3 files changed, 25 insertions, 7 deletions

diff --git a/configserver/src/main/java/com/yahoo/vespa/config/server/rpc/security/DefaultRpcAuthorizerProvider.java b/configserver/src/main/java/com/yahoo/vespa/config/server/rpc/security/DefaultRpcAuthorizerProvider.java
index b069991010a..b129e53f7d3 100644
--- a/configserver/src/main/java/com/yahoo/vespa/config/server/rpc/security/DefaultRpcAuthorizerProvider.java
+++ b/configserver/src/main/java/com/yahoo/vespa/config/server/rpc/security/DefaultRpcAuthorizerProvider.java
@@ -8,6 +8,8 @@ import com.yahoo.container.di.componentgraph.Provider;
 import com.yahoo.security.tls.TransportSecurityUtils;
 import com.yahoo.vespa.config.server.host.HostRegistries;
 import com.yahoo.vespa.config.server.rpc.RequestHandlerProvider;
+import com.yahoo.vespa.flags.FlagSource;
+import com.yahoo.vespa.flags.Flags;
 
 /**
  * A provider for {@link RpcAuthorizer}. The instance provided is dependent on the configuration of the configserver.
@@ -22,13 +24,25 @@ public class DefaultRpcAuthorizerProvider implements Provider<RpcAuthorizer> {
     public DefaultRpcAuthorizerProvider(ConfigserverConfig config,
                                         NodeIdentifier nodeIdentifier,
                                         HostRegistries hostRegistries,
-                                        RequestHandlerProvider handlerProvider) {
+                                        RequestHandlerProvider handlerProvider,
+                                        FlagSource flagSource) {
+        String authorizerMode = Flags.CONFIGSERVER_RPC_AUTHORIZER.bindTo(flagSource).value();
+        boolean useMultiTenantAuthorizer =
+                TransportSecurityUtils.isTransportSecurityEnabled() && config.multitenant() && config.hostedVespa() && !authorizerMode.equals("disable");
         this.rpcAuthorizer =
-                TransportSecurityUtils.isTransportSecurityEnabled() && config.multitenant() && config.hostedVespa()
-                        ? new MultiTenantRpcAuthorizer(nodeIdentifier, hostRegistries, handlerProvider)
+                useMultiTenantAuthorizer
+                        ? new MultiTenantRpcAuthorizer(nodeIdentifier, hostRegistries, handlerProvider, toMultiTenantRpcAuthorizerMode(authorizerMode))
                         : new NoopRpcAuthorizer();
     }
 
+    private static MultiTenantRpcAuthorizer.Mode toMultiTenantRpcAuthorizerMode(String authorizerMode) {
+        switch (authorizerMode) {
+            case "log-only": return MultiTenantRpcAuthorizer.Mode.LOG_ONLY;
+            case "enforce": return MultiTenantRpcAuthorizer.Mode.ENFORCE;
+            default: throw new IllegalArgumentException("Invalid authorizer mode: " + authorizerMode);
+        }
+    }
+
     @Override
     public RpcAuthorizer get() {
         return rpcAuthorizer;
diff --git a/configserver/src/main/java/com/yahoo/vespa/config/server/rpc/security/MultiTenantRpcAuthorizer.java b/configserver/src/main/java/com/yahoo/vespa/config/server/rpc/security/MultiTenantRpcAuthorizer.java
index 2527569bea4..93ece2069b4 100644
--- a/configserver/src/main/java/com/yahoo/vespa/config/server/rpc/security/MultiTenantRpcAuthorizer.java
+++ b/configserver/src/main/java/com/yahoo/vespa/config/server/rpc/security/MultiTenantRpcAuthorizer.java
@@ -1,7 +1,6 @@
 // Copyright 2019 Oath Inc. Licensed under the terms of the Apache 2.0 license. See LICENSE in the project root.
 package com.yahoo.vespa.config.server.rpc.security;
 
-import com.google.inject.Inject;
 import com.yahoo.concurrent.DaemonThreadFactory;
 import com.yahoo.config.FileReference;
 import com.yahoo.config.provision.ApplicationId;
@@ -49,15 +48,15 @@ public class MultiTenantRpcAuthorizer implements RpcAuthorizer {
     private final Executor executor;
     private final Mode mode;
 
-    @Inject
     public MultiTenantRpcAuthorizer(NodeIdentifier nodeIdentifier,
                                     HostRegistries hostRegistries,
-                                    RequestHandlerProvider handlerProvider) {
+                                    RequestHandlerProvider handlerProvider,
+                                    Mode mode) {
         this(nodeIdentifier,
              hostRegistries.getTenantHostRegistry(),
              handlerProvider,
              Executors.newFixedThreadPool(4, new DaemonThreadFactory("RPC-Authorizer-")),
-             Mode.LOG_ONLY); // TODO Change default mode
+             mode);
     }
 
     MultiTenantRpcAuthorizer(NodeIdentifier nodeIdentifier,
diff --git a/flags/src/main/java/com/yahoo/vespa/flags/Flags.java b/flags/src/main/java/com/yahoo/vespa/flags/Flags.java
index c790fc5659e..9cf508444f5 100644
--- a/flags/src/main/java/com/yahoo/vespa/flags/Flags.java
+++ b/flags/src/main/java/com/yahoo/vespa/flags/Flags.java
@@ -158,6 +158,11 @@ public class Flags {
             "Takes effect only at bootstrap of config server/controller",
             HOSTNAME);
 
+    public static final UnboundStringFlag CONFIGSERVER_RPC_AUTHORIZER = defineStringFlag(
+            "configserver-rpc-authorizer", "log-only",
+            "Configserver RPC authorizer. Allowed values: ['disable', 'log-only', 'enforce']",
+            "Takes effect on restart of configserver");
+
 
     /** WARNING: public for testing: All flags should be defined in {@link Flags}. */
     public static UnboundBooleanFlag defineFeatureFlag(String flagId, boolean defaultValue, String description,