diff options
Diffstat (limited to 'config-model/src/main')
-rw-r--r-- | config-model/src/main/java/com/yahoo/config/model/test/HostedConfigModelRegistry.java | 19 | ||||
-rw-r--r-- | config-model/src/main/java/com/yahoo/config/model/test/ModelBuilderAddingAccessControlFilter.java | 86 | ||||
-rw-r--r-- | config-model/src/main/java/com/yahoo/vespa/model/application/validation/AccessControlFilterValidator.java | 39 | ||||
-rw-r--r-- | config-model/src/main/java/com/yahoo/vespa/model/application/validation/Validation.java | 5 | ||||
-rw-r--r-- | config-model/src/main/java/com/yahoo/vespa/model/application/validation/first/AccessControlValidator.java (renamed from config-model/src/main/java/com/yahoo/vespa/model/application/validation/first/AccessControlOnFirstDeploymentValidator.java) | 2 |
5 files changed, 3 insertions, 148 deletions
diff --git a/config-model/src/main/java/com/yahoo/config/model/test/HostedConfigModelRegistry.java b/config-model/src/main/java/com/yahoo/config/model/test/HostedConfigModelRegistry.java deleted file mode 100644 index 9099a527dea..00000000000 --- a/config-model/src/main/java/com/yahoo/config/model/test/HostedConfigModelRegistry.java +++ /dev/null @@ -1,19 +0,0 @@ -// Copyright 2020 Oath Inc. Licensed under the terms of the Apache 2.0 license. See LICENSE in the project root. -package com.yahoo.config.model.test; - -import com.yahoo.config.model.ConfigModelRegistry; -import com.yahoo.config.model.MapConfigModelRegistry; - -/** - * Creates a {@link ConfigModelRegistry} instance that simulates the hosted environment. - * - * @author bjorncs - */ -public class HostedConfigModelRegistry { - - private HostedConfigModelRegistry() {} - - public static ConfigModelRegistry create() { - return MapConfigModelRegistry.createFromList(new ModelBuilderAddingAccessControlFilter()); - } -} diff --git a/config-model/src/main/java/com/yahoo/config/model/test/ModelBuilderAddingAccessControlFilter.java b/config-model/src/main/java/com/yahoo/config/model/test/ModelBuilderAddingAccessControlFilter.java deleted file mode 100644 index c69efd5d447..00000000000 --- a/config-model/src/main/java/com/yahoo/config/model/test/ModelBuilderAddingAccessControlFilter.java +++ /dev/null @@ -1,86 +0,0 @@ -// Copyright 2020 Oath Inc. Licensed under the terms of the Apache 2.0 license. See LICENSE in the project root. -package com.yahoo.config.model.test; - -import com.yahoo.component.ComponentId; -import com.yahoo.component.ComponentSpecification; -import com.yahoo.component.chain.dependencies.Dependencies; -import com.yahoo.component.chain.model.ChainedComponentModel; -import com.yahoo.config.model.ConfigModel; -import com.yahoo.config.model.ConfigModelContext; -import com.yahoo.config.model.builder.xml.ConfigModelBuilder; -import com.yahoo.config.model.builder.xml.ConfigModelId; -import com.yahoo.container.bundle.BundleInstantiationSpecification; -import com.yahoo.vespa.model.container.ApplicationContainerCluster; -import com.yahoo.vespa.model.container.ContainerModel; -import com.yahoo.vespa.model.container.component.chain.Chain; -import com.yahoo.vespa.model.container.http.AccessControl; -import com.yahoo.vespa.model.container.http.Filter; -import com.yahoo.vespa.model.container.http.Http; -import com.yahoo.vespa.model.container.xml.ContainerModelBuilder; -import org.w3c.dom.Element; - -import java.util.Collection; -import java.util.List; - -/** - * A {@link ConfigModelBuilder} that configures a dummy filter component to the {@link AccessControl#ACCESS_CONTROL_CHAIN_ID} filter chain. - * - * @author bjorncs - */ -public class ModelBuilderAddingAccessControlFilter - extends ConfigModelBuilder<ModelBuilderAddingAccessControlFilter.ModelPlaceholder> { - - public ModelBuilderAddingAccessControlFilter() { - super(ModelPlaceholder.class); - } - - @Override - public List<ConfigModelId> handlesElements() { return ContainerModelBuilder.configModelIds; } - - @Override - public void doBuild(ModelPlaceholder model, Element spec, ConfigModelContext modelContext) { - for (ContainerModel containerModel : model.containers) { - addFilterToContainerCluster(containerModel); - } - } - - private static void addFilterToContainerCluster(ContainerModel containerModel) { - if (!(containerModel.getCluster() instanceof ApplicationContainerCluster)) return; - ApplicationContainerCluster cluster = (ApplicationContainerCluster) containerModel.getCluster(); - Http http = cluster.getHttp(); - if (http.getAccessControl().isPresent()) { - Chain<Filter> chain = http.getFilterChains() - .allChains() - .getComponent(AccessControl.ACCESS_CONTROL_CHAIN_ID); - if (chain == null) return; - if (!chain.getInnerComponents().isEmpty()) return; - chain.addInnerComponent(new DummyAccessControlFilterModel()); - } - } - - public static class ModelPlaceholder extends ConfigModel { - final Collection<ContainerModel> containers; - - public ModelPlaceholder(ConfigModelContext modelContext, Collection<ContainerModel> containers) { - super(modelContext); - this.containers = containers; - } - - @Override - public boolean isServing() { return