diff options
9 files changed, 43 insertions, 14 deletions
diff --git a/clustercontroller-apps/src/main/java/com/yahoo/vespa/clustercontroller/apps/clustercontroller/StateRestApiV2Handler.java b/clustercontroller-apps/src/main/java/com/yahoo/vespa/clustercontroller/apps/clustercontroller/StateRestApiV2Handler.java index 346e58b652f..40fac548a89 100644 --- a/clustercontroller-apps/src/main/java/com/yahoo/vespa/clustercontroller/apps/clustercontroller/StateRestApiV2Handler.java +++ b/clustercontroller-apps/src/main/java/com/yahoo/vespa/clustercontroller/apps/clustercontroller/StateRestApiV2Handler.java @@ -1,9 +1,11 @@ // Copyright Yahoo. Licensed under the terms of the Apache 2.0 license. See LICENSE in the project root. package com.yahoo.vespa.clustercontroller.apps.clustercontroller; -import com.yahoo.component.annotation.Inject; import com.yahoo.cloud.config.ClusterInfoConfig; -import java.util.logging.Level; +import com.yahoo.component.annotation.Inject; +import com.yahoo.container.jdisc.RequestView; +import com.yahoo.container.jdisc.utils.CapabilityRequiringRequestHandler; +import com.yahoo.security.tls.Capability; import com.yahoo.vespa.clustercontroller.apputil.communication.http.JDiscHttpRequestHandler; import com.yahoo.vespa.clustercontroller.core.restapiv2.ClusterControllerStateRestAPI; import com.yahoo.vespa.clustercontroller.utils.staterestapi.server.RestApiHandler; @@ -12,9 +14,10 @@ import java.util.HashSet; import java.util.Map; import java.util.Set; import java.util.TreeMap; +import java.util.logging.Level; import java.util.logging.Logger; -public class StateRestApiV2Handler extends JDiscHttpRequestHandler { +public class StateRestApiV2Handler extends JDiscHttpRequestHandler implements CapabilityRequiringRequestHandler { private static final Logger log = Logger.getLogger(StateRestApiV2Handler.class.getName()); @@ -25,6 +28,8 @@ public class StateRestApiV2Handler extends JDiscHttpRequestHandler { this(new ClusterControllerStateRestAPI(cc, getClusterControllerSockets(config)), "/cluster/v2", ctx); } + @Override public Capability requiredCapability(RequestView __) { return Capability.CLUSTER_CONTROLLER__STATE; } + private StateRestApiV2Handler(ClusterControllerStateRestAPI restApi, String pathPrefix, JDiscHttpRequestHandler.Context ctx) { diff --git a/clustercontroller-apps/src/main/java/com/yahoo/vespa/clustercontroller/apps/clustercontroller/StatusHandler.java b/clustercontroller-apps/src/main/java/com/yahoo/vespa/clustercontroller/apps/clustercontroller/StatusHandler.java index 24d4a67fcac..ee2110ece4e 100644 --- a/clustercontroller-apps/src/main/java/com/yahoo/vespa/clustercontroller/apps/clustercontroller/StatusHandler.java +++ b/clustercontroller-apps/src/main/java/com/yahoo/vespa/clustercontroller/apps/clustercontroller/StatusHandler.java @@ -2,9 +2,12 @@ package com.yahoo.vespa.clustercontroller.apps.clustercontroller; import com.yahoo.component.annotation.Inject; +import com.yahoo.container.jdisc.RequestView; +import com.yahoo.container.jdisc.utils.CapabilityRequiringRequestHandler; +import com.yahoo.security.tls.Capability; import com.yahoo.vespa.clustercontroller.apputil.communication.http.JDiscHttpRequestHandler; -public class StatusHandler extends JDiscHttpRequestHandler { +public class StatusHandler extends JDiscHttpRequestHandler implements CapabilityRequiringRequestHandler { private final com.yahoo.vespa.clustercontroller.core.status.StatusHandler statusHandler; @@ -13,6 +16,8 @@ public class StatusHandler extends JDiscHttpRequestHandler { this(new