Commit message (Collapse) | Author | Age | Files | Lines | |
---|---|---|---|---|---|
* | Replace 'Authentication' with 'Identification' for AuthenticationFilter and ↵ | Bjørn Christian Seime | 2018-04-25 | 5 | -42/+39 |
| | | | | friends | ||||
* | Make dependency on AuthenticationFilter more explicit | Bjørn Christian Seime | 2018-04-25 | 2 | -1/+5 |
| | |||||
* | Add unit test for AWS host certificates | Bjørn Christian Seime | 2018-04-25 | 2 | -7/+34 |
| | |||||
* | Modify AuthorizationFilter to assume AuthenticationFilter is part of filter ↵ | Bjørn Christian Seime | 2018-04-25 | 3 | -14/+11 |
| | | | | chain | ||||
* | Include both identity name and hostname in getName() | Bjørn Christian Seime | 2018-04-25 | 1 | -1/+5 |
| | |||||
* | Add separate node authentication filter | Bjørn Christian Seime | 2018-04-25 | 2 | -0/+54 |
| | |||||
* | Implement toString, equals and hashCode for NodePrincipal | Bjørn Christian Seime | 2018-04-24 | 1 | -0/+24 |
| | |||||
* | Allow us to reset hardwarefailure by passing 'null' over REST | toby | 2018-04-23 | 1 | -2/+2 |
| | |||||
* | Only remove node if docker container and tenant | Valerij Fredriksen | 2018-04-20 | 2 | -4/+24 |
| | |||||
* | Use NodePrincipal in Authorizer to distinguish between identity and hostname | Bjørn Christian Seime | 2018-04-20 | 3 | -79/+97 |
| | |||||
* | Accept Athenz certs from controller in HostAuthenticator | Bjørn Christian Seime | 2018-04-20 | 4 | -18/+77 |
| | | | | | - Change NodePrincipal to better distinguish between different types of identities - Change HostAuthenticator to allow any Athenz identity | ||||
* | Merge pull request #5636 from ↵ | Harald Musum | 2018-04-19 | 2 | -1/+27 |
|\ | | | | | | | | | vespa-engine/bratseth/load-models-in-use-only-in-dev Load the minimal set of models needed in dev | ||||
| * | Load the minimal set of models needed in dev | Jon Bratseth | 2018-04-19 | 2 | -1/+27 |
| | | |||||
* | | Merge pull request #5630 from vespa-engine/bjorncs/configserver-authz-filter | Bjørn Christian Seime | 2018-04-19 | 5 | -23/+322 |
|\ \ | |/ |/| | Bjorncs/configserver authz filter | ||||
| * | Rename TlsPrincipal -> NodePrincipal | Bjørn Christian Seime | 2018-04-19 | 4 | -11/+9 |
| | | |||||
| * | Allow Athenz AWS certificates | Bjørn Christian Seime | 2018-04-19 | 1 | -1/+1 |
| | | |||||
| * | Export package containing TlsPrincipal | Bjørn Christian Seime | 2018-04-19 | 1 | -0/+3 |
| | | |||||
| * | Support Athenz certs from Openstack and Vespa in authorization filter | Bjørn Christian Seime | 2018-04-19 | 4 | -23/+321 |
| | | | | | | | | | | | | - Add HostAuthenticator that resolves node (hostname) from certs - Add TlsPrincipal that represents an authenticated node - Rewrite Authorization filter to use HostAuthenticator | ||||
* | | Allow more than one node in a cluster on same parent host in cd and non-prod | Harald Musum | 2018-04-19 | 3 | -2/+52 |
|/ | |||||
* | Rename getCommonNames -> getSubjectCommonNames | Bjørn Christian Seime | 2018-04-17 | 1 | -1/+1 |
| | |||||
* | Remove apache dep | Valerij Fredriksen | 2018-04-17 | 1 | -2/+1 |
| | |||||
* | Whitelist hostnames in Authorizer | Valerij Fredriksen | 2018-04-17 | 4 | -21/+30 |
| | |||||
* | Merge pull request #5556 from vespa-engine/mpolden/remove-controllerdb | Martin Polden | 2018-04-16 | 1 | -1/+1 |
