tyler.durden/icinga2
1
0
Fork 0
mirror of https://github.com/Icinga/icinga2.git synced 2025-05-14 19:40:16 +02:00
Code Issues Packages Projects Releases Wiki Activity
14,110 Commits 417 Branches 120 Tags
Commit Graph

1150 Commits

Author SHA1 Message Date
Michael Friedrich
4d57de2a1a Hide TicketSalt in /v1/variables 2023-01-20 12:38:18 +01:00
Julian Brost
1c066fc02e Simplify NamespaceValue class hierarchy to one struct without member functions 
This commit removes EmbeddedNamespaceValue and ConstEmbeddedNamespaceValue and
reduces NamespaceValue down to a simple struct without inheritance or member
functions. The code from these clases is inlined into the Namespace class. The
class hierarchy determining whether a value is const is moved to an attribute
of NamespaceValue.

This is done in preparation for changes to the locking in the Namespace class.
Currently, it relies on a recursive mutex. In the future, a shared mutex
(read/write lock) should be used instead, which cannot allow recursive locking
(without failing or risk deadlocking on lock upgrades). With this change, all
operations requiring a lock for one operation are within one function, no
recursive locking is not needed any more.
 2023-01-19 17:55:11 +01:00
Julian Brost
0294c174a4
Merge pull request #9594 from Icinga/8834 
ConfigObjectUtility::GetObjectConfigPath(): just return paths of existing objects
 2023-01-09 13:49:58 +01:00
Alexander A. Klimov
e1bb085b0f ConfigObjectUtility::DeleteObjectHelper(): only delete _api files 
to restore the behavior before the previous commit. Otherwise we'd delete all
API object's child objects' files including applied child object rules in /etc.
 2023-01-05 18:05:31 +01:00
Julian Brost
dd51997c73
Merge pull request #9624 from Icinga/9618 
Make compilable on Boost v1.81
 2023-01-05 15:32:22 +01:00
Alexander A. Klimov
99c2d69dc8 Handle boost::beast::http::basic_fields#operator[]() signature change (v1.81) 
Use always working std::string(x), not broken x.to_string().
(x is a return value.)
 2023-01-05 11:18:20 +01:00
Alexander Aleksandrovič Klimov
ca328627cd
Merge pull request #9537 from Icinga/replace-some-raw-pointer-with-intrusive-ptr 
FilterUtility: Replace some nested raw pointers by `unique_ptr<>*`
 2022-12-06 13:07:24 +01:00
Alexander A. Klimov
83021f8231 CONTEXT: use << everywhere to unify usages 2022-11-30 11:06:51 +01:00
Alexander A. Klimov
145ee890df Just get paths from existing objects for modification and deletion 
instead of computing from scratch if they're in the _api package.

