Commit message (Collapse) | Author | Age | Files | Lines | |
---|---|---|---|---|---|
* | Update copyright | Jon Bratseth | 2023-10-09 | 79 | -80/+80 |
| | |||||
* | Use consistent timer instance, and set meaningful message timestamps | jonmv | 2023-07-10 | 1 | -6/+6 |
| | |||||
* | Create crypto tool output streams with RW permissions for owner only | Tor Brede Vekterli | 2023-05-02 | 2 | -4/+13 |
| | |||||
* | pick up create flag for put operations | Håvard Pettersen | 2023-04-28 | 1 | -0/+3 |
| | |||||
* | Remove common ConditionalFeedOperation | Henning Baldersheim | 2023-04-27 | 1 | -7/+18 |
| | |||||
* | Unify passing of all feed operations through the various feed apis. | Henning Baldersheim | 2023-04-27 | 1 | -22/+17 |
| | |||||
* | Add a "null-rendering" option to `vespa-visit` | Tor Brede Vekterli | 2023-03-06 | 3 | -1/+51 |
| | | | | | | | | | | This makes it easy to benchmark whether document rendering is a bottleneck when visiting. For instance, large floating point tensor fields are notoriously expensive to render as JSON. This is more accurate than just redirecting the visit output to `/dev/null` as that still requires documents to be rendered before being evicted into the void. | ||||
* | Backport visit slicing to `vespa-visit` CLI tool | Tor Brede Vekterli | 2023-03-01 | 2 | -30/+111 |
| | | | | | | | | | | Allows for efficient parallelization across multiple visitor instances, mirroring the existing support in Document V1. Also clean up some legacy option value parsing code. Note: changing the parsed type for `maxtotalhits` from `int` to `long` is intentional; the internal limit is already a `long` and a cluster may have a lot more than `INT32_MAX` documents. | ||||
* | Batch `vespa-visit` progress file updates | Tor Brede Vekterli | 2023-02-24 | 2 | -31/+57 |
| | | | | | Avoids writing and syncing to disk for every bucket updated. Instead, write every 10 seconds and at process shutdown. | ||||
* | Add JSONL output support to `vespa-visit` CLI tool | Tor Brede Vekterli | 2023-02-23 | 3 | -72/+168 |
| | | | | | JSONL output is enabled via new `--jsonl` argument. Mutually exclusive with `--jsonoutput` and (deprecated) `--xmloutput`. | ||||
* | Correct checks for redirected I/O during interactive token resealing | Tor Brede Vekterli | 2023-02-14 | 1 | -1/+1 |
| | |||||
* | Rename script-utils -> vespa-wrapper | Martin Polden | 2023-02-06 | 1 | -1/+1 |
| | |||||
* | Add missing error count to report | Henning Baldersheim | 2023-02-03 | 1 | -20/+20 |
| | |||||
* | Add an "interactive" token resealing protocol and basic tooling support | Tor Brede Vekterli | 2023-01-31 | 4 | -19/+89 |
| | | | | | | | | | | | | | | Implements a protocol for delegated access to a shared secret key of a token whose private key we do not possess. This builds directly on top of the existing token resealing mechanisms. The primary benefit of the resealing protocol is that none of the data exchanged can reveal anything about the underlying secret. Security note: neither resealing requests nor responses are explicitly authenticated (this is a property inherited from the sealed shared key tokens themselves). It is assumed that an attacker can observe all requests and responses in transit, but cannot modify them. | ||||
* | Json it is.. | Henning Baldersheim | 2023-01-30 | 1 | -1/+1 |
| | |||||
* | Let json be default explicit | Henning Baldersheim | 2023-01-30 | 1 | -2/+2 |
| | |||||
* | Deprecate xml methods | Henning Baldersheim | 2023-01-27 | 4 | -1/+4 |
| | |||||
* | Avoid deprecated apache http 5.2 methods, by adding it to the builder. | Henning Baldersheim | 2023-01-26 | 1 | -1/+1 |
| | |||||
* | Upgrade apache 5.1 => 5.2 and add deprecation suppressions. | Henning Baldersheim | 2023-01-26 | 1 | -0/+1 |
| | |||||
* | Minor code cleanup. | Henning Baldersheim | 2023-01-26 | 1 | -18/+12 |
| | |||||
* | Revert apache 5.1 -> 5.2 | Henning Baldersheim | 2023-01-26 | 1 | -13/+18 |
| | |||||
* | More consistent naming of set/build methods | Henning Baldersheim | 2023-01-25 | 1 | -1/+1 |
| | |||||
* | VespaHttpClientBuilder follow builder pattern and add connect and socket ↵ | Henning Baldersheim | 2023-01-25 | 1 | -2/+1 |
| | | | | timeout to builder. | ||||
* | Bump apache httpclient from 5.1 to 5.2. | Henning Baldersheim | 2023-01-25 | 1 | -17/+13 |
| | |||||
* | Build classic fatjar for standalone use | Bjørn Christian Seime | 2023-01-24 | 3 | -1/+40 |
| | |||||
* | Inline apache http client artifacts in container-apache-http-client-bundle | Bjørn Christian Seime | 2023-01-20 | 1 | -6/+4 |
| | | | | | | Allows container-apache-http-client-bundle to be used on classpath for classic fatjars. Since the bundle is now built with Felix's bundle plugin, there is no need to depend on jdisc_core or manually export through `@PublicApi` annotations. | ||||
* | Support direct tensor rendering | Jon Bratseth | 2023-01-14 | 7 | -25/+54 |
| | |||||
