Merge pull request #26168 from vespa-engine/revert-26152-revert-26139-vekterli/add-content-state-api-capability

Reapply: add `vespa.content.state_api` capability"

6 files changed, 16 insertions, 3 deletions

diff --git a/security-utils/src/main/java/com/yahoo/security/tls/Capability.java b/security-utils/src/main/java/com/yahoo/security/tls/Capability.java
index 6a6471aa8ac..dce40681b90 100644
--- a/security-utils/src/main/java/com/yahoo/security/tls/Capability.java
+++ b/security-utils/src/main/java/com/yahoo/security/tls/Capability.java
@@ -30,6 +30,7 @@ public enum Capability implements ToCapabilitySet {
     CONTENT__METRICS_API("vespa.content.metrics_api"),
     CONTENT__PROTON_ADMIN_API("vespa.content.proton_admin_api"),
     CONTENT__SEARCH_API("vespa.content.search_api"),
+    CONTENT__STATE_API("vespa.content.state_api"),
     CONTENT__STATUS_PAGES("vespa.content.status_pages"),
     CONTENT__STORAGE_API("vespa.content.storage_api"),
     LOGSERVER_API("vespa.logserver.api"),
diff --git a/security-utils/src/main/java/com/yahoo/security/tls/CapabilitySet.java b/security-utils/src/main/java/com/yahoo/security/tls/CapabilitySet.java
index b7cd03b49bb..197088ff434 100644
--- a/security-utils/src/main/java/com/yahoo/security/tls/CapabilitySet.java
+++ b/security-utils/src/main/java/com/yahoo/security/tls/CapabilitySet.java
@@ -29,8 +29,9 @@ public class CapabilitySet implements ToCapabilitySet {
             "vespa.all", Capability.values());
     public static final CapabilitySet TELEMETRY = predefined(
             "vespa.telemetry",
-            Capability.CONTENT__STATUS_PAGES, Capability.CONTENT__METRICS_API, Capability.CONTAINER__STATE_API,
-            Capability.METRICSPROXY__METRICS_API, Capability.SENTINEL__CONNECTIVITY_CHECK);
+            Capability.CONTENT__STATUS_PAGES, Capability.CONTENT__STATE_API, Capability.CONTENT__METRICS_API,
+            Capability.CONTAINER__STATE_API, Capability.METRICSPROXY__METRICS_API,
+            Capability.SENTINEL__CONNECTIVITY_CHECK);
 
