Add environment variable for capabilities enforcement mode

1 files changed, 7 insertions, 0 deletions

diff --git a/security-utils/src/main/java/com/yahoo/security/tls/TransportSecurityUtils.java b/security-utils/src/main/java/com/yahoo/security/tls/TransportSecurityUtils.java
index cbd3857d2d5..21d97613f95 100644
--- a/security-utils/src/main/java/com/yahoo/security/tls/TransportSecurityUtils.java
+++ b/security-utils/src/main/java/com/yahoo/security/tls/TransportSecurityUtils.java
@@ -18,6 +18,7 @@ public class TransportSecurityUtils {
     public static final String CONFIG_FILE_ENVIRONMENT_VARIABLE = "VESPA_TLS_CONFIG_FILE";
     public static final String INSECURE_MIXED_MODE_ENVIRONMENT_VARIABLE = "VESPA_TLS_INSECURE_MIXED_MODE";
     public static final String INSECURE_AUTHORIZATION_MODE_ENVIRONMENT_VARIABLE = "VESPA_TLS_INSECURE_AUTHORIZATION_MODE";
+    public static final String CAPABILITIES_ENV_VAR = "VESPA_TLS_CAPABILITIES_ENFORCEMENT_MODE";
 
     private TransportSecurityUtils() {}
 
@@ -49,6 +50,12 @@ public class TransportSecurityUtils {
                 .orElse(AuthorizationMode.defaultValue());
     }
 
+    public static CapabilityMode getCapabilityMode() {
+        return getEnvironmentVariable(System.getenv(), CAPABILITIES_ENV_VAR)
+                .map(CapabilityMode::fromConfigValue)
+                .orElse(CapabilityMode.defaultValue());
+    }
+
     public static Optional<Path> getConfigFile() {
         return getConfigFile(System.getenv());
     }