diff options
14 files changed, 78 insertions, 11 deletions
diff --git a/config-proxy/src/main/java/com/yahoo/vespa/config/proxy/ConfigProxyRpcServer.java b/config-proxy/src/main/java/com/yahoo/vespa/config/proxy/ConfigProxyRpcServer.java index 7b8deb19831..f67e0442468 100644 --- a/config-proxy/src/main/java/com/yahoo/vespa/config/proxy/ConfigProxyRpcServer.java +++ b/config-proxy/src/main/java/com/yahoo/vespa/config/proxy/ConfigProxyRpcServer.java @@ -12,6 +12,7 @@ import com.yahoo.jrt.StringValue; import com.yahoo.jrt.Supervisor; import com.yahoo.jrt.Target; import com.yahoo.jrt.TargetWatcher; +import com.yahoo.security.tls.Capability; import com.yahoo.vespa.config.JRTMethods; import com.yahoo.vespa.config.RawConfig; import com.yahoo.vespa.config.protocol.JRTServerConfigRequest; @@ -77,41 +78,50 @@ public class ConfigProxyRpcServer implements Runnable, TargetWatcher { } private void declareConfigMethods() { - supervisor.addMethod(JRTMethods.createConfigV3GetConfigMethod(this::getConfigV3)); + supervisor.addMethod(JRTMethods.createConfigV3GetConfigMethod(this::getConfigV3) + .requireCapabilities(Capability.CONFIGPROXY__CONFIG_API)); supervisor.addMethod(new Method("ping", "", "i", this::ping) .methodDesc("ping") .returnDesc(0, "ret code", "return code, 0 is OK")); supervisor.addMethod(new Method("listCachedConfig", "", "S", this::listCachedConfig) + .requireCapabilities(Capability.CONFIGPROXY__CONFIG_API) .methodDesc("list cached configs)") .returnDesc(0, "data", "string array of configs")); supervisor.addMethod(new Method("listCachedConfigFull", "", "S", this::listCachedConfigFull) + .requireCapabilities(Capability.CONFIGPROXY__CONFIG_API) .methodDesc("list cached configs with cache content)") .returnDesc(0, "data", "string array of configs")); supervisor.addMethod(new Method("listSourceConnections", "", "S", this::listSourceConnections) + .requireCapabilities(Capability.CONFIGPROXY__CONFIG_API) .methodDesc("list config source connections)") .returnDesc(0, "data", "string array of source connections")); supervisor.addMethod(new Method("invalidateCache", "", "S", this::invalidateCache) + .requireCapabilities(Capability.CONFIGPROXY__MANAGEMENT_API) .methodDesc("list config source connections)") .returnDesc(0, "data", "0 if success, 1 otherwise")); supervisor.addMethod(new Method("updateSources", "s", "s", this::updateSources) + .requireCapabilities(Capability.CONFIGPROXY__MANAGEMENT_API) .methodDesc("update list of config sources") .returnDesc(0, "ret", "list of updated config sources")); supervisor.addMethod(new Method("setMode", "s", "S", this::setMode) + .requireCapabilities(Capability.CONFIGPROXY__MANAGEMENT_API) .methodDesc("Set config proxy mode { default | memorycache }") .returnDesc(0, "ret", "0 if success, 1 otherwise as first element, description as second element")); supervisor.addMethod(new Method("getMode", "", "s", this::getMode) + .requireCapabilities(Capability.CONFIGPROXY__MANAGEMENT_API) .methodDesc("What serving mode the config proxy is in (default, memorycache)") .returnDesc(0, "ret", "mode as a string")); supervisor.addMethod(new Method("dumpCache", "s", "s", this::dumpCache) + .requireCapabilities(Capability.CONFIGPROXY__MANAGEMENT_API) .methodDesc("Dump cache to disk") .paramDesc(0, "path", "path to write cache contents to") .returnDesc(0, "ret", "Empty string or error message")); diff --git a/config-proxy/src/main/java/com/yahoo/vespa/config/proxy/filedistribution/FileDistributionRpcServer.java b/config-proxy/src/main/java/com/yahoo/vespa/config/proxy/filedistribution/FileDistributionRpcServer.java index 5a5d65a4de6..23ed3ebe161 100644 --- a/config-proxy/src/main/java/com/yahoo/vespa/config/proxy/filedistribution/FileDistributionRpcServer.java +++ b/config-proxy/src/main/java/com/yahoo/vespa/config/proxy/filedistribution/FileDistributionRpcServer.java @@ -10,6 +10,7 @@ import com.yahoo.jrt.StringArray; import com.yahoo.jrt.StringValue; import com.yahoo.jrt.Supervisor; import com.yahoo.net.HostName; +import com.yahoo.security.tls.Capability; import com.yahoo.vespa.filedistribution.FileDownloader; import com.yahoo.vespa.filedistribution.FileReferenceDownload; @@ -21,7 +22,6 @@ import java.util.concurrent.Executors; import java.util.concurrent.TimeUnit; import java.util.logging.Level; import java.util.logging.Logger; -import java.util.stream.Collectors; /** * An RPC server that handles file distribution requests. @@ -55,14 +55,17 @@ class FileDistributionRpcServer { private void declareMethods() { // Legacy method, needs to be the same name as used in filedistributor supervisor.addMethod(new Method("waitFor", "s", "s", this::getFile) + .requireCapabilities(Capability.CONFIGPROXY__FILEDISTRIBUTION_API) .methodDesc("get path to file reference") .paramDesc(0, "file reference", "file reference") .returnDesc(0, "path", "path to file")); supervisor.addMethod(new Method("filedistribution.getFile", "s", "s", this::getFile) + .requireCapabilities(Capability.CONFIGPROXY__FILEDISTRIBUTION_API) .methodDesc("get path to file reference") .paramDesc(0, "file reference", "file reference") .returnDesc(0, "path", "path to file")); supervisor.addMethod(new Method("filedistribution.getActiveFileReferencesStatus", "", "SD", this::getActiveFileReferencesStatus) + .requireCapabilities(Capability.CONFIGPROXY__FILEDISTRIBUTION_API) .methodDesc("download status for file references") .returnDesc(0, "file references", "array of file references") .returnDesc(1, "download status", "percentage downloaded of each file reference in above array")); diff --git a/config-proxy/src/main/java/com/yahoo/vespa/config/proxy/filedistribution/UrlDownloadRpcServer.java b/config-proxy/src/main/java/com/yahoo/vespa/config/proxy/filedistribution/UrlDownloadRpcServer.java index 32943b6c80e..9ba3663f883 100644 --- a/config-proxy/src/main/java/com/yahoo/vespa/config/proxy/filedistribution/UrlDownloadRpcServer.java +++ b/config-proxy/src/main/java/com/yahoo/vespa/config/proxy/filedistribution/UrlDownloadRpcServer.java @@ -6,7 +6,7 @@ import com.yahoo.jrt.Method; import com.yahoo.jrt.Request; import com.yahoo.jrt.StringValue; import com.yahoo.jrt.Supervisor; -import java.util.logging.Level; +import com.yahoo.security.tls.Capability; import com.yahoo.text.Utf8; import com.yahoo.vespa.defaults.Defaults; import net.jpountz.xxhash.XXHashFactory; @@ -27,6 +27,7 @@ import java.nio.file.Files; import java.util.concurrent.ExecutorService; import java.util.concurrent.Executors; import java.util.concurrent.TimeUnit; +import java.util.logging.Level; import java.util.logging.Logger; import static com.yahoo.vespa.config.UrlDownloader.DOES_NOT_EXIST; @@ -50,6 +51,7 @@ class UrlDownloadRpcServer { UrlDownloadRpcServer(Supervisor supervisor) { supervisor.addMethod(new