aboutsummaryrefslogtreecommitdiffstats
path: root/fnet
diff options
context:
space:
mode:
Diffstat (limited to 'fnet')
-rw-r--r--fnet/src/tests/frt/rpc/invoke.cpp4
-rw-r--r--fnet/src/vespa/fnet/frt/require_capabilities.cpp12
-rw-r--r--fnet/src/vespa/fnet/frt/require_capabilities.h4
3 files changed, 18 insertions, 2 deletions
diff --git a/fnet/src/tests/frt/rpc/invoke.cpp b/fnet/src/tests/frt/rpc/invoke.cpp
index 2668d86cae6..764b3fb4a05 100644
--- a/fnet/src/tests/frt/rpc/invoke.cpp
+++ b/fnet/src/tests/frt/rpc/invoke.cpp
@@ -227,10 +227,10 @@ public:
// The authz rules used for this test only grant the telemetry capability set
rb.DefineMethod("capabilityRestricted", "", "",
FRT_METHOD(TestRPC::RPC_AccessRestricted), this);
- rb.RequestAccessFilter(std::make_unique<FRT_RequireCapabilities>(CapabilitySet::content_node()));
+ rb.RequestAccessFilter(FRT_RequireCapabilities::of(CapabilitySet::content_node()));
rb.DefineMethod("capabilityAllowed", "", "",
FRT_METHOD(TestRPC::RPC_AccessRestricted), this);
- rb.RequestAccessFilter(std::make_unique<FRT_RequireCapabilities>(CapabilitySet::telemetry()));
+ rb.RequestAccessFilter(FRT_RequireCapabilities::of(CapabilitySet::telemetry()));
}
void RPC_Test(FRT_RPCRequest *req)
diff --git a/fnet/src/vespa/fnet/frt/require_capabilities.cpp b/fnet/src/vespa/fnet/frt/require_capabilities.cpp
index fc5243bc805..5f87f98436e 100644
--- a/fnet/src/vespa/fnet/frt/require_capabilities.cpp
+++ b/fnet/src/vespa/fnet/frt/require_capabilities.cpp
@@ -35,3 +35,15 @@ FRT_RequireCapabilities::allow(FRT_RPCRequest& req) const noexcept
return (mode != CapabilityEnforcementMode::Enforce);
}
}
+
+std::unique_ptr<FRT_RequireCapabilities>
+FRT_RequireCapabilities::of(Capability required_capability)
+{
+ return std::make_unique<FRT_RequireCapabilities>(CapabilitySet::of({required_capability}));
+}
+
+std::unique_ptr<FRT_RequireCapabilities>
+FRT_RequireCapabilities::of(CapabilitySet required_capabilities)
+{
+ return std::make_unique<FRT_RequireCapabilities>(required_capabilities);
+}
diff --git a/fnet/src/vespa/fnet/frt/require_capabilities.h b/fnet/src/vespa/fnet/frt/require_capabilities.h
index 7c80484783d..557ddc3ddc3 100644
--- a/fnet/src/vespa/fnet/frt/require_capabilities.h
+++ b/fnet/src/vespa/fnet/frt/require_capabilities.h
@@ -3,6 +3,7 @@
#include "request_access_filter.h"
#include <vespa/vespalib/net/tls/capability_set.h>
+#include <memory>
/**
* An RPC access filter which verifies that a request is associated with an auth
@@ -18,4 +19,7 @@ public:
}
bool allow(FRT_RPCRequest& req) const noexcept override;
+
+ static std::unique_ptr<FRT_RequireCapabilities> of(vespalib::net::tls::Capability required_capability);
+ static std::unique_ptr<FRT_RequireCapabilities> of(vespalib::net::tls::CapabilitySet required_capabilities);
};