|\ | | | | | Move all controller persistence to ZooKeeper | ||||
| * | Fix typo | Martin Polden | 2018-04-12 | 1 | -1/+1 |
| | | |||||
* | | Merge pull request #5578 from ↵ | Martin Polden | 2018-04-13 | 1 | -3/+2 |
|\ \ | | | | | | | | | | | | | vespa-engine/mpolden/health-status-use-rotation-name Use rotation FQDN when checking health status | ||||
| * | | Simplify | Martin Polden | 2018-04-13 | 1 | -3/+2 |
| |/ | |||||
* / | Make set node to dirty recursive | Valerij Fredriksen | 2018-04-13 | 6 | -12/+90 |
|/ | |||||
* | Merge pull request #5513 from vespa-engine/smorgrav/aclmaintainer | Torbjørn Smørgrav | 2018-04-12 | 6 | -13/+45 |
|\ | | | | | AclMaintainer with dual stack and cfg/proxy container support | ||||
| * | tokenize arguments to docker exec, simplyfy ports for iptables | toby | 2018-04-11 | 1 | -7/+7 |
| | | |||||
| * | Update RestAPI with trusted ports | toby | 2018-04-10 | 4 | -5/+12 |
| | | |||||
| * | Add trusted ports to the NodeAcl object | toby | 2018-04-09 | 3 | -6/+31 |
| | | |||||
* | | Remove unnecessary override for CD now that cache is enabled by default | Harald Musum | 2018-04-10 | 1 | -2/+1 |
|/ | |||||
* | Merge pull request #5484 from vespa-engine/bratseth/nonfunctional-changes | gjoranv | 2018-04-09 | 2 | -3/+5 |
|\ | | | | | Nonfunctional changes | ||||
| * | Nonfunctional changes | Jon Bratseth | 2018-04-06 | 2 | -3/+5 |
| | | |||||
* | | Merge pull request #5497 from ↵ | Valerij Fredriksen | 2018-04-09 | 3 | -23/+19 |
|\ \ | | | | | | | | | | | | | vespa-engine/freva/make-availabe-for-new-allocations-state-ready Use makeAvailiableForNewAllocations to handle ready state transition | ||||
| * | | Use makeAvailiableForNewAllocations to handle ready state transition | Valerij Fredriksen | 2018-04-08 | 3 | -23/+19 |
| |/ | |||||
* | | Remove unused variables | Harald Musum | 2018-04-08 | 1 | -8/+3 |
| | | |||||
* | | Set lower expiry times for failed nodes in CD | Harald Musum | 2018-04-07 | 1 | -4/+9 |
|/ | |||||
* | Make it possible to configure use of Curator client cache in node repo | Harald Musum | 2018-04-03 | 15 | -23/+30 |
| | |||||
* | Revert "Revert "Only allow Zookeeper access for config servers in hosted Vespa"" | Harald Musum | 2018-04-03 | 4 | -123/+0 |
| | |||||
* | Enforce config server authorization in main | Martin Polden | 2018-03-26 | 5 | -28/+6 |
| | |||||
* | Don't fail with 500 when CN is missing | Bjørn Christian Seime | 2018-03-23 | 1 | -5/+8 |
| | |||||
* | Use helpers in vespa-athenz instead of BouncyCastle | Bjørn Christian Seime | 2018-03-22 | 3 | -53/+16 |
| | |||||
* | Allow proxyhost to access /routing/v1 | Martin Polden | 2018-03-22 | 2 | -9/+19 |
| | |||||
* | Merge pull request #5342 from vespa-engine/mpolden/enforce-authorization | Martin Polden | 2018-03-21 | 3 | -14/+39 |
|\ | | | | | Enforce config server API authorization in CD | ||||
| * | Enforce config server API authorization in CD | Martin Polden | 2018-03-21 | 3 | -14/+39 |
| | | |||||
* | | Improve method names | Jon Bratseth | 2018-03-21 | 1 | -6/+6 |
| | | |||||
* | | Allow applications of the same tenant on the same host when exclusive | Jon Bratseth | 2018-03-21 | 2 | -15/+16 |
| | | |||||
* | | Merge with master | Jon Bratseth | 2018-03-21 | 11 | -51/+61 |
|\ \ | |||||
| * | | Ensure prod node count requirement is respected | Martin Polden | 2018-03-20 | 4 | -22/+52 |
| | | |