diff options
6 files changed, 16 insertions, 3 deletions
diff --git a/security-utils/src/main/java/com/yahoo/security/tls/Capability.java b/security-utils/src/main/java/com/yahoo/security/tls/Capability.java index 6a6471aa8ac..dce40681b90 100644 --- a/security-utils/src/main/java/com/yahoo/security/tls/Capability.java +++ b/security-utils/src/main/java/com/yahoo/security/tls/Capability.java @@ -30,6 +30,7 @@ public enum Capability implements ToCapabilitySet { CONTENT__METRICS_API("vespa.content.metrics_api"), CONTENT__PROTON_ADMIN_API("vespa.content.proton_admin_api"), CONTENT__SEARCH_API("vespa.content.search_api"), + CONTENT__STATE_API("vespa.content.state_api"), CONTENT__STATUS_PAGES("vespa.content.status_pages"), CONTENT__STORAGE_API("vespa.content.storage_api"), LOGSERVER_API("vespa.logserver.api"), diff --git a/security-utils/src/main/java/com/yahoo/security/tls/CapabilitySet.java b/security-utils/src/main/java/com/yahoo/security/tls/CapabilitySet.java index b7cd03b49bb..197088ff434 100644 --- a/security-utils/src/main/java/com/yahoo/security/tls/CapabilitySet.java +++ b/security-utils/src/main/java/com/yahoo/security/tls/CapabilitySet.java @@ -29,8 +29,9 @@ public class CapabilitySet implements ToCapabilitySet { "vespa.all", Capability.values()); public static final CapabilitySet TELEMETRY = predefined( "vespa.telemetry", - Capability.CONTENT__STATUS_PAGES, Capability.CONTENT__METRICS_API, Capability.CONTAINER__STATE_API, - Capability.METRICSPROXY__METRICS_API, Capability.SENTINEL__CONNECTIVITY_CHECK); + Capability.CONTENT__STATUS_PAGES, Capability.CONTENT__STATE_API, Capability.CONTENT__METRICS_API, + Capability.CONTAINER__STATE_API, Capability.METRICSPROXY__METRICS_API, + Capability.SENTINEL__CONNECTIVITY_CHECK); private static final CapabilitySet SHARED_CAPABILITIES_APP_NODE = CapabilitySet.unionOf(List.of( Capability.LOGSERVER_API, Capability.CONFIGSERVER__CONFIG_API, diff --git a/vespalib/src/tests/net/tls/capabilities/capabilities_test.cpp b/vespalib/src/tests/net/tls/capabilities/capabilities_test.cpp index ed133f9ffe8..5fdddf086ba 100644 --- a/vespalib/src/tests/net/tls/capabilities/capabilities_test.cpp +++ b/vespalib/src/tests/net/tls/capabilities/capabilities_test.cpp @@ -84,6 +84,7 @@ TEST("All known capabilities can be looked up by name, and resolve back to same check_capability_mapping("vespa.content.metrics_api", Capability::content_metrics_api()); check_capability_mapping("vespa.content.proton_admin_api", Capability::content_proton_admin_api()); check_capability_mapping("vespa.content.search_api", Capability::content_search_api()); + check_capability_mapping("vespa.content.state_api", Capability::content_state_api()); check_capability_mapping("vespa.content.status_pages", Capability::content_status_pages()); check_capability_mapping("vespa.content.storage_api", Capability::content_storage_api()); check_capability_mapping("vespa.logserver.api", Capability::logserver_api()); @@ -109,6 +110,7 @@ TEST("CapabilitySet instances can be stringified") { "vespa.container.state_api, " "vespa.content.document_api, " "vespa.content.metrics_api, " + "vespa.content.state_api, " "vespa.content.status_pages, " "vespa.content.storage_api, " "vespa.logserver.api, " @@ -135,7 +137,7 @@ TEST("Resolving a capability set adds all its underlying capabilities") { CapabilitySet