tyler.durden
/
icinga2
mirror of https://github.com/Icinga/icinga2.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
13,432 Commits 347 Branches 120 Tags 188 MiB
Commit Graph

1059 Commits

Author SHA1 Message Date
Alexander A. Klimov ba7102cae3 Explicitly stop started timers and wait for them 
before permitting their parent objects' destruction.
For the cases where the handlers have raw pointers to these objects.
 2023-04-14 14:52:04 +02:00
Alexander A. Klimov 21b68455ce Use Timer::Create() instead of new Timer() 
git ls-files -z |xargs -0 perl -pi -e 's/\bnew Timer\b/Timer::Create/g'

ex. in Timer::Create() itself.
 2023-04-04 10:35:20 +02:00
Julian Brost c51037725a
Merge pull request #9466 from Icinga/flush-temp-files 
Deduplicate and stabilize fragile filesystem transactions
 2023-02-02 16:29:11 +01:00
Julian Brost fd1aa73d25 Fix config sync after freezing namespaces 
This was accidentally broken by #9627 because during config sync, a config
validation happens that uses `--define System.ZonesStageVarDir=...` which fails
on the now frozen namespace.

This commit changes this to use `Internal.ZonesStageVarDir` instead. After all,
this is used for internal functionality, users should not directly interact
with this flag.

Additionally, it no longer freezes the `Internal` namespace which actually
allows using `Internal.ZonesStageVarDir` in the first place. This also fixes
`--define Internal.Debug*` which was also broken by said PR. Freezing of the
`Internal` namespace is not necessary for performance reasons as it's not
searched implicitly (for example when accessing `globals.x`) and should users
actually interact with it, they should know by that name that they are on their
own.
 2023-02-01 12:29:47 +01:00
Alexander A. Klimov b92fe23469 Deduplicate and stabilize fragile filesystem transactions 
by using AtomicFile so they ensure all or nothing of a file gets replaced.
 2023-01-27 12:03:56 +01:00
Yonas Habteab 5a67ddea76 Don't post-increment stl iterators 2023-01-26 09:10:49 +01:00
Yonas Habteab 8bb0b857d8 ApiListener: Fix memory leak & group `a || b && c` correctly 2023-01-26 09:10:49 +01:00
Alexander Aleksandrovič Klimov bb99106926
Merge pull request #7863 from Icinga/bugfix/disallow-receiving-ticket-salt-via-api 
Disallow fetching the ticket salt via REST API
 2023-01-25 16:39:30 +01:00
Julian Brost 5fea15e090
Merge pull request #7958 from Icinga/bugfix/api-500-404-7956 
/v1/actions/*: return 404 if no objects found
 2023-01-24 15:08:17 +01:00
Michael Friedrich 4d57de2a1a Hide TicketSalt in /v1/variables 2023-01-20 12:38:18 +01:00
Julian Brost 1c066fc02e Simplify NamespaceValue class hierarchy to one struct without member functions 
This commit removes EmbeddedNamespaceValue and ConstEmbeddedNamespaceValue and
reduces NamespaceValue down to a simple struct without inheritance or member
functions. The code from these clases is inlined into the Namespace class. The
class hierarchy determining whether a value is const is moved to an attribute
of NamespaceValue.

This is done in preparation for changes to the locking in the Namespace class.
Currently, it relies on a recursive mutex. In the future, a shared mutex
(read/write lock) should be used instead, which cannot allow recursive locking
(without failing or risk deadlocking on lock upgrades). With this change, all
operations requiring a lock for one operation are within one function, no
recursive locking is not needed any more.
 2023-01-19 17:55:11 +01:00
Julian Brost 0294c174a4
Merge pull request #9594 from Icinga/8834 
ConfigObjectUtility::GetObjectConfigPath(): just return paths of existing objects
 2023-01-09 13:49:58 +01:00
Alexander A. Klimov e1bb085b0f ConfigObjectUtility::DeleteObjectHelper(): only delete _api files 
to restore the behavior before the previous commit. Otherwise we'd delete all
API object's child objects' files including applied child object rules in /etc.
 2023-01-05 18:05:31 +01:00
Julian Brost dd51997c73
Merge pull request #9624 from Icinga/9618 
Make compilable on Boost v1.81
 2023-01-05 15:32:22 +01:00
Alexander A. Klimov 99c2d69dc8 Handle boost::beast::http::basic_fields#operator[]() signature change (v1.81) 
Use always working std::string(x), not broken x.to_string().
(x is a return value.)
 2023-01-05 11:18:20 +01:00
Alexander Aleksandrovič Klimov ca328627cd
Merge pull request #9537 from Icinga/replace-some-raw-pointer-with-intrusive-ptr 
FilterUtility: Replace some nested raw pointers by `unique_ptr<>*`
 2022-12-06 13:07:24 +01:00
Alexander A. Klimov 83021f8231 CONTEXT: use << everywhere to unify usages 2022-11-30 11:06:51 +01:00
Alexander A. Klimov 145ee890df Just get paths from existing objects for modification and deletion 
instead of computing from scratch if they're in the _api package.

