diff options
Diffstat (limited to 'config-model')
25 files changed, 122 insertions, 77 deletions
diff --git a/config-model/src/main/java/com/yahoo/vespa/model/container/http/ssl/HostedSslConnectorFactory.java b/config-model/src/main/java/com/yahoo/vespa/model/container/http/ssl/HostedSslConnectorFactory.java index c75aca7a5fa..20c3826721b 100644 --- a/config-model/src/main/java/com/yahoo/vespa/model/container/http/ssl/HostedSslConnectorFactory.java +++ b/config-model/src/main/java/com/yahoo/vespa/model/container/http/ssl/HostedSslConnectorFactory.java @@ -10,6 +10,7 @@ import java.time.Duration; import java.util.ArrayList; import java.util.Collection; import java.util.List; +import java.util.Set; /** * Component specification for {@link com.yahoo.jdisc.http.server.jetty.ConnectorFactory} with hosted specific configuration. @@ -25,6 +26,7 @@ public class HostedSslConnectorFactory extends ConnectorFactory { private final Duration endpointConnectionTtl; private final List<String> remoteAddressHeaders; private final List<String> remotePortHeaders; + private final Set<String> knownServerNames; public static Builder builder(String name, int listenPort) { return new Builder(name, listenPort); } @@ -37,6 +39,7 @@ public class HostedSslConnectorFactory extends ConnectorFactory { this.endpointConnectionTtl = builder.endpointConnectionTtl; this.remoteAddressHeaders = List.copyOf(builder.remoteAddressHeaders); this.remotePortHeaders = List.copyOf(builder.remotePortHeaders); + this.knownServerNames = Set.copyOf(builder.knownServerNames); } private static SslProvider createSslProvider(Builder builder) { @@ -70,7 +73,8 @@ public class HostedSslConnectorFactory extends ConnectorFactory { .maxConnectionLife(endpointConnectionTtl != null ? endpointConnectionTtl.toSeconds() : 0) .accessLog(new ConnectorConfig.AccessLog.Builder() .remoteAddressHeaders(remoteAddressHeaders) - .remotePortHeaders(remotePortHeaders)); + .remotePortHeaders(remotePortHeaders)) + .serverName.known(knownServerNames); } @@ -89,6 +93,7 @@ public class HostedSslConnectorFactory extends ConnectorFactory { String tlsCaCertificatesPem; String tlsCaCertificatesPath; boolean tokenEndpoint; + Set<String> knownServerNames = Set.of(); private Builder(String name, int port) { this.name = name; this.port = port; } public Builder clientAuth(SslClientAuth auth) { clientAuth = auth; return this; } @@ -101,7 +106,7 @@ public class HostedSslConnectorFactory extends ConnectorFactory { public Builder tokenEndpoint(boolean enable) { this.tokenEndpoint = enable; return this; } public Builder remoteAddressHeader(String header) { this.remoteAddressHeaders.add(header); return this; } public Builder remotePortHeader(String header) { this.remotePortHeaders.add(header); return this; } - + public Builder knownServerNames(Set<String> knownServerNames) { this.knownServerNames = Set.copyOf(knownServerNames); return this; } public HostedSslConnectorFactory build() { return new HostedSslConnectorFactory(this); } } } diff --git a/config-model/src/main/java/com/yahoo/vespa/model/container/xml/ContainerModelBuilder.java b/config-model/src/main/java/com/yahoo/vespa/model/container/xml/ContainerModelBuilder.java index 2093d0cfbe3..18020f5df5d 100644 --- a/config-model/src/main/java/com/yahoo/vespa/model/container/xml/ContainerModelBuilder.java +++ b/config-model/src/main/java/com/yahoo/vespa/model/container/xml/ContainerModelBuilder.java @@ -606,6 +606,11 @@ public class ContainerModelBuilder extends ConfigModelBuilder<ContainerModel> { var endpointCert = state.endpointCertificateSecrets().orElse(null); if (endpointCert != null) { builder.endpointCertificate(endpointCert); + Set<String> mtlsEndpointNames = state.getEndpoints().stream() + .filter(endpoint -> endpoint.authMethod() == ApplicationClusterEndpoint.AuthMethod.mtls) + .flatMap(endpoint -> endpoint.names().stream()) + .collect(Collectors.toSet()); + builder.knownServerNames(mtlsEndpointNames); boolean