summaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
* Merge pull request #23529 from akolhun/fix-number-range-parsingv8.22.20Jon Bratseth2022-07-222-0/+10
|\ | | | | Skip number ranges with empty rangeStart and non-numeric rangeEnd
| * skip number ranges with empty rangeStart and non-numeric rangeEndanton kolhun2022-07-212-0/+10
| |
* | Merge pull request #23533 from vespa-engine/bjorncs/capabilities-feature-flagBjørn Christian Seime2022-07-211-0/+8
|\ \ | | | | | | Add feature flag for capability enforcement mode
| * | Add feature flag for capability enforcement modeBjørn Christian Seime2022-07-211-0/+8
|/ /
* | Merge pull request #23532 from vespa-engine/bjorncs/capabilitiesBjørn Christian Seime2022-07-2113-89/+225
|\ \ | | | | | | Bjorncs/capabilities
| * | Force caller to handle failed capability verification checkBjørn Christian Seime2022-07-214-20/+43
| | |
| * | Improve error messageBjørn Christian Seime2022-07-212-2/+2
| | |
| * | Move logic for capability checking/logging to ConnectionAuthContextBjørn Christian Seime2022-07-216-38/+126
| | |
| * | Use getSubjectCommonName()Bjørn Christian Seime2022-07-213-12/+3
| | |
| * | Get ConnectionAuthContext from SSL session after handshake is completeBjørn Christian Seime2022-07-214-40/+74
| |/ | | | | | | | | Bound key-value pairs from SSL handshake session are now copied to the final SSL session object. This simplifies the dataflow - not need to retrieve the instance right after our custom trust manager is invoked.
* | Merge pull request #23530 from ↵Tor Brede Vekterli2022-07-212-315/+0
|\ \ | |/ |/| | | | | vespa-engine/vekterli/remove-ancient-vespamalloc-output-parse-script Remove ancient vespamalloc output parsing script
| * Remove ancient vespamalloc output parsing scriptTor Brede Vekterli2022-07-212-315/+0
|/ | | | Most of the symbols that the script knows about are long, long gone.
* Merge pull request #23528 from vespa-engine/bjorncs/capabilitiesBjørn Christian Seime2022-07-2081-289/+448
|\ | | | | Bjorncs/capabilities [run-systemtest]
| * Include client certificate chain even when authorization is disabledBjørn Christian Seime2022-07-204-7/+14
| |
| * Improve testing of JRT access filteringBjørn Christian Seime2022-07-204-33/+71
| | | | | | | | | | Test that method is not invoked when request is rejected by filter. Move testing of filter accepting request to async- and sync-specific test classes.
| * Implement RequireCapabilitiesFilter in jrt + miscBjørn Christian Seime2022-07-2011-38/+90
| | | | | | | | | | Add peerSpec to Target/Connection. Always provide ConnectionAuthContext. Add helper for creating default, all-granting ConnectionAuthContext.
| * Add to-string helper to ConnectionAuthContextBjørn Christian Seime2022-07-201-1/+38
| |
| * Simplify type definition for subject alternative namesBjørn Christian Seime2022-07-2016-54/+52
| |
| * Add 'X509CertificateUtils.getSubjectCommonName()'Bjørn Christian Seime2022-07-201-1/+7
| |
| * Move generic crypto helpers from 'c.y.s.tls' to 'c.y.s'Bjørn Christian Seime2022-07-2018-36/+22
| |
| * Merge Java package 'c.y.s.tls.{auth,json,policy}' into 'c.y.s.tls'Bjørn Christian Seime2022-07-2038-110/+52
| | | | | | | | Facilitate improved encapsulation of Vespa mTLS related classes
| * Remove empty packageBjørn Christian Seime2022-07-201-8/+0
| |
| * Add 'CapabilitySet.has()' methodsBjørn Christian Seime2022-07-201-0/+3
| |
| * Introduce per method request access filtering to JRTBjørn Christian Seime2022-07-205-2/+67
| |
| * Add environment variable for capabilities enforcement modeBjørn Christian Seime2022-07-202-0/+33
| |
* | Merge pull request #23527 from vespa-engine/aressem/cleanup-el7-rpms-as-wellJon Bratseth2022-07-201-2/+7
|\ \ | | | | | | After switching to el8 / Vespa 8, we stopped cleaning the old Vespa 7…
| * | After switching to el8 / Vespa 8, we stopped cleaning the old Vespa 7 ↵Arnstein Ressem2022-07-201-2/+7
| |/ | | | | | | releases. Need to continue with this except the last 7 release to avoid filling the external public Artifactory instance.
