summaryrefslogtreecommitdiffstats
path: root/config-model/src/main
diff options
context:
space:
mode:
Diffstat (limited to 'config-model/src/main')
-rw-r--r--config-model/src/main/java/com/yahoo/config/model/test/HostedConfigModelRegistry.java19
-rw-r--r--config-model/src/main/java/com/yahoo/config/model/test/ModelBuilderAddingAccessControlFilter.java86
-rw-r--r--config-model/src/main/java/com/yahoo/vespa/model/application/validation/AccessControlFilterValidator.java39
-rw-r--r--config-model/src/main/java/com/yahoo/vespa/model/application/validation/Validation.java5
-rw-r--r--config-model/src/main/java/com/yahoo/vespa/model/application/validation/first/AccessControlValidator.java (renamed from config-model/src/main/java/com/yahoo/vespa/model/application/validation/first/AccessControlOnFirstDeploymentValidator.java)2
5 files changed, 3 insertions, 148 deletions
diff --git a/config-model/src/main/java/com/yahoo/config/model/test/HostedConfigModelRegistry.java b/config-model/src/main/java/com/yahoo/config/model/test/HostedConfigModelRegistry.java
deleted file mode 100644
index 9099a527dea..00000000000
--- a/config-model/src/main/java/com/yahoo/config/model/test/HostedConfigModelRegistry.java
+++ /dev/null
@@ -1,19 +0,0 @@
-// Copyright 2020 Oath Inc. Licensed under the terms of the Apache 2.0 license. See LICENSE in the project root.
-package com.yahoo.config.model.test;
-
-import com.yahoo.config.model.ConfigModelRegistry;
-import com.yahoo.config.model.MapConfigModelRegistry;
-
-/**
- * Creates a {@link ConfigModelRegistry} instance that simulates the hosted environment.
- *
- * @author bjorncs
- */
-public class HostedConfigModelRegistry {
-
- private HostedConfigModelRegistry() {}
-
- public static ConfigModelRegistry create() {
- return MapConfigModelRegistry.createFromList(new ModelBuilderAddingAccessControlFilter());
- }
-}
diff --git a/config-model/src/main/java/com/yahoo/config/model/test/ModelBuilderAddingAccessControlFilter.java b/config-model/src/main/java/com/yahoo/config/model/test/ModelBuilderAddingAccessControlFilter.java
deleted file mode 100644
index c69efd5d447..00000000000
--- a/config-model/src/main/java/com/yahoo/config/model/test/ModelBuilderAddingAccessControlFilter.java
+++ /dev/null
@@ -1,86 +0,0 @@
-// Copyright 2020 Oath Inc. Licensed under the terms of the Apache 2.0 license. See LICENSE in the project root.
-package com.yahoo.config.model.test;
-
-import com.yahoo.component.ComponentId;
-import com.yahoo.component.ComponentSpecification;
-import com.yahoo.component.chain.dependencies.Dependencies;
-import com.yahoo.component.chain.model.ChainedComponentModel;
-import com.yahoo.config.model.ConfigModel;
-import com.yahoo.config.model.ConfigModelContext;
-import com.yahoo.config.model.builder.xml.ConfigModelBuilder;
-import com.yahoo.config.model.builder.xml.ConfigModelId;
-import com.yahoo.container.bundle.BundleInstantiationSpecification;
-import com.yahoo.vespa.model.container.ApplicationContainerCluster;
-import com.yahoo.vespa.model.container.ContainerModel;
-import com.yahoo.vespa.model.container.component.chain.Chain;
-import com.yahoo.vespa.model.container.http.AccessControl;
-import com.yahoo.vespa.model.container.http.Filter;
-import com.yahoo.vespa.model.container.http.Http;
-import com.yahoo.vespa.model.container.xml.ContainerModelBuilder;
-import org.w3c.dom.Element;
-
-import java.util.Collection;
-import java.util.List;
-
-/**
- * A {@link ConfigModelBuilder} that configures a dummy filter component to the {@link AccessControl#ACCESS_CONTROL_CHAIN_ID} filter chain.
- *
- * @author bjorncs
- */
-public class ModelBuilderAddingAccessControlFilter
- extends ConfigModelBuilder<ModelBuilderAddingAccessControlFilter.ModelPlaceholder> {
-
- public ModelBuilderAddingAccessControlFilter() {
- super(ModelPlaceholder.class);
- }
-
- @Override
- public List<ConfigModelId> handlesElements() { return ContainerModelBuilder.configModelIds; }
-
- @Override
- public void doBuild(ModelPlaceholder model, Element spec, ConfigModelContext modelContext) {
- for (ContainerModel containerModel : model.containers) {
- addFilterToContainerCluster(containerModel);
- }
- }
-
- private static void addFilterToContainerCluster(ContainerModel containerModel) {
- if (!(containerModel.getCluster() instanceof ApplicationContainerCluster)) return;
- ApplicationContainerCluster cluster = (ApplicationContainerCluster) containerModel.getCluster();
- Http http = cluster.getHttp();
- if (http.getAccessControl().isPresent()) {
- Chain<Filter> chain = http.getFilterChains()
- .allChains()
- .getComponent(AccessControl.ACCESS_CONTROL_CHAIN_ID);
- if (chain == null) return;
- if (!chain.getInnerComponents().isEmpty()) return;
- chain.addInnerComponent(new DummyAccessControlFilterModel());
- }
- }
-
- public static class ModelPlaceholder extends ConfigModel {
- final Collection<ContainerModel> containers;
-
- public ModelPlaceholder(ConfigModelContext modelContext, Collection<ContainerModel> containers) {
- super(modelContext);
- this.containers = containers;
- }
-
- @Override
- public boolean isServing() { return false; }
- }
-
- private static class DummyAccessControlFilterModel extends Filter {
-
- DummyAccessControlFilterModel() { super(createDummyComponentModel()); }
-
- static ChainedComponentModel createDummyComponentModel() {
- return new ChainedComponentModel(
- new BundleInstantiationSpecification(
- new ComponentId("dummy-filter"),
- new ComponentSpecification("com.test.DummyAccessControlFilter"),
- new ComponentSpecification("dummy-bundle")),
- Dependencies.emptyDependencies());
- }
- }
-}
diff --git a/config-model/src/main/java/com/yahoo/vespa/model/application/validation/AccessControlFilterValidator.java b/config-model/src/main/java/com/yahoo/vespa/model/application/validation/AccessControlFilterValidator.java
deleted file mode 100644
index 774f0ba52bc..00000000000
--- a/config-model/src/main/java/com/yahoo/vespa/model/application/validation/AccessControlFilterValidator.java
+++ /dev/null
@@ -1,39 +0,0 @@
-// Copyright 2020 Oath Inc. Licensed under the terms of the Apache 2.0 license. See LICENSE in the project root.