isPublic = state.zone().system().isPublic(); List<X509Certificate> clientCertificates = getClientCertificates(cluster); if (isPublic) { @@ -659,6 +664,7 @@ public class ContainerModelBuilder extends ConfigModelBuilder<ContainerModel> { .remoteAddressHeader("X-Forwarded-For") .remotePortHeader("X-Forwarded-Port") .clientAuth(SslClientAuth.NEED) + .knownServerNames(tokenEndpoints) .build(); server.addConnector(connector); diff --git a/config-model/src/test/derived/array_of_struct_attribute/test.sd b/config-model/src/test/derived/array_of_struct_attribute/test.sd index ce6e3db7310..3e46aea986a 100644 --- a/config-model/src/test/derived/array_of_struct_attribute/test.sd +++ b/config-model/src/test/derived/array_of_struct_attribute/test.sd @@ -17,6 +17,6 @@ schema test { } } document-summary rename { - summary new_elem_array type array<elem> { source: elem_array } + summary new_elem_array { source: elem_array } } } diff --git a/config-model/src/test/derived/bolding_dynamic_summary/test.sd b/config-model/src/test/derived/bolding_dynamic_summary/test.sd index bf7455df3c9..3d054c65839 100644 --- a/config-model/src/test/derived/bolding_dynamic_summary/test.sd +++ b/config-model/src/test/derived/bolding_dynamic_summary/test.sd @@ -31,19 +31,19 @@ schema test { } } document-summary dyn { - summary str_3_dyn type string { + summary str_3_dyn { source: str_3 dynamic } - summary arr_3_dyn type array<string> { + summary arr_3_dyn { source: arr_3 dynamic } - summary str_4_bold type string { + summary str_4_bold { source: str_4 bolding: on } - summary arr_4_bold type array<string> { + summary arr_4_bold { source: arr_4 bolding: on } diff --git a/config-model/src/test/derived/map_of_struct_attribute/test.sd b/config-model/src/test/derived/map_of_struct_attribute/test.sd index 7001b95d09f..617f761c7e7 100644 --- a/config-model/src/test/derived/map_of_struct_attribute/test.sd +++ b/config-model/src/test/derived/map_of_struct_attribute/test.sd @@ -30,7 +30,7 @@ schema test { } } document-summary rename { - summary new_str_elem_map type map<string,elem> { source: str_elem_map } - summary new_int_elem_map type map<int,elem> { source: int_elem_map } + summary new_str_elem_map { source: str_elem_map } + summary new_int_elem_map { source: int_elem_map } } } diff --git a/config-model/src/test/derived/multiplesummaries/multiplesummaries.sd b/config-model/src/test/derived/multiplesummaries/multiplesummaries.sd index b19b04c8222..221e888adc7 100644 --- a/config-model/src/test/derived/multiplesummaries/multiplesummaries.sd +++ b/config-model/src/test/derived/multiplesummaries/multiplesummaries.sd @@ -80,35 +80,35 @@ schema multiplesummaries { document-summary third { - summary a type string { + summary a { } - summary adynamic type string { + summary adynamic { } - summary d type string { + summary d { } - summary e type string { + summary e { } summary f { } - summary g type array<int> { + summary g { } - summary h type weightedset<string> { + summary h { } } document-summary attributesonly1 { - summary a type string { + summary a { } - summary c type string { + summary c { } } @@ -116,10 +116,10 @@ schema multiplesummaries { # Since a here is a dynamic summary field, it will be fetched from disk document-summary notattributesonly1 { - summary adynamic type string { # Should still be dynamic here + summary adynamic { # Should still be dynamic here } - summary c type string { + summary c { } } @@ -127,25 +127,25 @@ schema multiplesummaries { # Since a here is a dynamic summary, it will be fetched from disk document-summary anothernotattributesonly2 { - summary adynamic2 type string { # Should still be dynamic here + summary adynamic2 { # Should still be dynamic here source: a dynamic } - summary c type string { + summary c { } - summary alltags type array<string> { + summary alltags { source: mytags } - summary sometags type array<string> { + summary