diff options
author | Tor Brede Vekterli <vekterli@yahooinc.com> | 2022-08-26 09:18:38 +0000 |
---|---|---|
committer | Tor Brede Vekterli <vekterli@yahooinc.com> | 2022-08-26 09:18:38 +0000 |
commit | 19565601f7b26c441cb2d7806ac372ba964b9052 (patch) | |
tree | ce0034a057641698cb9d990c93c06e6d665a97ad /slobrok | |
parent | db4fce7cab1470c85e32cf8c0db10accb47f9a5d (diff) |
Add capability request filters to Slobrok RPCs
Diffstat (limited to 'slobrok')
-rw-r--r-- | slobrok/src/vespa/slobrok/sbregister.cpp | 7 | ||||
-rw-r--r-- | slobrok/src/vespa/slobrok/server/rpchooks.cpp | 21 |
2 files changed, 28 insertions, 0 deletions
diff --git a/slobrok/src/vespa/slobrok/sbregister.cpp b/slobrok/src/vespa/slobrok/sbregister.cpp index c1948a24aa8..925d4ea62bc 100644 --- a/slobrok/src/vespa/slobrok/sbregister.cpp +++ b/slobrok/src/vespa/slobrok/sbregister.cpp @@ -1,6 +1,7 @@ // Copyright Yahoo. Licensed under the terms of the Apache 2.0 license. See LICENSE in the project root. #include "sbregister.h" +#include <vespa/fnet/frt/require_capabilities.h> #include <vespa/fnet/frt/supervisor.h> #include <vespa/fnet/frt/target.h> #include <vespa/vespalib/util/host_name.h> @@ -47,6 +48,10 @@ discard(std::vector<vespalib::string> &vec, vespalib::stringref val) LOG_ASSERT(size == vec.size()); } +std::unique_ptr<FRT_RequireCapabilities> make_slobrok_capability_filter() { + return FRT_RequireCapabilities::of(vespalib::net::tls::Capability::slobrok_api()); +} + } // namespace <unnamed> namespace slobrok::api { @@ -287,11 +292,13 @@ RegisterAPI::RPCHooks::RPCHooks(RegisterAPI &owner) FRT_METHOD(RPCHooks::rpc_listNamesServed), this); rb.MethodDesc("List rpcserver names"); rb.ReturnDesc("names", "The rpcserver names this server wants to serve"); + rb.RequestAccessFilter(make_slobrok_capability_filter()); //------------------------------------------------------------------------- rb.DefineMethod("slobrok.callback.notifyUnregistered", "s", "", FRT_METHOD(RPCHooks::rpc_notifyUnregistered), this); rb.MethodDesc("Notify a server about removed registration"); rb.ParamDesc("name", "RpcServer name"); + rb.RequestAccessFilter(make_slobrok_capability_filter()); //------------------------------------------------------------------------- } diff --git a/slobrok/src/vespa/slobrok/server/rpchooks.cpp b/slobrok/src/vespa/slobrok/server/rpchooks.cpp index 9fca21f0456..b41e1ba583e 100644 --- a/slobrok/src/vespa/slobrok/server/rpchooks.cpp +++ b/slobrok/src/vespa/slobrok/server/rpchooks.cpp @@ -7,6 +7,7 @@ #include "remote_slobrok.h" #include "sbenv.h" #include "rpcmirror.h" +#include <vespa/fnet/frt/require_capabilities.h> #include <vespa/fnet/frt/supervisor.h> #include <vespa/vespalib/component/vtag.h> @@ -55,6 +56,10 @@ bool match(const char *name, const char *pattern) { return (*name == *pattern); } +std::unique_ptr<FRT_RequireCapabilities> make_slobrok_capability_filter() { + return FRT_RequireCapabilities::of(vespalib::net::tls::Capability::slobrok_api()); +} + } // namespace <unnamed> //----------------------------------------------------------------------------- @@ -92,10 +97,12 @@ void RPCHooks::initRPC(FRT_Supervisor *supervisor) { FRT_METHOD(RPCHooks::rpc_version), this); rb.MethodDesc("Get location broker version"); rb.ReturnDesc("version", "version string"); + rb.RequestAccessFilter(make_slobrok_capability_filter()); //------------------------------------------------------------------------- rb.DefineMethod("slobrok.system.stop", "", "", FRT_METHOD(RPCHooks::rpc_stop), this); rb.MethodDesc("Shut down the location broker application"); + rb.RequestAccessFilter(make_slobrok_capability_filter()); //------------------------------------------------------------------------- //------------------------------------------------------------------------- @@ -104,6 +111,7 @@ void RPCHooks::initRPC(FRT_Supervisor *supervisor) { rb.MethodDesc("List all rpcservers managed by this location broker"); rb.ReturnDesc("names", "Managed rpcserver names"); rb.ReturnDesc("specs", "The connection specifications (in same order)"); + rb.RequestAccessFilter(make_slobrok_capability_filter()); //------------------------------------------------------------------------- rb.DefineMethod("slobrok.internal.lookupManaged", "s", "ss", FRT_METHOD(RPCHooks::rpc_lookupManaged), this); @@ -111,6 +119,7 @@ void RPCHooks::initRPC(FRT_Supervisor *supervisor) { rb.ParamDesc("name", "Name of rpc server"); rb.ReturnDesc("name", "Name of rpc server"); rb.ReturnDesc("spec", "The connection specification"); + rb.RequestAccessFilter(make_slobrok_capability_filter()); //------------------------------------------------------------------------- rb.DefineMethod("slobrok.internal.wantAdd", "sss", "is", FRT_METHOD(RPCHooks::rpc_wantAdd), this); @@ -120,6 +129,7 @@ void RPCHooks::initRPC(FRT_Supervisor *supervisor) { rb.ParamDesc("spec", "The connection specification"); rb.ReturnDesc("denied", "non-zero if request was denied"); rb.ReturnDesc("reason", "reason for denial"); + rb.RequestAccessFilter(make_slobrok_capability_filter()); //------------------------------------------------------------------------- rb.DefineMethod("slobrok.internal.doAdd", "sss", "is", FRT_METHOD(RPCHooks::rpc_doAdd), this); @@ -129,6 +139,7 @@ void RPCHooks::initRPC(FRT_Supervisor *supervisor) { rb.ParamDesc("spec", "The connection specification"); rb.ReturnDesc("denied", "non-zero if request was denied"); rb.ReturnDesc("reason", "reason for denial"); + rb.RequestAccessFilter(make_slobrok_capability_filter()); //------------------------------------------------------------------------- rb.DefineMethod("slobrok.internal.doRemove", "sss", "is", FRT_METHOD(RPCHooks::rpc_doRemove), this); @@ -138,6 +149,7 @@ void RPCHooks::initRPC(FRT_Supervisor *supervisor) { rb.ParamDesc("spec", "The connection specification"); rb.ReturnDesc("denied", "non-zero if request was denied"); rb.ReturnDesc("reason", "reason for denial"); + rb.RequestAccessFilter(make_slobrok_capability_filter()); //------------------------------------------------------------------------- rb.DefineMethod("slobrok.internal.fetchLocalView", "ii", "iSSSi", FRT_METHOD(RPCHooks::rpc_fetchLocalView), this); @@ -151,6 +163,7 @@ void RPCHooks::initRPC(FRT_Supervisor *supervisor) { rb.ReturnDesc("names", "Array of NamedService names with new values"); rb.ReturnDesc("specs", "Array of connection specifications (same order)"); rb.ReturnDesc("newgen", "Generation count for new version of the map"); + rb.RequestAccessFilter(make_slobrok_capability_filter()); //------------------------------------------------------------------------- //------------------------------------------------------------------------- @@ -158,6 +171,7 @@ void RPCHooks::initRPC(FRT_Supervisor *supervisor) { FRT_METHOD(RPCHooks::rpc_listNamesServed), this); rb.MethodDesc("List rpcservers served"); rb.ReturnDesc("names", "The rpcserver names this server wants to serve"); + rb.RequestAccessFilter(make_slobrok_capability_filter()); //------------------------------------------------------------------------- //------------------------------------------------------------------------- @@ -166,12 +180,14 @@ void RPCHooks::initRPC(FRT_Supervisor *supervisor) { rb.MethodDesc("stop syncing with other location broker"); rb.ParamDesc("slobrok", "NamedService name of remote location broker"); rb.ParamDesc("spec", "Connection specification of remote location broker"); + rb.RequestAccessFilter(make_slobrok_capability_filter()); //------------------------------------------------------------------------- rb.DefineMethod("slobrok.admin.addPeer", "ss", "", FRT_METHOD(RPCHooks::rpc_addPeer), this); rb.MethodDesc("sync our information with other location broker"); rb.ParamDesc("slobrok", "NamedService name of remote location broker"); rb.ParamDesc("spec", "Connection specification of remote location broker"); + rb.RequestAccessFilter(make_slobrok_capability_filter()); //------------------------------------------------------------------------- rb.DefineMethod("slobrok.admin.listAllRpcServers", "", "SSS", FRT_METHOD(RPCHooks::rpc_listAllRpcServers), this); @@ -179,6 +195,7 @@ void RPCHooks::initRPC(FRT_Supervisor *supervisor) { rb.ReturnDesc("names", "NamedService names"); rb.ReturnDesc("specs", "The connection specifications (in same order)"); rb.ReturnDesc("owners", "Corresponding names of managing location broker"); + rb.RequestAccessFilter(make_slobrok_capability_filter()); //------------------------------------------------------------------------- //------------------------------------------------------------------------- @@ -187,12 +204,14 @@ void RPCHooks::initRPC(FRT_Supervisor *supervisor) { rb.MethodDesc("Unregister a rpcserver"); rb.ParamDesc("name", "NamedService name"); rb.ParamDesc("spec", "The connection specification"); + rb.RequestAccessFilter(make_slobrok_capability_filter()); //------------------------------------------------------------------------- rb.DefineMethod("slobrok.registerRpcServer", "ss", "", FRT_METHOD(RPCHooks::rpc_registerRpcServer), this); rb.MethodDesc("Register a rpcserver"); rb.ParamDesc("name", "NamedService name"); rb.ParamDesc("spec", "The connection specification"); + rb.RequestAccessFilter(make_slobrok_capability_filter()); //------------------------------------------------------------------------- //------------------------------------------------------------------------- @@ -208,6 +227,7 @@ void RPCHooks::initRPC(FRT_Supervisor *supervisor) { rb.ReturnDesc("names", "Array of NamedService names with new values"); rb.ReturnDesc("specs", "Array of connection specifications (same order)"); rb.ReturnDesc("newgen", "Generation count for new version of the map"); + rb.RequestAccessFilter(make_slobrok_capability_filter()); //------------------------------------------------------------------------- rb.DefineMethod("slobrok.lookupRpcServer", "s", "SS", FRT_METHOD(RPCHooks::rpc_lookupRpcServer), this); @@ -224,6 +244,7 @@ void RPCHooks::initRPC(FRT_Supervisor *supervisor) { ); rb.ReturnDesc("names", "The rpcserver names matching pattern"); rb.ReturnDesc("specs", "The connection specifications (in same order)"); + rb.RequestAccessFilter(make_slobrok_capability_filter()); //------------------------------------------------------------------------- } |