diff options
6 files changed, 94 insertions, 25 deletions
diff --git a/config-model-api/src/main/java/com/yahoo/config/model/api/ModelContext.java b/config-model-api/src/main/java/com/yahoo/config/model/api/ModelContext.java index b5db9f5eddd..9d7ae9759c3 100644 --- a/config-model-api/src/main/java/com/yahoo/config/model/api/ModelContext.java +++ b/config-model-api/src/main/java/com/yahoo/config/model/api/ModelContext.java @@ -59,6 +59,8 @@ public interface ModelContext { boolean useAdaptiveDispatch(); // TODO: Remove when 7.61 is the oldest model in use default boolean enableMetricsProxyContainer() { return false; } + // TODO: Remove temporary default implementation + default Optional<TlsSecrets> tlsSecrets() { return Optional.empty(); } } } diff --git a/config-model-api/src/main/java/com/yahoo/config/model/api/TlsSecrets.java b/config-model-api/src/main/java/com/yahoo/config/model/api/TlsSecrets.java new file mode 100644 index 00000000000..3cb4cedcbac --- /dev/null +++ b/config-model-api/src/main/java/com/yahoo/config/model/api/TlsSecrets.java @@ -0,0 +1,30 @@ +// Copyright 2019 Oath Inc. Licensed under the terms of the Apache 2.0 license. See LICENSE in the project root. +package com.yahoo.config.model.api; + + public class TlsSecrets { + public static final TlsSecrets MISSING = new TlsSecrets(); + + private final String certificate; + private final String key; + + private TlsSecrets() { + this(null,null); + } + + public TlsSecrets(String certificate, String key) { + this.certificate = certificate; + this.key = key; + } + + public String certificate() { + return certificate; + } + + public String key() { + return key; + } + + public boolean isMissing() { + return this == MISSING; + } +} diff --git a/flags/src/main/java/com/yahoo/vespa/flags/Flags.java b/flags/src/main/java/com/yahoo/vespa/flags/Flags.java index 66c8da86403..1b7ed1fb21e 100644 --- a/flags/src/main/java/com/yahoo/vespa/flags/Flags.java +++ b/flags/src/main/java/com/yahoo/vespa/flags/Flags.java @@ -69,6 +69,12 @@ public class Flags { "Takes effect on next node agent tick. Change is orchestrated, but does NOT require container restart", HOSTNAME, APPLICATION_ID); + public static final UnboundBooleanFlag SUPPORT_DHCPV6_IN_AWS = defineFeatureFlag( + "support-dhcpv6-in-aws", true, + "Whether to open up for DHCPv6 traffic in AWS. Old behavior is false.", + "Takes effect on next tick in host-admin, except FirewallTask which requires a restart of host-admin", + HOSTNAME); + public static final UnboundStringFlag TLS_INSECURE_MIXED_MODE = defineStringFlag( "tls-insecure-mixed-mode", "tls_client_mixed_server", "TLS insecure mixed mode. Allowed values: ['plaintext_client_mixed_server', 'tls_client_mixed_server', 'tls_client_tls_server']", diff --git a/node-admin/src/main/java/com/yahoo/vespa/hosted/node/admin/task/util/network/IPVersion.java b/node-admin/src/main/java/com/yahoo/vespa/hosted/node/admin/task/util/network/IPVersion.java index de80d4dca18..4cc825dacd6 100644 --- a/node-admin/src/main/java/com/yahoo/vespa/hosted/node/admin/task/util/network/IPVersion.java +++ b/node-admin/src/main/java/com/yahoo/vespa/hosted/node/admin/task/util/network/IPVersion.java @@ -15,52 +15,53 @@ import java.util.regex.Pattern; */ public enum IPVersion { - IPv6(6, "ip6tables", "ip -6", "ipv6-icmp", "/128", "icmp6-port-unreachable", "ip6tables-restore"), - IPv4(4, "iptables", "ip", "icmp", "/32", "icmp-port-unreachable", "iptables-restore"); + IPv6(6, "ip6tables", "ip -6", "ipv6-icmp", 128, "icmp6-port-unreachable", "ip6tables-restore", "fe80::/10"), + IPv4(4, "iptables", "ip", "icmp", 32, "icmp-port-unreachable", "iptables-restore", "169.254.0.0/16"); private static final Pattern cidrNotationPattern = Pattern.compile("/\\d+$"); IPVersion(int version, String iptablesCmd, String ipCmd, - String icmpProtocol, String singleHostCidr, String icmpPortUnreachable, - String iptablesRestore) { + String icmpProtocol, int size, String icmpPortUnreachable, + String iptablesRestore, String linkLocalCidr) { this.version = version; this.ipCmd = ipCmd; this.iptablesCmd = iptablesCmd; this.icmpProtocol = icmpProtocol; - this.singleHostCidr = singleHostCidr; + this.size = size; this.icmpPortUnreachable = icmpPortUnreachable; this.iptablesRestore = iptablesRestore; + this.linkLocalCidr = linkLocalCidr; } private final int version; private final String iptablesCmd; private final String ipCmd; private final String icmpProtocol; - private final String singleHostCidr; + private