sometags { source: mytags matched-elements-only } - summary anothera type string { + summary anothera { source: a } - summary anotherb type string { + summary anotherb { source: b } } @@ -153,21 +153,21 @@ schema multiplesummaries { # Not attributes only because d is bolded document-summary notattributesonly3 { - summary a type string { + summary a { } - summary d type string { + summary d { } } document-summary attributesonly2 { - summary anotdynamic type string { # Should not be dynamic here + summary anotdynamic { # Should not be dynamic here source: adynamic } - summary c type string { + summary c { } summary loc_position type long { @@ -178,10 +178,10 @@ schema multiplesummaries { document-summary attributesonly3 { - summary a type string { + summary a { } - summary anotbolded type string { + summary anotbolded { source: a } @@ -192,19 +192,19 @@ schema multiplesummaries { document-summary notattributesonly4 { - summary abolded2 type string { + summary abolded2 { source: a bolding: on } - summary c type string { + summary c { } } document-summary notattributesonly5 { - summary aboldeddynamic type string { + summary aboldeddynamic { source: a dynamic bolding: on diff --git a/config-model/src/test/derived/nearestneighbor/test.sd b/config-model/src/test/derived/nearestneighbor/test.sd index 7d08a5279bc..5b891049480 100644 --- a/config-model/src/test/derived/nearestneighbor/test.sd +++ b/config-model/src/test/derived/nearestneighbor/test.sd @@ -23,6 +23,6 @@ schema test { } } document-summary minimal { - summary id type int {} + summary id {} } } diff --git a/config-model/src/test/derived/ngram/chunk.sd b/config-model/src/test/derived/ngram/chunk.sd index ab309f57548..84d806ef074 100644 --- a/config-model/src/test/derived/ngram/chunk.sd +++ b/config-model/src/test/derived/ngram/chunk.sd @@ -12,7 +12,7 @@ schema chunk { } document-summary content-summary inherits default { - summary content_dynamic type string { + summary content_dynamic { source: content dynamic } diff --git a/config-model/src/test/derived/reference_fields/ad.sd b/config-model/src/test/derived/reference_fields/ad.sd index 390f8f6a154..097a6ed5bc9 100644 --- a/config-model/src/test/derived/reference_fields/ad.sd +++ b/config-model/src/test/derived/reference_fields/ad.sd @@ -12,6 +12,6 @@ schema ad { } } document-summary explicit_summary { - summary yet_another_ref type reference<campaign> {} + summary yet_another_ref {} } } diff --git a/config-model/src/test/derived/reference_from_several/bar.sd b/config-model/src/test/derived/reference_from_several/bar.sd index 12cf8e63378..02c912153ef 100644 --- a/config-model/src/test/derived/reference_from_several/bar.sd +++ b/config-model/src/test/derived/reference_from_several/bar.sd @@ -10,7 +10,7 @@ schema bar { } import field bpref.x as barsximp {} document-summary other { - summary bartitle type string {} + summary bartitle {} summary barsximp type int {} } } diff --git a/config-model/src/test/derived/reference_from_several/foo.sd b/config-model/src/test/derived/reference_from_several/foo.sd index 5ef42ee6f0d..26ba07ea1fd 100644 --- a/config-model/src/test/derived/reference_from_several/foo.sd +++ b/config-model/src/test/derived/reference_from_several/foo.sd @@ -11,6 +11,6 @@ schema foo { import field myref.x as myx {} document-summary small { summary myx type int {} - summary foo type string {} + summary foo {} } } diff --git a/config-model/src/test/derived/schemainheritance/child.sd b/config-model/src/test/derived/schemainheritance/child.sd index 77daf2ba34f..ea3ff9b85da 100644 --- a/config-model/src/test/derived/schemainheritance/child.sd +++ b/config-model/src/test/derived/schemainheritance/child.sd @@ -36,7 +36,7 @@ schema child inherits parent { } document-summary child_summary inherits parent_summary { - summary cf1 type string {} + summary cf1 {} } import field importedschema_ref.importedfield2 as child_imported {} diff --git a/config-model/src/test/derived/schemainheritance/parent.sd b/config-model/src/test/derived/schemainheritance/parent.sd index 03392b428ed..ab2b703ba57 100644 --- a/config-model/src/test/derived/schemainheritance/parent.sd +++ b/config-model/src/test/derived/schemainheritance/parent.sd @@ -32,7 +32,7 @@ schema parent { file: small_constants_and_functions.onnx } document-summary parent_summary { - summary pf1 type string { + summary pf1 { } } import field importedschema_ref.importedfield1 as parent_imported { diff --git a/config-model/src/test/examples/multiplesummaries.sd b/config-model/src/test/examples/multiplesummaries.sd index 7e298b4e7a3..a7e3a78fe6d 100644 --- a/config-model/src/test/examples/multiplesummaries.sd +++ b/config-model/src/test/examples/multiplesummaries.sd @@ -19,13 +19,13 @@ search multiplesummaries { document-summary other { - summary field1 type weightedset<string> { + summary field1 { } - summary field2 type tag { + summary field2 { } - summary field3 type array<int> { + summary field3 { } } diff --git a/config-model/src/test/examples/nextgen/summaryfield.sd b/config-model/src/test/examples/nextgen/summaryfield.sd index 06cc980ea73..5a5747359a0 100644 --- a/config-model/src/test/examples/nextgen/summaryfield.sd +++ b/config-model/src/test/examples/nextgen/summaryfield.sd @@ -13,10 +13,10 @@ search summaryfield { summary cox type string { source: bar } - summary alltags type array<string> { + summary alltags { source: mytags } - summary sometags type array<string> { + summary sometags { source: mytags matched-elements-only } diff --git a/config-model/src/test/examples/outsidesummary.sd b/config-model/src/test/examples/outsidesummary.sd index 5fadc1948f0..a95cbb0c628 100644 --- a/config-model/src/test/examples/outsidesummary.sd +++ b/config-model/src/test/examples/outsidesummary.sd @@ -3,17 +3,17 @@ search outsidesummary { document-summary other { - summary sa type string { + summary sa { dynamic source: a } - summary sa2 type string { + summary sa2 { full source: a } - summary a type string { + summary a { } } diff --git a/config-model/src/test/examples/summaryfieldcollision.sd b/config-model/src/test/examples/summaryfieldcollision.sd index 6a8cb2eeb31..2235abce422 100644 --- a/config-model/src/test/examples/summaryfieldcollision.sd +++ b/config-model/src/test/examples/summaryfieldcollision.sd @@ -13,13 +13,13 @@ search summaryfieldcollision { } document-summary sum1 { - summary f type string { + summary f { source: title } } document-summary sum2 { - summary f type string { + summary f { source: description } } diff --git a/config-model/src/test/java/com/yahoo/schema/SchemaTestCase.java b/config-model/src/test/java/com/yahoo/schema/SchemaTestCase.java index 798252c9a34..c959634019d 100644 --- a/config-model/src/test/java/com/yahoo/schema/SchemaTestCase.java +++ b/config-model/src/test/java/com/yahoo/schema/SchemaTestCase.java @@ -143,10 +143,10 @@ public class SchemaTestCase { " file: models/my_model.onnx" + " }" + " document-summary parent_summary1 {" + - " summary pf1 type string {}" + + " summary pf1 {}" + " }" + " document-summary parent_summary2 {" + - " summary pf2 type string {}" + + " summary pf2 {}" + " }" + " import field parentschema_ref.name as parent_imported {}" + " raw-as-base64-in-summary" + @@ -177,7 +177,7 @@ public class SchemaTestCase { " file: models/my_model.onnx" + " }" + " document-summary child1_summary inherits parent_summary1 {" + - " summary c1f1 type string {}" + + " summary c1f1 {}" + " }" + " import field parentschema_ref.name as child1_imported {}" + "}"); @@ -208,7 +208,7 @@ public class SchemaTestCase { " file: models/my_model.onnx" + " }" + " document-summary child2_summary inherits parent_summary1, parent_summary2 {" + - " summary c2f1 type string {}" + + " summary c2f1 {}" + " }" + " import field parentschema_ref.name as child2_imported {}" + "}"); @@ -340,7 +340,7 @@ public class SchemaTestCase { " file: models/my_model.onnx" + " }" + " document-summary parent_summary {" + - " summary pf1 type string {}" + + " summary pf1 {}" + " }" + " import field parentschema_ref.name as parent_imported {}" + " raw-as-base64-in-summary" + diff --git a/config-model/src/test/java/com/yahoo/schema/SummaryTestCase.java b/config-model/src/test/java/com/yahoo/schema/SummaryTestCase.java index c9fa3ce145a..3c83e79157a 100644 --- a/config-model/src/test/java/com/yahoo/schema/SummaryTestCase.java +++ b/config-model/src/test/java/com/yahoo/schema/SummaryTestCase.java @@ -48,8 +48,8 @@ public class SummaryTestCase { String sd = joinLines( "schema disksummary {", " document-summary foobar {", - " summary foo1 type string { source: inmemory }", - " summary foo2 type string { source: ondisk }", + " summary foo1 { source: inmemory }", + " summary foo2 { source: ondisk }", " }", " document disksummary {", " field inmemory type string {", @@ -84,8 +84,8 @@ public class SummaryTestCase { " }", " }", " document-summary foobar {", - " summary foo1 type string { source: inmemory }", - " summary foo2 type string { source: ondisk }", + " summary foo1 { source: inmemory }", + " summary foo2 { source: ondisk }", " from-disk", " }", "}"); @@ -114,7 +114,7 @@ public class SummaryTestCase { " }", " }", " document-summary filtered {", - " summary elem_array_filtered type array<elem> {", + " summary elem_array_filtered {", " source: elem_array", " matched-elements-only", " }", @@ -141,17 +141,17 @@ public class SummaryTestCase { " }", " }", " document-summary title {", - " summary title type string {", + " summary title {", " source: title", " }", " }", " document-summary title_artist inherits title {", - " summary artist type string {", + " summary artist {", " source: artist", " }", " }", " document-summary everything inherits title_artist {", - " summary album type string {", + " summary album {", " source: album", " }", " }", @@ -201,12 +201,12 @@ public class SummaryTestCase { " }", " }", " document-summary title {", - " summary title type string {", + " summary title {", " source: title", " }", " }", " document-summary title2 inherits title {", - " summary title type string {", + " summary title {", " source: title_short", " }", " }", @@ -297,12 +297,12 @@ public class SummaryTestCase { } } document-summary parent1 { - summary s1 type string { + summary s1 { source: field1 } } document-summary parent2 { - summary field1 type string { + summary field1 { source: field1 } } @@ -326,7 +326,7 @@ public class SummaryTestCase { " }" + " }" + " document-summary parent_summary {" + - " summary pf1 type string {}" + + " summary pf1 {}" + " }" + "}"); String child = joinLines( @@ -337,7 +337,7 @@ public class SummaryTestCase { " }" + " }" + " document-summary child_summary inherits parent_summary {" + - " summary cf1 type string {}" + + " summary cf1 {}" + " }" + "}"); DeployLoggerStub logger = new DeployLoggerStub(); diff --git a/config-model/src/test/java/com/yahoo/schema/derived/SummaryTestCase.java b/config-model/src/test/java/com/yahoo/schema/derived/SummaryTestCase.java index a1d726473be..2fb7955546c 100644 --- a/config-model/src/test/java/com/yahoo/schema/derived/SummaryTestCase.java +++ b/config-model/src/test/java/com/yahoo/schema/derived/SummaryTestCase.java @@ -131,7 +131,7 @@ public class SummaryTestCase extends AbstractSchemaTestCase { " }", " }", " document-summary my_summary {", - " summary other_campaign_ref type reference<campaign> {}", + " summary other_campaign_ref {}", " }", "}")); builder.build(true); @@ -146,11 +146,11 @@ public class SummaryTestCase extends AbstractSchemaTestCase { " field foo type string { indexing: summary }", " }", " document-summary bar {", - " summary foo type string {}", + " summary foo {}", " omit-summary-features", " }", " document-summary baz {", - " summary foo type string {}", + " summary foo {}", " }", "}"); var