Commit message (Collapse) | Author | Age | Files | Lines | |
---|---|---|---|---|---|
* | Revert "Bjorncs/endpoint auth type" | Morten Tokle | 2023-06-23 | 1 | -6/+4 |
| | |||||
* | Order tokens | Bjørn Christian Seime | 2023-06-22 | 1 | -4/+6 |
| | |||||
* | randomized endpoint cert pool (#27488) | Andreas Eriksen | 2023-06-22 | 19 | -128/+733 |
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * randomized endpoint cert pool * test name format * recordify EndpointCertificateMetadata * save randomized id to cert * assigned randomized endpoint cert to app when flag is set * remove assigned certs from ready pool * skip validation of SANs for randomized certs * remove unused clock * reminder to assign randomized certs at application level * remove getters, move comments to record constructor * camel case field name * CertPoolMaintainer -> CertificatePoolMaintainer * fix enum names * randomIdentifier -> generateRandomId * Wire maintainer * Add PooledCertificateSerializer * Use PooledCertificate * Remove unused enum * exclude all cert pool ids from cleanup * don't set randomizedId in mock * use SecureRandom for id generation * fix NodesV2ApiTest * add cert request method without applicationId * remove unused import * assert on generated key names, remove unused clock * remove unused import * don't use : in ckms prefix! * entirely remove application id from cert provider interface * use correct key prefix in handler too * Assign certificate to application from pool * PooledCertificate -> UnassignedCertificate * Read/write AssignedCertificate everywhere --------- Co-authored-by: Martin Polden <mpolden@mpolden.no> | ||||
* | Merge pull request #27505 from vespa-engine/mortent/rename-fingerprint | Morten Tokle | 2023-06-22 | 2 | -4/+4 |
|\ | | | | | Rename fingerprints -> versions | ||||
| * | created-at -> created | Morten Tokle | 2023-06-21 | 2 | -2/+2 |
| | | |||||
| * | Rename fingerprints -> versions | Morten Tokle | 2023-06-21 | 2 | -3/+3 |
| | | |||||
* | | Add authentication method to endpoint list | Morten Tokle | 2023-06-22 | 9 | -18/+56 |
|/ | |||||
* | Avoid blocking the single dispatch thread | jonmv | 2023-06-20 | 2 | -6/+6 |
| | |||||
* | Update test JSON | jonmv | 2023-06-20 | 1 | -61/+61 |
| | |||||
* | Add enclave cloud account to runs response | jonmv | 2023-06-20 | 3 | -4/+13 |
| | |||||
* | Ignore pinned apps when computing confidence | jonmv | 2023-06-19 | 1 | -5/+5 |
| | |||||
* | Merge pull request #27440 from vespa-engine/bjorncs/cloud-token-authz-model | Bjørn Christian Seime | 2023-06-16 | 1 | -2/+1 |
|\ | | | | | Bjorncs/cloud token authz model | ||||
| * | Simplify token domain definition | Bjørn Christian Seime | 2023-06-16 | 1 | -8/+1 |
| | | |||||
| * | Use correct token domain | Bjørn Christian Seime | 2023-06-15 | 1 | -2/+8 |
| | | |||||
* | | Merge pull request #27442 from vespa-engine/mortent/add-token-endpoint | Morten Tokle | 2023-06-16 | 5 | -8/+71 |
|\ \ | | | | | | | Add token endpoint | ||||
| * | | Simplify test | Morten Tokle | 2023-06-16 | 1 | -81/+6 |
| | | | |||||
| * | | Add token endpoint | Morten Tokle | 2023-06-16 | 5 | -8/+146 |
| | | | |||||
* | | | Merge pull request #27437 from vespa-engine/mortent/include-tokens-cfg-deploy | Harald Musum | 2023-06-16 | 2 | -2/+4 |
|\ \ \ | |/ / |/| | | Include dataplane tokens on deploy | ||||
| * | | Include dataplane tokens on deploy | Morten Tokle | 2023-06-15 | 2 | -2/+4 |
| | | | |||||
* | | | Limit DNS updates to endpoints targeting current deployment | Martin Polden | 2023-06-16 | 2 | -63/+129 |
| |/ |/| | |||||
* | | Merge pull request #27438 from ↵ | Bjørn Christian Seime | 2023-06-15 | 1 | -2/+1 |
|\ \ | | | | | | | | | | | | | vespa-engine/vekterli/use-fixed-derivation-context-for-token-fingerprints Simplify token API by using fixed context for fingerprints | ||||
| * | | Simplify token API by using fixed context for fingerprints | Tor Brede Vekterli | 2023-06-15 | 1 | -2/+1 |
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Fingerprints are now always derived using the a fixed context of `Vespa token fingerprint`. Enforcement has been added that a `TokenDomain` cannot be initialized with a context equal to the fingerprint context. This changes the fingerprint outputs from their previous values, but that's fine since they are not yet in use anywhere. | ||||
* | | | Merge pull request #27434 from ↵ | Jon Marius Venstad | 2023-06-15 | 5 | -20/+43 |
|\ \ \ | |/ / |/| | | | | | | | | vespa-engine/jonmv/cloud-account-in-deployment-v1-api Add cloud account details in /deployment/v1 as well | ||||
| * | | Add cloud account details in /deployment/v1 as well | jonmv | 2023-06-15 | 5 | -20/+43 |
| |/ | |||||
* / | Stop creating legacy application endpoints names | Martin Polden | 2023-06-15 | 4 | -46/+17 |
|/ | |||||
* | Merge pull request #27389 from vespa-engine/mortent/dataplane-token-api | Morten Tokle | 2023-06-14 | 7 | -2/+370 |
|\ | | | | | API to generate/list/delete dataplane tokens | ||||
| * | Update hash bytes | Morten Tokle | 2023-06-14 | 1 | -2/+3 |
| | | |||||
| * | API to generate/list/delete dataplane tokens | Morten Tokle | 2023-06-12 | 7 | -2/+369 |
| | | |||||
* | | Merge pull request #27373 from vespa-engine/ogronnesby/enclave-in-deployment | Øyvind Grønnesby | 2023-06-13 | 4 | -1/+316 |
|\ \ | | | | | | | Return if a deployment job is in enclave | ||||
| * | | Test deployment with enclave | Øyvind Grønnesby | 2023-06-12 | 3 | -0/+307 |
| | | | |||||
| * | | Return if a deployment job is in enclave | Øyvind Grønnesby | 2023-06-12 | 1 | -1/+9 |
| | | | |||||
* | | | Change message | Harald Musum | 2023-06-12 | 4 | -14/+14 |
| | | | |||||
* | | | Change message when service is not up and running with new config | Harald Musum | 2023-06-12 | 4 | -14/+14 |
| |/ |/| | |||||
* | | When all targets are inactive, there is not iterator.next later | jonmv | 2023-06-12 | 1 | -10/+3 |
|/ | |||||
* | Merge pull request #27370 from vespa-engine/jonmv/stream-packages-down | Jon Marius Venstad | 2023-06-12 | 2 | -13/+6 |
|\ | | | | | Avoid closing stream prematurely | ||||
| * | Avoid closing stream prematurely | jonmv | 2023-06-12 | 2 | -13/+6 |
| | | |||||
* | | Fix issue where deployment does not work first time | Harald Musum | 2023-06-09 | 1 | -1/+1 |
|/ | |||||
* | Stream app packages for download | jonmv | 2023-06-09 | 2 | -9/+20 |
| | |||||
* | Merge pull request #27352 from ↵ | Jon Marius Venstad | 2023-06-08 | 2 | -7/+7 |
|\ | | | | | | | | | vespa-engine/jonmv/redo-truncated-app-package-streams Keep only meta data in truncated package by default | ||||
| * | Keep only meta data in truncated package by default | jonmv | 2023-06-08 | 2 | -7/+7 |
| | | |||||
* | | Merge pull request #27314 from vespa-engine/mpolden/ignore-non-active-lbs | Morten Tokle | 2023-06-07 | 11 | -115/+66 |
|\ \ | |/ |/| | Avoid maintaining routing policies for non-active load balancers | ||||
| * | Avoid maintaining routing policies for non-active load balancers | Martin Polden | 2023-06-06 | 11 | -115/+66 |
| | | | | | | | | | | | | When deactivating a deployment, the config server moves the load balancer to inactive. Since the LB was still present, we kept its routing policy (and DNS record) even though both should've been removed. | ||||
* | | Merge pull request #27307 from vespa-engine/leandroalves/cluster-architecture | Valerij Fredriksen | 2023-06-06 | 3 | -6/+22 |
|\ \ | |/ |/| | Add architecture to cluster resource | ||||
| * | Update tests | leandroalves | 2023-06-06 | 2 | -6/+13 |
| | | |||||
| * | Add architecture to cluster resource | leandroalves | 2023-06-06 | 1 | -0/+9 |
| | | |||||
* | | Use primitive type | Martin Polden | 2023-06-06 | 1 | -1/+1 |
|/ | |||||
* | Fix routing APi test after change to mock zone | jonmv | 2023-06-02 | 1 | -2/+2 |
| | |||||
* | Revert signature | jonmv | 2023-06-02 | 1 | -1/+2 |
| | |||||
* | Allow parallell cloud accounts in dep-spec, and simply some usages | jonmv | 2023-06-02 | 8 | -60/+80 |
| | |||||
* | Merge pull request #27256 from vespa-engine/mpolden/prefer-latest-gen | Jon Bratseth | 2023-06-01 | 1 | -1/+1 |
|\ | | | | | Prefer latest generation with fallback to older |