diff options
Diffstat (limited to 'config-model/src/main/java/com/yahoo/vespa/model/application/validation/AccessControlFilterExcludeValidator.java')
-rw-r--r-- | config-model/src/main/java/com/yahoo/vespa/model/application/validation/AccessControlFilterExcludeValidator.java | 23 |
1 files changed, 11 insertions, 12 deletions
diff --git a/config-model/src/main/java/com/yahoo/vespa/model/application/validation/AccessControlFilterExcludeValidator.java b/config-model/src/main/java/com/yahoo/vespa/model/application/validation/AccessControlFilterExcludeValidator.java index ee37157902c..aee9ca83b08 100644 --- a/config-model/src/main/java/com/yahoo/vespa/model/application/validation/AccessControlFilterExcludeValidator.java +++ b/config-model/src/main/java/com/yahoo/vespa/model/application/validation/AccessControlFilterExcludeValidator.java @@ -1,9 +1,8 @@ // Copyright Vespa.ai. Licensed under the terms of the Apache 2.0 license. See LICENSE in the project root. package com.yahoo.vespa.model.application.validation; -import com.yahoo.config.model.deploy.DeployState; import com.yahoo.config.provision.CloudName; -import com.yahoo.vespa.model.VespaModel; +import com.yahoo.vespa.model.application.validation.Validation.Context; import com.yahoo.vespa.model.container.http.AccessControl; import com.yahoo.vespa.model.container.http.Http; @@ -15,29 +14,29 @@ import java.util.logging.Level; * * @author mortent */ -public class AccessControlFilterExcludeValidator extends Validator { +public class AccessControlFilterExcludeValidator implements Validator { @Override - public void validate(VespaModel model, DeployState deployState) { - if (!deployState.isHosted() || deployState.zone().system().isPublic()) return; - if (deployState.getProperties().allowDisableMtls()) return; - model.getContainerClusters().forEach((id, cluster) -> { + public void validate(Context context) { + if (!context.deployState().isHosted() || context.deployState().zone().system().isPublic()) return; + if (context.deployState().getProperties().allowDisableMtls()) return; + context.model().getContainerClusters().forEach((id, cluster) -> { Http http = cluster.getHttp(); if (http != null) { if (http.getAccessControl().isPresent()) { - verifyNoExclusions(id, http.getAccessControl().get(), deployState); + verifyNoExclusions(id, http.getAccessControl().get(), context); } } }); } - private void verifyNoExclusions(String clusterId, AccessControl accessControl, DeployState deployState) { + private void verifyNoExclusions(String clusterId, AccessControl accessControl, Context context) { if (!accessControl.excludedBindings().isEmpty()) { String message = "Application cluster %s excludes paths from access control, this is not allowed and should be removed.".formatted(clusterId); - if (deployState.zone().cloud().name().equals(CloudName.AWS)) { - throw new IllegalArgumentException(message); + if (context.deployState().zone().cloud().name().equals(CloudName.AWS)) { + context.illegal(message); } else { - deployState.getDeployLogger().log(Level.WARNING, message); + context.deployState().getDeployLogger().log(Level.WARNING, message); } } } |