Commit Graph

286 Commits

Author SHA1 Message Date
Felipe Lalanne
fdb37191e7 Fix broken IPAM network validation
Network validaton was failing to identify a bad IPAM network
configuration leading to supervisor failures (see #1618)

Change-type: patch
Closes: #1618
2021-04-09 17:49:09 -04:00
Felipe Lalanne
d0762298a5 Update mocha options for recursive test lookup
Mocha will now recursively lookup *.spec.ts files under the `test/` folder
2021-04-09 13:02:29 -04:00
Miguel Casqueira
6860c50646 Skip localmode test suite
These tests have been failing and prevent new tests from passing

Signed-off-by: Miguel Casqueira <miguel@balena.io>
2021-04-08 17:34:27 -04:00
Miguel Casqueira
204475d3dc Improved mutable (/data) file system detection
Change-type: patch
Closes: #1609
Signed-off-by: Miguel Casqueira <miguel@balena.io>
2021-04-08 17:34:27 -04:00
Christina Wang
31effed426 Prevent unintended image removal when calling purge endpoints to remove volumes
Using safeStateClone within doPurge to applyIntermediateTarget after
successful volume purge has led to various type deficiencies being revealed
in common.js. Add several inline types in common.js to satisfy
the type checker (credit: Page <page@balena.io>). Delete common.d.ts
since it's not required and might mistakenly mask true I/O types of
functions in common.js.

Closes: #1611
Change-type: patch
Signed-off-by: Christina Wang <christina@balena.io>
2021-04-05 12:10:09 +00:00
Miguel Casqueira
ecbe9ee9f9 Patch list volumes to always return an array
Change-type: patch
Closes: #1636
Signed-off-by: Miguel Casqueira <miguel@balena.io>
2021-04-01 20:31:09 -04:00
Matthew McGinn
f9a157c9ec typos: seperate -> separate
mainly to get the docs one, but figured i could hit them all

Change-type: patch
Signed-off-by: Matthew McGinn <matthew@balena.io>
2021-03-17 14:27:53 -04:00
Miguel Casqueira
183ea88a2a Infer legacy Volumes that do not have the supervised label
Change-type: patch
Closes: #1604
Signed-off-by: Miguel Casqueira <miguel@balena.io>
2021-03-15 19:46:53 -04:00
Christina Wang
8948bde02a
Merge branch 'master' into v1-healthcheck-stub-fix 2021-02-19 11:07:33 +09:00
Miguel Casqueira
ec23d1d371 Refactor checkTruthy to return more predictable values
Change-type: patch
Closes: #1595
Signed-off-by: Miguel Casqueira <miguel@balena.io>
2021-02-18 12:36:42 -05:00
Christina Wang
2953f313e6
Call restore for each healthcheck stub in v1 tests
Signed-off-by: Christina Wang <christina@balena.io>
Change-type: patch
2021-02-18 20:22:41 +09:00
Christina Wang
4e206e9c1a
Complete POST /v1/purge unit tests
Connects-to: #1327
Signed-off-by: Christina Wang <christina@balena.io>
2021-02-18 12:25:44 +09:00
Christina Wang
b3b1d47b34
Complete /v1/device/host-config unit tests, modify PATCH route
Change-type: minor
Signed-off-by: Christina Wang <christina@balena.io>
2021-02-18 12:25:44 +09:00
Christina Wang
f748c1a8e7
Add POST /v1/regenerate-api-key unit tests
Signed-off-by: Christina Wang <christina@balena.io>
2021-02-18 12:25:44 +09:00
Christina Wang
6e5c553c3f
Write POST /v1/blink unit test
Signed-off-by: Christina Wang <christina@balena.io>
2021-02-18 12:25:43 +09:00
Robert Günzler
f009d3a3e9
Fix gpu label support
The device request object was created with untouched fields left unset. When
comparing state to determine if a transition is required this would
result in a mismatch between:

    {
      Driver: '',
      Count: 1,
      DeviceIDs: null,
      Capabilities: [Array],
      Options: null
    }

and

    {
      Count: 1,
      Capabilities: [Array],
    }

Which in turn resulted in the target service being continously restarted.
The fix is to instantiate the object in full.

