diff options
author | Tor Brede Vekterli <vekterli@yahooinc.com> | 2022-08-25 13:27:59 +0000 |
---|---|---|
committer | Tor Brede Vekterli <vekterli@yahooinc.com> | 2022-08-25 13:34:11 +0000 |
commit | bf13afeb506b581aa7af898941c3c5cf885946d4 (patch) | |
tree | 4bfc92d95caa87e446c84726998ce083fb361337 /configd | |
parent | a105ffc48d22834af461cafd17da6e4bc8c7e715 (diff) |
Add capabilities and RPC filters for sentinel and internal Proton APIs
Diffstat (limited to 'configd')
-rw-r--r-- | configd/src/apps/sentinel/rpchooks.cpp | 14 |
1 files changed, 14 insertions, 0 deletions
diff --git a/configd/src/apps/sentinel/rpchooks.cpp b/configd/src/apps/sentinel/rpchooks.cpp index c09c7676c79..b0c0cb1094f 100644 --- a/configd/src/apps/sentinel/rpchooks.cpp +++ b/configd/src/apps/sentinel/rpchooks.cpp @@ -6,6 +6,7 @@ #include "peer-check.h" #include "report-connectivity.h" #include <vespa/fnet/frt/supervisor.h> +#include <vespa/fnet/frt/require_capabilities.h> #include <vespa/fnet/frt/rpcrequest.h> #include <vespa/log/log.h> @@ -23,6 +24,13 @@ RPCHooks::RPCHooks(CommandQueue &commands, FRT_Supervisor &supervisor, ModelOwne RPCHooks::~RPCHooks() = default; +namespace { + +std::unique_ptr<FRT_RequireCapabilities> make_sentinel_api_capability_filter() { + return FRT_RequireCapabilities::of(vespalib::net::tls::Capability::config_sentinel_api()); +} + +} void RPCHooks::initRPC(FRT_Supervisor *supervisor) @@ -34,18 +42,22 @@ RPCHooks::initRPC(FRT_Supervisor *supervisor) FRT_METHOD(RPCHooks::rpc_listServices), this); rb.MethodDesc("list services"); rb.ReturnDesc("status", "Status for services"); + rb.RequestAccessFilter(make_sentinel_api_capability_filter()); //------------------------------------------------------------------------- rb.DefineMethod("sentinel.service.restart", "s", "", FRT_METHOD(RPCHooks::rpc_restartService), this); rb.MethodDesc("restart a service"); + rb.RequestAccessFilter(make_sentinel_api_capability_filter()); //------------------------------------------------------------------------- rb.DefineMethod("sentinel.service.stop", "s", "", FRT_METHOD(RPCHooks::rpc_stopService), this); rb.MethodDesc("stop a service"); + rb.RequestAccessFilter(make_sentinel_api_capability_filter()); //------------------------------------------------------------------------- rb.DefineMethod("sentinel.service.start", "s", "", FRT_METHOD(RPCHooks::rpc_startService), this); rb.MethodDesc("start a service"); + rb.RequestAccessFilter(make_sentinel_api_capability_filter()); //------------------------------------------------------------------------- rb.DefineMethod("sentinel.check.connectivity", "sii", "s", FRT_METHOD(RPCHooks::rpc_checkConnectivity), this); @@ -54,6 +66,7 @@ RPCHooks::initRPC(FRT_Supervisor *supervisor) rb.ParamDesc("port", "Port number of peer sentinel"); rb.ParamDesc("timeout", "Timeout for check in milliseconds"); rb.ReturnDesc("status", "Status (ok, bad, or unknown) for peer"); + rb.RequestAccessFilter(make_sentinel_api_capability_filter()); //------------------------------------------------------------------------- rb.DefineMethod("sentinel.report.connectivity", "i", "SS", FRT_METHOD(RPCHooks::rpc_reportConnectivity), this); @@ -61,6 +74,7 @@ RPCHooks::initRPC(FRT_Supervisor *supervisor) rb.ParamDesc("timeout", "Timeout for check in milliseconds"); rb.ReturnDesc("hostnames", "Names of peers checked"); rb.ReturnDesc("peerstatus", "Status description for each peer"); + rb.RequestAccessFilter(make_sentinel_api_capability_filter()); //------------------------------------------------------------------------- } |