diff options
18 files changed, 53 insertions, 149 deletions
diff --git a/config-model/src/main/java/com/yahoo/vespa/model/admin/Admin.java b/config-model/src/main/java/com/yahoo/vespa/model/admin/Admin.java index 711ea885a36..19c64d7903d 100644 --- a/config-model/src/main/java/com/yahoo/vespa/model/admin/Admin.java +++ b/config-model/src/main/java/com/yahoo/vespa/model/admin/Admin.java @@ -19,7 +19,6 @@ import com.yahoo.vespa.model.admin.monitoring.MetricsConsumer; import com.yahoo.vespa.model.admin.monitoring.Monitoring; import com.yahoo.vespa.model.admin.monitoring.builder.Metrics; import com.yahoo.vespa.model.container.ContainerCluster; -import com.yahoo.vespa.model.filedistribution.DummyFileDistributionConfigProducer; import com.yahoo.vespa.model.filedistribution.FileDistributionConfigProducer; import com.yahoo.vespa.model.filedistribution.FileDistributionConfigProvider; import com.yahoo.vespa.model.filedistribution.FileDistributor; @@ -230,14 +229,11 @@ public class Admin extends AbstractConfigProducer implements Serializable { } FileDistributionConfigProvider configProvider = - new FileDistributionConfigProvider(fileDistributor, + new FileDistributionConfigProvider(fileDistribution, + fileDistributor, host == deployHost, host.getHost()); - DummyFileDistributionConfigProducer dummyFileDistributionConfigProducer = - new DummyFileDistributionConfigProducer(fileDistribution, - host.getHost().getHostname(), - configProvider); - fileDistribution.addFileDistributionConfigProducer(host.getHost(), dummyFileDistributionConfigProducer); + fileDistribution.addFileDistributionConfigProducer(host.getHost(), configProvider); } private boolean deployHostIsMissing(HostResource deployHost) { diff --git a/config-model/src/main/java/com/yahoo/vespa/model/builder/xml/dom/DomAdminBuilderBase.java b/config-model/src/main/java/com/yahoo/vespa/model/builder/xml/dom/DomAdminBuilderBase.java index a78e9ad30fc..96e120cae92 100644 --- a/config-model/src/main/java/com/yahoo/vespa/model/builder/xml/dom/DomAdminBuilderBase.java +++ b/config-model/src/main/java/com/yahoo/vespa/model/builder/xml/dom/DomAdminBuilderBase.java @@ -25,9 +25,8 @@ import static com.yahoo.vespa.model.admin.monitoring.builder.PredefinedMetricSet /** * A base class for admin model builders, to support common functionality across versions. * - * @author lulf - * @author vegardh - * @since 5.12 + * @author Ulf Lilleengen + * @author Vegard Havdal */ public abstract class DomAdminBuilderBase extends VespaDomBuilder.DomConfigProducerBuilder<Admin> { @@ -80,7 +79,7 @@ public abstract class DomAdminBuilderBase extends VespaDomBuilder.DomConfigProdu } private FileDistributionConfigProducer getFileDistributionConfigProducer(AbstractConfigProducer parent) { - return new FileDistributionConfigProducer.Builder().build(parent, fileRegistry, configServerSpecs); + return new FileDistributionConfigProducer(parent, fileRegistry, configServerSpecs); } private Element getChildWithFallback(Element parent, String childName, String alternativeChildName) { diff --git a/config-model/src/main/java/com/yahoo/vespa/model/filedistribution/DummyFileDistributionConfigProducer.java b/config-model/src/main/java/com/yahoo/vespa/model/filedistribution/DummyFileDistributionConfigProducer.java deleted file mode 100644 index d4993d01d1c..00000000000 --- a/config-model/src/main/java/com/yahoo/vespa/model/filedistribution/DummyFileDistributionConfigProducer.java +++ /dev/null @@ -1,35 +0,0 @@ -// Copyright 2017 Yahoo Holdings. Licensed under the terms of the Apache 2.0 license. See LICENSE in the project root. -package com.yahoo.vespa.model.filedistribution; - -import com.yahoo.cloud.config.filedistribution.FiledistributorrpcConfig; -import com.yahoo.cloud.config.filedistribution.FilereferencesConfig; -import com.yahoo.config.model.producer.AbstractConfigProducer; - -/** - * @author hmusum - * <p> - * Dummy