* | Merge pull request #23526 from vespa-engine/add-test-for-exported-packagesJon Bratseth2022-07-204-45/+104
|\ \ | |/ |/| Add test to properly verify all exported packages from jdisc_core
| * Add test to properly verify all exported packages from jdisc_coregjoranv2022-07-204-45/+104
|/ | | | | | | | | | - The integration test generates exportPackages.properties in the same way as the maven execution, reading all the embedded bundles that we re-export packages for. - The failure message shows the difference between expected and actual packages, and a command to reset the expected set in case the change was intentional. - Remove the now obsolete ExportPackagesTestCase.
* Merge pull request #23496 from vespa-engine/bjorncs/capabilitiesv8.21.11Bjørn Christian Seime2022-07-1921-195/+196
|\ | | | | Bjorncs/capabilities
| * Rename method/variable names to match new class nameBjørn Christian Seime2022-07-192-9/+9
| |
| * Include mode in log messageBjørn Christian Seime2022-07-151-3/+4
| |
| * Rename 'toCapabilityNames()' to 'toNames()'Bjørn Christian Seime2022-07-153-3/+3
| |
| * Always run PeerAutorizerBjørn Christian Seime2022-07-159-45/+44
| | | | | | | | | | Interpret empty AuthorizedPeers as granting all capabilities unconditionally. Assume AuthorizedPeers as always present.
| * Rename 'hasAllCapabilities()' => 'hasAll()'Bjørn Christian Seime2022-07-152-2/+2
| |
| * Change type from SortedSet to SetBjørn Christian Seime2022-07-153-9/+5
| |
| * Rename 'succeeded' => 'authorized'Bjørn Christian Seime2022-07-154-6/+6
| |
| * Include full certificate chain in auth contextBjørn Christian Seime2022-07-155-18/+29
| |
| * Return granted capabilities from PeerAuthorizerBjørn Christian Seime2022-07-1515-131/+125
| | | | | | | | Introduce new ConnectionAuthContext as replacement for AuthorizationResult/SecurityContext.
* | Merge pull request #23525 from ↵Tor Brede Vekterli2022-07-191-2/+2
|\ \ | | | | | | | | | | | | vespa-engine/vekterli/avoid-holding-ref-to-generated-op Avoid holding ref to last generated operation
| * | Avoid holding ref to last generated operationTor Brede Vekterli2022-07-191-2/+2
|/ / | | | | | | | | Move ref away to avoid an unneeded refcount bump and avoid leaving behind a lingering strong reference to the last generated operation.
* | Merge pull request #23523 from vespa-engine/aressem/update-rpm-build-vespa8Jo Kristian Bergum2022-07-198-110/+23
|\ \ | | | | | | Remove old rpm build system. Update repo definition.
| * | Point to Vespa 8 development environment.Arnstein Ressem2022-07-191-13/+13
| | |
| * | Remove old rpm build system. Update repo definition.Arnstein Ressem2022-07-187-97/+10
| | |
* | | Merge pull request #23524 from vespa-engine/verify-installed-platform-bundlesJon Bratseth2022-07-193-33/+70
|\ \ \ | | | | | | | | Verify installed platform bundles
| * | | Add reminder for an obvious fact that is still easy to forget.gjoranv2022-07-191-0/+1
| | | |
| * | | Rename and rearrange test helpers, and declare static.gjoranv2022-07-191-36/+35
| | | |
| * | | Add tests for (non-)installed platform bundles.gjoranv2022-07-192-3/+40
|/ / /
* | | Merge pull request #23521 from vespa-engine/bratseth/autoscaling-test-cleanupv8.20.14Jon Bratseth2022-07-189-591/+587
|\ \ \ | | | | | | | | Bratseth/autoscaling test cleanup
| * | | CleanupJon Bratseth2022-07-181-4/+0
| | | |