0294c174a4
Merge pull request #9594 from Icinga/8834
...
ConfigObjectUtility::GetObjectConfigPath(): just return paths of existing objects
2023-01-09 13:49:58 +01:00
e1bb085b0f
ConfigObjectUtility::DeleteObjectHelper(): only delete _api files
...
to restore the behavior before the previous commit. Otherwise we'd delete all
API object's child objects' files including applied child object rules in /etc.
2023-01-05 18:05:31 +01:00
dd51997c73
Merge pull request #9624 from Icinga/9618
...
Make compilable on Boost v1.81
2023-01-05 15:32:22 +01:00
99c2d69dc8
Handle boost::beast::http::basic_fields#operator[]() signature change (v1.81)
...
Use always working std::string(x), not broken x.to_string().
(x is a return value.)
2023-01-05 11:18:20 +01:00
ca328627cd
Merge pull request #9537 from Icinga/replace-some-raw-pointer-with-intrusive-ptr
...
FilterUtility: Replace some nested raw pointers by `unique_ptr<>*`
2022-12-06 13:07:24 +01:00
83021f8231
CONTEXT: use << everywhere to unify usages
2022-11-30 11:06:51 +01:00
145ee890df
Just get paths from existing objects for modification and deletion
...
instead of computing from scratch if they're in the _api package.
For now this changes literally nothing as paths of existing objects still follow
the scheme of paths of new objects which didn't change. Now Icinga only doesn't expect
existing objects at particular paths. However, with the latter in v2.14+ (agent,
satellite) we can just change the path scheme of new objects in v2.16+ (master)
as we wish. The child nodes will just follow the new scheme of paths of new objects.
2022-11-28 16:39:16 +01:00
c1f73fbc1d
FilterUtility: Replace some nested raw pointers by our `unique_ptr<X>*`
2022-11-28 14:50:54 +01:00
363f4d3fde
Merge pull request #9408 from Icinga/bugfix/match-api-permissions-against-join-relations
...
ObjectQueryHandler: Check user permissions on joined relations
2022-10-11 13:42:27 +02:00
72e6894bbb
Evaluate permission filters also on all joined relations
2022-10-10 12:33:33 +02:00
607f7ab5ca
ObjectQueryHandler: Check user permissions on joined relations
2022-10-10 12:33:33 +02:00
1bb2d65a8d
FilterUtility: Outsource permission matching from CheckPermission() to a separate method
2022-10-10 12:33:33 +02:00
28c29c1fbc
Don't allow to change object parent,host/service_name at runtime
2022-09-09 18:26:28 +02:00
178aaaeca9
Merge pull request #9332 from Icinga/bugfix/compare-cluster-tickets-in-constant-time
...
Compare cluster tickets in constant time
2022-04-11 15:32:32 +02:00
b24a2fa2a5
Merge pull request #9179 from Icinga/Al2Klimov-patch-3
...
Let new cluster certificates expire after 397 days, not 15 years
2022-04-11 15:29:05 +02:00
0e880048ee
Merge pull request #7961 from Icinga/bugfix/startup-log
...
Place startup.log and status in /var/lib/icinga2/api, not /var/lib/icinga2/api/zones-stage
2022-04-11 14:41:07 +02:00
b15763bd86
Compare cluster tickets in constant time
...
Just to be sure.
2022-04-11 11:17:05 +02:00
08a23f4035
Write also /var/lib/icinga2/api/zones-stage-startup-last-failed.log
...
in addition to /var/lib/icinga2/api/zones-stage-startup.log
to prevent the next success to overwrite the last failure.
2022-04-11 11:14:42 +02:00
c9e4c016e0
Protect ApiListener#m_SSLContext with a mutex
2022-04-11 11:02:45 +02:00
e490883577
Renew certificates also periodically
2022-04-11 11:02:39 +02:00
ce6d1b8961
Place startup.log and status in /var/lib/icinga2/api, not /var/lib/icinga2/api/zones-stage
...
not to loose them.
2022-04-07 11:24:24 +02:00
3753f86c80
ApiListener#Start(): auto-renew own cert if CA owner
...
otherwise that particular cert would expire.
2022-04-04 12:13:31 +02:00
6d470a3ca5
Introduce ApiListener#RenewCert()
2022-04-04 12:12:31 +02:00
6193a911bf
ConfigStagesHandler: Don't allow concurrent package updates anymore
...
To prevent Icinga2 from being restarted while
one or more requests are still in progress and end up
as corrupted stages without status file and startup logs.
