summaryrefslogtreecommitdiffstats
path: root/config-proxy
diff options
context:
space:
mode:
authorBjørn Christian Seime <bjorncs@yahooinc.com>2023-02-09 17:11:18 +0100
committerBjørn Christian Seime <bjorncs@yahooinc.com>2023-02-09 17:11:18 +0100
commit3014e3e42ce93ec638eda67d0fd0c40f68431707 (patch)
treecbc4b587293c97e8d88dcc6bdf3bc0407693404b /config-proxy
parentcf2673c4494f233c086dc54d747a377474801fb9 (diff)
Define required capabilities for existing JRT RPC methods
Diffstat (limited to 'config-proxy')
-rw-r--r--config-proxy/src/main/java/com/yahoo/vespa/config/proxy/ConfigProxyRpcServer.java12
-rw-r--r--config-proxy/src/main/java/com/yahoo/vespa/config/proxy/filedistribution/FileDistributionRpcServer.java5
-rw-r--r--config-proxy/src/main/java/com/yahoo/vespa/config/proxy/filedistribution/UrlDownloadRpcServer.java4
3 files changed, 18 insertions, 3 deletions
diff --git a/config-proxy/src/main/java/com/yahoo/vespa/config/proxy/ConfigProxyRpcServer.java b/config-proxy/src/main/java/com/yahoo/vespa/config/proxy/ConfigProxyRpcServer.java
index 7b8deb19831..f67e0442468 100644
--- a/config-proxy/src/main/java/com/yahoo/vespa/config/proxy/ConfigProxyRpcServer.java
+++ b/config-proxy/src/main/java/com/yahoo/vespa/config/proxy/ConfigProxyRpcServer.java
@@ -12,6 +12,7 @@ import com.yahoo.jrt.StringValue;
import com.yahoo.jrt.Supervisor;
import com.yahoo.jrt.Target;
import com.yahoo.jrt.TargetWatcher;
+import com.yahoo.security.tls.Capability;
import com.yahoo.vespa.config.JRTMethods;
import com.yahoo.vespa.config.RawConfig;
import com.yahoo.vespa.config.protocol.JRTServerConfigRequest;
@@ -77,41 +78,50 @@ public class ConfigProxyRpcServer implements Runnable, TargetWatcher {
}
private void declareConfigMethods() {
- supervisor.addMethod(JRTMethods.createConfigV3GetConfigMethod(this::getConfigV3));
+ supervisor.addMethod(JRTMethods.createConfigV3GetConfigMethod(this::getConfigV3)
+ .requireCapabilities(Capability.CONFIGPROXY__CONFIG_API));
supervisor.addMethod(new Method("ping", "", "i",
this::ping)
.methodDesc("ping")
.returnDesc(0, "ret code", "return code, 0 is OK"));
supervisor.addMethod(new Method("listCachedConfig", "", "S",
this::listCachedConfig)
+ .requireCapabilities(Capability.CONFIGPROXY__CONFIG_API)
.methodDesc("list cached configs)")
.returnDesc(0, "data", "string array of configs"));
supervisor.addMethod(new Method("listCachedConfigFull", "", "S",
this::listCachedConfigFull)
+ .requireCapabilities(Capability.CONFIGPROXY__CONFIG_API)
.methodDesc("list cached configs with cache content)")
.returnDesc(0, "data", "string array of configs"));
supervisor.addMethod(new Method("listSourceConnections", "", "S",
this::listSourceConnections)
+ .requireCapabilities(Capability.CONFIGPROXY__CONFIG_API)
.methodDesc("list config source connections)")
.returnDesc(0, "data", "string array of source connections"));
supervisor.addMethod(new Method("invalidateCache", "", "S",
this::invalidateCache)
+ .requireCapabilities(Capability.CONFIGPROXY__MANAGEMENT_API)
.methodDesc("list config source connections)")
.returnDesc(0, "data", "0 if success, 1 otherwise"));
supervisor.addMethod(new Method("updateSources", "s", "s",
this::updateSources)
+ .requireCapabilities(Capability.CONFIGPROXY__MANAGEMENT_API)
.methodDesc("update list of config sources")
.returnDesc(0, "ret", "list of updated config sources"));
supervisor.addMethod(new Method("setMode", "s", "S",
this::setMode)
+ .requireCapabilities(Capability.CONFIGPROXY__MANAGEMENT_API)
.methodDesc("Set config proxy mode { default | memorycache }")
.returnDesc(0, "ret", "0 if success, 1 otherwise as first element, description as second element"));
supervisor.addMethod(new Method("getMode", "", "s",
this::getMode)
+ .requireCapabilities(Capability.CONFIGPROXY__MANAGEMENT_API)
.methodDesc("What serving mode the config proxy is in (default, memorycache)")
.returnDesc(0, "ret", "mode as a string"));