Connects-to: https://github.com/balena-io/balena-supervisor/issues/1449
Connects-to: ae646a07ec
Change-type: patch
Signed-off-by: Robert Günzler <robertg@balena.io>
2021-02-09 11:27:03 +01:00
Miguel Casqueira
ba1c857c4f Cancel pending apply target after /v1/update request
Closes: #1530
Change-type: patch
Signed-off-by: Miguel Casqueira <miguel@balena.io>
2021-01-20 22:21:14 -05:00
Felipe Lalanne
4aa8090a56 Add support for BALENA_HOST_SPLASH_IMAGE config
Setting this this variable to a base64 encoded string will replace the splash
image on the device by rewriting `/mnt/boot/splash/balena-logo.png`.
This will also make a copy of the default balena logo so the splash can
be restored if the variable is removed.

Change-type: minor
Signed-off-by: Felipe Lalanne <felipe@balena.io>
2021-01-06 15:11:31 -03:00
Felipe Lalanne
e66a775c15 Move required configuration check to Backend
The `ensureRequiredOverlay` function is currently ran for any backend,
at this moment this causes no issue, since most configuration backends
are defined per single device type. However, with the option to modify splash
images, which is available for all device types, the function would add
unwanted configuration vars to the splash image configuration. Moving it
to the config txt backend solves this issue.
2021-01-05 18:30:07 -03:00
Felipe Lalanne
4cdf26f82f Improve supervisor API behavior when locks are set
This PR adds the following

* Supervisor v1 API application actions now return HTTP status code 423 when locks
  are preventing the action to be performed. Previously this resulted in a
  503 error
* Supervisor API v2 service actions now returns HTTP status code 423 when locks are
  preventing the action to be performed. Previously, this resulted in an
  exception logged by the supervisor and the API query timing out
* Supervisor API `/v2/applications/:appId/start-service` now does not
  check for a lock. Lock handling in v2 actions is now performed by each
  step executor
* `/v1/apps/:appId/start` now queries the target state and uses that
  information to execute the start step (as v2 does). Previously start
  resulted in `cannot get appId from undefined`
* Extra tests for API methods

Change-type: patch
Connects-to: #1523
Signed-off-by: Felipe Lalanne <felipe@balena.io>
2020-12-14 10:43:41 -03:00
Miguel Casqueira
8b37df492b Patched /v1/restart exception
Change-type: patch
Closes: #1509
Signed-off-by: Miguel Casqueira <miguel@balena.io>
2020-11-30 15:42:49 -05:00
Miguel Casqueira
7a4473f65b Added test case for /v1/restart API
Change-type: patch
Signed-off-by: Miguel Casqueira <miguel@balena.io>
2020-11-30 15:42:49 -05:00
Miguel Casqueira
733a2c5dc0 Consolidated Supervisor API tests into clearer files
Change-type: patch
Signed-off-by: Miguel Casqueira <miguel@balena.io>
2020-11-30 15:42:49 -05:00
Rich Bayliss
02aeb4fc1c fix: Scoped keys breaking livepush with existing cloud images on the device
Closes: #1512
Change-type: patch
Signed-off-by: Rich Bayliss <rich@balena.io>
2020-11-16 12:55:40 -05:00
Felipe Lalanne
e4e895630f Ensure the first target state request is applied
During first time run of the supervisor, the target state is queried
by `reportInitialEnv`. Since this happens early on the initialization
process, this target state report is missed by any listeners and this
can lead to the initial target state not beeing applied (see #1455).

This PR ensures that target state is re-emitted if there were no
listeners setup on call to update.

Change-type: patch
Signed-off-by: Felipe Lalanne <felipe@balena.io>
Connects-to: #1455
2020-11-13 10:19:27 -03:00
Rich Bayliss
591598e102
fix: Scoped keys not working in LocalMode
Some endpoints filter data based on the scope of the API key
used to make the request. When in LocalMode the check was not
being made correctly and all apps were considered out of scope.

Change-type: patch
Signed-off-by: Rich Bayliss <rich@balena.io>
2020-11-11 10:58:58 +00:00
Cameron Diver
f08316dc57 Allow storing commits against their appIds
This paves the way for running multiple applications and storing
information related to the application against the application itself. A
couple of hacks have been added to v1 and v2 endpoints to maintain
compatability but these should eventually be removed with the addition
of a v3 api.

