Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Ensure joining nodes are immediately trusted #89

Closed
wants to merge 9 commits into from
Closed

Ensure joining nodes are immediately trusted #89

wants to merge 9 commits into from

Commits on Mar 7, 2024

  1. internal/rest/resources: Clearer error for unsuccessful join attempts 

    Signed-off-by: Max Asnaashari <[email protected]>
    @masnax
    masnax committed Mar 7, 2024
    Configuration menu
    Copy the full SHA
    69fdacb View commit details
    Browse the repository at this point in the history

Commits on Mar 8, 2024

  1. internal/rest/resources: Allow unauthenticated connections to /cluste… 

    …r/1.0

Untrusted systems should still be able to view this non-sensitive
information.

Signed-off-by: Max Asnaashari <[email protected]>
    @masnax
    masnax committed Mar 8, 2024
    Configuration menu
    Copy the full SHA
    5dacfbb View commit details
    Browse the repository at this point in the history

  2. internal/daemon: Apply and update daemon config in StartAPI 

    Returns a copy of the config so that the upcoming non-cluster member
support can utilize it, even though it's set to _ at the moment.

Signed-off-by: Max Asnaashari <[email protected]>
    @masnax
    masnax committed Mar 8, 2024
    Configuration menu
    Copy the full SHA
    84eb892 View commit details
    Browse the repository at this point in the history

  3. internal/trust: Clean up StartAPI 

    This moves some of the logic in StartAPI out into other helpers to make
it easier to read, and prevent duplication of those actions.

This includes detecting when a cluster is finished comparing its schema
version to other members, and obtaining clients for the whole cluster to
send a notification.

Signed-off-by: Max Asnaashari <[email protected]>
    @masnax
    masnax committed Mar 8, 2024
    Configuration menu
    Copy the full SHA
    2efa124 View commit details
    Browse the repository at this point in the history

  4. internal/rest/client: Add SetClusterNotification helper 

    Signed-off-by: Max Asnaashari <[email protected]>
    @masnax
    masnax committed Mar 8, 2024
    Configuration menu
    Copy the full SHA
    1a9763b View commit details
    Browse the repository at this point in the history

  5. internal/rest/resources: Reorganize authentication handlers 

    Moves the authentication handlers out into their own function that is
exported and can be used to facilitate finer control of authentication
per-endpoint.

Additionally adds a new RestrictNotification AccessHandler so that
untrusted endpoints that are re-used for cluster notifications can
restrict those communications only to trusted systems.

Signed-off-by: Max Asnaashari <[email protected]>
    @masnax
    masnax committed Mar 8, 2024
    Configuration menu
    Copy the full SHA
    146534a View commit details
    Browse the repository at this point in the history

  6. internal/rest/resources: Add endpoint for registering local cluster r… 

    …ecords on join

Previously, local records weren't updated until the next heartbeat,
except on the system that handled the join request. This adds a new
method PUT to /cluster which will forward a request to every system,
instructing it to add the newly added node to its store.

As a result, the node forwarding a join request to a leader will no
longer also implicitly trust whoever sent the request, as the token
won't have been validated, and the endpoint does not have
authentication. Join requests now have the RestrictNotification
AccessHandler set so a request sent with the cluster notification flag
will go through authentication.

Lastly, as none of the methods on this endpoint should be called while
the node is uninitialied, `AllowedBeforeInit` is set to false.

Signed-off-by: Max Asnaashari <[email protected]>
    @masnax
    masnax committed Mar 8, 2024
    Configuration menu
    Copy the full SHA
    a363ca8 View commit details
    Browse the repository at this point in the history

  7. internal/daemon: Register cluster members before calling PreJoin or O… 

    …nNewMember

Ensures that each cluster member has actually recorded the joining node
in their local trust store before executing the new-member hooks.

Signed-off-by: Max Asnaashari <[email protected]>
    @masnax
    masnax committed Mar 8, 2024
    Configuration menu
    Copy the full SHA
    5b7f77e View commit details
    Browse the repository at this point in the history

  8. internal/state: Ensure database is open before access 

    Signed-off-by: Max Asnaashari <[email protected]>
    @masnax
    masnax committed Mar 8, 2024
    Configuration menu
    Copy the full SHA
    d0a01c7 View commit details
    Browse the repository at this point in the history