supervisor.addMethod(new Method("dumpCache", "s", "s",
this::dumpCache)
+ .requireCapabilities(Capability.CONFIGPROXY__MANAGEMENT_API)
.methodDesc("Dump cache to disk")
.paramDesc(0, "path", "path to write cache contents to")
.returnDesc(0, "ret", "Empty string or error message"));
diff --git a/config-proxy/src/main/java/com/yahoo/vespa/config/proxy/filedistribution/FileDistributionRpcServer.java b/config-proxy/src/main/java/com/yahoo/vespa/config/proxy/filedistribution/FileDistributionRpcServer.java
index 5a5d65a4de6..23ed3ebe161 100644
--- a/config-proxy/src/main/java/com/yahoo/vespa/config/proxy/filedistribution/FileDistributionRpcServer.java
+++ b/config-proxy/src/main/java/com/yahoo/vespa/config/proxy/filedistribution/FileDistributionRpcServer.java
@@ -10,6 +10,7 @@ import com.yahoo.jrt.StringArray;
import com.yahoo.jrt.StringValue;
import com.yahoo.jrt.Supervisor;
import com.yahoo.net.HostName;
+import com.yahoo.security.tls.Capability;
import com.yahoo.vespa.filedistribution.FileDownloader;
import com.yahoo.vespa.filedistribution.FileReferenceDownload;
@@ -21,7 +22,6 @@ import java.util.concurrent.Executors;
import java.util.concurrent.TimeUnit;
import java.util.logging.Level;
import java.util.logging.Logger;
-import java.util.stream.Collectors;
/**
* An RPC server that handles file distribution requests.
@@ -55,14 +55,17 @@ class FileDistributionRpcServer {
private void declareMethods() {
// Legacy method, needs to be the same name as used in filedistributor
supervisor.addMethod(new Method("waitFor", "s", "s", this::getFile)
+ .requireCapabilities(Capability.CONFIGPROXY__FILEDISTRIBUTION_API)
.methodDesc("get path to file reference")
.paramDesc(0, "file reference", "file reference")
.returnDesc(0, "path", "path to file"));
supervisor.addMethod(new Method("filedistribution.getFile", "s", "s", this::getFile)
+ .requireCapabilities(Capability.CONFIGPROXY__FILEDISTRIBUTION_API)
.methodDesc("get path to file reference")
.paramDesc(0, "file reference", "file reference")
.returnDesc(0, "path", "path to file"));
supervisor.addMethod(new Method("filedistribution.getActiveFileReferencesStatus", "", "SD", this::getActiveFileReferencesStatus)
+ .requireCapabilities(Capability.CONFIGPROXY__FILEDISTRIBUTION_API)
.methodDesc("download status for file references")
.returnDesc(0, "file references", "array of file references")
.returnDesc(1, "download status", "percentage downloaded of each file reference in above array"));
diff --git a/config-proxy/src/main/java/com/yahoo/vespa/config/proxy/filedistribution/UrlDownloadRpcServer.java b/config-proxy/src/main/java/com/yahoo/vespa/config/proxy/filedistribution/UrlDownloadRpcServer.java
index 32943b6c80e..9ba3663f883 100644
--- a/config-proxy/src/main/java/com/yahoo/vespa/config/proxy/filedistribution/UrlDownloadRpcServer.java
+++ b/config-proxy/src/main/java/com/yahoo/vespa/config/proxy/filedistribution/UrlDownloadRpcServer.java
@@ -6,7 +6,7 @@ import com.yahoo.jrt.Method;
import com.yahoo.jrt.Request;
import com.yahoo.jrt.StringValue;
import com.yahoo.jrt.Supervisor;
-import java.util.logging.Level;
+import com.yahoo.security.tls.Capability;
import com.yahoo.text.Utf8;
import com.yahoo.vespa.defaults.Defaults;
import net.jpountz.xxhash.XXHashFactory;
@@ -27,6 +27,7 @@ import java.nio.file.Files;
import java.util.concurrent.ExecutorService;
import java.util.concurrent.Executors;
import java.util.concurrent.TimeUnit;
+import java.util.logging.Level;
import java.util.logging.Logger;
import static com.yahoo.vespa.config.UrlDownloader.DOES_NOT_EXIST;
@@ -50,6 +51,7 @@ class UrlDownloadRpcServer {
UrlDownloadRpcServer(Supervisor supervisor) {
supervisor.addMethod(new Method("url.waitFor", "s", "s", this::download)
+ .requireCapabilities(Capability.CONFIGPROXY__FILEDISTRIBUTION_API)
.methodDesc("get path to url download")
.paramDesc(0, "url", "url")
.returnDesc(0, "path", "path to file"));