Change-type: minor
Signed-off-by: Cameron Diver <cameron@balena.io>
2020-11-10 10:50:08 +00:00
Miguel Casqueira
cd0d53c39d Add more test coverage for compose/images
Closes: #1492
Change-type: patch
Signed-off-by: Miguel Casqueira <miguel@balena.io>
2020-11-03 13:08:41 -05:00
Felipe Lalanne
01477e41b8 Mount docker socket under /host/run for services
Currently, when the label `io.balena.features.balena-socket` is set,
the balena engine socket is mounted under `/run/balena-engine.sock`.

This causes a problem when using systemd inside the container, since
this service remounts `/run` and `/run/lock` as tmpfs, causing the
socket to become unavailable.

Making a mount of the socket into `/host/run` solves this issue. This is
the same approach taken with DBUS.

Change-type: patch
Signed-off-by: Felipe Lalanne <felipe@balena.io>
Connects-to: #1494
2020-10-29 15:54:31 -03:00
Cameron Diver
9d19a45701 Use root mount point to find device-type.json
Change-type: patch
Signed-off-by: Cameron Diver <cameron@balena.io>
2020-10-28 13:03:40 +00:00
Felipe Lalanne
f5183df356 Change source of deviceType to device-type.json
The source of truth for the device-type should be
device-type.json instead of config.json

Change-type: patch
Signed-off-by: Felipe Lalanne <felipe@balena.io>
Connects-to: #1472
2020-10-27 09:40:18 -03:00
Miguel Casqueira
77333f1e11 Fixed evaluating if updates are needed to reach target state
Closes: #1476
Change-type: patch
Signed-off-by: Miguel Casqueira <miguel@balena.io>
2020-10-26 14:54:04 -04:00
Felipe Lalanne
dd5f62227a Improve calculation for used system memory
The memory information reported by the supervisor currently
estimates the value of used memory as `MemTotal - MemFree`.
However, linux systems will try to cache and buffer as much
memory as possible, which will affect the output of `MemFree`
(from /proc/meminfo) and in consequence the memory usage seen
by the user on the dashboard, which will appear much greater than
it is.

The correct calculation should be `MemTotal - MemFree - Buffers - Cached`,
which the calculation performed by `htop` and the `free` commands.

Change-type: patch
Signed-off-by: Felipe Lalanne <felipe@balena.io>
Connects-to: #1471
2020-10-14 13:15:17 -03:00
Cameron Diver
a2ceb5c931 Refactor system information filtering
Change-type: patch
Signed-off-by: Cameron Diver <cameron@balena.io>
2020-10-12 15:44:07 +01:00
Cameron Diver
9e0c99e797 tests: Clean up and consistify naming scheme
Change-type: patch
Signed-off-by: Cameron Diver <cameron@balena.io>
2020-10-12 14:41:21 +01:00
Cameron Diver
975129188a Remove superfluous current state reporting code from api-binder
Change-type: patch
Signed-off-by: Cameron Diver <cameron@balena.io>
2020-10-12 11:53:19 +01:00
Matthew McGinn
8e65466f2d version: drop SUPERVISOR_VERSION env var
In order to make supervisor upgrades more transparent, lets move away
from this env var since it requires a container restart any time the supervisor
is upgraded. We should ultimately move towards providing the supervisors
set of capabilities, but that can come later

Connects-to: #1447
Change-type: major
Signed-off-by: Matthew McGinn <matthew@balena.io>
2020-09-29 11:22:30 -04:00
Felipe Lalanne
a5f3002e70 Fix config checks for ConfigFS backend
When trying to apply SSDT overlays in Up Board, the supervisor currently
gets stuck in a loop trying to apply target state. See #1465

This was due to a bug in parsing the configuration, which lead to
the method bootConfigChangeRequired returning true when no change was
needed.

Change-type: patch
Signed-off-by: Felipe Lalanne <felipe@balena.io>
Connects-to: #1465
2020-09-24 16:45:57 -03:00
Rich Bayliss
c08de8701e api: Implement scoped Supervisor API keys
Each service, when requesting access to the Supervisor API, will
now get an individual key which can be scoped to specific resources.
In this iteration the default scope will be to the application that
the service belongs to.

