/com/yahoo/vespa/flags/Flags.java b/flags/src/main/java/com/yahoo/vespa/flags/Flags.java
index ebd6f230fc7..67c4d3d4218 100644
--- a/flags/src/main/java/com/yahoo/vespa/flags/Flags.java
+++ b/flags/src/main/java/com/yahoo/vespa/flags/Flags.java
@@ -249,12 +249,6 @@ public class Flags {
"Takes effect at redeployment",
ZONE_ID, APPLICATION_ID);
- public static final UnboundListFlag<String> ALLOWED_SERVICE_VIEW_APIS = defineListFlag(
- "allowed-service-view-apis", List.of("state/v1/"), String.class,
- List.of("mortent"), "2021-08-05", "2022-01-01",
- "Apis allowed to proxy through the service view api",
- "Takes effect immediately");
-
public static final UnboundBooleanFlag SEPARATE_TENANT_IAM_ROLES = defineFeatureFlag(
"separate-tenant-iam-roles", false,
List.of("mortent"), "2021-08-12", "2022-01-01",