     private static final CapabilitySet SHARED_CAPABILITIES_APP_NODE = CapabilitySet.unionOf(List.of(
             Capability.LOGSERVER_API, Capability.CONFIGSERVER__CONFIG_API,
diff --git a/vespalib/src/tests/net/tls/capabilities/capabilities_test.cpp b/vespalib/src/tests/net/tls/capabilities/capabilities_test.cpp
index ed133f9ffe8..5fdddf086ba 100644
--- a/vespalib/src/tests/net/tls/capabilities/capabilities_test.cpp
+++ b/vespalib/src/tests/net/tls/capabilities/capabilities_test.cpp
@@ -84,6 +84,7 @@ TEST("All known capabilities can be looked up by name, and resolve back to same
     check_capability_mapping("vespa.content.metrics_api",           Capability::content_metrics_api());
     check_capability_mapping("vespa.content.proton_admin_api",      Capability::content_proton_admin_api());
     check_capability_mapping("vespa.content.search_api",            Capability::content_search_api());
+    check_capability_mapping("vespa.content.state_api",             Capability::content_state_api());
     check_capability_mapping("vespa.content.status_pages",          Capability::content_status_pages());
     check_capability_mapping("vespa.content.storage_api",           Capability::content_storage_api());
     check_capability_mapping("vespa.logserver.api",                 Capability::logserver_api());
@@ -109,6 +110,7 @@ TEST("CapabilitySet instances can be stringified") {
                                 "vespa.container.state_api, "
                                 "vespa.content.document_api, "
                                 "vespa.content.metrics_api, "
+                                "vespa.content.state_api, "
                                 "vespa.content.status_pages, "
                                 "vespa.content.storage_api, "
                                 "vespa.logserver.api, "
@@ -135,7 +137,7 @@ TEST("Resolving a capability set adds all its underlying capabilities") {
     CapabilitySet caps;
     EXPECT_TRUE(caps.resolve_and_add("vespa.content_node"));
     // Slightly suboptimal; this test will fail if the default set of capabilities for vespa.content_node changes.
-    EXPECT_EQUAL(caps.count(), 14u);
+    EXPECT_EQUAL(caps.count(), 15u);
     EXPECT_FALSE(caps.empty());
     EXPECT_TRUE(caps.contains(Capability::content_storage_api()));
     EXPECT_TRUE(caps.contains(Capability::content_document_api()));
@@ -147,6 +149,7 @@ TEST("Resolving a capability set adds all its underlying capabilities") {
     EXPECT_TRUE(caps.contains(Capability::configproxy_config_api()));
     EXPECT_TRUE(caps.contains(Capability::configproxy_filedistribution_api()));
     // vespa.content_node -> shared node caps -> vespa.telemetry
+    EXPECT_TRUE(caps.contains(Capability::content_state_api()));
     EXPECT_TRUE(caps.contains(Capability::content_status_pages()));
     EXPECT_TRUE(caps.contains(Capability::content_metrics_api()));
     EXPECT_TRUE(caps.contains(Capability::container_state_api()));
diff --git a/vespalib/src/vespa/vespalib/net/tls/capability.cpp b/vespalib/src/vespa/vespalib/net/tls/capability.cpp
index cfc1cc7a7cc..49f8aa11bad 100644
--- a/vespalib/src/vespa/vespalib/net/tls/capability.cpp
+++ b/vespalib/src/vespa/vespalib/net/tls/capability.cpp
@@ -35,6 +35,7 @@ constexpr std::array<std::string_view, Capability::max_value_count()> capability
     "vespa.content.metrics_api"sv,
     "vespa.content.proton_admin_api"sv,
     "vespa.content.search_api"sv,
+    "vespa.content.state_api"sv,
     "vespa.content.status_pages"sv,
     "vespa.content.storage_api"sv,
     "vespa.logserver.api"sv,
@@ -83,6 +84,7 @@ std::optional<Capability> Capability::find_capability(const string& cap_name) no
         {"vespa.content.metrics_api",                           content_metrics_api()},
         {"vespa.content.proton_admin_api",                      content_proton_admin_api()},
         {"vespa.content.search_api",                            content_search_api()},
+        {"vespa.content.state_api",                             content_state_api()},
         {"vespa.content.status_pages",                          content_status_pages()},
         {"vespa.content.storage_api",                           content_storage_api()},
         {"vespa.logserver.api",                                 logserver_api()},
diff --git a/vespalib/src/vespa/vespalib/net/tls/capability.h b/vespalib/src/vespa/vespalib/net/tls/capability.h
index a7a1dcd15ac..396fad4cbcd 100644
--- a/vespalib/src/vespa/vespalib/net/tls/capability.h
+++ b/vespalib/src/vespa/vespalib/net/tls/capability.h
@@ -47,6 +47,7 @@ private:
         ContentMetricsApi,
         ContentProtonAdminApi,
         ContentSearchApi,
+        ContentStateApi,
         ContentStatusPages,
         ContentStorageApi,
         LogserverApi,
@@ -176,6 +177,10 @@ public:
         return Capability(Id::ContentSearchApi);
     }
 
+    constexpr static Capability content_state_api() noexcept {
+        return Capability(Id::ContentStateApi);
+    }
+
     constexpr static Capability content_proton_admin_api() noexcept {
         return Capability(Id::ContentProtonAdminApi);
     }
diff --git a/vespalib/src/vespa/vespalib/net/tls/capability_set.cpp b/vespalib/src/vespa/vespalib/net/tls/capability_set.cpp
index b17cf1ba851..06231582461 100644
--- a/vespalib/src/vespa/vespalib/net/tls/capability_set.cpp
+++ b/vespalib/src/vespa/vespalib/net/tls/capability_set.cpp
@@ -72,6 +72,7 @@ CapabilitySet CapabilitySet::container_node() noexcept {
 
 CapabilitySet CapabilitySet::telemetry() noexcept {
     return CapabilitySet::of({Capability::content_status_pages(),
+                              Capability::content_state_api(),
                               Capability::content_metrics_api(),
                               Capability::container_state_api(),
                               Capability::metricsproxy_metrics_api(),