GitHub: Add workflow actions#501
Closed
ghernadi wants to merge 17 commits into
Closed
Conversation
The requiresAuth gate previously relied on the peer's AccessContext identity being non-public, which is part of the access-control security subsystem that is being removed. Satellites now simply mark the controller peer as authenticated after a successful CtrlAuth handshake, mirroring what the controller already does for satellite peers.
REST basic-auth against LDAP no longer creates security identities or access contexts; it only validates the credentials and remembers the user name on the REST peer for logging. The LINSTOR-native password sign-in (SEC_IDENTITIES based) and the identity/role authorization subsystem are removed.
Script-generated pass: remove AccessDeniedException catches whose body only rethrows, unwrap the remaining try blocks, strip throws clauses, AccessContext/ObjectProtection parameters and fields, requireAccess/ requirePrivileges statements, bare access-context call arguments and security imports. The tree does not compile until the follow-up cleanup commits.
Delete AccessContext, ObjectProtection, ACLs, security types/levels, identities/roles/privileges, their database drivers and loaders, the object-protection repositories, the context qualifier annotations and the security test scaffolding.
Server module compiles again: error reporting loses its access context section and user-name log prefix, the Peer interface loses its access context, debug commands no longer display object protection data, and the generated K8s CRD classes/table generator no longer reference AccessDeniedException.
…ests Repositories become plain map holders (renamed *ProtectionRepository to *RepositoryImpl), object factories no longer create ObjectProtection, database drivers extend AbsDatabaseDriver directly, Guice modules lose their security bindings and the test infrastructure no longer sets up identities, roles or object protection. Everything compiles again and the test suite passes.
Adds an SQL migration dropping the security views and the ten SEC_* tables (children first), and the corresponding K8s CRD migration that deletes all security CRD instances. The regenerated database table constants and GenCrdCurrent (new schema version v1-34-0) no longer contain the security tables. Downgrading to an older LINSTOR version is not possible after this migration ran.
…th probe The SQL database connection test and checkHealth() probed SEC_CONFIGURATION, which no longer exists after the security tables were dropped. Probe PROPS_CONTAINERS instead, which every LINSTOR database has.
Starting an old controller against a database that a newer controller already migrated (for example one that dropped the SEC_* tables) used to fail halfway through loading with obscure errors. DbMigrater now compares the highest applied migration version against the highest migration known to this binary and aborts with a clear error message instead.
CtrlRscDfnAutoVerifyAlgoHelper.manage() discarded the set of resources touched by updateVerifyAlgorithm(). That was harmless as long as the auto-helper chain only ran inside API calls that end with a satellite update of the resource definition anyway (rsc create/delete/toggle-disk), but since the chain also runs after every node full-sync, a recomputed verify algorithm was committed to the database without being deployed to the already connected satellites. After a controller restart/upgrade this left the node whose full-sync triggered the recompute with the new verify-alg while all other nodes kept the old one in their .res files, forcing the DRBD connections between them into StandAlone with no automatic recovery. Set ctx.requiresUpdateFlux when the property changed (set, cleared or removed), so CtrlRscAutoHelper pushes the update to all nodes of the resource definition. Callers that already deploy resources are unaffected: fluxUpdateApplied prevents a duplicate update.
Run tests, checkstyle and ErrorProne checks for all future PRs.
ghernadi
force-pushed
the
gh/github-action-testing
branch
from
July 13, 2026 12:38
ef315b4 to
9519a4e
Compare
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Run tests, checkstyle and ErrorProne checks for all future PRs.