blob: afa29533b9362b211f5bfead66a476665a954b96 (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
|
// Copyright Vespa.ai. Licensed under the terms of the Apache 2.0 license. See LICENSE in the project root.
package com.yahoo.vespa.model.application.validation;
import com.yahoo.config.model.ConfigModelContext.ApplicationType;
import com.yahoo.vespa.model.application.validation.Validation.Context;
import com.yahoo.vespa.model.container.Container;
import com.yahoo.vespa.model.container.ContainerCluster;
import com.yahoo.vespa.model.container.IdentityProvider;
import com.yahoo.vespa.model.container.component.Component;
/**
* Validates the requirements for setting up a secret store.
*
* @author gjoranv
*/
public class SecretStoreValidator implements Validator {
@Override
public void validate(Context context) {
if (! context.deployState().isHosted()) return;
if (context.model().getAdmin().getApplicationType() != ApplicationType.DEFAULT) return;
for (ContainerCluster<?> cluster : context.model().getContainerClusters().values()) {
if (cluster.getSecretStore().isPresent() && ! hasIdentityProvider(cluster))
context.illegal(String.format(
"Container cluster '%s' uses a secret store, so an Athenz domain and an Athenz service" +
" must be declared in deployment.xml.", cluster.getName()));
}
}
private boolean hasIdentityProvider(ContainerCluster<? extends Container> cluster) {
for (Component<?, ?> component : cluster.getAllComponents()) {
if (component instanceof IdentityProvider) return true;
}
return false;
}
}
|