file distribution config producer, needed for serving file distribution config when there is no FiledistributorService. - */ -public class DummyFileDistributionConfigProducer extends AbstractConfigProducer implements - FiledistributorrpcConfig.Producer, - FilereferencesConfig.Producer { - - private final FileDistributionConfigProvider configProvider; - - public DummyFileDistributionConfigProducer(AbstractConfigProducer parent, - String hostname, - FileDistributionConfigProvider configProvider) { - super(parent, hostname); - this.configProvider = configProvider; - } - - @Override - public void getConfig(FiledistributorrpcConfig.Builder builder) { - configProvider.getConfig(builder); - } - - @Override - public void getConfig(FilereferencesConfig.Builder builder) { - configProvider.getConfig(builder); - } -} diff --git a/config-model/src/main/java/com/yahoo/vespa/model/filedistribution/FileDistributionConfigProducer.java b/config-model/src/main/java/com/yahoo/vespa/model/filedistribution/FileDistributionConfigProducer.java index 9441b787b09..9662540e8df 100644 --- a/config-model/src/main/java/com/yahoo/vespa/model/filedistribution/FileDistributionConfigProducer.java +++ b/config-model/src/main/java/com/yahoo/vespa/model/filedistribution/FileDistributionConfigProducer.java @@ -13,13 +13,17 @@ import java.util.Map; /** * @author hmusum * <p> - * File distribution config producer, delegates getting config to {@link DummyFileDistributionConfigProducer} (one per host) + * File distribution config producer, delegates getting config to {@link FileDistributionConfigProvider} (one per host) */ public class FileDistributionConfigProducer extends AbstractConfigProducer { - private final Map<Host, AbstractConfigProducer> fileDistributionConfigProducers = new IdentityHashMap<>(); + private final Map<Host, FileDistributionConfigProvider> fileDistributionConfigProviders = new IdentityHashMap<>(); private final FileDistributor fileDistributor; + public FileDistributionConfigProducer(AbstractConfigProducer ancestor, FileRegistry fileRegistry, List<ConfigServerSpec> configServerSpec) { + this(ancestor, new FileDistributor(fileRegistry, configServerSpec)); + } + private FileDistributionConfigProducer(AbstractConfigProducer parent, FileDistributor fileDistributor) { super(parent, "filedistribution"); this.fileDistributor = fileDistributor; @@ -29,20 +33,12 @@ public class FileDistributionConfigProducer extends AbstractConfigProducer { return fileDistributor; } - public void addFileDistributionConfigProducer(Host host, AbstractConfigProducer fileDistributionConfigProducer) { - fileDistributionConfigProducers.put(host, fileDistributionConfigProducer); - } - - public static class Builder { - - public FileDistributionConfigProducer build(AbstractConfigProducer ancestor, FileRegistry fileRegistry, List<ConfigServerSpec> configServerSpec) { - FileDistributor fileDistributor = new FileDistributor(fileRegistry, configServerSpec); - return new FileDistributionConfigProducer(ancestor, fileDistributor); - } + public void addFileDistributionConfigProducer(Host host, FileDistributionConfigProvider fileDistributionConfigProvider) { + fileDistributionConfigProviders.put(host, fileDistributionConfigProvider); } - public AbstractConfigProducer getConfigProducer(Host host) { - return fileDistributionConfigProducers.get(host); + public FileDistributionConfigProvider getConfigProducer(Host host) { + return fileDistributionConfigProviders.get(host); } } diff --git a/config-model/src/main/java/com/yahoo/vespa/model/filedistribution/FileDistributionConfigProvider.java b/config-model/src/main/java/com/yahoo/vespa/model/filedistribution/FileDistributionConfigProvider.java index 34e242400d3..47ee546181a 100644 --- a/config-model/src/main/java/com/yahoo/vespa/model/filedistribution/FileDistributionConfigProvider.java +++ b/config-model/src/main/java/com/yahoo/vespa/model/filedistribution/FileDistributionConfigProvider.java @@ -4,29 +4,35 @@ package com.yahoo.vespa.model.filedistribution; import com.yahoo.cloud.config.filedistribution.FiledistributorrpcConfig; import com.yahoo.cloud.config.filedistribution.FilereferencesConfig; import com.yahoo.config.FileReference; +import com.yahoo.config.model.producer.AbstractConfigProducer; import com.yahoo.vespa.model.ConfigProxy; import com.yahoo.vespa.model.Host; import java.util.Collection; -public class FileDistributionConfigProvider { +public class FileDistributionConfigProvider extends AbstractConfigProducer + implements FiledistributorrpcConfig.Producer, FilereferencesConfig.Producer { private final FileDistributor fileDistributor; private final boolean sendAllFiles; private final Host host; - public FileDistributionConfigProvider(FileDistributor fileDistributor, + public FileDistributionConfigProvider(AbstractConfigProducer parent, + FileDistributor fileDistributor, boolean sendAllFiles, Host host) { + super(parent, host.getHostname()); this.fileDistributor = fileDistributor; this.sendAllFiles = sendAllFiles; this.host = host; } + @Override public void getConfig(FiledistributorrpcConfig.Builder builder) { builder.connectionspec("tcp/" + host.getHostname() + ":" + ConfigProxy.BASEPORT); } + @Override public void getConfig(FilereferencesConfig.Builder builder) { for (FileReference reference : getFileReferences()) { builder.filereferences(reference.value()); diff --git a/config-model/src/main/java/com/yahoo/vespa/model/search/SearchNode.java b/config-model/src/main/java/com/yahoo/vespa/model/search/SearchNode.java index df5c2c9c173..e8f0c0de30a 100644 --- a/config-model/src/main/java/com/yahoo/vespa/model/search/SearchNode.java +++ b/config-model/src/main/java/com/yahoo/vespa/model/search/SearchNode.java @@ -19,8 +19,8 @@ import com.yahoo.vespa.model.admin.monitoring.Monitoring; import com.yahoo.vespa.model.application.validation.RestartConfigs; import com.yahoo.vespa.model.builder.xml.dom.VespaDomBuilder; import com.yahoo.vespa.model.content.ContentNode; -import com.yahoo.vespa.model.filedistribution.DummyFileDistributionConfigProducer; import com.yahoo.vespa.model.filedistribution.FileDistributionConfigProducer; +import com.yahoo.vespa.model.filedistribution.FileDistributionConfigProvider; import org.w3c.dom.Element; import java.util.HashMap; @@ -228,8 +228,8 @@ public class SearchNode extends AbstractService implements public void getConfig(FiledistributorrpcConfig.Builder builder) { FileDistributionConfigProducer fileDistribution = getRoot().getFileDistributionConfigProducer(); if (fileDistribution != null) { - AbstractConfigProducer configProducer = fileDistribution.getConfigProducer(getHost()); - ((DummyFileDistributionConfigProducer) configProducer).getConfig(builder); + FileDistributionConfigProvider configProducer = fileDistribution.getConfigProducer(getHost()); + configProducer.getConfig(builder); } } diff --git a/config-model/src/test/java/com/yahoo/vespa/model/content/utils/ContentClusterUtils.java b/config-model/src/test/java/com/yahoo/vespa/model/content/utils/ContentClusterUtils.java index 15acdf0737b..8e0c0d0b253 100644 --- a/config-model/src/test/java/com/yahoo/vespa/model/content/utils/ContentClusterUtils.java +++ b/config-model/src/test/java/com/yahoo/vespa/model/content/utils/ContentClusterUtils.java @@ -60,8 +60,7 @@ public class ContentClusterUtils { public static ContentCluster createCluster(String clusterXml, MockRoot root) { Document doc = XML.getDocument(clusterXml); Admin admin = new Admin(root, new DefaultMonitoring("vespa", 60), new Metrics(), Collections.emptyMap(), false, - new FileDistributionConfigProducer.Builder() - .build(root, new MockFileRegistry(), null)); + new FileDistributionConfigProducer(root, new MockFileRegistry(), null)); ConfigModelContext context = ConfigModelContext.create(null, root.getDeployState(), null, root, null); return