diff options
author | Bjørn Christian Seime <bjorncs@yahooinc.com> | 2023-02-17 16:14:31 +0100 |
---|---|---|
committer | Bjørn Christian Seime <bjorncs@yahooinc.com> | 2023-02-17 16:20:07 +0100 |
commit | 12e2582e22bad67349674044fbd9fe3d3f34b816 (patch) | |
tree | 802841e4ad95428c092b77854e5d983f4f0f1cd0 | |
parent | 4c3b13e7713abc527181b921ff256595fd9c2eb6 (diff) |
Specify that '/logs' requires logserver capability
-rw-r--r-- | container-core/src/main/java/com/yahoo/container/handler/LogHandler.java | 7 | ||||
-rw-r--r-- | security-utils/src/main/java/com/yahoo/security/tls/CapabilitySet.java | 3 |
2 files changed, 8 insertions, 2 deletions
diff --git a/container-core/src/main/java/com/yahoo/container/handler/LogHandler.java b/container-core/src/main/java/com/yahoo/container/handler/LogHandler.java index 72a399744f3..4c0f85d5521 100644 --- a/container-core/src/main/java/com/yahoo/container/handler/LogHandler.java +++ b/container-core/src/main/java/com/yahoo/container/handler/LogHandler.java @@ -5,9 +5,12 @@ import com.yahoo.component.annotation.Inject; import com.yahoo.container.core.LogHandlerConfig; import com.yahoo.container.jdisc.AsyncHttpResponse; import com.yahoo.container.jdisc.HttpRequest; +import com.yahoo.container.jdisc.RequestView; import com.yahoo.container.jdisc.ThreadedHttpRequestHandler; +import com.yahoo.container.jdisc.utils.CapabilityRequiringRequestHandler; import com.yahoo.jdisc.handler.CompletionHandler; import com.yahoo.jdisc.handler.ContentChannel; +import com.yahoo.security.tls.Capability; import java.io.OutputStream; import java.time.Instant; @@ -15,7 +18,7 @@ import java.util.Optional; import java.util.concurrent.Executor; import java.util.logging.Level; -public class LogHandler extends ThreadedHttpRequestHandler { +public class LogHandler extends ThreadedHttpRequestHandler implements CapabilityRequiringRequestHandler { private final LogReader logReader; private static final long MB = 1024 * 1024; @@ -30,6 +33,8 @@ public class LogHandler extends ThreadedHttpRequestHandler { this.logReader = logReader; } + @Override public Capability requiredCapability(RequestView __) { return Capability.LOGSERVER_API; } + @Override public AsyncHttpResponse handle(HttpRequest request) { Instant from = Optional.ofNullable(request.getProperty("from")) diff --git a/security-utils/src/main/java/com/yahoo/security/tls/CapabilitySet.java b/security-utils/src/main/java/com/yahoo/security/tls/CapabilitySet.java index 3d8d5ced6d6..8fa077027a9 100644 --- a/security-utils/src/main/java/com/yahoo/security/tls/CapabilitySet.java +++ b/security-utils/src/main/java/com/yahoo/security/tls/CapabilitySet.java @@ -54,7 +54,8 @@ public class CapabilitySet implements ToCapabilitySet { public static final CapabilitySet CONFIGSERVER_NODE = predefined( "vespa.config_server_node", Capability.CLIENT__FILERECEIVER_API, Capability.CONTAINER__MANAGEMENT_API, Capability.SLOBROK__API, - Capability.CLUSTER_CONTROLLER__REINDEXING, Capability.CLUSTER_CONTROLLER__STATE, TELEMETRY); + Capability.CLUSTER_CONTROLLER__REINDEXING, Capability.CLUSTER_CONTROLLER__STATE, Capability.LOGSERVER_API, + TELEMETRY); private static CapabilitySet predefined(String name, ToCapabilitySet... capabilities) { var instance = CapabilitySet.of(capabilities); |