aboutsummaryrefslogtreecommitdiffstats
path: root/config-model
diff options
context:
space:
mode:
Diffstat (limited to 'config-model')
-rw-r--r--config-model/src/main/java/com/yahoo/vespa/model/application/validation/AccessControlFilterExcludeValidator.java10
-rw-r--r--config-model/src/main/java/com/yahoo/vespa/model/application/validation/CloudClientsValidator.java3
2 files changed, 9 insertions, 4 deletions
diff --git a/config-model/src/main/java/com/yahoo/vespa/model/application/validation/AccessControlFilterExcludeValidator.java b/config-model/src/main/java/com/yahoo/vespa/model/application/validation/AccessControlFilterExcludeValidator.java
index aee9ca83b08..f714ba43c50 100644
--- a/config-model/src/main/java/com/yahoo/vespa/model/application/validation/AccessControlFilterExcludeValidator.java
+++ b/config-model/src/main/java/com/yahoo/vespa/model/application/validation/AccessControlFilterExcludeValidator.java
@@ -6,8 +6,12 @@ import com.yahoo.vespa.model.application.validation.Validation.Context;
import com.yahoo.vespa.model.container.http.AccessControl;
import com.yahoo.vespa.model.container.http.Http;
+import java.util.Set;
import java.util.logging.Level;
+import static com.yahoo.config.provision.CloudName.DEFAULT;
+import static com.yahoo.config.provision.CloudName.YAHOO;
+
/**
* Validates that 'access-control' does not include any exclusions unless explicitly allowed.
* Logs in Yahoo clouds and fails in AWS clouds
@@ -33,10 +37,10 @@ public class AccessControlFilterExcludeValidator implements Validator {
private void verifyNoExclusions(String clusterId, AccessControl accessControl, Context context) {
if (!accessControl.excludedBindings().isEmpty()) {
String message = "Application cluster %s excludes paths from access control, this is not allowed and should be removed.".formatted(clusterId);
- if (context.deployState().zone().cloud().name().equals(CloudName.AWS)) {
- context.illegal(message);
- } else {
+ if (Set.of(DEFAULT, YAHOO).contains(context.deployState().zone().cloud().name())) {
context.deployState().getDeployLogger().log(Level.WARNING, message);
+ } else {
+ context.illegal(message);
}
}
}
diff --git a/config-model/src/main/java/com/yahoo/vespa/model/application/validation/CloudClientsValidator.java b/config-model/src/main/java/com/yahoo/vespa/model/application/validation/CloudClientsValidator.java
index da96802f864..9a8c8435790 100644
--- a/config-model/src/main/java/com/yahoo/vespa/model/application/validation/CloudClientsValidator.java
+++ b/config-model/src/main/java/com/yahoo/vespa/model/application/validation/CloudClientsValidator.java
@@ -43,7 +43,8 @@ public class CloudClientsValidator implements Validator {
"Please update the application package with a new certificate, " +
"e.g by generating a new one using the Vespa CLI `$ vespa auth cert`. " +
"Such certificate will no longer be accepted in near future.";
- state.getDeployLogger().log(Level.WARNING, errorMessage(clusterName, clientId, message));
+ state.getDeployLogger()
+ .logApplicationPackage(Level.WARNING, errorMessage(clusterName, clientId, message));
}
} catch (CertificateEncodingException e) {
reporter.accept(errorMessage(clusterName, clientId, e.getMessage()), e);