Skip to content

GitHub: Add workflow actions#501

Closed
ghernadi wants to merge 17 commits into
masterfrom
gh/github-action-testing
Closed

GitHub: Add workflow actions#501
ghernadi wants to merge 17 commits into
masterfrom
gh/github-action-testing

Conversation

@ghernadi

Copy link
Copy Markdown
Contributor

Run tests, checkstyle and ErrorProne checks for all future PRs.

rp- and others added 17 commits July 9, 2026 16:24
The requiresAuth gate previously relied on the peer's AccessContext
identity being non-public, which is part of the access-control security
subsystem that is being removed. Satellites now simply mark the
controller peer as authenticated after a successful CtrlAuth handshake,
mirroring what the controller already does for satellite peers.
REST basic-auth against LDAP no longer creates security identities or
access contexts; it only validates the credentials and remembers the
user name on the REST peer for logging. The LINSTOR-native password
sign-in (SEC_IDENTITIES based) and the identity/role authorization
subsystem are removed.
Script-generated pass: remove AccessDeniedException catches whose body
only rethrows, unwrap the remaining try blocks, strip throws clauses,
AccessContext/ObjectProtection parameters and fields, requireAccess/
requirePrivileges statements, bare access-context call arguments and
security imports. The tree does not compile until the follow-up
cleanup commits.
Delete AccessContext, ObjectProtection, ACLs, security types/levels,
identities/roles/privileges, their database drivers and loaders, the
object-protection repositories, the context qualifier annotations and
the security test scaffolding.
Server module compiles again: error reporting loses its access context
section and user-name log prefix, the Peer interface loses its access
context, debug commands no longer display object protection data, and
the generated K8s CRD classes/table generator no longer reference
AccessDeniedException.
…ests

Repositories become plain map holders (renamed *ProtectionRepository to
*RepositoryImpl), object factories no longer create ObjectProtection,
database drivers extend AbsDatabaseDriver directly, Guice modules lose
their security bindings and the test infrastructure no longer sets up
identities, roles or object protection. Everything compiles again and
the test suite passes.
Adds an SQL migration dropping the security views and the ten SEC_*
tables (children first), and the corresponding K8s CRD migration that
deletes all security CRD instances. The regenerated database table
constants and GenCrdCurrent (new schema version v1-34-0) no longer
contain the security tables. Downgrading to an older LINSTOR version
is not possible after this migration ran.
…th probe

The SQL database connection test and checkHealth() probed
SEC_CONFIGURATION, which no longer exists after the security tables were
dropped. Probe PROPS_CONTAINERS instead, which every LINSTOR database has.
Starting an old controller against a database that a newer controller
already migrated (for example one that dropped the SEC_* tables) used
to fail halfway through loading with obscure errors. DbMigrater now
compares the highest applied migration version against the highest
migration known to this binary and aborts with a clear error message
instead.
CtrlRscDfnAutoVerifyAlgoHelper.manage() discarded the set of resources
touched by updateVerifyAlgorithm(). That was harmless as long as the
auto-helper chain only ran inside API calls that end with a satellite
update of the resource definition anyway (rsc create/delete/toggle-disk),
but since the chain also runs after every node full-sync, a recomputed
verify algorithm was committed to the database without being deployed to
the already connected satellites.

After a controller restart/upgrade this left the node whose full-sync
triggered the recompute with the new verify-alg while all other nodes
kept the old one in their .res files, forcing the DRBD connections
between them into StandAlone with no automatic recovery.

Set ctx.requiresUpdateFlux when the property changed (set, cleared or
removed), so CtrlRscAutoHelper pushes the update to all nodes of the
resource definition. Callers that already deploy resources are
unaffected: fluxUpdateApplied prevents a duplicate update.
Run tests, checkstyle and ErrorProne checks for all future PRs.
@ghernadi
ghernadi force-pushed the gh/github-action-testing branch from ef315b4 to 9519a4e Compare July 13, 2026 12:38
@ghernadi ghernadi closed this Jul 13, 2026
@ghernadi
ghernadi deleted the gh/github-action-testing branch July 13, 2026 15:57
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants