summaryrefslogtreecommitdiffstats
path: root/controller-server/src
Commit message (Collapse)AuthorAgeFilesLines
* Revert "Bjorncs/endpoint auth type"Morten Tokle2023-06-231-6/+4
|
* Order tokensBjørn Christian Seime2023-06-221-4/+6
|
* randomized endpoint cert pool (#27488)Andreas Eriksen2023-06-2219-128/+733
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * randomized endpoint cert pool * test name format * recordify EndpointCertificateMetadata * save randomized id to cert * assigned randomized endpoint cert to app when flag is set * remove assigned certs from ready pool * skip validation of SANs for randomized certs * remove unused clock * reminder to assign randomized certs at application level * remove getters, move comments to record constructor * camel case field name * CertPoolMaintainer -> CertificatePoolMaintainer * fix enum names * randomIdentifier -> generateRandomId * Wire maintainer * Add PooledCertificateSerializer * Use PooledCertificate * Remove unused enum * exclude all cert pool ids from cleanup * don't set randomizedId in mock * use SecureRandom for id generation * fix NodesV2ApiTest * add cert request method without applicationId * remove unused import * assert on generated key names, remove unused clock * remove unused import * don't use : in ckms prefix! * entirely remove application id from cert provider interface * use correct key prefix in handler too * Assign certificate to application from pool * PooledCertificate -> UnassignedCertificate * Read/write AssignedCertificate everywhere --------- Co-authored-by: Martin Polden <mpolden@mpolden.no>
* Merge pull request #27505 from vespa-engine/mortent/rename-fingerprintMorten Tokle2023-06-222-4/+4
|\ | | | | Rename fingerprints -> versions
| * created-at -> createdMorten Tokle2023-06-212-2/+2
| |
| * Rename fingerprints -> versionsMorten Tokle2023-06-212-3/+3
| |
* | Add authentication method to endpoint listMorten Tokle2023-06-229-18/+56
|/
* Avoid blocking the single dispatch threadjonmv2023-06-202-6/+6
|
* Update test JSONjonmv2023-06-201-61/+61
|
* Add enclave cloud account to runs responsejonmv2023-06-203-4/+13
|
* Ignore pinned apps when computing confidencejonmv2023-06-191-5/+5
|
* Merge pull request #27440 from vespa-engine/bjorncs/cloud-token-authz-modelBjørn Christian Seime2023-06-161-2/+1
|\ | | | | Bjorncs/cloud token authz model
| * Simplify token domain definitionBjørn Christian Seime2023-06-161-8/+1
| |
| * Use correct token domainBjørn Christian Seime2023-06-151-2/+8
| |
* | Merge pull request #27442 from vespa-engine/mortent/add-token-endpointMorten Tokle2023-06-165-8/+71
|\ \ | | | | | | Add token endpoint
| * | Simplify testMorten Tokle2023-06-161-81/+6
| | |
| * | Add token endpointMorten Tokle2023-06-165-8/+146
| | |
* | | Merge pull request #27437 from vespa-engine/mortent/include-tokens-cfg-deployHarald Musum2023-06-162-2/+4
|\ \ \ | |/ / |/| | Include dataplane tokens on deploy
| * | Include dataplane tokens on deployMorten Tokle2023-06-152-2/+4
| | |
* | | Limit DNS updates to endpoints targeting current deploymentMartin Polden2023-06-162-63/+129
| |/ |/|
* | Merge pull request #27438 from ↵Bjørn Christian Seime2023-06-151-2/+1
|\ \ | | | | | | | | | | | | vespa-engine/vekterli/use-fixed-derivation-context-for-token-fingerprints Simplify token API by using fixed context for fingerprints
| * | Simplify token API by using fixed context for fingerprintsTor Brede Vekterli2023-06-151-2/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Fingerprints are now always derived using the a fixed context of `Vespa token fingerprint`. Enforcement has been added that a `TokenDomain` cannot be initialized with a context equal to the fingerprint context. This changes the fingerprint outputs from their previous values, but that's fine since they are not yet in use anywhere.
* | | Merge pull request #27434 from ↵Jon Marius Venstad2023-06-155-20/+43
|\ \ \ | |/ / |/| | | | | | | | vespa-engine/jonmv/cloud-account-in-deployment-v1-api Add cloud account details in /deployment/v1 as well
| * | Add cloud account details in /deployment/v1 as welljonmv2023-06-155-20/+43
| |/
* / Stop creating legacy application endpoints namesMartin Polden2023-06-154-46/+17
|/
* Merge pull request #27389 from vespa-engine/mortent/dataplane-token-apiMorten Tokle2023-06-147-2/+370
|\ | | | | API to generate/list/delete dataplane tokens
| * Update hash bytesMorten Tokle2023-06-141-2/+3
| |
| * API to generate/list/delete dataplane tokensMorten Tokle2023-06-127-2/+369
| |
* | Merge pull request #27373 from vespa-engine/ogronnesby/enclave-in-deploymentØyvind Grønnesby2023-06-134-1/+316
|\ \ | | | | | | Return if a deployment job is in enclave
| * | Test deployment with enclaveØyvind Grønnesby2023-06-123-0/+307
| | |
| * | Return if a deployment job is in enclaveØyvind Grønnesby2023-06-121-1/+9
| | |
* | | Change messageHarald Musum2023-06-124-14/+14
| | |
* | | Change message when service is not up and running with new configHarald Musum2023-06-124-14/+14
| |/ |/|
* | When all targets are inactive, there is not iterator.next laterjonmv2023-06-121-10/+3
|/
* Merge pull request #27370 from vespa-engine/jonmv/stream-packages-downJon Marius Venstad2023-06-122-13/+6
|\ | | | | Avoid closing stream prematurely
| * Avoid closing stream prematurelyjonmv2023-06-122-13/+6
| |
* | Fix issue where deployment does not work first timeHarald Musum2023-06-091-1/+1
|/
* Stream app packages for downloadjonmv2023-06-092-9/+20
|
* Merge pull request #27352 from ↵Jon Marius Venstad2023-06-082-7/+7
|\ | | | | | | | | vespa-engine/jonmv/redo-truncated-app-package-streams Keep only meta data in truncated package by default
| * Keep only meta data in truncated package by defaultjonmv2023-06-082-7/+7
| |
* | Merge pull request #27314 from vespa-engine/mpolden/ignore-non-active-lbsMorten Tokle2023-06-0711-115/+66
|\ \ | |/ |/| Avoid maintaining routing policies for non-active load balancers
| * Avoid maintaining routing policies for non-active load balancersMartin Polden2023-06-0611-115/+66
| | | | | | | | | | | | When deactivating a deployment, the config server moves the load balancer to inactive. Since the LB was still present, we kept its routing policy (and DNS record) even though both should've been removed.
* | Merge pull request #27307 from vespa-engine/leandroalves/cluster-architectureValerij Fredriksen2023-06-063-6/+22
|\ \ | |/ |/| Add architecture to cluster resource
| * Update testsleandroalves2023-06-062-6/+13
| |
| * Add architecture to cluster resourceleandroalves2023-06-061-0/+9
| |
* | Use primitive typeMartin Polden2023-06-061-1/+1
|/
* Fix routing APi test after change to mock zonejonmv2023-06-021-2/+2
|
* Revert signaturejonmv2023-06-021-1/+2
|
* Allow parallell cloud accounts in dep-spec, and simply some usagesjonmv2023-06-028-60/+80
|
* Merge pull request #27256 from vespa-engine/mpolden/prefer-latest-genJon Bratseth2023-06-011-1/+1
|\ | | | | Prefer latest generation with fallback to older