capabilities/service.py: Per-method authorization

#152

capabilities/service.py: Per-method authorization
f1956513 · Martin Blanchard · 9f149dc9 · f1956513
Commit f1956513 authored 6 years ago by Martin Blanchard
--- a/buildgrid/server/capabilities/service.py
+++ b/buildgrid/server/capabilities/service.py
@@ -19,15 +19,20 @@ import grpc
 from buildgrid._exceptions import InvalidArgumentError
 from buildgrid._protos.build.bazel.remote.execution.v2 import remote_execution_pb2, remote_execution_pb2_grpc
+from buildgrid.server._authentication import AuthContext, authorize
 class CapabilitiesService(remote_execution_pb2_grpc.CapabilitiesServicer):
    def __init__(self, server):
        self.__logger = logging.getLogger(__name__)
        self.__instances = {}
        remote_execution_pb2_grpc.add_CapabilitiesServicer_to_server(self, server)
+    # --- Public API ---
    def add_instance(self, name, instance):
        self.__instances[name] = instance
@@ -40,6 +45,9 @@ class CapabilitiesService(remote_execution_pb2_grpc.CapabilitiesServicer):
    def add_execution_instance(self, name, instance):
        self.__instances[name].add_execution_instance(instance)
+    # --- Public API: Servicer ---
+    @authorize(AuthContext)
    def GetCapabilities(self, request, context):
        try:
            instance = self._get_instance(request.instance_name)
@@ -52,6 +60,8 @@ class CapabilitiesService(remote_execution_pb2_grpc.CapabilitiesServicer):
        return remote_execution_pb2.ServerCapabilities()
+    # --- Private API ---
    def _get_instance(self, name):
        try:
            return self.__instances[name]