com.yahoo.vespa.clustercontroller.core.status.StatusHandler(fc), ctx); } + @Override public Capability requiredCapability(RequestView __) { return Capability.CLUSTER_CONTROLLER__STATUS; } + private StatusHandler(com.yahoo.vespa.clustercontroller.core.status.StatusHandler handler, JDiscHttpRequestHandler.Context ctx) { diff --git a/clustercontroller-reindexer/src/main/java/ai/vespa/reindexing/http/ReindexingV1ApiHandler.java b/clustercontroller-reindexer/src/main/java/ai/vespa/reindexing/http/ReindexingV1ApiHandler.java index 08b3c95a543..e488b8a17ab 100644 --- a/clustercontroller-reindexer/src/main/java/ai/vespa/reindexing/http/ReindexingV1ApiHandler.java +++ b/clustercontroller-reindexer/src/main/java/ai/vespa/reindexing/http/ReindexingV1ApiHandler.java @@ -3,16 +3,19 @@ package ai.vespa.reindexing.http; import ai.vespa.reindexing.Reindexing; import ai.vespa.reindexing.ReindexingCurator; -import com.yahoo.component.annotation.Inject; import com.yahoo.cloud.config.ZookeepersConfig; +import com.yahoo.component.annotation.Inject; import com.yahoo.container.jdisc.HttpRequest; import com.yahoo.container.jdisc.HttpResponse; +import com.yahoo.container.jdisc.RequestView; import com.yahoo.container.jdisc.ThreadedHttpRequestHandler; +import com.yahoo.container.jdisc.utils.CapabilityRequiringRequestHandler; import com.yahoo.document.DocumentTypeManager; import com.yahoo.jdisc.Metric; import com.yahoo.restapi.ErrorResponse; import com.yahoo.restapi.Path; import com.yahoo.restapi.SlimeJsonResponse; +import com.yahoo.security.tls.Capability; import com.yahoo.slime.Cursor; import com.yahoo.slime.Slime; import com.yahoo.vespa.config.content.reindexing.ReindexingConfig; @@ -30,7 +33,7 @@ import static com.yahoo.jdisc.http.HttpRequest.Method.GET; * * @author jonmv */ -public class ReindexingV1ApiHandler extends ThreadedHttpRequestHandler { +public class ReindexingV1ApiHandler extends ThreadedHttpRequestHandler implements CapabilityRequiringRequestHandler { private final ReindexingCurator database; private final List<String> clusterNames; @@ -53,6 +56,8 @@ public class ReindexingV1ApiHandler extends ThreadedHttpRequestHandler { this.clusterNames = List.copyOf(clusterNames); } + @Override public Capability requiredCapability(RequestView __) { return Capability.CLUSTER_CONTROLLER__REINDEXING; } + @Override public HttpResponse handle(HttpRequest request) { Path path = new Path(request.getUri()); diff --git a/container-core/src/main/java/com/yahoo/container/handler/metrics/HttpHandlerBase.java b/container-core/src/main/java/com/yahoo/container/handler/metrics/HttpHandlerBase.java index 71e5e8db3e5..ab57f654294 100644 --- a/container-core/src/main/java/com/yahoo/container/handler/metrics/HttpHandlerBase.java +++ b/container-core/src/main/java/com/yahoo/container/handler/metrics/HttpHandlerBase.java @@ -7,8 +7,11 @@ import com.fasterxml.jackson.databind.node.ArrayNode; import com.fasterxml.jackson.databind.node.ObjectNode; import com.yahoo.container.jdisc.HttpRequest; import com.yahoo.container.jdisc.HttpResponse; +import com.yahoo.container.jdisc.RequestView; import com.yahoo.container.jdisc.ThreadedHttpRequestHandler; +import com.yahoo.container.jdisc.utils.CapabilityRequiringRequestHandler; import com.yahoo.restapi.Path; +import com.yahoo.security.tls.Capability; import java.net.URI; import java.time.Duration; @@ -26,7 +29,7 @@ import static java.util.logging.Level.WARNING; /** * @author gjoranv */ -public abstract class HttpHandlerBase extends ThreadedHttpRequestHandler { +public abstract class HttpHandlerBase extends ThreadedHttpRequestHandler