false; } - } - - private static class DummyAccessControlFilterModel extends Filter { - - DummyAccessControlFilterModel() { super(createDummyComponentModel()); } - - static ChainedComponentModel createDummyComponentModel() { - return new ChainedComponentModel( - new BundleInstantiationSpecification( - new ComponentId("dummy-filter"), - new ComponentSpecification("com.test.DummyAccessControlFilter"), - new ComponentSpecification("dummy-bundle")), - Dependencies.emptyDependencies()); - } - } -} diff --git a/config-model/src/main/java/com/yahoo/vespa/model/application/validation/AccessControlFilterValidator.java b/config-model/src/main/java/com/yahoo/vespa/model/application/validation/AccessControlFilterValidator.java deleted file mode 100644 index 774f0ba52bc..00000000000 --- a/config-model/src/main/java/com/yahoo/vespa/model/application/validation/AccessControlFilterValidator.java +++ /dev/null @@ -1,39 +0,0 @@ -// Copyright 2020 Oath Inc. Licensed under the terms of the Apache 2.0 license. See LICENSE in the project root. -package com.yahoo.vespa.model.application.validation; - -import com.yahoo.config.model.deploy.DeployState; -import com.yahoo.vespa.model.VespaModel; -import com.yahoo.vespa.model.container.component.chain.Chain; -import com.yahoo.vespa.model.container.http.AccessControl; -import com.yahoo.vespa.model.container.http.Filter; -import com.yahoo.vespa.model.container.http.FilterChains; -import com.yahoo.vespa.model.container.http.Http; - -/** - * Validates that 'access-control' is not enabled when no access control filter implementation is available. - * - * @author bjorncs - */ -public class AccessControlFilterValidator extends Validator { - - @Override - public void validate(VespaModel model, DeployState deployState) { - model.getContainerClusters().forEach((id, cluster) -> { - Http http = cluster.getHttp(); - if (http != null) { - if (http.getAccessControl().isPresent()) { - verifyAccessControlFilterPresent(http); - } - } - }); - } - - private static void verifyAccessControlFilterPresent(Http http) { - FilterChains filterChains = http.getFilterChains(); - Chain<Filter> chain = filterChains.allChains().getComponent(AccessControl.ACCESS_CONTROL_CHAIN_ID); - if (chain.getInnerComponents().isEmpty()) { - // No access control filter configured - it's up to a config model plugin to provide an implementation of an access control filter. - throw new IllegalArgumentException("The 'access-control' feature is not available in open-source Vespa."); - } - } -} diff --git a/config-model/src/main/java/com/yahoo/vespa/model/application/validation/Validation.java b/config-model/src/main/java/com/yahoo/vespa/model/application/validation/Validation.java index 4959970d98e..7d0d068f9d6 100644 --- a/config-model/src/main/java/com/yahoo/vespa/model/application/validation/Validation.java +++ b/config-model/src/main/java/com/yahoo/vespa/model/application/validation/Validation.java @@ -19,7 +19,7 @@ import com.yahoo.vespa.model.application.validation.change.IndexedSearchClusterC import com.yahoo.vespa.model.application.validation.change.IndexingModeChangeValidator; import com.yahoo.vespa.model.application.validation.change.StartupCommandChangeValidator; import com.yahoo.vespa.model.application.validation.change.StreamingSearchClusterChangeValidator; -import com.yahoo.vespa.model.application.validation.first.AccessControlOnFirstDeploymentValidator; +import com.yahoo.vespa.model.application.validation.first.AccessControlValidator; import java.time.Instant; import java.util.Arrays; @@ -57,7 +57,6 @@ public class Validation { new RankingConstantsValidator().validate(model, deployState); new SecretStoreValidator().validate(model, deployState); new TlsSecretsValidator().validate(model, deployState); - new AccessControlFilterValidator().validate(model, deployState); List<ConfigChangeAction> result = Collections.emptyList(); if (deployState.getProperties().isFirstTimeDeployment()) { @@ -92,7 +91,7 @@ public class Validation { } private static void validateFirstTimeDeployment(VespaModel model, DeployState deployState) { - new AccessControlOnFirstDeploymentValidator().validate(model, deployState); + new AccessControlValidator().validate(model, deployState); } } diff --git a/config-model/src/main/java/com/yahoo/vespa/model/application/validation/first/AccessControlOnFirstDeploymentValidator.java b/config-model/src/main/java/com/yahoo/vespa/model/application/validation/first/AccessControlValidator.java index 97153e42ee5..b7bbed7ffda 100644 --- a/config-model/src/main/java/com/yahoo/vespa/model/application/validation/first/AccessControlOnFirstDeploymentValidator.java +++ b/config-model/src/main/java/com/yahoo/vespa/model/application/validation/first/AccessControlValidator.java @@ -23,7 +23,7 @@ import static com.yahoo.vespa.model.container.http.AccessControl.isBuiltinGetOnl * * @author gjoranv */ -public class AccessControlOnFirstDeploymentValidator extends Validator { +public class AccessControlValidator extends Validator { @Override public void validate(VespaModel model, DeployState deployState) { |