Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Auth: Prune pending TLS identities #14261

Merged
merged 16 commits into from
Oct 31, 2024
Merged

Auth: Prune pending TLS identities #14261

merged 16 commits into from
Oct 31, 2024

Commits on Oct 24, 2024

  1. lxd/state: Add LeaderInfo type and function to state. 

    Signed-off-by: Mark Laing <[email protected]>
    @markylaing
    markylaing committed Oct 24, 2024
    Configuration menu
    Copy the full SHA
    be1ec61 View commit details
    Browse the repository at this point in the history

  2. lxd: Set LeaderInfo function in (*Daemon).State. 

    Signed-off-by: Mark Laing <[email protected]>
    @markylaing
    markylaing committed Oct 24, 2024
    Configuration menu
    Copy the full SHA
    2220cde View commit details
    Browse the repository at this point in the history

  3. lxd: Update ACME handlers to use (*State).LeaderInfo. 

    Signed-off-by: Mark Laing <[email protected]>
    @markylaing
    markylaing committed Oct 24, 2024
    Configuration menu
    Copy the full SHA
    7fe7737 View commit details
    Browse the repository at this point in the history

  4. lxd: Update cluster handlers to use (*State).LeaderInfo. 

    Signed-off-by: Mark Laing <[email protected]>
    @markylaing
    markylaing committed Oct 24, 2024
    Configuration menu
    Copy the full SHA
    afbd115 View commit details
    Browse the repository at this point in the history

  5. lxd: Update image sync task to use (*State).LeaderInfo. 

    Signed-off-by: Mark Laing <[email protected]>
    @markylaing
    markylaing committed Oct 24, 2024
    Configuration menu
    Copy the full SHA
    15591e9 View commit details
    Browse the repository at this point in the history

  6. lxd: Update instance handlers to use (*State).LeaderInfo. 

    Signed-off-by: Mark Laing <[email protected]>
    @markylaing
    markylaing committed Oct 24, 2024
    Configuration menu
    Copy the full SHA
    458e458 View commit details
    Browse the repository at this point in the history

  7. lxd: Update operation prune task to use (*State).LeaderInfo. 

    Signed-off-by: Mark Laing <[email protected]>
    @markylaing
    markylaing committed Oct 24, 2024
    Configuration menu
    Copy the full SHA
    5093829 View commit details
    Browse the repository at this point in the history

  8. lxd: Update database patch to use (*State).LeaderInfo. 

    Signed-off-by: Mark Laing <[email protected]>
    @markylaing
    markylaing committed Oct 24, 2024
    Configuration menu
    Copy the full SHA
    07a7c8f View commit details
    Browse the repository at this point in the history

Commits on Oct 25, 2024

  1. lxd/db/cluster: Differentiate errors returned by PendingTLSMetadata. 

    Signed-off-by: Mark Laing <[email protected]>
    @markylaing
    markylaing committed Oct 25, 2024
    Configuration menu
    Copy the full SHA
    b2dd68e View commit details
    Browse the repository at this point in the history

  2. lxd: Remove expired pending TLS identities in token prune task. 

    Signed-off-by: Mark Laing <[email protected]>
    @markylaing
    markylaing committed Oct 25, 2024
    Configuration menu
    Copy the full SHA
    de48dc3 View commit details
    Browse the repository at this point in the history

  3. lxd: Change log level to 'warn' for the token prune task. 

    Also change "id" to "operation" in the log context.

Signed-off-by: Mark Laing <[email protected]>
    @markylaing
    markylaing committed Oct 25, 2024
    Configuration menu
    Copy the full SHA
    11bc5a3 View commit details
    Browse the repository at this point in the history

  4. lxd: Opportunistically remove invalid/expired pending TLS identities. 

    On `POST /1.0/certificates` with a trust_token, the CertificateAddToken
operation associated with the token is cancelled regardless of where it
is invalid/expired. This commit performs the analogous task for pending
TLS identities and removes them if invalid when the token is received.

Signed-off-by: Mark Laing <[email protected]>
    @markylaing
    markylaing committed Oct 25, 2024
    Configuration menu
    Copy the full SHA
    effd497 View commit details
    Browse the repository at this point in the history

Commits on Oct 31, 2024

  1. lxd: Add internal testing handler to trigger token prune task. 

    Signed-off-by: Mark Laing <[email protected]>
    @markylaing
    markylaing committed Oct 31, 2024
    Configuration menu
    Copy the full SHA
    a8f95c5 View commit details
    Browse the repository at this point in the history

  2. test/suites: Test that expired pending identities are removed when to… 

    …ken is used.

Signed-off-by: Mark Laing <[email protected]>
    @markylaing
    markylaing committed Oct 31, 2024
    Configuration menu
    Copy the full SHA
    efb7028 View commit details
    Browse the repository at this point in the history

  3. test/suites: Test the token pruning task removes expired pending TLS … 

    …identities.

Signed-off-by: Mark Laing <[email protected]>
    @markylaing
    markylaing committed Oct 31, 2024
    Configuration menu
    Copy the full SHA
    f20f62d View commit details
    Browse the repository at this point in the history

  4. test/suites: Test token prune task for certificate add token operations. 

    Signed-off-by: Mark Laing <[email protected]>
    @markylaing
    markylaing committed Oct 31, 2024
    Configuration menu
    Copy the full SHA
    86b65fe View commit details
    Browse the repository at this point in the history