implements CapabilityRequiringRequestHandler { private static final ObjectMapper jsonMapper = new ObjectMapper(); private final Duration defaultTimeout; @@ -42,6 +45,8 @@ public abstract class HttpHandlerBase extends ThreadedHttpRequestHandler { protected abstract Optional<HttpResponse> doHandle(URI requestUri, Path apiPath, String consumer); + @Override public Capability requiredCapability(RequestView __) { return Capability.METRICSPROXY__METRICS_API; } + @Override public Duration getTimeout() { return defaultTimeout; diff --git a/container-core/src/main/java/com/yahoo/container/jdisc/state/StateHandler.java b/container-core/src/main/java/com/yahoo/container/jdisc/state/StateHandler.java index 629bb29a460..e1ec22bd622 100644 --- a/container-core/src/main/java/com/yahoo/container/jdisc/state/StateHandler.java +++ b/container-core/src/main/java/com/yahoo/container/jdisc/state/StateHandler.java @@ -6,12 +6,13 @@ import com.fasterxml.jackson.databind.JsonNode; import com.fasterxml.jackson.databind.ObjectMapper; import com.fasterxml.jackson.databind.node.ArrayNode; import com.fasterxml.jackson.databind.node.ObjectNode; -import com.yahoo.component.annotation.Inject; import com.yahoo.collections.Tuple2; import com.yahoo.component.Vtag; +import com.yahoo.component.annotation.Inject; import com.yahoo.component.provider.ComponentRegistry; import com.yahoo.container.core.ApplicationMetadataConfig; -import com.yahoo.container.logging.LevelsModSpec; +import com.yahoo.container.jdisc.RequestView; +import com.yahoo.container.jdisc.utils.CapabilityRequiringRequestHandler; import com.yahoo.jdisc.Request; import com.yahoo.jdisc.Response; import com.yahoo.jdisc.Timer; @@ -21,6 +22,7 @@ import com.yahoo.jdisc.handler.ContentChannel; import com.yahoo.jdisc.handler.ResponseDispatch; import com.yahoo.jdisc.handler.ResponseHandler; import com.yahoo.jdisc.http.HttpHeaders; +import com.yahoo.security.tls.Capability; import java.io.ByteArrayOutputStream; import java.io.PrintStream; @@ -40,7 +42,7 @@ import static com.yahoo.container.jdisc.state.JsonUtil.sanitizeDouble; * * @author Simon Thoresen Hult */ -public class StateHandler extends AbstractRequestHandler { +public class StateHandler extends AbstractRequestHandler implements CapabilityRequiringRequestHandler { private static final ObjectMapper jsonMapper = new ObjectMapper(); @@ -66,6 +68,8 @@ public class StateHandler extends AbstractRequestHandler { snapshotProvider = getSnapshotProviderOrThrow(snapshotProviders); } + @Override public Capability requiredCapability(RequestView __) { return Capability.CONTAINER__STATE_API; } + static SnapshotProvider getSnapshotProviderOrThrow(ComponentRegistry<SnapshotProvider> preprocessors) { List<SnapshotProvider> allPreprocessors = preprocessors.allComponents(); if (allPreprocessors.size() > 0) { diff --git a/container-core/src/main/java/com/yahoo/container/jdisc/utils/CapabilityRequiringRequestHandler.java b/container-core/src/main/java/com/yahoo/container/jdisc/utils/CapabilityRequiringRequestHandler.java index abb30ba2544..695cf1cff4a 100644 --- a/container-core/src/main/java/com/yahoo/container/jdisc/utils/CapabilityRequiringRequestHandler.java +++ b/container-core/src/main/java/com/yahoo/container/jdisc/utils/CapabilityRequiringRequestHandler.java @@ -11,9 +11,9 @@ import com.yahoo.security.tls.CapabilitySet; * @author bjorncs */ public interface CapabilityRequiringRequestHandler extends RequestHandler { + Capability DEFAULT_REQUIRED_CAPABILITY = Capability.HTTP_UNCLASSIFIED; - CapabilitySet DEFAULT_REQUIRED_CAPABILITIES = CapabilitySet.of(Capability.HTTP_UNCLASSIFIED); - - default CapabilitySet requiredCapabilities(RequestView req) { return DEFAULT_REQUIRED_CAPABILITIES; } + default CapabilitySet requiredCapabilities(RequestView req) { return requiredCapability(req).toCapabilitySet(); } + default Capability requiredCapability(RequestView req) { return DEFAULT_REQUIRED_CAPABILITY; } } diff --git a/container-core/src/main/java/com/yahoo/jdisc/http/server/jetty/CapabilityEnforcingRequestHandler.java b/container-core/src/main/java/com/yahoo/jdisc/http/server/jetty/CapabilityEnforcingRequestHandler.java index d298f11860c..dde864704cb 100644 --- a/container-core/src/main/java/com/yahoo/jdisc/http/server/jetty/CapabilityEnforcingRequestHandler.java +++ b/container-core/src/main/java/com/yahoo/jdisc/http/server/jetty/CapabilityEnforcingRequestHandler.java @@ -42,7 +42,7 @@ class CapabilityEnforcingRequestHandler implements DelegatedRequestHandler { DelegatedRequestHandler.resolve(CapabilityRequiringRequestHandler.class, wrapped).orElse(null); var requiredCapabilities = capabilityRequiringHandler != null ? capabilityRequiringHandler.requiredCapabilities(new View(req)) - : CapabilityRequiringRequestHandler.DEFAULT_REQUIRED_CAPABILITIES; + : CapabilityRequiringRequestHandler.DEFAULT_REQUIRED_CAPABILITY.toCapabilitySet(); var authCtx = Optional.ofNullable(req.context().get(RequestUtils.JDISC_REQUEST_SSLSESSION)) .flatMap(s -> TransportSecurityUtils.getConnectionAuthContext((SSLSession) s)) .orElse(null); diff --git a/security-utils/src/main/java/com/yahoo/security/tls/Capability.java b/security-utils/src/main/java/com/yahoo/security/tls/Capability.java index 8cb98a0dd59..b1323b569d8 100644 --- a/security-utils/src/main/java/com/yahoo/security/tls/Capability.java +++ b/security-utils/src/main/java/com/yahoo/security/tls/Capability.java @@ -13,6 +13,9 @@ public enum Capability implements ToCapabilitySet { RPC_UNCLASSIFIED("vespa.rpc.unclassified"), CLIENT__FILERECEIVER_API("vespa.client.filereceiver_api"), CLIENT__SLOBROK_API("vespa.client.slobrok_api"), + CLUSTER_CONTROLLER__REINDEXING("vespa.cluster_controller.reindexing"), + CLUSTER_CONTROLLER__STATE("vespa.cluster_controller.state"), + CLUSTER_CONTROLLER__STATUS("vespa.cluster_controller.status"), CONFIGPROXY__CONFIG_API("vespa.configproxy.config_api"), CONFIGPROXY__MANAGEMENT_API("vespa.configproxy.management_api"), CONFIGPROXY__FILEDISTRIBUTION_API("vespa.configproxy.filedistribution_api"), @@ -20,6 +23,7 @@ public enum Capability implements ToCapabilitySet { CONFIGSERVER__FILEDISTRIBUTION_API("vespa.configserver.filedistribution_api"), CONTAINER__DOCUMENT_API("vespa.container.document_api"), CONTAINER__MANAGEMENT_API("vespa.container.management_api"), + CONTAINER__STATE_API("vespa.container.state_api"), CONTENT__CLUSTER_CONTROLLER__INTERNAL_STATE_API("vespa.content.cluster_controller.internal_state_api"), CONTENT__DOCUMENT_API("vespa.content.document_api"), CONTENT__METRICS_API("vespa.content.metrics_api"), diff --git a/vespalog/src/main/java/com/yahoo/log/VespaLogHandler.java b/vespalog/src/main/java/com/yahoo/log/VespaLogHandler.java index 95cc1e40876..de39e603175 100644 --- a/vespalog/src/main/java/com/yahoo/log/VespaLogHandler.java +++ b/vespalog/src/main/java/com/yahoo/log/VespaLogHandler.java @@ -45,6 +45,7 @@ class VespaLogHandler extends StreamHandler { /** * Publish a log record into the Vespa log target. */ + @Override public synchronized void publish(LogRecord record) { Level level = record.getLevel(); String component = record.getLoggerName(); |