search = ApplicationBuilder.createFromString(sd).getSchema(); diff --git a/config-model/src/test/java/com/yahoo/schema/processing/MatchedElementsOnlyResolverTestCase.java b/config-model/src/test/java/com/yahoo/schema/processing/MatchedElementsOnlyResolverTestCase.java index e8f8ba4193f..91cd2418eef 100644 --- a/config-model/src/test/java/com/yahoo/schema/processing/MatchedElementsOnlyResolverTestCase.java +++ b/config-model/src/test/java/com/yahoo/schema/processing/MatchedElementsOnlyResolverTestCase.java @@ -72,7 +72,7 @@ public class MatchedElementsOnlyResolverTestCase { @Test void explicit_complex_summary_field_can_use_filter_transform_with_reference_to_source_field() throws ParseException { String documentSummary = joinLines("document-summary my_summary {", - " summary my_filter_field type map<string, string> {", + " summary my_filter_field {", " source: my_field", " matched-elements-only", " }", @@ -123,7 +123,7 @@ public class MatchedElementsOnlyResolverTestCase { @Test void explicit_summary_field_can_use_filter_transform_with_reference_to_attribute_source_field() throws ParseException { String documentSummary = joinLines("document-summary my_summary {", - " summary my_filter_field type array<string> {", + " summary my_filter_field {", " source: my_field", " matched-elements-only", " }", diff --git a/config-model/src/test/java/com/yahoo/schema/processing/SummaryConsistencyTestCase.java b/config-model/src/test/java/com/yahoo/schema/processing/SummaryConsistencyTestCase.java index d2938371c5b..9eca2106c5e 100644 --- a/config-model/src/test/java/com/yahoo/schema/processing/SummaryConsistencyTestCase.java +++ b/config-model/src/test/java/com/yahoo/schema/processing/SummaryConsistencyTestCase.java @@ -32,7 +32,7 @@ public class SummaryConsistencyTestCase { " }", " }", " document-summary unfiltered {", - " summary elem_array_unfiltered type array<elem> {", + " summary elem_array_unfiltered {", " source: elem_array", " }", " }", diff --git a/config-model/src/test/java/com/yahoo/schema/processing/SummaryDiskAccessValidatorTestCase.java b/config-model/src/test/java/com/yahoo/schema/processing/SummaryDiskAccessValidatorTestCase.java index ab376e539ec..a5145588136 100644 --- a/config-model/src/test/java/com/yahoo/schema/processing/SummaryDiskAccessValidatorTestCase.java +++ b/config-model/src/test/java/com/yahoo/schema/processing/SummaryDiskAccessValidatorTestCase.java @@ -25,7 +25,7 @@ public class SummaryDiskAccessValidatorTestCase { " }", " }", " document-summary my_sum {", - " summary str_map type map<string, string> { source: str_map }", + " summary str_map { source: str_map }", " }", "}"); diff --git a/config-model/src/test/java/com/yahoo/vespa/model/container/xml/CloudDataPlaneFilterTest.java b/config-model/src/test/java/com/yahoo/vespa/model/container/xml/CloudDataPlaneFilterTest.java index 937052df122..49ed1972afe 100644 --- a/config-model/src/test/java/com/yahoo/vespa/model/container/xml/CloudDataPlaneFilterTest.java +++ b/config-model/src/test/java/com/yahoo/vespa/model/container/xml/CloudDataPlaneFilterTest.java @@ -1,6 +1,8 @@ // Copyright Vespa.ai. Licensed under the terms of the Apache 2.0 license. See LICENSE in the project root. package com.yahoo.vespa.model.container.xml; +import com.yahoo.config.model.api.ApplicationClusterEndpoint; +import com.yahoo.config.model.api.ContainerEndpoint; import com.yahoo.config.model.api.EndpointCertificateSecrets; import com.yahoo.config.model.builder.xml.test.DomBuilderTest; import com.yahoo.config.model.deploy.DeployState; @@ -38,6 +40,7 @@ import java.time.Instant; import java.time.temporal.ChronoUnit; import java.util.List; import java.util.Optional; +import java.util.Set; import static org.junit.jupiter.api.Assertions.assertEquals; import static org.junit.jupiter.api.Assertions.assertFalse; @@ -91,6 +94,7 @@ public class CloudDataPlaneFilterTest extends ContainerModelBuilderTestBase { var caCerts = X509CertificateUtils.certificateListFromPem(connectorConfig.ssl().caCertificate()); assertEquals(1, caCerts.size()); assertEquals(List.of(certificate), caCerts); + assertEquals(List.of("foo.bar"), connectorConfig.serverName().known()); var srvCfg = root.getConfig(ServerConfig.class, "container/http"); assertEquals("cloud-data-plane-insecure", srvCfg.defaultFilters().get(0).filterId()); assertEquals(8080, srvCfg.defaultFilters().get(0).localPort()); @@ -191,6 +195,7 @@ public class CloudDataPlaneFilterTest extends ContainerModelBuilderTestBase { .setEndpointCertificateSecrets(Optional.of(new EndpointCertificateSecrets("CERT", "KEY"))) .setHostedVespa(true)) .zone(new Zone(SystemName.PublicCd, Environment.dev, RegionName.defaultName())) + .endpoints(Set.of(new ContainerEndpoint("foo", ApplicationClusterEndpoint.Scope.zone, List.of("foo.bar")))) .build(); return createModel(root, state, null, clusterElem); } diff --git a/config-model/src/test/java/com/yahoo/vespa/model/container/xml/CloudTokenDataPlaneFilterTest.java b/config-model/src/test/java/com/yahoo/vespa/model/container/xml/CloudTokenDataPlaneFilterTest.java index 1642e0ff8f2..c89ea421b39 100644 --- a/config-model/src/test/java/com/yahoo/vespa/model/container/xml/CloudTokenDataPlaneFilterTest.java +++ b/config-model/src/test/java/com/yahoo/vespa/model/container/xml/CloudTokenDataPlaneFilterTest.java @@ -14,9 +14,12 @@ import com.yahoo.config.provision.Environment; import com.yahoo.config.provision.RegionName; import com.yahoo.config.provision.SystemName; import com.yahoo.config.provision.Zone; +import com.yahoo.jdisc.http.ConnectorConfig; import com.yahoo.jdisc.http.filter.security.cloud.config.CloudTokenDataPlaneFilterConfig; import com.yahoo.processing.response.Data; +import com.yahoo.vespa.model.container.ApplicationContainer; import com.yahoo.vespa.model.container.ContainerModel; +import com.yahoo.vespa.model.container.http.ConnectorFactory; import org.junit.jupiter.api.BeforeEach; import org.junit.jupiter.api.Test; import org.junit.jupiter.api.io.TempDir; @@ -127,6 +130,21 @@ public class CloudTokenDataPlaneFilterTest extends ContainerModelBuilderTestBase assertFalse(root.getConfigIds().stream().anyMatch(id -> id.contains("DataplaneProxyConfigurator"))); } + @Test + void configuresCorrectConnectors() throws IOException { + var certFile = securityFolder.resolve("foo.pem"); + var clusterElem = DomBuilderTest.parse(servicesXmlTemplate.formatted(applicationFolder.toPath().relativize(certFile).toString())); + createCertificate(certFile); + buildModel(Set.of(tokenEndpoint, mtlsEndpoint), defaultTokens, clusterElem); + + ConnectorConfig connectorConfig8443 = connectorConfig(8443); + assertEquals(List.of("mtls"),connectorConfig8443.serverName().known()); + + ConnectorConfig connectorConfig8444 = connectorConfig(8444); + assertEquals(List.of("token"),connectorConfig8444.serverName().known()); + + } + private static CloudTokenDataPlaneFilterConfig.Clients.Tokens tokenConfig( String id, Collection<String> fingerprints, Collection<String> accessCheckHashes, Collection<String> expirations) { return new CloudTokenDataPlaneFilterConfig.Clients.Tokens.Builder() @@ -150,4 +168,15 @@ public class CloudTokenDataPlaneFilterTest extends ContainerModelBuilderTestBase .build(); return createModel(root, state, null, clusterElem); } + + private ConnectorConfig connectorConfig(int port) { + ApplicationContainer container = (ApplicationContainer) root.getProducer("container/container.0"); + List<ConnectorFactory> connectorFactories = container.getHttp().getHttpServer().get().getConnectorFactories(); + ConnectorFactory tlsPort = connectorFactories.stream().filter(connectorFactory -> connectorFactory.getListenPort() == port).findFirst().orElseThrow(); + + ConnectorConfig.Builder builder = new ConnectorConfig.Builder(); + tlsPort.getConfig(builder); + + return new ConnectorConfig(builder); + } } |