blob: cea6861ca917d6b9dcd1a4953a0354185703d3c5 (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
|
<?xml version='1.0' encoding='UTF-8'?>
<services version='1.0' xmlns:deploy="vespa" xmlns:preprocess="properties">
<jdisc id='default' version='1.0'>
<!-- See Vespa tutorial
<document-processing>
<chain id="default">
<documentprocessor id="com.yahoo.example.ExampleDocumentProcessor" bundle="basic-application"/>
</chain>
</document-processing>
-->
<!-- YCA Access Control
Enable this to limit access to your application using YCA; we will support http://yo/athens later.
deploy:environment="prod" is needed if you want to enable easier access to other environments. You will not
be able to use YCA access control from an openhouse instance to the hosted Vespa Dev instance.
The nonyca-request-chain is needed to allow e.g. health checks to bypass YCA
In <yca.appid.allow> list the igor roles that includes the hosts that should be allowed to access this application
See http://vespa.corp.yahoo.com/5/documentation/vespa-security.html
To test this you can use curl, and add the Yahoo-App-Auth header:
-H "Yahoo-App-Auth: `yca-cert-util -show yahoo.namespace.role|cut -d" " -f2`"
-->
<!--
<http deploy:environment="prod">
<filtering>
<request-chain id="yca-request-chain" excludes="com.yahoo.jdisc.http.filter.security.InputValidationFilter" inherits="standard-request-filters">
<filter bundle="jdisc_http_filters" class="com.yahoo.jdisc.http.filter.security.YCAFilter" id="access-filter">
<filter-config>
<yca.appid.allow>yahoo.namespace.role</yca.appid.allow>
<yca.allowAny>false</yca.allowAny>
<yca.optional>false</yca.optional>
</filter-config>
</filter>
<binding>http://*/*</binding>
<binding>https://*/*</binding>
</request-chain>
<request-chain excludes="access-filter" id="nonyca-request-chain" inherits="yca-request-chain">
<binding>http://*/state/*</binding>
<binding>http://*/status.html</binding>
<binding>http://*/ApplicationStatus</binding>
<binding>https://*/state/*</binding>
<binding>https://*/status.html</binding>
<binding>https://*/ApplicationStatus</binding>
</request-chain>
</filtering>
<server id="main-server" port="4080" />
</http>
-->
<search>
<chain id='default' inherits='vespa'>
<searcher bundle='basic-application' id='com.yahoo.example.ExampleSearcher'>
<config name='example.message'>
<message>Hello, Vespa! (test build iteration 90)</message>
</config>
</searcher>
</chain>
</search>
<document-api/>
<nodes count='1' flavor='docker' docker-image='vespa-local:latest'/>
</jdisc>
<content id='music' version='1.0'>
<redundancy>2</redundancy>
<documents>
<document mode='index' type='music'/>
</documents>
<nodes count='1' flavor='docker' docker-image='vespa-local:latest'/>
<engine>
<proton>
<searchable-copies>1</searchable-copies>
</proton>
</engine>
</content>
</services>
|