Method("url.waitFor", "s", "s", this::download) + .requireCapabilities(Capability.CONFIGPROXY__FILEDISTRIBUTION_API) .methodDesc("get path to url download") .paramDesc(0, "url", "url") .returnDesc(0, "path", "path to file")); diff --git a/configserver/src/main/java/com/yahoo/vespa/config/server/rpc/RpcServer.java b/configserver/src/main/java/com/yahoo/vespa/config/server/rpc/RpcServer.java index 034ac97ebd8..be4738258d8 100644 --- a/configserver/src/main/java/com/yahoo/vespa/config/server/rpc/RpcServer.java +++ b/configserver/src/main/java/com/yahoo/vespa/config/server/rpc/RpcServer.java @@ -20,6 +20,7 @@ import com.yahoo.jrt.StringValue; import com.yahoo.jrt.Supervisor; import com.yahoo.jrt.Target; import com.yahoo.jrt.Transport; +import com.yahoo.security.tls.Capability; import com.yahoo.vespa.config.ErrorCode; import com.yahoo.vespa.config.JRTMethods; import com.yahoo.vespa.config.protocol.ConfigResponse; @@ -224,11 +225,13 @@ public class RpcServer implements Runnable, ConfigActivationListener, TenantList getSupervisor().addMethod(new Method("printStatistics", "", "s", this::printStatistics) .methodDesc("printStatistics") .returnDesc(0, "statistics", "Statistics for server")); - getSupervisor().addMethod(new Method("filedistribution.serveFile", "si*", "is", this::serveFile)); + getSupervisor().addMethod(new Method("filedistribution.serveFile", "si*", "is", this::serveFile) + .requireCapabilities(Capability.CONFIGSERVER__FILEDISTRIBUTION_API)); getSupervisor().addMethod(new Method("filedistribution.setFileReferencesToDownload", "S", "i", this::setFileReferencesToDownload) - .methodDesc("set which file references to download") - .paramDesc(0, "file references", "file reference to download") - .returnDesc(0, "ret", "0 if success, 1 otherwise")); + .requireCapabilities(Capability.CONFIGSERVER__FILEDISTRIBUTION_API) + .methodDesc("set which file references to download") + .paramDesc(0, "file references", "file reference to download") + .returnDesc(0, "ret", "0 if success, 1 otherwise")); } /** @@ -236,7 +239,8 @@ public class RpcServer implements Runnable, ConfigActivationListener, TenantList */ public void setUpGetConfigHandlers() { // The getConfig method in this class will handle RPC calls for getting config - getSupervisor().addMethod(JRTMethods.createConfigV3GetConfigMethod(this::getConfigV3)); + getSupervisor().addMethod(JRTMethods.createConfigV3GetConfigMethod(this::getConfigV3) + .requireCapabilities(Capability.CONFIGSERVER__CONFIG_API)); isServingConfigRequests = true; } diff --git a/container-disc/src/main/java/com/yahoo/container/jdisc/ConfiguredApplication.java b/container-disc/src/main/java/com/yahoo/container/jdisc/ConfiguredApplication.java index 0b8c0c8c48c..b1eeffc24cc 100644 --- a/container-disc/src/main/java/com/yahoo/container/jdisc/ConfiguredApplication.java +++ b/container-disc/src/main/java/com/yahoo/container/jdisc/ConfiguredApplication.java @@ -43,6 +43,7 @@ import com.yahoo.jrt.slobrok.api.Register; import com.yahoo.jrt.slobrok.api.SlobrokList; import com.yahoo.messagebus.network.rpc.SlobrokConfigSubscriber; import com.yahoo.net.HostName; +import com.yahoo.security.tls.Capability; import com.yahoo.vespa.config.ConfigKey; import com.yahoo.yolean.Exceptions; import com.yahoo.yolean.UncheckedInterruptedException; @@ -176,7 +177,8 @@ public final class ConfiguredApplication implements Application { private synchronized void setupRpc(QrConfig cfg) { if (!cfg.rpc().enabled()) return; supervisor = new Supervisor(new Transport("configured-application")).setDropEmptyBuffers(true); - supervisor.addMethod(new Method("prepareStop", "d", "", this::prepareStop)); + supervisor.addMethod(new Method("prepareStop", "d", "", this::prepareStop) + .requireCapabilities(Capability.CONTAINER__MANAGEMENT_API)); listenRpc(cfg); } diff --git a/filedistribution/src/main/java/com/yahoo/vespa/filedistribution/FileReceiver.java b/filedistribution/src/main/java/com/yahoo/vespa/filedistribution/FileReceiver.java index a285fbaafe2..e5aa47fe5c9 100644 --- a/filedistribution/src/main/java/com/yahoo/vespa/filedistribution/FileReceiver.java +++ b/filedistribution/src/main/java/com/yahoo/vespa/filedistribution/FileReceiver.java @@ -7,6 +7,7 @@ import com.yahoo.jrt.Int32Value; import com.yahoo.jrt.Method; import com.yahoo.jrt.Request; import com.yahoo.jrt.Supervisor; +import com.yahoo.security.tls.Capability; import net.jpountz.xxhash.StreamingXXHash64; import net.jpountz.xxhash.XXHashFactory; import java.io.File; @@ -170,6 +171,7 @@ public class FileReceiver { private List<Method> receiveFileMethod() { List<Method> methods = new ArrayList<>(); methods.add(new Method(RECEIVE_META_METHOD, "sssl*", "ii", this::receiveFileMeta) + .requireCapabilities(Capability.CLIENT__FILERECEIVER_API) .paramDesc(0, "filereference", "file reference to download") .paramDesc(1, "filename", "filename") .paramDesc(2, "type", "'file' or 'compressed'") @@ -178,12 +180,14 @@ public class FileReceiver { .returnDesc(0, "ret", "0 if success, 1 otherwise") .returnDesc(1, "session-id", "Session id to be used for this transfer")); methods.add(new Method(RECEIVE_PART_METHOD, "siix", "i", this::receiveFilePart) + .requireCapabilities(Capability.CLIENT__FILERECEIVER_API) .paramDesc(0, "filereference", "file reference to download") .paramDesc(1, "session-id", "Session id to be used for this transfer") .paramDesc(2, "partid", "relative part number starting at zero") .paramDesc(3, "data", "bytes in this part") .returnDesc(0, "ret", "0 if success, 1 otherwise")); methods.add(new Method(RECEIVE_EOF_METHOD, "silis", "i", this::receiveFileEof) + .requireCapabilities(Capability.CLIENT__FILERECEIVER_API) .paramDesc(0, "filereference", "file reference to download") .paramDesc(1, "session-id", "Session id to be used for this transfer") .paramDesc(2, "crc-code", "crc code (xxhash64)") diff --git a/jrt/src/com/yahoo/jrt/Method.java b/jrt/src/com/yahoo/jrt/Method.java index e69c6bcd802..a5e5e7280d9 100644 --- a/jrt/src/com/yahoo/jrt/Method.java +++ b/jrt/src/com/yahoo/jrt/Method.java @@ -2,6 +2,9 @@ package com.yahoo.jrt; +import com.yahoo.security.tls.Capability; +import com.yahoo.security.tls.CapabilitySet; + /** * <p>A Method encapsulates the reflective information about a single RPC * method.</p> @@ -150,6 +153,12 @@ public class Method { } public Method requestAccessFilter(RequestAccessFilter filter) { this.filter = filter; return this; } + public Method requireCapabilities(Capability... capabilities) { return requireCapabilities(CapabilitySet.from(capabilities)); } + public Method requireCapabilities(CapabilitySet capabilities) { + if (filter != null) throw new IllegalStateException(); + filter = new RequireCapabilitiesFilter(capabilities); + return this; + } public RequestAccessFilter requestAccessFilter() { return filter; } diff --git a/jrt/src/com/yahoo/jrt/slobrok/api/Register.java b/jrt/src/com/yahoo/jrt/slobrok/api/Register.java index e529dea2eff..6c8ffd21d91 100644 --- a/jrt/src/com/yahoo/jrt/slobrok/api/Register.java +++ b/jrt/src/com/yahoo/jrt/slobrok/api/Register.java @@ -14,6 +14,7 @@ import com.yahoo.jrt.Target; import com.yahoo.jrt.Task; import com.yahoo.jrt.TransportThread; import com.yahoo.jrt.Values; +import com.yahoo.security.tls.Capability; import java.time.Duration; import java.util.ArrayList; @@ -97,6 +98,7 @@ public class Register { handleRpcList(req); } }) + .requireCapabilities(Capability.CLIENT__SLOBROK_API) .methodDesc("List rpcserver names") .returnDesc(0, "names", "The rpcserver names this server wants to serve"); @@ -107,6 +109,7 @@ public class Register { handleRpcUnreg(req); } }) + .requireCapabilities(Capability.CLIENT__SLOBROK_API) .methodDesc("Notify a server about removed registration") .paramDesc(0, "name", "RpcServer name"); orb.addMethod(m_unreg); diff --git a/jrt/src/com/yahoo/jrt/slobrok/server/Slobrok.java b/jrt/src/com/yahoo/jrt/slobrok/server/Slobrok.java index 5fd8beb3cc7..ca27e34b986 100644 --- a/jrt/src/com/yahoo/jrt/slobrok/server/Slobrok.java +++ b/jrt/src/com/yahoo/jrt/slobrok/server/Slobrok.java @@ -16,6 +16,7 @@ import com.yahoo.jrt.Target; import com.yahoo.jrt.TargetWatcher; import com.yahoo.jrt.Task; import com.yahoo.jrt.Transport; +import com.yahoo.security.tls.Capability; import java.time.Duration; import java.util.ArrayList; @@ -137,6 +138,7 @@ public class Slobrok { rpc_register(req); } }) + .requireCapabilities(Capability.SLOBROK__API) .methodDesc("Register a rpcserver") .paramDesc(0, "name", "RpcServer name") .paramDesc(1, "spec", "The connection specification")); @@ -146,6 +148,7 @@ public class Slobrok { rpc_unregister(req); } }) + .requireCapabilities(Capability.SLOBROK__API) .methodDesc("Unregister a rpcserver") .paramDesc(0, "name", "RpcServer name") .paramDesc(1, "spec", "The connection specification")); @@ -156,6 +159,7 @@ public class Slobrok { rpc_fetchIncremental(req); } }) + .requireCapabilities(Capability.SLOBROK__API) .methodDesc("Fetch or update mirror of name to spec map") .paramDesc(0, "gencnt", "generation already known by client") .paramDesc(1, "timeout", "How many milliseconds to wait for changes" diff --git a/logserver/src/main/java/ai/vespa/logserver/protocol/ArchiveLogMessagesMethod.java b/logserver/src/main/java/ai/vespa/logserver/protocol/ArchiveLogMessagesMethod.java index b0657877b1f..86a2d6efda8 100644 --- a/logserver/src/main/java/ai/vespa/logserver/protocol/ArchiveLogMessagesMethod.java +++ b/logserver/src/main/java/ai/vespa/logserver/protocol/ArchiveLogMessagesMethod.java @@ -8,6 +8,7 @@ import com.yahoo.jrt.Int8Value; import com.yahoo.jrt.Method; import com.yahoo.jrt.Request; import com.yahoo.logserver.LogDispatcher; +import com.yahoo.security.tls.Capability; import java.util.concurrent.Executor; import java.util.concurrent.Executors; @@ -32,6 +33,7 @@ public class ArchiveLogMessagesMethod { public ArchiveLogMessagesMethod(LogDispatcher logDispatcher) { this.logDispatcher = logDispatcher; this.method = new Method(METHOD_NAME, "bix", "bix", this::log) + .requireCapabilities(Capability.LOGSERVER_API) .methodDesc("Archive log messages") .paramDesc(0, "compressionType", "Compression type (0=raw)") .paramDesc(1, "uncompressedSize", "Uncompressed size") diff --git a/logserver/src/main/java/com/yahoo/logserver/Server.java b/logserver/src/main/java/com/yahoo/logserver/Server.java index cfe2bcf0776..da3059a6490 100644 --- a/logserver/src/main/java/com/yahoo/logserver/Server.java +++ b/logserver/src/main/java/com/yahoo/logserver/Server.java @@ -8,6 +8,7 @@ import com.yahoo.log.LogSetup; import com.yahoo.log.event.Event; import com.yahoo.logserver.handlers.HandlerThread; import com.yahoo.logserver.handlers.LogHandler; +import com.yahoo.security.tls.Capability; import com.yahoo.yolean.system.CatchSignals; import java.util.HashMap; @@ -108,7 +109,8 @@ public class Server implements Runnable { registerPluginLoader(new BuiltinPluginLoader()); rpcServer = new RpcServer(rpcListenPort); - rpcServer.addMethod(new ArchiveLogMessagesMethod(dispatch).methodDefinition()); + rpcServer.addMethod(new ArchiveLogMessagesMethod(dispatch).methodDefinition() + .requireCapabilities(Capability.LOGSERVER_API)); } /** diff --git a/messagebus/src/main/java/com/yahoo/messagebus/network/rpc/RPCSendV2.java b/messagebus/src/main/java/com/yahoo/messagebus/network/rpc/RPCSendV2.java index 4d7d60a57fd..b4e3a3fd333 100644 --- a/messagebus/src/main/java/com/yahoo/messagebus/network/rpc/RPCSendV2.java +++ b/messagebus/src/main/java/com/yahoo/messagebus/network/rpc/RPCSendV2.java @@ -17,6 +17,7 @@ import com.yahoo.messagebus.Reply; import com.yahoo.messagebus.Trace; import com.yahoo.messagebus.TraceNode; import com.yahoo.messagebus.routing.Route; +import com.yahoo.security.tls.Capability; import com.yahoo.slime.BinaryFormat; import com.yahoo.slime.Cursor; import com.yahoo.slime.Inspector; @@ -43,7 +44,8 @@ public class RPCSendV2 extends RPCSend { @Override protected Method buildMethod() { - Method method = new Method(METHOD_NAME, METHOD_PARAMS, METHOD_RETURN, this); + Method method = new Method(METHOD_NAME, METHOD_PARAMS, METHOD_RETURN, this) + .requireCapabilities(Capability.CONTAINER__DOCUMENT_API); method.methodDesc("Send a message bus request and get a reply back."); method.paramDesc(0, "header_encoding", "Encoding type of header.") .paramDesc(1, "header_decodedSize", "Number of bytes after header decoding.") diff --git a/metrics-proxy/src/main/java/ai/vespa/metricsproxy/rpc/RpcServer.java b/metrics-proxy/src/main/java/ai/vespa/metricsproxy/rpc/RpcServer.java index 63672e7e600..aa8673befc1 100644 --- a/metrics-proxy/src/main/java/ai/vespa/metricsproxy/rpc/RpcServer.java +++ b/metrics-proxy/src/main/java/ai/vespa/metricsproxy/rpc/RpcServer.java @@ -11,6 +11,7 @@ import com.yahoo.jrt.ErrorCode; import com.yahoo.jrt.Method; import com.yahoo.jrt.Request; import com.yahoo.jrt.StringValue; +import com.yahoo.security.tls.Capability; import java.time.Instant; import java.util.List; @@ -53,38 +54,45 @@ public class RpcServer { // Add/replace this method first to increase likelihood of getting extra metrics and global dimensions connector.addMethod( new Method("setExtraMetrics", "s", "", this::setExtraMetrics) + .requireCapabilities(Capability.METRICSPROXY__MANAGEMENT_API) .methodDesc("Set extra metrics that will be added to output from getMetricsForYamas.") .paramDesc(0, "metricsJson", "The metrics in json format")); connector.addMethod( new