new ContentCluster.Builder(admin).build(Collections.emptyList(), context, doc.getDocumentElement()); diff --git a/filedistribution/src/main/java/com/yahoo/vespa/filedistribution/CompressedFileReference.java b/filedistribution/src/main/java/com/yahoo/vespa/filedistribution/CompressedFileReference.java index c4cd2a073c1..a1ad5c8a200 100644 --- a/filedistribution/src/main/java/com/yahoo/vespa/filedistribution/CompressedFileReference.java +++ b/filedistribution/src/main/java/com/yahoo/vespa/filedistribution/CompressedFileReference.java @@ -64,9 +64,11 @@ public class CompressedFileReference { static void decompress(File inputFile, File outputDir) throws IOException { log.log(LogLevel.DEBUG, () -> "Decompressing '" + inputFile + "' into '" + outputDir + "'"); - ArchiveInputStream ais = new TarArchiveInputStream(new GZIPInputStream(new FileInputStream(inputFile))); - decompress(ais, outputDir); - ais.close(); + try (ArchiveInputStream ais = new TarArchiveInputStream(new GZIPInputStream(new FileInputStream(inputFile)))) { + decompress(ais, outputDir); + } catch (IllegalArgumentException e) { + throw new RuntimeException("Unable to decompress '" + inputFile.getAbsolutePath() + "': " + e.getMessage()); + } } private static void decompress(ArchiveInputStream archiveInputStream, File outputFile) throws IOException { @@ -95,7 +97,8 @@ public class CompressedFileReference { entries++; } if (entries == 0) { - log.log(LogLevel.WARNING, "Not able to read any entries from " + outputFile.getName()); + throw new IllegalArgumentException("Not able to read any entries from stream (" + + archiveInputStream.getBytesRead() + " bytes read from stream)"); } } diff --git a/filedistribution/src/main/java/com/yahoo/vespa/filedistribution/FileDownloader.java b/filedistribution/src/main/java/com/yahoo/vespa/filedistribution/FileDownloader.java index f2a82ac6ead..c9f29197854 100644 --- a/filedistribution/src/main/java/com/yahoo/vespa/filedistribution/FileDownloader.java +++ b/filedistribution/src/main/java/com/yahoo/vespa/filedistribution/FileDownloader.java @@ -78,10 +78,6 @@ public class FileDownloader { } } - void receiveFile(FileReferenceData fileReferenceData) { - fileReferenceDownloader.receiveFile(fileReferenceData); - } - double downloadStatus(FileReference fileReference) { return fileReferenceDownloader.downloadStatus(fileReference.value()); } diff --git a/filedistribution/src/main/java/com/yahoo/vespa/filedistribution/FileReceiver.java b/filedistribution/src/main/java/com/yahoo/vespa/filedistribution/FileReceiver.java index 83cf4e1ad80..26a1cad2220 100644 --- a/filedistribution/src/main/java/com/yahoo/vespa/filedistribution/FileReceiver.java +++ b/filedistribution/src/main/java/com/yahoo/vespa/filedistribution/FileReceiver.java @@ -185,38 +185,6 @@ public class FileReceiver { return methods; } - void receiveFile(FileReferenceData fileReferenceData) { - long xxHashFromContent = fileReferenceData.xxhash(); - if (xxHashFromContent != fileReferenceData.xxhash()) { - throw new RuntimeException("xxhash from content (" + xxHashFromContent + ") is not equal to xxhash in request (" + fileReferenceData.xxhash() + ")"); - } - - File fileReferenceDir = new File(downloadDirectory, fileReferenceData.fileReference().value()); - // file might be a directory (and then type is compressed) - File file = new File(fileReferenceDir, fileReferenceData.filename()); - try { - File tempDownloadedDir = Files.createTempDirectory(tmpDirectory.toPath(), "downloaded").toFile(); - File tempFile = new File(tempDownloadedDir, fileReferenceData.filename()); - Files.write(tempFile.toPath(), fileReferenceData.content().array()); - - // Unpack if necessary - if (fileReferenceData.type() == FileReferenceData.Type.compressed) { - File decompressedDir = Files.createTempDirectory(tempDownloadedDir.toPath(), "decompressed").toFile(); - log.log(LogLevel.DEBUG, () -> "Compressed