From 3014e3e42ce93ec638eda67d0fd0c40f68431707 Mon Sep 17 00:00:00 2001
From: Bjørn Christian Seime <bjorncs@yahooinc.com>
Date: Thu, 9 Feb 2023 17:11:18 +0100
Subject: Define required capabilities for existing JRT RPC methods

---
 .../java/com/yahoo/vespa/config/server/rpc/RpcServer.java  | 14 +++++++++-----
 1 file changed, 9 insertions(+), 5 deletions(-)

(limited to 'configserver')

diff --git a/configserver/src/main/java/com/yahoo/vespa/config/server/rpc/RpcServer.java b/configserver/src/main/java/com/yahoo/vespa/config/server/rpc/RpcServer.java
index 034ac97ebd8..be4738258d8 100644
--- a/configserver/src/main/java/com/yahoo/vespa/config/server/rpc/RpcServer.java
+++ b/configserver/src/main/java/com/yahoo/vespa/config/server/rpc/RpcServer.java
@@ -20,6 +20,7 @@ import com.yahoo.jrt.StringValue;
 import com.yahoo.jrt.Supervisor;
 import com.yahoo.jrt.Target;
 import com.yahoo.jrt.Transport;
+import com.yahoo.security.tls.Capability;
 import com.yahoo.vespa.config.ErrorCode;
 import com.yahoo.vespa.config.JRTMethods;
 import com.yahoo.vespa.config.protocol.ConfigResponse;
@@ -224,11 +225,13 @@ public class RpcServer implements Runnable, ConfigActivationListener, TenantList
         getSupervisor().addMethod(new Method("printStatistics", "", "s", this::printStatistics)
                                   .methodDesc("printStatistics")
                                   .returnDesc(0, "statistics", "Statistics for server"));
-        getSupervisor().addMethod(new Method("filedistribution.serveFile", "si*", "is", this::serveFile));
+        getSupervisor().addMethod(new Method("filedistribution.serveFile", "si*", "is", this::serveFile)
+                                  .requireCapabilities(Capability.CONFIGSERVER__FILEDISTRIBUTION_API));
         getSupervisor().addMethod(new Method("filedistribution.setFileReferencesToDownload", "S", "i", this::setFileReferencesToDownload)
-                                     .methodDesc("set which file references to download")
-                                     .paramDesc(0, "file references", "file reference to download")
-                                     .returnDesc(0, "ret", "0 if success, 1 otherwise"));
+                                  .requireCapabilities(Capability.CONFIGSERVER__FILEDISTRIBUTION_API)
+                                  .methodDesc("set which file references to download")
+                                  .paramDesc(0, "file references", "file reference to download")
+                                  .returnDesc(0, "ret", "0 if success, 1 otherwise"));
     }
 
     /**
@@ -236,7 +239,8 @@ public class RpcServer implements Runnable, ConfigActivationListener, TenantList
      */
     public void setUpGetConfigHandlers() {
         // The getConfig method in this class will handle RPC calls for getting config
-        getSupervisor().addMethod(JRTMethods.createConfigV3GetConfigMethod(this::getConfigV3));
+        getSupervisor().addMethod(JRTMethods.createConfigV3GetConfigMethod(this::getConfigV3)
+                                          .requireCapabilities(Capability.CONFIGSERVER__CONFIG_API));
         isServingConfigRequests = true;
     }
 
-- 
cgit v1.2.3