-package com.yahoo.vespa.model.application.validation;
-
-import com.yahoo.config.model.deploy.DeployState;
-import com.yahoo.vespa.model.VespaModel;
-import com.yahoo.vespa.model.container.component.chain.Chain;
-import com.yahoo.vespa.model.container.http.AccessControl;
-import com.yahoo.vespa.model.container.http.Filter;
-import com.yahoo.vespa.model.container.http.FilterChains;
-import com.yahoo.vespa.model.container.http.Http;
-
-/**
- * Validates that 'access-control' is not enabled when no access control filter implementation is available.
- *
- * @author bjorncs
- */
-public class AccessControlFilterValidator extends Validator {
-
- @Override
- public void validate(VespaModel model, DeployState deployState) {
- model.getContainerClusters().forEach((id, cluster) -> {
- Http http = cluster.getHttp();
- if (http != null) {
- if (http.getAccessControl().isPresent()) {
- verifyAccessControlFilterPresent(http);
- }
- }
- });
- }
-
- private static void verifyAccessControlFilterPresent(Http http) {
- FilterChains filterChains = http.getFilterChains();
- Chain<Filter> chain = filterChains.allChains().getComponent(AccessControl.ACCESS_CONTROL_CHAIN_ID);
- if (chain.getInnerComponents().isEmpty()) {
- // No access control filter configured - it's up to a config model plugin to provide an implementation of an access control filter.
- throw new IllegalArgumentException("The 'access-control' feature is not available in open-source Vespa.");
- }
- }
-}
diff --git a/config-model/src/main/java/com/yahoo/vespa/model/application/validation/Validation.java b/config-model/src/main/java/com/yahoo/vespa/model/application/validation/Validation.java
index 4959970d98e..7d0d068f9d6 100644
--- a/config-model/src/main/java/com/yahoo/vespa/model/application/validation/Validation.java
+++ b/config-model/src/main/java/com/yahoo/vespa/model/application/validation/Validation.java
@@ -19,7 +19,7 @@ import com.yahoo.vespa.model.application.validation.change.IndexedSearchClusterC
import com.yahoo.vespa.model.application.validation.change.IndexingModeChangeValidator;
import com.yahoo.vespa.model.application.validation.change.StartupCommandChangeValidator;
import com.yahoo.vespa.model.application.validation.change.StreamingSearchClusterChangeValidator;
-import com.yahoo.vespa.model.application.validation.first.AccessControlOnFirstDeploymentValidator;
+import com.yahoo.vespa.model.application.validation.first.AccessControlValidator;
import java.time.Instant;
import java.util.Arrays;
@@ -57,7 +57,6 @@ public class Validation {
new RankingConstantsValidator().validate(model, deployState);
new SecretStoreValidator().validate(model, deployState);
new TlsSecretsValidator().validate(model, deployState);
- new AccessControlFilterValidator().validate(model, deployState);
List<ConfigChangeAction> result = Collections.emptyList();
if (deployState.getProperties().isFirstTimeDeployment()) {
@@ -92,7 +91,7 @@ public class Validation {
}
private static void validateFirstTimeDeployment(VespaModel model, DeployState deployState) {
- new AccessControlOnFirstDeploymentValidator().validate(model, deployState);
+ new AccessControlValidator().validate(model, deployState);
}
}
diff --git a/config-model/src/main/java/com/yahoo/vespa/model/application/validation/first/AccessControlOnFirstDeploymentValidator.java b/config-model/src/main/java/com/yahoo/vespa/model/application/validation/first/AccessControlValidator.java
index 97153e42ee5..b7bbed7ffda 100644
--- a/config-model/src/main/java/com/yahoo/vespa/model/application/validation/first/AccessControlOnFirstDeploymentValidator.java
+++ b/config-model/src/main/java/com/yahoo/vespa/model/application/validation/first/AccessControlValidator.java
@@ -23,7 +23,7 @@ import static com.yahoo.vespa.model.container.http.AccessControl.isBuiltinGetOnl
*
* @author gjoranv
*/
-public class AccessControlOnFirstDeploymentValidator extends Validator {
+public class AccessControlValidator extends Validator {
@Override
public void validate(VespaModel model, DeployState deployState) {