Merge pull request #33303 from vespa-engine/evgiz/private-endpoint-ex…

…clusive-auth-provisioning Exclusive zone endpoint auth in containermodelbuilder
vespa-engine · Feb 12, 2025 · b30a68e · b30a68e
2 parents edd52dc + 77f0c0e
commit b30a68e
Showing 1 changed file with 3 additions and 4 deletions.
diff --git a/config-model/src/main/java/com/yahoo/vespa/model/container/xml/ContainerModelBuilder.java b/config-model/src/main/java/com/yahoo/vespa/model/container/xml/ContainerModelBuilder.java
@@ -1033,15 +1033,14 @@ private ZoneEndpoint zoneEndpoint(ConfigModelContext context, ClusterSpec.Id clu
         ZoneId zone = ZoneId.from(context.properties().zone().environment(),
                                   context.properties().zone().region());
 
-        var supportsTokenAuthentication = context.properties()
+        var useTokenAuthentication = context.properties()
                 .endpoints()
                 .stream()
                 .anyMatch(endpoint ->
+                        endpoint.scope() == ApplicationClusterEndpoint.Scope.zone &&
                         endpoint.authMethod() == ApplicationClusterEndpoint.AuthMethod.token &&
                         endpoint.clusterId().equals(cluster.value()));
-        var authMethods = supportsTokenAuthentication ?
-                List.of(AuthMethod.mtls, AuthMethod.token) :
-                List.of(AuthMethod.mtls);
+        var authMethods = useTokenAuthentication ? List.of(AuthMethod.token) : List.of(AuthMethod.mtls);
 
         return context
                 .getApplicationPackage()