diff options
| author | Tor Brede Vekterli <vekterli@yahooinc.com> | 2022-08-23 11:22:15 +0000 |
|---|---|---|
| committer | Tor Brede Vekterli <vekterli@yahooinc.com> | 2022-08-23 11:22:15 +0000 |
| commit | db30b6bbb4cbf946036bdcb6685379b7345c1450 (patch) | |
| tree | 530349c7caaf2b4829cb6b6e8a04cae8385cbd9b /storage | |
| parent | a836ad44d19ce33834c59480f5690ae0a31a7759 (diff) | |
Add capability filter to cluster controller API RPCs on content nodes
Diffstat (limited to 'storage')
| -rw-r--r-- | storage/src/vespa/storage/storageserver/rpc/cluster_controller_api_rpc_service.cpp | 17 |
1 files changed, 17 insertions, 0 deletions
diff --git a/storage/src/vespa/storage/storageserver/rpc/cluster_controller_api_rpc_service.cpp b/storage/src/vespa/storage/storageserver/rpc/cluster_controller_api_rpc_service.cpp index be0239c1370..bb69c0a8641 100644 --- a/storage/src/vespa/storage/storageserver/rpc/cluster_controller_api_rpc_service.cpp +++ b/storage/src/vespa/storage/storageserver/rpc/cluster_controller_api_rpc_service.cpp @@ -7,6 +7,7 @@ #include <vespa/storage/storageserver/rpcrequestwrapper.h> #include <vespa/vdslib/state/clusterstate.h> #include <vespa/fnet/frt/supervisor.h> +#include <vespa/fnet/frt/require_capabilities.h> #include <vespa/fnet/frt/rpcrequest.h> #include <vespa/storageapi/message/state.h> #include <vespa/vespalib/util/host_name.h> @@ -32,10 +33,21 @@ void ClusterControllerApiRpcService::close() { _closed.store(true); } +namespace { + +std::unique_ptr<FRT_RequireCapabilities> make_cc_api_capability_filter() { + return std::make_unique<FRT_RequireCapabilities>(vespalib::net::tls::CapabilitySet::of({ + vespalib::net::tls::Capability::content_cluster_controller_internal_state_api() + })); +} + +} + void ClusterControllerApiRpcService::register_server_methods(SharedRpcResources& rpc_resources) { FRT_ReflectionBuilder rb(&rpc_resources.supervisor()); rb.DefineMethod("getnodestate3", "sii", "ss", FRT_METHOD(ClusterControllerApiRpcService::RPC_getNodeState2), this); + rb.RequestAccessFilter(make_cc_api_capability_filter()); rb.MethodDesc("Get state of this node"); rb.ParamDesc("nodestate", "Expected state of given node. If correct, the " "request will be queued on target until it changes. To not give " @@ -45,6 +57,7 @@ void ClusterControllerApiRpcService::register_server_methods(SharedRpcResources& rb.ReturnDesc("hostinfo", "Information about host this node is running on"); //------------------------------------------------------------------------- rb.DefineMethod("getnodestate2", "si", "s", FRT_METHOD(ClusterControllerApiRpcService::RPC_getNodeState2), this); + rb.RequestAccessFilter(make_cc_api_capability_filter()); rb.MethodDesc("Get state of this node"); rb.ParamDesc("nodestate", "Expected state of given node. If correct, the " "request will be queued on target until it changes. To not give " @@ -53,21 +66,25 @@ void ClusterControllerApiRpcService::register_server_methods(SharedRpcResources& rb.ReturnDesc("nodestate", "State string for this node"); //------------------------------------------------------------------------- rb.DefineMethod("setsystemstate2", "s", "", FRT_METHOD(ClusterControllerApiRpcService::RPC_setSystemState2), this); + rb.RequestAccessFilter(make_cc_api_capability_filter()); rb.MethodDesc("Set systemstate on this node"); rb.ParamDesc("systemstate", "New systemstate to set"); //------------------------------------------------------------------------- rb.DefineMethod("setdistributionstates", "bix", "", FRT_METHOD(ClusterControllerApiRpcService::RPC_setDistributionStates), this); + rb.RequestAccessFilter(make_cc_api_capability_filter()); rb.MethodDesc("Set distribution states for cluster and bucket spaces"); rb.ParamDesc("compressionType", "Compression type for payload"); rb.ParamDesc("uncompressedSize", "Uncompressed size for payload"); rb.ParamDesc("payload", "Binary Slime format payload"); //------------------------------------------------------------------------- rb.DefineMethod("activate_cluster_state_version", "i", "i", FRT_METHOD(ClusterControllerApiRpcService::RPC_activateClusterStateVersion), this); + rb.RequestAccessFilter(make_cc_api_capability_filter()); rb.MethodDesc("Explicitly activates an already prepared cluster state version"); rb.ParamDesc("activate_version", "Expected cluster state version to activate"); rb.ReturnDesc("actual_version", "Cluster state version that was prepared on the node prior to receiving RPC"); //------------------------------------------------------------------------- rb.DefineMethod("getcurrenttime", "", "lis", FRT_METHOD(ClusterControllerApiRpcService::RPC_getCurrentTime), this); + rb.RequestAccessFilter(make_cc_api_capability_filter()); rb.MethodDesc("Get current time on this node"); rb.ReturnDesc("seconds", "Current time in seconds since epoch"); rb.ReturnDesc("nanoseconds", "additional nanoseconds since epoch"); |