aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat
-rw-r--r--fnet/src/tests/frt/rpc/invoke.cpp4
-rw-r--r--fnet/src/vespa/fnet/frt/require_capabilities.cpp12
-rw-r--r--fnet/src/vespa/fnet/frt/require_capabilities.h4
-rw-r--r--storage/src/vespa/storage/storageserver/rpc/cluster_controller_api_rpc_service.cpp4
-rw-r--r--storage/src/vespa/storage/storageserver/rpc/storage_api_rpc_service.cpp4
5 files changed, 20 insertions, 8 deletions
diff --git a/fnet/src/tests/frt/rpc/invoke.cpp b/fnet/src/tests/frt/rpc/invoke.cpp
index 2668d86cae6..764b3fb4a05 100644
--- a/fnet/src/tests/frt/rpc/invoke.cpp
+++ b/fnet/src/tests/frt/rpc/invoke.cpp
@@ -227,10 +227,10 @@ public:
// The authz rules used for this test only grant the telemetry capability set
rb.DefineMethod("capabilityRestricted", "", "",
FRT_METHOD(TestRPC::RPC_AccessRestricted), this);
- rb.RequestAccessFilter(std::make_unique<FRT_RequireCapabilities>(CapabilitySet::content_node()));
+ rb.RequestAccessFilter(FRT_RequireCapabilities::of(CapabilitySet::content_node()));
rb.DefineMethod("capabilityAllowed", "", "",
FRT_METHOD(TestRPC::RPC_AccessRestricted), this);
- rb.RequestAccessFilter(std::make_unique<FRT_RequireCapabilities>(CapabilitySet::telemetry()));
+ rb.RequestAccessFilter(FRT_RequireCapabilities::of(CapabilitySet::telemetry()));
}
void RPC_Test(FRT_RPCRequest *req)
diff --git a/fnet/src/vespa/fnet/frt/require_capabilities.cpp b/fnet/src/vespa/fnet/frt/require_capabilities.cpp
index fc5243bc805..5f87f98436e 100644
--- a/fnet/src/vespa/fnet/frt/require_capabilities.cpp
+++ b/fnet/src/vespa/fnet/frt/require_capabilities.cpp
@@ -35,3 +35,15 @@ FRT_RequireCapabilities::allow(FRT_RPCRequest& req) const noexcept
return (mode != CapabilityEnforcementMode::Enforce);
}
}
+
+std::unique_ptr<FRT_RequireCapabilities>
+FRT_RequireCapabilities::of(Capability required_capability)
+{
+ return std::make_unique<FRT_RequireCapabilities>(CapabilitySet::of({required_capability}));
+}
+
+std::unique_ptr<FRT_RequireCapabilities>
+FRT_RequireCapabilities::of(CapabilitySet required_capabilities)
+{
+ return std::make_unique<FRT_RequireCapabilities>(required_capabilities);
+}
diff --git a/fnet/src/vespa/fnet/frt/require_capabilities.h b/fnet/src/vespa/fnet/frt/require_capabilities.h
index 7c80484783d..557ddc3ddc3 100644
--- a/fnet/src/vespa/fnet/frt/require_capabilities.h
+++ b/fnet/src/vespa/fnet/frt/require_capabilities.h
@@ -3,6 +3,7 @@
#include "request_access_filter.h"
#include <vespa/vespalib/net/tls/capability_set.h>
+#include <memory>
/**
* An RPC access filter which verifies that a request is associated with an auth
@@ -18,4 +19,7 @@ public:
}
bool allow(FRT_RPCRequest& req) const noexcept override;
+
+ static std::unique_ptr<FRT_RequireCapabilities> of(vespalib::net::tls::Capability required_capability);
+ static std::unique_ptr<FRT_RequireCapabilities> of(vespalib::net::tls::CapabilitySet required_capabilities);
};
diff --git a/storage/src/vespa/storage/storageserver/rpc/cluster_controller_api_rpc_service.cpp b/storage/src/vespa/storage/storageserver/rpc/cluster_controller_api_rpc_service.cpp
index bb69c0a8641..488c9dfa346 100644
--- a/storage/src/vespa/storage/storageserver/rpc/cluster_controller_api_rpc_service.cpp
+++ b/storage/src/vespa/storage/storageserver/rpc/cluster_controller_api_rpc_service.cpp
@@ -36,9 +36,7 @@ void ClusterControllerApiRpcService::close() {
namespace {
std::unique_ptr<FRT_RequireCapabilities> make_cc_api_capability_filter() {
- return std::make_unique<FRT_RequireCapabilities>(vespalib::net::tls::CapabilitySet::of({
- vespalib::net::tls::Capability::content_cluster_controller_internal_state_api()
- }));
+ return FRT_RequireCapabilities::of(vespalib::net::tls::Capability::content_cluster_controller_internal_state_api());
}
}
diff --git a/storage/src/vespa/storage/storageserver/rpc/storage_api_rpc_service.cpp b/storage/src/vespa/storage/storageserver/rpc/storage_api_rpc_service.cpp
index 41dcafc055a..bcb5dbab279 100644
--- a/storage/src/vespa/storage/storageserver/rpc/storage_api_rpc_service.cpp
+++ b/storage/src/vespa/storage/storageserver/rpc/storage_api_rpc_service.cpp
@@ -55,9 +55,7 @@ StorageApiRpcService::Params::~Params() = default;
void StorageApiRpcService::register_server_methods(SharedRpcResources& rpc_resources) {
FRT_ReflectionBuilder rb(&rpc_resources.supervisor());
rb.DefineMethod(rpc_v1_method_name(), "bixbix", "bixbix", FRT_METHOD(StorageApiRpcService::RPC_rpc_v1_send), this);
- rb.RequestAccessFilter(std::make_unique<FRT_RequireCapabilities>(vespalib::net::tls::CapabilitySet::of({
- vespalib::net::tls::Capability::content_storage_api()
- })));
+ rb.RequestAccessFilter(FRT_RequireCapabilities::of(vespalib::net::tls::Capability::content_storage_api()));
rb.MethodDesc("V1 of StorageAPI direct RPC protocol");
rb.ParamDesc("header_encoding", "0=raw, 6=lz4");
rb.ParamDesc("header_decoded_size", "Uncompressed header blob size");