From 141b9b65efb97c55154246be665380a59d3bd7ca Mon Sep 17 00:00:00 2001
From: Martin Blanchard <martin.blanchard@codethink.co.uk>
Date: Tue, 18 Dec 2018 11:22:52 +0000
Subject: [PATCH] capabilities/service.py: Per-method authorization

---
 buildgrid/server/capabilities/service.py | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/buildgrid/server/capabilities/service.py b/buildgrid/server/capabilities/service.py
index b76e00f21..b232f9ada 100755
--- a/buildgrid/server/capabilities/service.py
+++ b/buildgrid/server/capabilities/service.py
@@ -19,15 +19,20 @@ import grpc
 
 from buildgrid._exceptions import InvalidArgumentError
 from buildgrid._protos.build.bazel.remote.execution.v2 import remote_execution_pb2, remote_execution_pb2_grpc
+from buildgrid.server._authentication import AuthContext, authorize
 
 
 class CapabilitiesService(remote_execution_pb2_grpc.CapabilitiesServicer):
 
     def __init__(self, server):
         self.__logger = logging.getLogger(__name__)
+
         self.__instances = {}
+
         remote_execution_pb2_grpc.add_CapabilitiesServicer_to_server(self, server)
 
+    # --- Public API ---
+
     def add_instance(self, name, instance):
         self.__instances[name] = instance
 
@@ -40,6 +45,9 @@ class CapabilitiesService(remote_execution_pb2_grpc.CapabilitiesServicer):
     def add_execution_instance(self, name, instance):
         self.__instances[name].add_execution_instance(instance)
 
+    # --- Public API: Servicer ---
+
+    @authorize(AuthContext)
     def GetCapabilities(self, request, context):
         try:
             instance = self._get_instance(request.instance_name)
@@ -52,6 +60,8 @@ class CapabilitiesService(remote_execution_pb2_grpc.CapabilitiesServicer):
 
         return remote_execution_pb2.ServerCapabilities()
 
+    # --- Private API ---
+
     def _get_instance(self, name):
         try:
             return self.__instances[name]
-- 
GitLab