1211 commits

Author	SHA1	Message	Date
Yonas Habteab	5e62e766a8	Avoid copying local variables if possible	2026-01-26 16:03:03 +01:00
Alexander A. Klimov	4ba46f9eb2	Silence compiler warnings about unused parameters ... Every of these parameters exists for a reason. The best we can do is to convince the compiler.	2026-01-23 13:31:01 +01:00
Johannes Schmidt	1505f09ed6	Refactor HttpMessage into generalized templated types ... This adds generalized IncomingHttpMessage and OutgoingHttpMessage templates that support different types of streams (via a std::variant) and can both be used for either requests or responses. The tacked on metadata from the old HttpRequest and server connection from the old HttpServerConnection have been moved to HttpApi(Request|Response) classes that derive from the above generalized message types.	2026-01-22 17:20:32 +01:00
Johannes Schmidt	a0f603f608	Update names of HttpRequest and HttpResponse	2026-01-22 12:41:21 +01:00
Egor-OSSRevival	0d32ae3159	docs: Remove 'queue' parameter requirement from event stream document… (#10495) ... * docs: Remove 'queue' parameter requirement from event stream documentation * Update AUTHORS	2026-01-07 14:51:26 +01:00
Julian Brost	dc09713ac4	Merge pull request #10350 from Icinga/unittest-certificate-verification ... Test internal cert generation & verification process	2026-01-07 12:00:28 +01:00
Yonas Habteab	0b2f22ce40	tlsutility: make cert ts configurable & use ASN1_TIME_compare for comparison	2025-12-04 13:01:48 +01:00
Julian Brost	fa3063d148	IsValidHeaderValue: use front()/back() instead of iterators ... Don't ask me why I wasn't thinking of the very basic front() and back() methods when writing this code. Does exactly the same here, but is much more straight-forward than the extra iterator detour.	2025-12-03 11:09:44 +01:00
Julian Brost	985db970bb	Allow to set extra headers in HTTP responses ... Use case: Allow settings headers like Strict-Transport-Security if one likes. How this headers would benefit the Icinga 2 API is questionable, but there are security scanners that see HTTPS and complain about it, so this gives an easy way to make them happy (with this probably being the only benefit).	2025-11-28 16:19:19 +01:00
Julian Brost	aca67f6d88	HttpUtility: add functions for validating HTTP header names and values	2025-11-28 16:19:19 +01:00
Johannes Schmidt	a2e0ce426f	Fix -Wunused-variable warnings	2025-11-19 12:00:58 +01:00
Johannes Schmidt	8ef1604f72	Fix -Wunused-but-set-variable warnings (clang)	2025-11-19 12:00:58 +01:00
Johannes Schmidt	93e69ed0e8	Fix -Wsign-compare warnings	2025-11-19 12:00:58 +01:00
Johannes Schmidt	9a69dd9a45	Use 64bit unsigned integer for Replay log timestamps	2025-11-19 09:41:13 +01:00
Alexander Aleksandrovič Klimov	c25297e26a	Merge pull request #9729 from Icinga/fix-compiler-warnings-by-removing-unused-variables ... Fix compiler warnings by removing unused variables	2025-10-17 15:12:05 +02:00
Alexander A. Klimov	3d69a31043	Fix compiler warnings by removing unused variables	2025-10-17 09:56:46 +02:00
Julian Brost	56255ac7a6	Merge commit from fork ... Check for permissions when evaluating object filters	2025-10-16 14:13:36 +02:00
Johannes Schmidt	2378b7e121	Remove TicketSalt in VariableQueryHandler as early as possible ... This is to avoid another kind of exploit found by where TicketSalt can be accessed when the object filter is evaluated by checking its name via the local `variable` reference and then `throw`ing it to print it in the error message. Reported-by: julian.brost@icinga.com	2025-10-02 15:51:42 +02:00
Johannes Schmidt	61670d5f23	Add permission checking to script frames and filter utilities	2025-10-02 15:51:38 +02:00
Julian Brost	be2b1a878e	Endpoint expose seconds_processing_messages attribute ... Co-authored-by: Alexander A. Klimov <alexander.klimov@icinga.com>	2025-09-23 11:05:08 +02:00
