Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Auth: Prune pending TLS identities #14261

Open
wants to merge 16 commits into
base: main
Choose a base branch
from
Open

Auth: Prune pending TLS identities #14261

wants to merge 16 commits into from
+257 −132

Commits on Oct 24, 2024

  1. lxd/state: Add LeaderInfo type and function to state. 

    Signed-off-by: Mark Laing <mark.laing@canonical.com>
    @markylaing
    markylaing committed Oct 24, 2024
    Configuration menu
    Copy the full SHA
    be1ec61 View commit details
    Browse the repository at this point in the history

  2. lxd: Set LeaderInfo function in (*Daemon).State. 

    Signed-off-by: Mark Laing <mark.laing@canonical.com>
    @markylaing
    markylaing committed Oct 24, 2024
    Configuration menu
    Copy the full SHA
    2220cde View commit details
    Browse the repository at this point in the history

  3. lxd: Update ACME handlers to use (*State).LeaderInfo. 

    Signed-off-by: Mark Laing <mark.laing@canonical.com>
    @markylaing
    markylaing committed Oct 24, 2024
    Configuration menu
    Copy the full SHA
    7fe7737 View commit details
    Browse the repository at this point in the history

  4. lxd: Update cluster handlers to use (*State).LeaderInfo. 

    Signed-off-by: Mark Laing <mark.laing@canonical.com>
    @markylaing
    markylaing committed Oct 24, 2024
    Configuration menu
    Copy the full SHA
    afbd115 View commit details
    Browse the repository at this point in the history

  5. lxd: Update image sync task to use (*State).LeaderInfo. 

    Signed-off-by: Mark Laing <mark.laing@canonical.com>
    @markylaing
    markylaing committed Oct 24, 2024
    Configuration menu
    Copy the full SHA
    15591e9 View commit details
    Browse the repository at this point in the history

  6. lxd: Update instance handlers to use (*State).LeaderInfo. 

    Signed-off-by: Mark Laing <mark.laing@canonical.com>
    @markylaing
    markylaing committed Oct 24, 2024
    Configuration menu
    Copy the full SHA
    458e458 View commit details
    Browse the repository at this point in the history

  7. lxd: Update operation prune task to use (*State).LeaderInfo. 

    Signed-off-by: Mark Laing <mark.laing@canonical.com>
    @markylaing
    markylaing committed Oct 24, 2024
    Configuration menu
    Copy the full SHA
    5093829 View commit details
    Browse the repository at this point in the history

  8. lxd: Update database patch to use (*State).LeaderInfo. 

    Signed-off-by: Mark Laing <mark.laing@canonical.com>
    @markylaing
    markylaing committed Oct 24, 2024
    Configuration menu
    Copy the full SHA
    07a7c8f View commit details
    Browse the repository at this point in the history

Commits on Oct 25, 2024

  1. lxd/db/cluster: Differentiate errors returned by PendingTLSMetadata. 

    Signed-off-by: Mark Laing <mark.laing@canonical.com>
    @markylaing
    markylaing committed Oct 25, 2024
    Configuration menu
    Copy the full SHA
    b2dd68e View commit details
    Browse the repository at this point in the history

  2. lxd: Remove expired pending TLS identities in token prune task. 

    Signed-off-by: Mark Laing <mark.laing@canonical.com>
    @markylaing
    markylaing committed Oct 25, 2024
    Configuration menu
    Copy the full SHA
    de48dc3 View commit details
    Browse the repository at this point in the history

  3. lxd: Change log level to 'warn' for the token prune task. 

    Also change "id" to "operation" in the log context.

Signed-off-by: Mark Laing <mark.laing@canonical.com>
    @markylaing
    markylaing committed Oct 25, 2024
    Configuration menu
    Copy the full SHA
    11bc5a3 View commit details
    Browse the repository at this point in the history

  4. lxd: Opportunistically remove invalid/expired pending TLS identities. 

    On `POST /1.0/certificates` with a trust_token, the CertificateAddToken
operation associated with the token is cancelled regardless of where it
is invalid/expired. This commit performs the analogous task for pending
TLS identities and removes them if invalid when the token is received.

Signed-off-by: Mark Laing <mark.laing@canonical.com>
    @markylaing
    markylaing committed Oct 25, 2024
    Configuration menu
    Copy the full SHA
    effd497 View commit details
    Browse the repository at this point in the history

  5. lxd: Add internal testing handler to trigger token prune task. 

    Signed-off-by: Mark Laing <mark.laing@canonical.com>
    @markylaing
    markylaing committed Oct 25, 2024
    Configuration menu
    Copy the full SHA
    5792006 View commit details
    Browse the repository at this point in the history

  6. test/suites: Test that expired pending identities are removed when to… 

    …ken is used.

Signed-off-by: Mark Laing <mark.laing@canonical.com>
    @markylaing
    markylaing committed Oct 25, 2024
    Configuration menu
    Copy the full SHA
    1feeb85 View commit details
    Browse the repository at this point in the history

  7. test/suites: Test the token pruning task removes expired pending TLS … 

    …identities.

Signed-off-by: Mark Laing <mark.laing@canonical.com>
    @markylaing
    markylaing committed Oct 25, 2024
    Configuration menu
    Copy the full SHA
    e66dc6f View commit details
    Browse the repository at this point in the history

  8. test/suites: Test token prune task for certificate add token operations. 

    Signed-off-by: Mark Laing <mark.laing@canonical.com>
    @markylaing
    markylaing committed Oct 25, 2024
    Configuration menu
    Copy the full SHA
    5e95847 View commit details
    Browse the repository at this point in the history