caps; EXPECT_TRUE(caps.resolve_and_add("vespa.content_node")); // Slightly suboptimal; this test will fail if the default set of capabilities for vespa.content_node changes. - EXPECT_EQUAL(caps.count(), 14u); + EXPECT_EQUAL(caps.count(), 15u); EXPECT_FALSE(caps.empty()); EXPECT_TRUE(caps.contains(Capability::content_storage_api())); EXPECT_TRUE(caps.contains(Capability::content_document_api())); @@ -147,6 +149,7 @@ TEST("Resolving a capability set adds all its underlying capabilities") { EXPECT_TRUE(caps.contains(Capability::configproxy_config_api())); EXPECT_TRUE(caps.contains(Capability::configproxy_filedistribution_api())); // vespa.content_node -> shared node caps -> vespa.telemetry + EXPECT_TRUE(caps.contains(Capability::content_state_api())); EXPECT_TRUE(caps.contains(Capability::content_status_pages())); EXPECT_TRUE(caps.contains(Capability::content_metrics_api())); EXPECT_TRUE(caps.contains(Capability::container_state_api())); diff --git a/vespalib/src/vespa/vespalib/net/tls/capability.cpp b/vespalib/src/vespa/vespalib/net/tls/capability.cpp index cfc1cc7a7cc..49f8aa11bad 100644 --- a/vespalib/src/vespa/vespalib/net/tls/capability.cpp +++ b/vespalib/src/vespa/vespalib/net/tls/capability.cpp @@ -35,6 +35,7 @@ constexpr std::array<std::string_view, Capability::max_value_count()> capability "vespa.content.metrics_api"sv, "vespa.content.proton_admin_api"sv, "vespa.content.search_api"sv, + "vespa.content.state_api"sv, "vespa.content.status_pages"sv, "vespa.content.storage_api"sv, "vespa.logserver.api"sv, @@ -83,6 +84,7 @@ std::optional<Capability> Capability::find_capability(const string& cap_name) no {"vespa.content.metrics_api", content_metrics_api()}, {"vespa.content.proton_admin_api", content_proton_admin_api()}, {"vespa.content.search_api", content_search_api()}, + {"vespa.content.state_api", content_state_api()}, {"vespa.content.status_pages", content_status_pages()}, {"vespa.content.storage_api", content_storage_api()}, {"vespa.logserver.api", logserver_api()}, diff --git a/vespalib/src/vespa/vespalib/net/tls/capability.h b/vespalib/src/vespa/vespalib/net/tls/capability.h index a7a1dcd15ac..396fad4cbcd 100644 --- a/vespalib/src/vespa/vespalib/net/tls/capability.h +++ b/vespalib/src/vespa/vespalib/net/tls/capability.h @@ -47,6 +47,7 @@ private: ContentMetricsApi, ContentProtonAdminApi, ContentSearchApi, + ContentStateApi, ContentStatusPages, ContentStorageApi, LogserverApi, @@ -176,6 +177,10 @@ public: return Capability(Id::ContentSearchApi); } + constexpr static Capability content_state_api() noexcept { + return Capability(Id::ContentStateApi); + } + constexpr static Capability content_proton_admin_api() noexcept { return Capability(Id::ContentProtonAdminApi); } diff --git a/vespalib/src/vespa/vespalib/net/tls/capability_set.cpp b/vespalib/src/vespa/vespalib/net/tls/capability_set.cpp index b17cf1ba851..06231582461 100644 --- a/vespalib/src/vespa/vespalib/net/tls/capability_set.cpp +++ b/vespalib/src/vespa/vespalib/net/tls/capability_set.cpp @@ -72,6 +72,7 @@ CapabilitySet CapabilitySet::container_node() noexcept { CapabilitySet CapabilitySet::telemetry() noexcept { return CapabilitySet::of({Capability::content_status_pages(), + Capability::content_state_api(), Capability::content_metrics_api(), Capability::container_state_api(), Capability::metricsproxy_metrics_api(), |