Method("purgeExtraMetrics", "", "", this::purgeExtraMetrics) + .requireCapabilities(Capability.METRICSPROXY__MANAGEMENT_API) .methodDesc("Purge metrics and dimensions populated by setExtraMetrics")); connector.addMethod( new Method("getMetricsById", "s", "s", this::getMetricsById) + .requireCapabilities(Capability.METRICSPROXY__METRICS_API) .methodDesc("Get Vespa metrics for the service with the given Id") .paramDesc(0, "id", "The id of the service") .returnDesc(0, "ret", "Vespa metrics")); connector.addMethod( new Method("getServices", "", "s", this::getServices) + .requireCapabilities(Capability.METRICSPROXY__METRICS_API) .methodDesc("Get Vespa services monitored by this metrics proxy") .returnDesc(0, "ret", "Vespa metrics")); connector.addMethod( new Method("getMetricsForYamas", "s", "s", this::getMetricsForYamas) + .requireCapabilities(Capability.METRICSPROXY__METRICS_API) .methodDesc("Get JSON formatted Vespa metrics for a given service name or 'all'") .paramDesc(0, "service", "The vespa service name, or 'all'") .returnDesc(0, "ret", "Vespa metrics")); connector.addMethod( new Method("getHealthMetricsForYamas", "s", "s", this::getHealthMetricsForYamas) + .requireCapabilities(Capability.METRICSPROXY__METRICS_API) .methodDesc("Get JSON formatted Health check for a given service name or 'all'") .paramDesc(0, "service", "The vespa service name") .returnDesc(0, "ret", "Vespa metrics")); connector.addMethod( new Method("getAllMetricNamesForService", "ss", "s", this::getAllMetricNamesForService) + .requireCapabilities(Capability.METRICSPROXY__METRICS_API) .methodDesc("Get metric names known for service ") .paramDesc(0, "service", "The vespa service name'") .paramDesc(1, "consumer", "The consumer'") diff --git a/security-utils/src/main/java/com/yahoo/security/tls/Capability.java b/security-utils/src/main/java/com/yahoo/security/tls/Capability.java index 502c0511b93..a11b6d5f96a 100644 --- a/security-utils/src/main/java/com/yahoo/security/tls/Capability.java +++ b/security-utils/src/main/java/com/yahoo/security/tls/Capability.java @@ -11,12 +11,24 @@ public enum Capability implements ToCapabilitySet { HTTP_UNCLASSIFIED("vespa.http.unclassified"), RESTAPI_UNCLASSIFIED("vespa.restapi.unclassified"), RPC_UNCLASSIFIED("vespa.rpc.unclassified"), + CLIENT__FILERECEIVER_API("vespa.client.filereceiver_api"), + CLIENT__SLOBROK_API("vespa.client.slobrok_api"), + CONFIGPROXY__CONFIG_API("vespa.configproxy.config_api"), + CONFIGPROXY__MANAGEMENT_API("vespa.configproxy.management_api"), + CONFIGPROXY__FILEDISTRIBUTION_API("vespa.configproxy.filedistribution_api"), + CONFIGSERVER__CONFIG_API("vespa.configserver.config_api"), + CONFIGSERVER__FILEDISTRIBUTION_API("vespa.configserver.filedistribution_api"), + CONTAINER__DOCUMENT_API("vespa.container.document_api"), + CONTAINER__MANAGEMENT_API("vespa.container.management_api"), CONTENT__CLUSTER_CONTROLLER__INTERNAL_STATE_API("vespa.content.cluster_controller.internal_state_api"), CONTENT__DOCUMENT_API("vespa.content.document_api"), CONTENT__METRICS_API("vespa.content.metrics_api"), CONTENT__SEARCH_API("vespa.content.search_api"), CONTENT__STATUS_PAGES("vespa.content.status_pages"), CONTENT__STORAGE_API("vespa.content.storage_api"), + LOGSERVER_API("vespa.logserver.api"), + METRICSPROXY__MANAGEMENT_API("vespa.metricsproxy.management_api"), + METRICSPROXY__METRICS_API("vespa.metricsproxy.metrics_api"), SLOBROK__API("vespa.slobrok.api"), ; |