com.yahoo.vespa.model.application.validation.AccessControlFilterValidator Maven / Gradle / Ivy
// Copyright Vespa.ai. Licensed under the terms of the Apache 2.0 license. See LICENSE in the project root.
package com.yahoo.vespa.model.application.validation;
import com.yahoo.vespa.model.application.validation.Validation.Context;
import com.yahoo.vespa.model.container.component.chain.Chain;
import com.yahoo.vespa.model.container.http.AccessControl;
import com.yahoo.vespa.model.container.http.Filter;
import com.yahoo.vespa.model.container.http.FilterChains;
import com.yahoo.vespa.model.container.http.Http;
/**
* Validates that 'access-control' is not enabled when no access control filter implementation is available.
*
* @author bjorncs
*/
public class AccessControlFilterValidator implements Validator {
@Override
public void validate(Context context) {
context.model().getContainerClusters().forEach((id, cluster) -> {
Http http = cluster.getHttp();
if (http != null) {
if (http.getAccessControl().isPresent()) {
verifyAccessControlFilterPresent(context, http);
}
}
});
}
private static void verifyAccessControlFilterPresent(Context context, Http http) {
FilterChains filterChains = http.getFilterChains();
Chain chain = filterChains.allChains().getComponent(AccessControl.ACCESS_CONTROL_CHAIN_ID);
if (chain.getInnerComponents().isEmpty()) {
// No access control filter configured - it's up to a config model plugin to provide an implementation of an access control filter.
context.illegal("The 'access-control' feature is not available in open-source Vespa.");
}
}
}