From 973398a7175da4e16c0628966aac67c53f004af2 Mon Sep 17 00:00:00 2001 From: Bjørn Christian Seime Date: Mon, 20 Feb 2023 13:27:22 +0100 Subject: Remove capability requirement for 'mbus.getVersion' --- .../src/main/java/com/yahoo/messagebus/network/rpc/RPCNetwork.java | 2 ++ 1 file changed, 2 insertions(+) diff --git a/messagebus/src/main/java/com/yahoo/messagebus/network/rpc/RPCNetwork.java b/messagebus/src/main/java/com/yahoo/messagebus/network/rpc/RPCNetwork.java index b4fa7d8f887..6afc2039c38 100644 --- a/messagebus/src/main/java/com/yahoo/messagebus/network/rpc/RPCNetwork.java +++ b/messagebus/src/main/java/com/yahoo/messagebus/network/rpc/RPCNetwork.java @@ -29,6 +29,7 @@ import com.yahoo.messagebus.network.NetworkOwner; import com.yahoo.messagebus.routing.Hop; import com.yahoo.messagebus.routing.Route; import com.yahoo.messagebus.routing.RoutingNode; +import com.yahoo.security.tls.CapabilitySet; import java.io.PrintWriter; import java.io.StringWriter; @@ -100,6 +101,7 @@ public class RPCNetwork implements Network, MethodHandler { servicePool = new RPCServicePool(this, 4096); Method method = new Method("mbus.getVersion", "", "s", this); + method.requireCapabilities(CapabilitySet.none()); method.methodDesc("Retrieves the message bus version."); method.returnDesc(0, "version", "The message bus version."); orb.addMethod(method); -- cgit v1.2.3 From 03ac01185db30571ae02540e9fa79eefe5bd1c64 Mon Sep 17 00:00:00 2001 From: Bjørn Christian Seime Date: Mon, 20 Feb 2023 13:41:26 +0100 Subject: Grant container nodes access to container document api --- security-utils/src/main/java/com/yahoo/security/tls/CapabilitySet.java | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/security-utils/src/main/java/com/yahoo/security/tls/CapabilitySet.java b/security-utils/src/main/java/com/yahoo/security/tls/CapabilitySet.java index 8fa077027a9..010b8a5b228 100644 --- a/security-utils/src/main/java/com/yahoo/security/tls/CapabilitySet.java +++ b/security-utils/src/main/java/com/yahoo/security/tls/CapabilitySet.java @@ -44,7 +44,8 @@ public class CapabilitySet implements ToCapabilitySet { SHARED_CAPABILITIES_APP_NODE); public static final CapabilitySet CONTAINER_NODE = predefined( "vespa.container_node", - Capability.CONTENT__DOCUMENT_API, Capability.CONTENT__SEARCH_API, SHARED_CAPABILITIES_APP_NODE); + Capability.CONTAINER__DOCUMENT_API, Capability.CONTENT__DOCUMENT_API, Capability.CONTENT__SEARCH_API, + SHARED_CAPABILITIES_APP_NODE); public static final CapabilitySet CLUSTER_CONTROLLER_NODE = predefined( "vespa.cluster_controller_node", Capability.CONTENT__CLUSTER_CONTROLLER__INTERNAL_STATE_API, -- cgit v1.2.3 From b91b554e9620045857653fe396737cf7944c1dd8 Mon Sep 17 00:00:00 2001 From: Bjørn Christian Seime Date: Mon, 20 Feb 2023 14:29:53 +0100 Subject: Remove capability requirement for 'frt.rpc.getMethod{Info,List}' --- jrt/src/com/yahoo/jrt/MandatoryMethods.java | 2 ++ 1 file changed, 2 insertions(+) diff --git a/jrt/src/com/yahoo/jrt/MandatoryMethods.java b/jrt/src/com/yahoo/jrt/MandatoryMethods.java index b1355c0fb1e..a73e2bfc6dd 100644 --- a/jrt/src/com/yahoo/jrt/MandatoryMethods.java +++ b/jrt/src/com/yahoo/jrt/MandatoryMethods.java @@ -23,6 +23,7 @@ class MandatoryMethods { parent.addMethod(m); //--------------------------------------------------------------------- m = new Method("frt.rpc.getMethodList", "", "SSS", this::getMethodList); + m.requireCapabilities(CapabilitySet.none()); m.methodDesc("Obtain a list of all available methods"); m.returnDesc(0, "names", "Method names"); m.returnDesc(1, "params", "Method parameter types"); @@ -30,6 +31,7 @@ class MandatoryMethods { parent.addMethod(m); //--------------------------------------------------------------------- m = new Method("frt.rpc.getMethodInfo", "s", "sssSSSS", this::getMethodInfo); + m.requireCapabilities(CapabilitySet.none()); m.methodDesc("Obtain detailed information about a single method"); m.paramDesc (0, "methodName", "The method we want information about"); m.returnDesc(0, "desc", "Description of what the method does"); -- cgit v1.2.3