Julian Brost	e3ee07b5a0	Measure and store message processing time per endpoint ... Co-authored-by: Alexander A. Klimov <alexander.klimov@icinga.com>	2025-09-23 11:05:08 +02:00
Yonas Habteab	5f862ce3bb	HttpServerConnection: use std::chrono for m_Seen	2025-09-12 13:40:36 +02:00
Yonas Habteab	97ad0fc552	Make HTTP livness timout configurable for unittests ... It's annoying to have to wait 10 seconds for the `liveness_disconnect` test to complete, so make the timeout configurable and set it to a way lower value to test the functionality.	2025-09-12 12:54:18 +02:00
Julian Brost	87df80d322	Merge pull request #10516 from Icinga/http-handlers-stream-refactor ... Refactor HTTP connection handling and some handlers to stream responses	2025-08-29 11:33:34 +02:00
Johannes Schmidt	4782ea8a75	Make inherited protected functions of ApiListener public ... This is needed so it's possible to manually add an ApiListener object for the purpose of unit-testing.	2025-08-28 13:22:18 +02:00
Johannes Schmidt	bb75d73012	Refactor ObjectQueryHandler to use new JSON stream encoder	2025-08-28 13:22:18 +02:00
Johannes Schmidt	62b2dadbac	Remove extra parameters from HTTP handler signature ... These parameters are no longer needed since they were only used by EventsHandler which was refactored in an earlier commit.	2025-08-28 13:22:18 +02:00
Johannes Schmidt	d32f04a863	Refactor EventsHandler to stream responses via chunked encoding	2025-08-28 13:22:18 +02:00
Johannes Schmidt	3832bb4296	Use new HTTP message classes in HttpServerConnection and Handlers	2025-08-28 13:22:18 +02:00
Johannes Schmidt	37df843700	Add HttpRequest and HttpResponse classes	2025-08-28 13:22:15 +02:00
Alexander Aleksandrovič Klimov	9905e9af32	Merge pull request #10389 from Icinga/zone-endpoint-order ... Zone#GetEndpoints(): return endpoints in the specified order, not randomly🎲	2025-08-22 10:11:51 +02:00
Alexander Aleksandrovič Klimov	5f2ee6e119	Merge pull request #10393 from Icinga/zone-endpoint-log ... ApiListener#RelayMessageOne(): log🪵 to which Endpoint messages are relayed	2025-08-22 10:11:25 +02:00
Alexander A. Klimov	17b49bd5b6	ApiListener#RelayMessageOne(): log to which Endpoint messages are relayed ... if they're for our parent Zone.	2025-08-15 11:03:55 +02:00
Yonas Habteab	ce3275d27f	Disallow stage deletions during reload ... Once the new worker process has read the config, it also includes a `include */include.conf` statement within the config packages root directory, and from there on we must not allow to delete any stage directory from the config package. Otherwise, when the worker actually evaluates that include statement, it will fail to find the directory where the include file is located, or the `active.conf` file, which is included from each stage's `include.conf` file, thus causing the worker fail. Co-Authored-By: Johannes Schmidt <johannes.schmidt@icinga.com>	2025-07-24 16:02:30 +02:00
Yonas Habteab	1ac4d83963	Use AtomicFile where applicable in ConfigPackageUtility	2025-07-24 10:54:39 +02:00
Yonas Habteab	35f42fa5a3	Handle concurrent config package updates gracefully ... Previously, we used a simple boolean to track the state of the package updates, and didn't reset it back when the config validation was successful because it was assumed that if we successfully validated the config beforehand, then the worker would also successfully reload the config afterwards, and that the old worker would be terminated. However, this assumption is not always true due to a number of reasons that I can't even think of right now, but the most obvious one is that after we successfully validated the config, the config might have changed again before the worker was able to reload it. If that happens, then the new worker might fail to successfully validate the config due to the recent changes, in which case the old worker would remain active, and this flag would still be set to true, causing any subsequent requests to fail with a `423` until you manually restart the Icinga 2 service. So, in order to prevent such a situation, we are additionally tracking the last time a reload failed and allow to bypass the `m_RunningPackageUpdates` flag only if the last reload failed time was changed since the previous request.	2025-07-24 10:54:39 +02:00