final int size; private final String icmpPortUnreachable; private final String iptablesRestore; + private final String linkLocalCidr; - public int version() { - return version; - } - public String versionString() { - return String.valueOf(version); - } - public String iptablesCmd() { - return iptablesCmd; - } - public String iptablesRestore() { - return iptablesRestore; - } - public String ipCmd() { - return ipCmd; - } - public String icmpProtocol() { - return icmpProtocol; - } - public String singleHostCidr() { return singleHostCidr; } + /** The ID of the IP version, either IPv4 or IPv6. */ + public String id() { return "IPv" + version; } + + /** The IP version, either 4 or 6 */ + public int version() { return version; } + + public String versionString() { return String.valueOf(version); } + public String iptablesCmd() { return iptablesCmd; } + public String iptablesRestore() { return iptablesRestore;} + public String ipCmd() { return ipCmd; } + public String icmpProtocol() { return icmpProtocol; } + public String singleHostCidr() { return "/" + size; } public String icmpPortUnreachable() { return icmpPortUnreachable; } + /** The address size (in bits) of the IP version: 32 or 128. */ + public int addressSize() { return size; } + + /** Both IPv4 and IPv6 have exactly one link-local address space: 169.254.0.0/16 or fe80::/10. */ + public String linkLocalAddressCidr() { return linkLocalCidr; } + public boolean match(InetAddress address) { return this == IPVersion.get(address); } diff --git a/searchlib/src/vespa/searchlib/queryeval/intermediate_blueprints.cpp b/searchlib/src/vespa/searchlib/queryeval/intermediate_blueprints.cpp index 0a11203c390..bf7b659dea7 100644 --- a/searchlib/src/vespa/searchlib/queryeval/intermediate_blueprints.cpp +++ b/searchlib/src/vespa/searchlib/queryeval/intermediate_blueprints.cpp @@ -68,6 +68,20 @@ void optimize_source_blenders(IntermediateBlueprint &self, size_t begin_idx) { } } +void +need_normal_features_for_children(const IntermediateBlueprint &blueprint, fef::MatchData &md) +{ + for (size_t i = 0; i < blueprint.childCnt(); ++i) { + const Blueprint::State &cs = blueprint.getChild(i).getState(); + for (size_t j = 0; j < cs.numFields(); ++j) { + auto *tfmd = cs.field(j).resolve(md); + if (tfmd != nullptr) { + tfmd->setNeedNormalFeatures(true); + } + } + } +} + } // namespace search::queryeval::<unnamed> //----------------------------------------------------------------------------- @@ -375,6 +389,13 @@ NearBlueprint::inheritStrict(size_t i) const } SearchIterator::UP +NearBlueprint::createSearch(fef::MatchData &md, bool strict) const +{ + need_normal_features_for_children(*this, md); + return IntermediateBlueprint::createSearch(md, strict); +} + +SearchIterator::UP NearBlueprint::createIntermediateSearch(const MultiSearch::Children &subSearches, bool strict, search::fef::MatchData &md) const { @@ -416,6 +437,13 @@ ONearBlueprint::inheritStrict(size_t i) const } SearchIterator::UP +ONearBlueprint::createSearch(fef::MatchData &md, bool strict) const +{ + need_normal_features_for_children(*this, md); + return IntermediateBlueprint::createSearch(md, strict); +} + +SearchIterator::UP ONearBlueprint::createIntermediateSearch(const MultiSearch::Children &subSearches, bool strict, search::fef::MatchData &md) const { diff --git a/searchlib/src/vespa/searchlib/queryeval/intermediate_blueprints.h b/searchlib/src/vespa/searchlib/queryeval/intermediate_blueprints.h index 440794c25d8..a217c8f303d 100644 --- a/searchlib/src/vespa/searchlib/queryeval/intermediate_blueprints.h +++ b/searchlib/src/vespa/searchlib/queryeval/intermediate_blueprints.h @@ -102,6 +102,7 @@ public: bool should_optimize_children() const override { return false; } void sort(std::vector<Blueprint*> &children) const override; bool inheritStrict(size_t i) const override; + SearchIteratorUP createSearch(fef::MatchData &md, bool strict) const override; SearchIterator::UP createIntermediateSearch(const MultiSearch::Children &subSearches, bool strict, fef::MatchData &md) const override; @@ -122,6 +123,7 @@ public: bool should_optimize_children() const override { return false; } void sort(std::vector<Blueprint*> &children) const override; bool inheritStrict(size_t i) const override; + SearchIteratorUP createSearch(fef::MatchData &md, bool strict) const override; SearchIterator::UP createIntermediateSearch(const MultiSearch::Children &subSearches, bool strict, fef::MatchData &md) const override; |