For now this changes literally nothing as paths of existing objects still follow
the scheme of paths of new objects which didn't change. Now Icinga only doesn't expect
existing objects at particular paths. However, with the latter in v2.14+ (agent,
satellite) we can just change the path scheme of new objects in v2.16+ (master)
as we wish. The child nodes will just follow the new scheme of paths of new objects.
 2022-11-28 16:39:16 +01:00
Yonas Habteab
c1f73fbc1d FilterUtility: Replace some nested raw pointers by our unique_ptr<X>* 2022-11-28 14:50:54 +01:00
Alexander Aleksandrovič Klimov
363f4d3fde
Merge pull request #9408 from Icinga/bugfix/match-api-permissions-against-join-relations 
ObjectQueryHandler: Check user permissions on joined relations
 2022-10-11 13:42:27 +02:00
Yonas Habteab
72e6894bbb Evaluate permission filters also on all joined relations 2022-10-10 12:33:33 +02:00
Yonas Habteab
607f7ab5ca ObjectQueryHandler: Check user permissions on joined relations 2022-10-10 12:33:33 +02:00
Yonas Habteab
1bb2d65a8d FilterUtility: Outsource permission matching from CheckPermission() to a separate method 2022-10-10 12:33:33 +02:00
Yonas Habteab
28c29c1fbc Don't allow to change object parent,host/service_name at runtime 2022-09-09 18:26:28 +02:00
Julian Brost
178aaaeca9
Merge pull request #9332 from Icinga/bugfix/compare-cluster-tickets-in-constant-time 
Compare cluster tickets in constant time
 2022-04-11 15:32:32 +02:00
Julian Brost
b24a2fa2a5
Merge pull request #9179 from Icinga/Al2Klimov-patch-3 
Let new cluster certificates expire after 397 days, not 15 years
 2022-04-11 15:29:05 +02:00
Julian Brost
0e880048ee
Merge pull request #7961 from Icinga/bugfix/startup-log 
Place startup.log and status in /var/lib/icinga2/api, not /var/lib/icinga2/api/zones-stage
 2022-04-11 14:41:07 +02:00
Alexander A. Klimov
b15763bd86 Compare cluster tickets in constant time 
Just to be sure.
 2022-04-11 11:17:05 +02:00
Alexander A. Klimov
08a23f4035 Write also /var/lib/icinga2/api/zones-stage-startup-last-failed.log 
in addition to /var/lib/icinga2/api/zones-stage-startup.log
to prevent the next success to overwrite the last failure.
 2022-04-11 11:14:42 +02:00
Alexander A. Klimov
c9e4c016e0 Protect ApiListener#m_SSLContext with a mutex 2022-04-11 11:02:45 +02:00
Alexander A. Klimov
e490883577 Renew certificates also periodically 2022-04-11 11:02:39 +02:00
Alexander A. Klimov
ce6d1b8961 Place startup.log and status in /var/lib/icinga2/api, not /var/lib/icinga2/api/zones-stage 
not to loose them.
 2022-04-07 11:24:24 +02:00
Alexander A. Klimov
3753f86c80 ApiListener#Start(): auto-renew own cert if CA owner 
otherwise that particular cert would expire.
 2022-04-04 12:13:31 +02:00
Alexander A. Klimov
6d470a3ca5 Introduce ApiListener#RenewCert() 2022-04-04 12:12:31 +02:00
Yonas Habteab
6193a911bf ConfigStagesHandler: Don't allow concurrent package updates anymore 
To prevent Icinga2 from being restarted while
one or more requests are still in progress and end up
as corrupted stages without status file and startup logs.
 2022-03-30 09:42:22 +02:00
Yonas Habteab
362adcab1a ConfigPackageUtility: Don't reset ongoing package updates on config validation success and process is going to be reloaded 2022-03-30 09:42:22 +02:00
Alexander A. Klimov
9be2eb8e5e Introduce IsCertUptodate() 2022-03-29 16:47:23 +02:00
Alexander A. Klimov
5f2e021390 Request certificate renewal also master2->master1 
not only sat->master to prevent master2's certificate from expiring.
 2022-03-29 16:47:23 +02:00
Yonas Habteab
a0607aceff Fix compiler warnings don't move local variables 2022-02-22 17:51:43 +01:00
Yonas Habteab
361807f7a9
Adjust incosistent pki log messages (#8965) 2021-11-22 16:06:55 +01:00
Alexander A. Klimov
3bf180a341 Fix typo 
refs #8766
 2021-10-08 10:27:35 +02:00
Alexander Aleksandrovič Klimov
3aa2289c59
Merge pull request #8946 from Icinga/bugfix/old-packages 
ConfigPackageUtility::ValidatePackageName(): always tolerate already existing packages
 2021-08-02 20:27:27 +02:00
Alexander A. Klimov
57df803e35 ConfigPackageUtility::ValidatePackageName(): always tolerate already existing packages 
... not to require migrating invalid ones.
 2021-08-02 15:40:14 +02:00
Alexander A. Klimov
c1df4b70f5 ConfigPackageUtility::PackageExists(): accept invalid package names, too 2021-08-02 15:40:14 +02:00
Alexander A. Klimov
c666f81361 De-couple package and stage name validation 2021-08-02 15:40:14 +02:00
Alexander A. Klimov
504fdda76c Introduce DEFAULT_CONNECT_TIMEOUT 2021-07-27 21:57:02 +02:00
Alexander A. Klimov
7f7637c9b8 Introduce DEFAULT_TLS_CIPHERS and DEFAULT_TLS_PROTOCOLMIN 2021-07-22 11:12:33 +02:00
Alexander A. Klimov
80a1128ec7 Introduce SetupSslContext() 2021-07-22 11:12:33 +02:00
Julian Brost
9f43c143d7
Merge pull request from GHSA-98wp-jc6q-x5q5 
API: hide ApiListener#ticket_salt
 2021-07-15 11:13:35 +02:00
Alexander A. Klimov
07d768f166 API: hide ApiListener#ticket_salt 2021-07-02 16:29:53 +02:00
Alexander Aleksandrovič Klimov
692f5aa615
Merge pull request #8718 from Icinga/feature/tls-1.3 
Support TLS 1.3
 2021-06-29 17:52:55 +02:00
Julian Brost
0e7a05ad7a Support TLS 1.3 2021-06-29 11:08:47 +02:00
Noah Hilverling
8af66ce44c
Merge pull request #8710 from Icinga/feature/windows-event-log 
Add support for Windows Event Log and write early log messages to it
 2021-06-24 09:19:50 +02:00
Noah Hilverling
1fae2f3974
Merge pull request #8769 from Icinga/bugfix/new-connection-timeout 
Add timeout for full Icinga connection handshake
 2021-06-24 09:18:37 +02:00
Alexander Aleksandrovič Klimov
2cd9c1d902
Merge pull request #8835 from Icinga/bugfix/api-filename-truncation 
Fix/restrict truncation of filenames for API-created objects
 2021-06-23 12:06:31 +02:00
Julian Brost
56060bc8d5 ApiListener: Deprecate tls_handshake_timeout in favor of connect_timeout 2021-06-23 11:21:42 +02:00
Julian Brost
84d778580f Add timeout for all new connections 
This commit adds a timeout for both establishing new outgoing and incoming
connections. This timeout applies to everything until the connection is in a
state where either JsonRpcConnection or HttpServerConnection takes over.
 2021-06-23 11:21:42 +02:00
Julian Brost
36ce7d961f Rename silent parameter of ConfigItem::ActivateItems() 
As silent now no longer only controls the generation of log messages, a better
name is required. This changes its name, inverts its value to reflect the new
name and adds a documentation comment.
 2021-06-21 16:07:36 +02:00
Julian Brost
118df982f1 GetObjectConfigPath: only truncate and hash comment and downtime filenames 
This partially reverts 68a0079c26686363b6202a8abd2712d2bf96d9f2 and keeps the
fix only for comment and downtime objects for now. For reasoning, please see
the comment in the code.
 2021-06-17 16:21:01 +02:00