2022-03-30 09:42:22 +02:00
362adcab1a
ConfigPackageUtility: Don't reset ongoing package updates on config validation success and process is going to be reloaded
2022-03-30 09:42:22 +02:00
9be2eb8e5e
Introduce IsCertUptodate()
2022-03-29 16:47:23 +02:00
5f2e021390
Request certificate renewal also master2->master1
...
not only sat->master to prevent master2's certificate from expiring.
2022-03-29 16:47:23 +02:00
a0607aceff
Fix compiler warnings don't move local variables
2022-02-22 17:51:43 +01:00
361807f7a9
Adjust incosistent pki log messages ( #8965 )
2021-11-22 16:06:55 +01:00
3bf180a341
Fix typo
...
refs #8766
2021-10-08 10:27:35 +02:00
3aa2289c59
Merge pull request #8946 from Icinga/bugfix/old-packages
...
ConfigPackageUtility::ValidatePackageName(): always tolerate already existing packages
2021-08-02 20:27:27 +02:00
57df803e35
ConfigPackageUtility::ValidatePackageName(): always tolerate already existing packages
...
... not to require migrating invalid ones.
2021-08-02 15:40:14 +02:00
c1df4b70f5
ConfigPackageUtility::PackageExists(): accept invalid package names, too
2021-08-02 15:40:14 +02:00
c666f81361
De-couple package and stage name validation
2021-08-02 15:40:14 +02:00
504fdda76c
Introduce DEFAULT_CONNECT_TIMEOUT
2021-07-27 21:57:02 +02:00
7f7637c9b8
Introduce DEFAULT_TLS_CIPHERS and DEFAULT_TLS_PROTOCOLMIN
2021-07-22 11:12:33 +02:00
80a1128ec7
Introduce SetupSslContext()
2021-07-22 11:12:33 +02:00
9f43c143d7
Merge pull request from GHSA-98wp-jc6q-x5q5
...
API: hide ApiListener#ticket_salt
2021-07-15 11:13:35 +02:00
07d768f166
API: hide ApiListener#ticket_salt
2021-07-02 16:29:53 +02:00
692f5aa615
Merge pull request #8718 from Icinga/feature/tls-1.3
...
Support TLS 1.3
2021-06-29 17:52:55 +02:00
0e7a05ad7a
Support TLS 1.3
2021-06-29 11:08:47 +02:00
8af66ce44c
Merge pull request #8710 from Icinga/feature/windows-event-log
...
Add support for Windows Event Log and write early log messages to it
2021-06-24 09:19:50 +02:00
1fae2f3974
Merge pull request #8769 from Icinga/bugfix/new-connection-timeout
...
Add timeout for full Icinga connection handshake
2021-06-24 09:18:37 +02:00
2cd9c1d902
Merge pull request #8835 from Icinga/bugfix/api-filename-truncation
...
Fix/restrict truncation of filenames for API-created objects
2021-06-23 12:06:31 +02:00
56060bc8d5
ApiListener: Deprecate tls_handshake_timeout in favor of connect_timeout
2021-06-23 11:21:42 +02:00
84d778580f
Add timeout for all new connections
...
This commit adds a timeout for both establishing new outgoing and incoming
connections. This timeout applies to everything until the connection is in a
state where either JsonRpcConnection or HttpServerConnection takes over.
2021-06-23 11:21:42 +02:00
36ce7d961f
Rename silent parameter of ConfigItem::ActivateItems()
...
As silent now no longer only controls the generation of log messages, a better
name is required. This changes its name, inverts its value to reflect the new
name and adds a documentation comment.
2021-06-21 16:07:36 +02:00
118df982f1
GetObjectConfigPath: only truncate and hash comment and downtime filenames
...
This partially reverts 68a0079c26
2021-06-17 16:21:01 +02:00
e079762c8e
GetObjectPath: ensure use of escaped name in all cases and use TruncateUsingHash()
...
68a0079c26
2021-06-17 16:21:01 +02:00
c40b18ef61
ConfigPackageUtility::ValidateName: replace broken regex
...
The old validation regex matched if the name consists only of invalid
character, not that it does not contain them, i.e. something like "foo/bar" was
considered valid.
This commit replaces the regex with a check that all characters in the name are
allowed characters.
2021-06-15 12:16:54 +02:00
Julian Brost
Alexander A. Klimov
Yonas Habteab
Julian Brost
Noah Hilverling