For now this changes literally nothing as paths of existing objects still follow
the scheme of paths of new objects which didn't change. Now Icinga only doesn't expect
existing objects at particular paths. However, with the latter in v2.14+ (agent,
satellite) we can just change the path scheme of new objects in v2.16+ (master)
as we wish. The child nodes will just follow the new scheme of paths of new objects.
 2022-11-28 16:39:16 +01:00
Yonas Habteab c1f73fbc1d FilterUtility: Replace some nested raw pointers by our `unique_ptr<X>*` 2022-11-28 14:50:54 +01:00
Alexander Aleksandrovič Klimov 363f4d3fde
Merge pull request #9408 from Icinga/bugfix/match-api-permissions-against-join-relations 
ObjectQueryHandler: Check user permissions on joined relations
 2022-10-11 13:42:27 +02:00
Yonas Habteab 72e6894bbb Evaluate permission filters also on all joined relations 2022-10-10 12:33:33 +02:00
Yonas Habteab 607f7ab5ca ObjectQueryHandler: Check user permissions on joined relations 2022-10-10 12:33:33 +02:00
Yonas Habteab 1bb2d65a8d FilterUtility: Outsource permission matching from CheckPermission() to a separate method 2022-10-10 12:33:33 +02:00
Yonas Habteab 28c29c1fbc Don't allow to change object parent,host/service_name at runtime 2022-09-09 18:26:28 +02:00
Julian Brost 178aaaeca9
Merge pull request #9332 from Icinga/bugfix/compare-cluster-tickets-in-constant-time 
Compare cluster tickets in constant time
 2022-04-11 15:32:32 +02:00
Julian Brost b24a2fa2a5
Merge pull request #9179 from Icinga/Al2Klimov-patch-3 
Let new cluster certificates expire after 397 days, not 15 years
 2022-04-11 15:29:05 +02:00
Julian Brost 0e880048ee
Merge pull request #7961 from Icinga/bugfix/startup-log 
Place startup.log and status in /var/lib/icinga2/api, not /var/lib/icinga2/api/zones-stage
 2022-04-11 14:41:07 +02:00
Alexander A. Klimov b15763bd86 Compare cluster tickets in constant time 
Just to be sure.
 2022-04-11 11:17:05 +02:00
Alexander A. Klimov 08a23f4035 Write also /var/lib/icinga2/api/zones-stage-startup-last-failed.log 
in addition to /var/lib/icinga2/api/zones-stage-startup.log
to prevent the next success to overwrite the last failure.
 2022-04-11 11:14:42 +02:00
Alexander A. Klimov c9e4c016e0 Protect ApiListener#m_SSLContext with a mutex 2022-04-11 11:02:45 +02:00
Alexander A. Klimov e490883577 Renew certificates also periodically 2022-04-11 11:02:39 +02:00
Alexander A. Klimov ce6d1b8961 Place startup.log and status in /var/lib/icinga2/api, not /var/lib/icinga2/api/zones-stage 
not to loose them.
 2022-04-07 11:24:24 +02:00
Alexander A. Klimov 3753f86c80 ApiListener#Start(): auto-renew own cert if CA owner 
otherwise that particular cert would expire.
 2022-04-04 12:13:31 +02:00
Alexander A. Klimov 6d470a3ca5 Introduce ApiListener#RenewCert() 2022-04-04 12:12:31 +02:00
Yonas Habteab 6193a911bf ConfigStagesHandler: Don't allow concurrent package updates anymore 
To prevent Icinga2 from being restarted while
one or more requests are still in progress and end up
as corrupted stages without status file and startup logs.
 2022-03-30 09:42:22 +02:00
Yonas Habteab 362adcab1a ConfigPackageUtility: Don't reset ongoing package updates on config validation success and process is going to be reloaded 2022-03-30 09:42:22 +02:00
Alexander A. Klimov 9be2eb8e5e Introduce IsCertUptodate() 2022-03-29 16:47:23 +02:00
Alexander A. Klimov 5f2e021390 Request certificate renewal also master2->master1 
not only sat->master to prevent master2's certificate from expiring.
 2022-03-29 16:47:23 +02:00
Yonas Habteab a0607aceff Fix compiler warnings don't move local variables 2022-02-22 17:51:43 +01:00
Yonas Habteab 361807f7a9
Adjust incosistent pki log messages (#8965) 2021-11-22 16:06:55 +01:00
Alexander A. Klimov 3bf180a341 Fix typo 
refs #8766
 2021-10-08 10:27:35 +02:00
Alexander Aleksandrovič Klimov 3aa2289c59
Merge pull request #8946 from Icinga/bugfix/old-packages 
ConfigPackageUtility::ValidatePackageName(): always tolerate already existing packages
 2021-08-02 20:27:27 +02:00
Alexander A. Klimov 57df803e35 ConfigPackageUtility::ValidatePackageName(): always tolerate already existing packages 
... not to require migrating invalid ones.
 2021-08-02 15:40:14 +02:00
Alexander A. Klimov c1df4b70f5 ConfigPackageUtility::PackageExists(): accept invalid package names, too 2021-08-02 15:40:14 +02:00
Alexander A. Klimov c666f81361 De-couple package and stage name validation 2021-08-02 15:40:14 +02:00
Alexander A. Klimov 504fdda76c Introduce DEFAULT_CONNECT_TIMEOUT 2021-07-27 21:57:02 +02:00
Alexander A. Klimov 7f7637c9b8 Introduce DEFAULT_TLS_CIPHERS and DEFAULT_TLS_PROTOCOLMIN 2021-07-22 11:12:33 +02:00
Alexander A. Klimov 80a1128ec7 Introduce SetupSslContext() 2021-07-22 11:12:33 +02:00
Julian Brost 9f43c143d7
Merge pull request from GHSA-98wp-jc6q-x5q5 
API: hide ApiListener#ticket_salt
 2021-07-15 11:13:35 +02:00
Alexander A. Klimov 07d768f166 API: hide ApiListener#ticket_salt 2021-07-02 16:29:53 +02:00