file, unpacking " + tempFile + " to " + decompressedDir); - CompressedFileReference.decompress(tempFile, decompressedDir); - moveFileToDestination(decompressedDir, fileReferenceDir); - } else { - log.log(LogLevel.DEBUG, () -> "Uncompressed file, moving to " + file.getAbsolutePath()); - Files.createDirectories(fileReferenceDir.toPath()); - moveFileToDestination(tempFile, file); - } - downloader.completedDownloading(fileReferenceData.fileReference(), file); - } catch (IOException e) { - log.log(LogLevel.ERROR, "Failed writing file: " + e.getMessage(), e); - throw new RuntimeException("Failed writing file: ", e); - } - } - private static void moveFileToDestination(File tempFile, File destination) { try { Files.move(tempFile.toPath(), destination.toPath()); diff --git a/filedistribution/src/main/java/com/yahoo/vespa/filedistribution/FileReferenceDownloader.java b/filedistribution/src/main/java/com/yahoo/vespa/filedistribution/FileReferenceDownloader.java index 1008df229f1..f8e990a264a 100644 --- a/filedistribution/src/main/java/com/yahoo/vespa/filedistribution/FileReferenceDownloader.java +++ b/filedistribution/src/main/java/com/yahoo/vespa/filedistribution/FileReferenceDownloader.java @@ -43,14 +43,13 @@ public class FileReferenceDownloader { private final Map<FileReference, Double> downloadStatus = new HashMap<>(); // between 0 and 1 private final Duration downloadTimeout; private final Duration sleepBetweenRetries; - private final FileReceiver fileReceiver; - FileReferenceDownloader(File downloadDirectory, File tmpDirectory, ConnectionPool connectionPool, - Duration timeout, Duration sleepBetweenRetries) { + FileReferenceDownloader(File downloadDirectory, File tmpDirectory, ConnectionPool connectionPool, Duration timeout, Duration sleepBetweenRetries) { this.connectionPool = connectionPool; this.downloadTimeout = timeout; this.sleepBetweenRetries = sleepBetweenRetries; - this.fileReceiver = new FileReceiver(connectionPool.getSupervisor(), this, downloadDirectory, tmpDirectory); + // Needed to receive RPC calls receiveFile* from server after asking for files + new FileReceiver(connectionPool.getSupervisor(), this, downloadDirectory, tmpDirectory); } private void startDownload(Duration timeout, FileReferenceDownload fileReferenceDownload) { @@ -86,10 +85,6 @@ public class FileReferenceDownloader { downloadExecutor.submit(() -> startDownload(downloadTimeout, fileReferenceDownload)); } - void receiveFile(FileReferenceData fileReferenceData) { - fileReceiver.receiveFile(fileReferenceData); - } - void completedDownloading(FileReference fileReference, File file) { synchronized (downloads) { FileReferenceDownload download = downloads.get(fileReference); diff --git a/filedistribution/src/test/java/com/yahoo/vespa/filedistribution/FileDownloaderTest.java b/filedistribution/src/test/java/com/yahoo/vespa/filedistribution/FileDownloaderTest.java index e0ef2ecf7e4..4351b796624 100644 --- a/filedistribution/src/test/java/com/yahoo/vespa/filedistribution/FileDownloaderTest.java +++ b/filedistribution/src/test/java/com/yahoo/vespa/filedistribution/FileDownloaderTest.java @@ -13,11 +13,14 @@ import com.yahoo.jrt.Transport; import com.yahoo.text.Utf8; import com.yahoo.vespa.config.Connection; import com.yahoo.vespa.config.ConnectionPool; +import net.jpountz.xxhash.XXHash64; +import net.jpountz.xxhash.XXHashFactory; import org.junit.Before; import org.junit.Test; import java.io.File; import java.io.IOException; +import java.nio.ByteBuffer; import java.nio.file.Files; import java.nio.file.Path; import java.time.Duration; @@ -225,7 +228,11 @@ public class FileDownloaderTest { } private void receiveFile(FileReference fileReference, String filename, FileReferenceData.Type type, byte[] content) { - fileDownloader.receiveFile(new FileReferenceDataBlob(fileReference, filename, type, content)); + XXHash64 hasher = XXHashFactory.fastestInstance().hash64(); + FileReceiver.Session session = + new FileReceiver.Session(downloadDir, tempDir, 1, fileReference, type, filename, content.length); + session.addPart(0, content); + session.close(hasher.hash(ByteBuffer.wrap(content), 0)); } private static class MockConnection implements ConnectionPool, com.yahoo.vespa.config.Connection { diff --git a/filedistribution/src/test/java/com/yahoo/vespa/filedistribution/FileReceiverTest.java b/filedistribution/src/test/java/com/yahoo/vespa/filedistribution/FileReceiverTest.java index 78fc094a9ef..8dda0bcce66 100644 --- a/filedistribution/src/test/java/com/yahoo/vespa/filedistribution/FileReceiverTest.java +++ b/filedistribution/src/test/java/com/yahoo/vespa/filedistribution/FileReceiverTest.java @@ -14,14 +14,10 @@ import org.junit.rules.TemporaryFolder; import static org.junit.Assert.assertEquals; import java.io.File; -import java.io.FileOutputStream; -import java.io.FileReader; import java.io.FileWriter; import java.io.IOException; import java.nio.ByteBuffer; import java.nio.file.Files; -import java.nio.file.Path; -import java.nio.file.Paths; public class FileReceiverTest { private File root; @@ -92,7 +88,7 @@ public class FileReceiverTest { assertEquals(all, Utf8.toString(allReadBytes)); } - private void transferCompressedData(FileReference ref, String fileName, byte[] data) throws IOException { + private void transferCompressedData(FileReference ref, String fileName, byte[] data) { FileReceiver.Session session = new FileReceiver.Session(root, tempDir, 1, ref, FileReferenceData.Type.compressed, fileName, data.length); session.addPart(0, data); diff --git a/node-repository/src/main/java/com/yahoo/vespa/hosted/provision/restapi/v2/filter/AuthorizationFilter.java b/node-repository/src/main/java/com/yahoo/vespa/hosted/provision/restapi/v2/filter/AuthorizationFilter.java index 12de9aeef30..fcefe73a8b9 100644 --- a/node-repository/src/main/java/com/yahoo/vespa/hosted/provision/restapi/v2/filter/AuthorizationFilter.java +++ b/node-repository/src/main/java/com/yahoo/vespa/hosted/provision/restapi/v2/filter/AuthorizationFilter.java @@ -2,7 +2,6 @@ package com.yahoo.vespa.hosted.provision.restapi.v2.filter; import com.google.inject.Inject; -import com.yahoo.config.provision.SystemName; import com.yahoo.config.provision.Zone; import com.yahoo.jdisc.handler.ResponseHandler; import com.yahoo.jdisc.http.filter.DiscFilterRequest; @@ -34,7 +33,7 @@ public class AuthorizationFilter implements SecurityRequestFilter { @Inject public AuthorizationFilter(Zone zone, NodeRepository nodeRepository) { - this(new Authorizer(zone.system(), nodeRepository), rejectActionIn(zone.system())); + this(new Authorizer(zone.system(), nodeRepository), AuthorizationFilter::logAndReject); } AuthorizationFilter(BiPredicate<Principal, URI> authorizer, @@ -63,17 +62,6 @@ public class AuthorizationFilter implements SecurityRequestFilter { } } - private static BiConsumer<ErrorResponse, ResponseHandler> rejectActionIn(SystemName system) { - if (system == SystemName.cd) { - return AuthorizationFilter::logAndReject; - } - return AuthorizationFilter::log; - } - - private static void log(ErrorResponse response, @SuppressWarnings("unused") ResponseHandler handler) { - log.warning("Would reject request: " + response.getStatus() + " - " + response.message()); - } - private static void logAndReject(ErrorResponse response, ResponseHandler handler) { log.warning(response.message()); FilterUtils.write(response, handler); @@ -81,8 +69,7 @@ public class AuthorizationFilter implements SecurityRequestFilter { /** Read common name (CN) from certificate */ private static Optional<String> commonName(X509Certificate certificate) { - return X509CertificateUtils.getCommonNames(certificate).stream() - .findFirst(); + return X509CertificateUtils.getCommonNames(certificate).stream().findFirst(); } } diff --git