* | Don't embed JARs installed in lib/jars | Bjørn Christian Seime | 2023-01-11 | 1 | -8/+8 |
| | | | | | | Define installed JARs in vespa-3party-jars. Add bundle-plugin goal wrapping maven-shade-plugin's DefaultShader that excludes installed JARs and lists them in manifest's Class-Path instead. | ||||
* | Use ChaCha20-Poly1305 instead of AES-GCM for shared key-based crypto | Tor Brede Vekterli | 2023-01-05 | 2 | -2/+2 |
| | | | | | | | | | | | | | | | | | | | | | This is to get around the limitation where AES GCM can only produce a maximum of 64 GiB of ciphertext for a particular <key, IV> pair before its security properties break down. ChaCha20-Poly1305 does not have any practical limitations here. ChaCha20-Poly1305 uses a 256-bit key whereas the shared key is 128 bits. A HKDF is used to internally expand the key material to 256 bits. To let token based decryption be fully backwards compatible, introduce a token version 2. V1 tokens will be decrypted with AES-GCM 128, while V2 tokens use ChaCha20-Poly1305. As a bonus, cryptographic operations will generally be _faster_ after this cipher change, as we use BouncyCastle ciphers and these do not use any native AES instructions. ChaCha20-Poly1305 is usually considerably faster when running without specialized hardware support. An ad-hoc experiment with a large ciphertext showed a near 70% performance increase over AES-GCM 128. | ||||
* | Support Zstd (un)compression during crypto CLI encryption and decryption | Tor Brede Vekterli | 2023-01-04 | 6 | -5/+93 |
| | | | | | Simplifies working with compressed plaintext, as it removes the need for piping via `unzstd` or using a temporary file. | ||||
* | We have relied on dynamic throttling for 12 years or so. | Henning Baldersheim | 2023-01-03 | 1 | -1/+0 |
| | | | | Time to let the old one go. | ||||
* | add exclusion, avoid embedding huge native libraries | Arne Juul | 2022-12-13 | 1 | -0/+6 |
| | |||||
* | Allow trailing dots in decryption tool key ID | Tor Brede Vekterli | 2022-12-09 | 1 | -1/+1 |
| | | | | Makes it easier to include an explicit key version as part of the ID. | ||||
* | Merge pull request #25115 from vespa-engine/balder/gc-unused-security-tools | Henning Baldersheim | 2022-12-05 | 2 | -0/+110 |
|\ | | | | | GC unused security-tools | ||||
| * | GC unused security-tools | Henning Baldersheim | 2022-12-05 | 2 | -0/+110 |
| | | |||||
* | | Rename short tensor output CLI option | Tor Brede Vekterli | 2022-12-05 | 4 | -11/+10 |
| | | | | | | | | | | `tensor-short-form` -> `shorttensors` to be in line with existing option formatting. | ||||
* | | Add tensor short form output option to vespa-get | Tor Brede Vekterli | 2022-12-05 | 6 | -5/+27 |
| | | |||||
* | | Add tensor short form output option to vespa-visit tool | Tor Brede Vekterli | 2022-12-05 | 4 | -9/+94 |
|/ | | | | | | Specified with `--tensor-short-form`. No single-char option alias, as short form output will be the default on Vespa 9 and we're running out of usable option characters for this tool anyway. | ||||
* | Use latest junit | Henning Baldersheim | 2022-12-02 | 1 | -2/+3 |
| | |||||
* | Move vespa-status-filedistribution to where the other clients are and use a ↵ | Henning Baldersheim | 2022-12-02 | 5 | -0/+412 |
| | | | | common jar file. | ||||
* | Use larger heap and simple throughput GC algorithm | Henning Baldersheim | 2022-12-01 | 1 | -5/+1 |
| | |||||
* | Use latest junit. | Henning Baldersheim | 2022-11-29 | 3 | -16/+16 |
| | |||||
* | Collapse the vespa_feed_perf into the other feed clients. | Henning Baldersheim | 2022-11-29 | 8 | -0/+1443 |
| | |||||
* | Add predicate-search-core as explicit dependency as some of its dependencies ↵ | Henning Baldersheim | 2022-11-29 | 1 | -0/+5 |
| | | | | are explicitly excluded by container-dev | ||||
* | Add vespajlib as explicit comile dependency, as container-dev does alot of ↵ | Henning Baldersheim | 2022-11-29 | 1 | -0/+5 |
| | | | | excludes... | ||||
* | And non-obvious dependency on container-dev due to ↵ | Henning Baldersheim | 2022-11-29 | 1 | -0/+16 |
| | | | | com.yahoo.search.query.profile.DumpTool:wq. | ||||
* | No need to bring in container dependencies in the feeder client. | Henning Baldersheim | 2022-11-28 | 5 | -74/+12 |
| | |||||
* | Cleanup after we no longer use commons-collections | Henning Baldersheim | 2022-11-26 | 1 | -6/+0 |
| | |||||
* | Add standalone runner script for vespa-crypto-cli | Tor Brede Vekterli | 2022-11-21 | 1 | -0/+18 |
| | | | | | | Useful when the script is run in a context where `VESPA_HOME` is not set. Should work both if the script is invoked directly or through a symbolic link. | ||||
* | Support interactive private key entry when not using stdio redirection | Tor Brede Vekterli | 2022-11-18 | 11 | -14/+93 |
| | | | | | | Avoids having to use a file indirection for inputting a private key. Only available when the JVM is running under an interactive console and none of the input/output files use standard streams. |