Add new capabilities in node specific capability sets

2 files changed, 22 insertions, 8 deletions

diff --git a/security-utils/src/main/java/com/yahoo/security/tls/Capability.java b/security-utils/src/main/java/com/yahoo/security/tls/Capability.java
index d30ef3fdf24..8cb98a0dd59 100644
--- a/security-utils/src/main/java/com/yahoo/security/tls/Capability.java
+++ b/security-utils/src/main/java/com/yahoo/security/tls/Capability.java
@@ -29,6 +29,8 @@ public enum Capability implements ToCapabilitySet {
     LOGSERVER_API("vespa.logserver.api"),
     METRICSPROXY__MANAGEMENT_API("vespa.metricsproxy.management_api"),
     METRICSPROXY__METRICS_API("vespa.metricsproxy.metrics_api"),
+    SENTINEL__CONNECTIVITY_CHECK("vespa.sentinel.connectivity_check"),
+    SENTINEL__MANAGEMENT_API("vespa.sentinel.management_api"),
     SLOBROK__API("vespa.slobrok.api"),
     ;
 
diff --git a/security-utils/src/main/java/com/yahoo/security/tls/CapabilitySet.java b/security-utils/src/main/java/com/yahoo/security/tls/CapabilitySet.java
index fa67ab4fe23..cc5bdbeafd3 100644
--- a/security-utils/src/main/java/com/yahoo/security/tls/CapabilitySet.java
+++ b/security-utils/src/main/java/com/yahoo/security/tls/CapabilitySet.java
@@ -21,21 +21,33 @@ public class CapabilitySet implements ToCapabilitySet {
 
     private static final Map<String, CapabilitySet> PREDEFINED = new HashMap<>();
 
+    private static final CapabilitySet SHARED_CAPABILITIES_APP_NODE = CapabilitySet.of(
+            Capability.LOGSERVER_API, Capability.CONFIGSERVER__CONFIG_API,
+            Capability.CONFIGSERVER__FILEDISTRIBUTION_API, Capability.CONFIGPROXY__CONFIG_API,
+            Capability.CONFIGPROXY__FILEDISTRIBUTION_API, Capability.SENTINEL__CONNECTIVITY_CHECK);
+
     /* Predefined capability sets */
+    public static final CapabilitySet ALL = predefined(
+            "vespa.all", Capability.values());
+    public static final CapabilitySet TELEMETRY = predefined(
+            "vespa.telemetry",
+            Capability.CONTENT__STATUS_PAGES, Capability.CONTENT__METRICS_API);
     public static final CapabilitySet CONTENT_NODE = predefined(
             "vespa.content_node",
-            Capability.CONTENT__STORAGE_API, Capability.CONTENT__DOCUMENT_API, Capability.SLOBROK__API);
+            Capability.CONTENT__STORAGE_API, Capability.CONTENT__DOCUMENT_API, Capability.CONTAINER__DOCUMENT_API,
+            SHARED_CAPABILITIES_APP_NODE);
     public static final CapabilitySet CONTAINER_NODE = predefined(
             "vespa.container_node",
-            Capability.CONTENT__DOCUMENT_API, Capability.CONTENT__SEARCH_API, Capability.SLOBROK__API);
-    public static final CapabilitySet TELEMETRY = predefined(
-            "vespa.telemetry",
-            Capability.CONTENT__STATUS_PAGES, Capability.CONTENT__METRICS_API);
+            Capability.CONTENT__DOCUMENT_API, Capability.CONTENT__SEARCH_API, SHARED_CAPABILITIES_APP_NODE);
     public static final CapabilitySet CLUSTER_CONTROLLER_NODE = predefined(
             "vespa.cluster_controller_node",
-            Capability.CONTENT__CLUSTER_CONTROLLER__INTERNAL_STATE_API, Capability.SLOBROK__API);
-    public static final CapabilitySet CONFIG_SERVER = predefined(
-            "vespa.config_server");
+            Capability.CONTENT__CLUSTER_CONTROLLER__INTERNAL_STATE_API, Capability.SLOBROK__API,
+            Capability.CLIENT__SLOBROK_API, Capability.CONTAINER__DOCUMENT_API, SHARED_CAPABILITIES_APP_NODE);
+    public static final CapabilitySet LOGSERVER_NODE = predefined(
+            "vespa.logserver_node", SHARED_CAPABILITIES_APP_NODE);
+    public static final CapabilitySet CONFIGSERVER_NODE = predefined(
+            "vespa.config_server_node",
+            Capability.CLIENT__FILERECEIVER_API, Capability.CONTAINER__MANAGEMENT_API, TELEMETRY);
 
     private static CapabilitySet predefined(String name, ToCapabilitySet... capabilities) {
         var instance = CapabilitySet.of(capabilities);