blob: 3f35cd1d03be1e7cdb1970f9ab6e678a493b79ef (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
|
<?xml version='1.0' encoding='UTF-8'?>
<services xmlns:deploy='vespa' version='1.0'>
<container version='1.0' id='tester'>
<component id="com.yahoo.vespa.hosted.testrunner.TestRunner" bundle="vespa-testrunner-components">
<config name="com.yahoo.vespa.hosted.testrunner.test-runner">
<artifactsPath>artifacts</artifactsPath>
<surefireMemoryMb>5120</surefireMemoryMb>
<useAthenzCredentials>true</useAthenzCredentials>
<useTesterCertificate>false</useTesterCertificate>
</config>
</component>
<handler id="com.yahoo.vespa.hosted.testrunner.TestRunnerHandler" bundle="vespa-testrunner-components">
<binding>http://*/tester/v1/*</binding>
</handler>
<http>
<!-- Make sure 4080 is the first port. This will be used by the config server. -->
<server id='default' port='4080'/>
<server id='testertls4443' port='4443'>
<config name="jdisc.http.connector">
<tlsClientAuthEnforcer>
<enable>true</enable>
<pathWhitelist>
<item>/status.html</item>
<item>/state/v1/config</item>
</pathWhitelist>
</tlsClientAuthEnforcer>
</config>
<ssl>
<private-key-file>/var/lib/sia/keys/vespa.vespa.tenant.key.pem</private-key-file>
<certificate-file>/var/lib/sia/certs/vespa.vespa.tenant.cert.pem</certificate-file>
<client-authentication>want</client-authentication>
</ssl>
</server>
<filtering>
<access-control domain='vespa.vespa.cd'>
<exclude>
<binding>http://*/tester/v1/*</binding>
</exclude>
</access-control>
<request-chain id="testrunner-api">
<filter id='authz-filter' class='com.yahoo.jdisc.http.filter.security.athenz.AthenzAuthorizationFilter' bundle="jdisc-security-filters">
<config name="jdisc.http.filter.security.athenz.athenz-authorization-filter">
<credentialsToVerify>TOKEN_ONLY</credentialsToVerify>
<roleTokenHeaderName>Yahoo-Role-Auth</roleTokenHeaderName>
</config>
<component id="com.yahoo.jdisc.http.filter.security.athenz.StaticRequestResourceMapper" bundle="jdisc-security-filters">
<config name="jdisc.http.filter.security.athenz.static-request-resource-mapper">
<resourceName>vespa.vespa.cd:tester-application</resourceName>
<action>deploy</action>
</config>
</component>
</filter>
</request-chain>
</filtering>
</http>
<nodes count="1" allocated-memory="17%">
<resources vcpu="2.00" memory="12.00" disk="75.00"/>
</nodes>
</container>
</services>
|