diff options
Diffstat (limited to 'fnet')
-rw-r--r-- | fnet/src/tests/frt/rpc/invoke.cpp | 4 | ||||
-rw-r--r-- | fnet/src/vespa/fnet/frt/require_capabilities.cpp | 12 | ||||
-rw-r--r-- | fnet/src/vespa/fnet/frt/require_capabilities.h | 4 |
3 files changed, 18 insertions, 2 deletions
diff --git a/fnet/src/tests/frt/rpc/invoke.cpp b/fnet/src/tests/frt/rpc/invoke.cpp index 2668d86cae6..764b3fb4a05 100644 --- a/fnet/src/tests/frt/rpc/invoke.cpp +++ b/fnet/src/tests/frt/rpc/invoke.cpp @@ -227,10 +227,10 @@ public: // The authz rules used for this test only grant the telemetry capability set rb.DefineMethod("capabilityRestricted", "", "", FRT_METHOD(TestRPC::RPC_AccessRestricted), this); - rb.RequestAccessFilter(std::make_unique<FRT_RequireCapabilities>(CapabilitySet::content_node())); + rb.RequestAccessFilter(FRT_RequireCapabilities::of(CapabilitySet::content_node())); rb.DefineMethod("capabilityAllowed", "", "", FRT_METHOD(TestRPC::RPC_AccessRestricted), this); - rb.RequestAccessFilter(std::make_unique<FRT_RequireCapabilities>(CapabilitySet::telemetry())); + rb.RequestAccessFilter(FRT_RequireCapabilities::of(CapabilitySet::telemetry())); } void RPC_Test(FRT_RPCRequest *req) diff --git a/fnet/src/vespa/fnet/frt/require_capabilities.cpp b/fnet/src/vespa/fnet/frt/require_capabilities.cpp index fc5243bc805..5f87f98436e 100644 --- a/fnet/src/vespa/fnet/frt/require_capabilities.cpp +++ b/fnet/src/vespa/fnet/frt/require_capabilities.cpp @@ -35,3 +35,15 @@ FRT_RequireCapabilities::allow(FRT_RPCRequest& req) const noexcept return (mode != CapabilityEnforcementMode::Enforce); } } + +std::unique_ptr<FRT_RequireCapabilities> +FRT_RequireCapabilities::of(Capability required_capability) +{ + return std::make_unique<FRT_RequireCapabilities>(CapabilitySet::of({required_capability})); +} + +std::unique_ptr<FRT_RequireCapabilities> +FRT_RequireCapabilities::of(CapabilitySet required_capabilities) +{ + return std::make_unique<FRT_RequireCapabilities>(required_capabilities); +} diff --git a/fnet/src/vespa/fnet/frt/require_capabilities.h b/fnet/src/vespa/fnet/frt/require_capabilities.h index 7c80484783d..557ddc3ddc3 100644 --- a/fnet/src/vespa/fnet/frt/require_capabilities.h +++ b/fnet/src/vespa/fnet/frt/require_capabilities.h @@ -3,6 +3,7 @@ #include "request_access_filter.h" #include <vespa/vespalib/net/tls/capability_set.h> +#include <memory> /** * An RPC access filter which verifies that a request is associated with an auth @@ -18,4 +19,7 @@ public: } bool allow(FRT_RPCRequest& req) const noexcept override; + + static std::unique_ptr<FRT_RequireCapabilities> of(vespalib::net::tls::Capability required_capability); + static std::unique_ptr<FRT_RequireCapabilities> of(vespalib::net::tls::CapabilitySet required_capabilities); }; |