a/node-repository/src/main/java/com/yahoo/vespa/hosted/provision/restapi/v2/filter/LocalhostFilter.java b/node-repository/src/main/java/com/yahoo/vespa/hosted/provision/restapi/v2/filter/LocalhostFilter.java index 368b464afff..f9900f9b0ec 100644 --- a/node-repository/src/main/java/com/yahoo/vespa/hosted/provision/restapi/v2/filter/LocalhostFilter.java +++ b/node-repository/src/main/java/com/yahoo/vespa/hosted/provision/restapi/v2/filter/LocalhostFilter.java @@ -10,7 +10,7 @@ import com.yahoo.vespa.hosted.provision.restapi.v2.ErrorResponse; import java.net.InetAddress; /** - * A security filter that only allows local requests. + * A security filter that only allows self-originating requests. * * @author mpolden */ diff --git a/node-repository/src/test/java/com/yahoo/vespa/hosted/provision/restapi/v2/filter/AuthorizationFilterTest.java b/node-repository/src/test/java/com/yahoo/vespa/hosted/provision/restapi/v2/filter/AuthorizationFilterTest.java index 1d59ed52b67..c6203c76347 100644 --- a/node-repository/src/test/java/com/yahoo/vespa/hosted/provision/restapi/v2/filter/AuthorizationFilterTest.java +++ b/node-repository/src/test/java/com/yahoo/vespa/hosted/provision/restapi/v2/filter/AuthorizationFilterTest.java @@ -22,7 +22,7 @@ public class AuthorizationFilterTest { @Before public void before() { - tester = filterTester(SystemName.cd); + tester = filterTester(SystemName.main); } @Test @@ -43,14 +43,6 @@ public class AuthorizationFilterTest { tester.assertSuccess(new Request(Method.GET, "/nodes/v2/node/foo").commonName("foo")); } - // TODO: Remove once filter applies to all systems - @Test - public void filter_does_nothing_in_main_system() { - FilterTester tester = filterTester(SystemName.main); - tester.assertSuccess(new Request(Method.GET, "/").commonName("foo")); - tester.assertSuccess(new Request(Method.GET, "/nodes/v2/node/bar").commonName("foo")); - } - private static FilterTester filterTester(SystemName system) { Zone zone = new Zone(system, Environment.prod, RegionName.defaultName()); return new FilterTester(new AuthorizationFilter(zone, new MockNodeRepository(new MockCurator(), diff --git a/node-repository/src/test/java/com/yahoo/vespa/hosted/provision/restapi/v2/filter/FilterTester.java b/node-repository/src/test/java/com/yahoo/vespa/hosted/provision/restapi/v2/filter/FilterTester.java index 5cd01755c26..3fdff46933c 100644 --- a/node-repository/src/test/java/com/yahoo/vespa/hosted/provision/restapi/v2/filter/FilterTester.java +++ b/node-repository/src/test/java/com/yahoo/vespa/hosted/provision/restapi/v2/filter/FilterTester.java @@ -87,8 +87,7 @@ public class FilterTester { Instant now = Instant.now(); X500Principal subject = new X500Principal("CN=" + commonName); return X509CertificateBuilder - .fromKeypair( - keyPair, subject, now, now.plus(Duration.ofDays(30)), SHA256_WITH_RSA, now.toEpochMilli()) + .fromKeypair(keyPair, subject, now, now.plus(Duration.ofDays(30)), SHA256_WITH_RSA, now.toEpochMilli()) .setBasicConstraints(true, true) .build(); } diff --git a/node-repository/src/test/java/com/yahoo/vespa/hosted/provision/restapi/v2/filter/LocalhostFilterTest.java b/node-repository/src/test/java/com/yahoo/vespa/hosted/provision/restapi/v2/filter/LocalhostFilterTest.java index b4e446f6818..cb1ac2ade72 100644 --- a/node-repository/src/test/java/com/yahoo/vespa/hosted/provision/restapi/v2/filter/LocalhostFilterTest.java +++ b/node-repository/src/test/java/com/yahoo/vespa/hosted/provision/restapi/v2/filter/LocalhostFilterTest.java @@ -30,7 +30,7 @@ public class LocalhostFilterTest { tester.assertSuccess(new Request(Method.GET, "/").remoteAddr("127.127.0.1")); tester.assertSuccess(new Request(Method.GET, "/").remoteAddr("0:0:0:0:0:0:0:1")); - // Allow requests originating from same host + // Allow requests originating from self tester.assertSuccess(new Request(Method.GET, "/").localAddr("1.3.3.7").remoteAddr("1.3.3.7")); } |