Julian Brost	827f85c327	Merge pull request #10387 from Icinga/cnt-msg ... Introduce Endpoint#messages_received_per_type	2025-07-16 17:29:24 +02:00
Johannes Schmidt	82bb636d2b	Use WaitGroup to wait for or abort HTTP requests ... The wait group gets passed to HttpServerConnection, then down to the HttpHandlers. For those handlers that modify the program state, the wait group is locked so ApiListener will wait on Stop() for the request to complete. If the request iterates over config objects, a further check on the state of the wait group is added to abort early and not delay program shutdown. In that case, 503 responses will be sent to the client. Additionally, in HttpServerConnection, no further requests than the one already started will be allowed once the wait group is joining.	2025-06-13 14:48:15 +02:00
Johannes Schmidt	33777f6f3f	Disconnect JSON-RPC clients on ApiListner::Stop()	2025-06-13 14:48:15 +02:00
Johannes Schmidt	00802ed9fa	Stop ApiListener::ListenerCoroutineProc() when Stop() is called	2025-06-13 14:48:11 +02:00
Julian Brost	4e08adc532	Merge pull request #10161 from Icinga/authBYhost-10157 ... ApiListener::UpdateObjectAuthority(): distribute auth. by object's host	2025-06-06 15:03:32 +02:00
Yonas Habteab	3d04eb456a	Merge pull request #10415 from Icinga/abort-no-endpoint-conns ... Abort connections with no valid endpoint	2025-06-02 16:21:46 +02:00
Julian Brost	c253e7eb6e	Merge pull request #10397 from Icinga/activation-priority-10179 ... Checkable#ProcessCheckResult(): discard🗑️ CR or delay its producers shutdown	2025-05-28 12:30:40 +02:00
Alexander A. Klimov	f4691dd054	Require to pass WaitGroup::Ptr to several methods ... Namely: Checkable#ProcessCheckResult() ClusterCheckTask::ScriptFunc() ClusterZoneCheckTask::ScriptFunc() DummyCheckTask::ScriptFunc() ExceptionCheckTask::ScriptFunc() IcingaCheckTask::ScriptFunc() IfwApiCheckTask::ScriptFunc() NullCheckTask::ScriptFunc() PluginCheckTask::ScriptFunc() RandomCheckTask::ScriptFunc() SleepCheckTask::ScriptFunc() IdoCheckTask::ScriptFunc() IcingadbCheck::ScriptFunc() CheckCommand#Execute() Checkable#ExecuteCheck() ClusterEvents::ExecuteCheckFromQueue() ExternalCommandProcessor::Process*CheckResult() ExternalCommandCallback ExternalCommandProcessor::Execute() ExternalCommandProcessor::ExecuteFromFile() ExternalCommandProcessor::ProcessFile() LivestatusQuery#ExecuteCommandHelper() LivestatusQuery#Execute()	2025-05-23 14:53:58 +02:00
Alexander A. Klimov	c7cca7b460	Add a StoppableWaitGroup, and join it on #Stop(), to: ... ApiListener CheckerComponent ExternalCommandListener LivestatusListener	2025-05-23 14:53:58 +02:00
Alexander A. Klimov	77b86bba52	Move l_MyCapabilities -> ApiCapabilities::MyCapabilities	2025-05-23 10:44:16 +02:00
Alexander A. Klimov	6cd83ba2b8	ApiListener::UpdateObjectAuthority(): distribute auth. by object's host ... Pin child objects of hosts (HOST!...) to the same endpoint as the host. This reduces cross-object action latency withing the same host. If all endpoints know this algorithm, we can use it.	2025-05-23 10:44:16 +02:00
Alexander A. Klimov	18f810a1ea	For the same zone, call ApiListener::UpdateObjectAuthority() in icinga::Hello ... after setting remote capabilities. They'll become important for teamwork in a zone.	2025-05-22 15:01:06 +02:00
Alexander Aleksandrovič Klimov	ec2080dcc1	Merge pull request #9731 from Icinga/fix-compiler-warnings-by-copy-constructing-loop-variables-explicitly ... Fix compiler warnings by (copy-)constructing loop variables explicitly or not at all	2025-05-21 14:26:47 +02:00
Alexander A. Klimov	22e75f08fa	Fix compiler warnings by not unnecessarily (copy-)constructing loop variables	2025-05-21 11:36:32 +02:00