summaryrefslogtreecommitdiffstats
path: root/config-model/src/main/java/com/yahoo/vespa/model/application/validation/AccessControlFilterExcludeValidator.java
diff options
context:
space:
mode:
Diffstat (limited to 'config-model/src/main/java/com/yahoo/vespa/model/application/validation/AccessControlFilterExcludeValidator.java')
-rw-r--r--config-model/src/main/java/com/yahoo/vespa/model/application/validation/AccessControlFilterExcludeValidator.java23
1 files changed, 11 insertions, 12 deletions
diff --git a/config-model/src/main/java/com/yahoo/vespa/model/application/validation/AccessControlFilterExcludeValidator.java b/config-model/src/main/java/com/yahoo/vespa/model/application/validation/AccessControlFilterExcludeValidator.java
index ee37157902c..aee9ca83b08 100644
--- a/config-model/src/main/java/com/yahoo/vespa/model/application/validation/AccessControlFilterExcludeValidator.java
+++ b/config-model/src/main/java/com/yahoo/vespa/model/application/validation/AccessControlFilterExcludeValidator.java
@@ -1,9 +1,8 @@
// Copyright Vespa.ai. Licensed under the terms of the Apache 2.0 license. See LICENSE in the project root.
package com.yahoo.vespa.model.application.validation;
-import com.yahoo.config.model.deploy.DeployState;
import com.yahoo.config.provision.CloudName;
-import com.yahoo.vespa.model.VespaModel;
+import com.yahoo.vespa.model.application.validation.Validation.Context;
import com.yahoo.vespa.model.container.http.AccessControl;
import com.yahoo.vespa.model.container.http.Http;
@@ -15,29 +14,29 @@ import java.util.logging.Level;
*
* @author mortent
*/
-public class AccessControlFilterExcludeValidator extends Validator {
+public class AccessControlFilterExcludeValidator implements Validator {
@Override
- public void validate(VespaModel model, DeployState deployState) {
- if (!deployState.isHosted() || deployState.zone().system().isPublic()) return;
- if (deployState.getProperties().allowDisableMtls()) return;
- model.getContainerClusters().forEach((id, cluster) -> {
+ public void validate(Context context) {
+ if (!context.deployState().isHosted() || context.deployState().zone().system().isPublic()) return;
+ if (context.deployState().getProperties().allowDisableMtls()) return;
+ context.model().getContainerClusters().forEach((id, cluster) -> {
Http http = cluster.getHttp();
if (http != null) {
if (http.getAccessControl().isPresent()) {
- verifyNoExclusions(id, http.getAccessControl().get(), deployState);
+ verifyNoExclusions(id, http.getAccessControl().get(), context);
}
}
});
}
- private void verifyNoExclusions(String clusterId, AccessControl accessControl, DeployState deployState) {
+ private void verifyNoExclusions(String clusterId, AccessControl accessControl, Context context) {
if (!accessControl.excludedBindings().isEmpty()) {
String message = "Application cluster %s excludes paths from access control, this is not allowed and should be removed.".formatted(clusterId);
- if (deployState.zone().cloud().name().equals(CloudName.AWS)) {
- throw new IllegalArgumentException(message);
+ if (context.deployState().zone().cloud().name().equals(CloudName.AWS)) {
+ context.illegal(message);
} else {
- deployState.getDeployLogger().log(Level.WARNING, message);
+ context.deployState().getDeployLogger().log(Level.WARNING, message);
}
}
}