diff options
author | Bjørn Christian Seime <bjorncs@yahooinc.com> | 2023-02-17 22:26:45 +0100 |
---|---|---|
committer | GitHub <noreply@github.com> | 2023-02-17 22:26:45 +0100 |
commit | 654fc45d0ae303bd7d171d5754cc3e813f8a3b34 (patch) | |
tree | efdea7b5b3b28e0655c0b68c398208cfc9d73ae2 | |
parent | ce18dc9add14217e65762c056ad8d6102f716432 (diff) | |
parent | 674f20de0bf0d0b923d9c9906760acd3958c9a09 (diff) |
Merge pull request #26095 from vespa-engine/bjorncs/capabilities
Specify that '/logs' requires logserver capability
3 files changed, 12 insertions, 3 deletions
diff --git a/container-core/abi-spec.json b/container-core/abi-spec.json index 3d5b9e8d59e..f9b146bc669 100644 --- a/container-core/abi-spec.json +++ b/container-core/abi-spec.json @@ -249,12 +249,15 @@ }, "com.yahoo.container.handler.LogHandler" : { "superClass" : "com.yahoo.container.jdisc.ThreadedHttpRequestHandler", - "interfaces" : [ ], + "interfaces" : [ + "com.yahoo.container.jdisc.utils.CapabilityRequiringRequestHandler" + ], "attributes" : [ "public" ], "methods" : [ "public void <init>(java.util.concurrent.Executor, com.yahoo.container.core.LogHandlerConfig)", + "public com.yahoo.security.tls.Capability requiredCapability(com.yahoo.container.jdisc.RequestView)", "public com.yahoo.container.jdisc.AsyncHttpResponse handle(com.yahoo.container.jdisc.HttpRequest)", "public bridge synthetic com.yahoo.container.jdisc.HttpResponse handle(com.yahoo.container.jdisc.HttpRequest)" ], diff --git a/container-core/src/main/java/com/yahoo/container/handler/LogHandler.java b/container-core/src/main/java/com/yahoo/container/handler/LogHandler.java index 72a399744f3..4c0f85d5521 100644 --- a/container-core/src/main/java/com/yahoo/container/handler/LogHandler.java +++ b/container-core/src/main/java/com/yahoo/container/handler/LogHandler.java @@ -5,9 +5,12 @@ import com.yahoo.component.annotation.Inject; import com.yahoo.container.core.LogHandlerConfig; import com.yahoo.container.jdisc.AsyncHttpResponse; import com.yahoo.container.jdisc.HttpRequest; +import com.yahoo.container.jdisc.RequestView; import com.yahoo.container.jdisc.ThreadedHttpRequestHandler; +import com.yahoo.container.jdisc.utils.CapabilityRequiringRequestHandler; import com.yahoo.jdisc.handler.CompletionHandler; import com.yahoo.jdisc.handler.ContentChannel; +import com.yahoo.security.tls.Capability; import java.io.OutputStream; import java.time.Instant; @@ -15,7 +18,7 @@ import java.util.Optional; import java.util.concurrent.Executor; import java.util.logging.Level; -public class LogHandler extends ThreadedHttpRequestHandler { +public class LogHandler extends ThreadedHttpRequestHandler implements CapabilityRequiringRequestHandler { private final LogReader logReader; private static final long MB = 1024 * 1024; @@ -30,6 +33,8 @@ public class LogHandler extends ThreadedHttpRequestHandler { this.logReader = logReader; } + @Override public Capability requiredCapability(RequestView __) { return Capability.LOGSERVER_API; } + @Override public AsyncHttpResponse handle(HttpRequest request) { Instant from = Optional.ofNullable(request.getProperty("from")) diff --git a/security-utils/src/main/java/com/yahoo/security/tls/CapabilitySet.java b/security-utils/src/main/java/com/yahoo/security/tls/CapabilitySet.java index 3d8d5ced6d6..8fa077027a9 100644 --- a/security-utils/src/main/java/com/yahoo/security/tls/CapabilitySet.java +++ b/security-utils/src/main/java/com/yahoo/security/tls/CapabilitySet.java @@ -54,7 +54,8 @@ public class CapabilitySet implements ToCapabilitySet { public static final CapabilitySet CONFIGSERVER_NODE = predefined( "vespa.config_server_node", Capability.CLIENT__FILERECEIVER_API, Capability.CONTAINER__MANAGEMENT_API, Capability.SLOBROK__API, - Capability.CLUSTER_CONTROLLER__REINDEXING, Capability.CLUSTER_CONTROLLER__STATE, TELEMETRY); + Capability.CLUSTER_CONTROLLER__REINDEXING, Capability.CLUSTER_CONTROLLER__STATE, Capability.LOGSERVER_API, + TELEMETRY); private static CapabilitySet predefined(String name, ToCapabilitySet... capabilities) { var instance = CapabilitySet.of(capabilities); |