We also have a `global` scope which is used by the cloud API when in
managed mode.

Change-type: patch
Signed-off-by: Rich Bayliss <rich@balena.io>
2020-09-17 11:25:56 +00:00
Miguel Casqueira
07e644d0b6 Refactor extra_uEnv backend to match with more devices
Change-type: patch
Signed-off-by: Miguel Casqueira <miguel@balena.io>
2020-09-15 14:19:59 -04:00
Rich Bayliss
96c68166a1
application-manager: Convert to a singleton
Change-type: patch
Signed-off-by: Rich Bayliss <rich@balena.io>
Signed-off-by: Cameron Diver <cameron@balena.io>
2020-09-14 11:23:36 +01:00
Rich Bayliss
e3864915bc
device-state: Convert to a singleton
Change-type: patch
Signed-off-by: Rich Bayliss <rich@balena.io>
Signed-off-by: Cameron Diver <cameron@balena.io>
2020-09-14 09:31:12 +01:00
Rich Bayliss
d50f7791e1
api-binder: Convert to a singleton
Change-type: patch
Signed-off-by: Rich Bayliss <rich@balena.io>
Signed-off-by: Cameron Diver <cameron@balena.io>
2020-09-14 09:31:12 +01:00
Miguel Casqueira
662826d349 added support for configuring ODMDATA
Closes: 1206
Change-type: minor
Signed-off-by: Miguel Casqueira <miguel@balena.io>
2020-08-29 09:05:27 -04:00
Miguel Casqueira
7ea49bf4fb Preventing removing all configurations if device has no backends
Closes: #1437
Change-type: patch
Signed-off-by: Miguel Casqueira <miguel@balena.io>
2020-08-24 13:41:17 -04:00
Cameron Diver
de4c1b2538 Don't enforce the vc4-fkms-v3d dtoverlay on rpi4
Change-type: patch
Closes: #1404
Signed-off-by: Cameron Diver <cameron@balena.io>
2020-08-20 10:21:02 +01:00
Pagan Gazzard
379730a9e1 Update typed-error to 3.x
Update typed-error from 2.0.0 to 3.2.1

Change-type: patch
2020-08-19 10:07:54 +01:00
Miguel Casqueira
1d62209505 Refactor device-config to support configuring multiple backends
Signed-off-by: Miguel Casqueira <miguel@balena.io>
2020-08-12 15:05:03 -04:00
Miguel Casqueira
ff404456b3 Refactor configurable backend class names
Change-type: patch
Signed-off-by: Miguel Casqueira <miguel@balena.io>
2020-08-12 14:29:58 -04:00
Rich Bayliss
5aecd94e24
bug: Firewall not blocking supervisor access from outside the device
Change-type: patch
Signed-off-by: Rich Bayliss <rich@balena.io>
2020-08-12 13:43:33 +01:00
Rich Bayliss
e9b536a889
bug: Allow DNS through firewall for local containers
We provide a local DNS server for containers to use and this
was not allowed through the firewall when enabled.

Change-type: patch
Signed-off-by: Rich Bayliss <rich@balena.io>
2020-08-11 15:17:06 +01:00
Pagan Gazzard
511cbbe74e Update pinejs-client-request and make use of a named key
Update pinejs-client-request from 7.0.0 to 7.1.0

Change-type: patch
2020-08-03 09:27:11 +00:00
Nitish Agarwal
11cac2dd69 Fixes #1299 v1 start/stop endpoint issue with service access.
Change-Type: patch
Signed-off-by: Nitish Agarwal <1592163+nitishagar@users.noreply.github.com>
2020-07-31 23:08:50 +05:30
Miguel Casqueira
0999f57fa8 fix duplicate test file index
Signed-off-by: Miguel Casqueira <miguel@balena.io>
2020-07-30 14:07:00 -04:00
Miguel Casqueira
9b37ce96f9 fix matching extra_uEnv backend with unsupported devices
Change-type: patch
Signed-off-by: Miguel Casqueira <miguel@balena.io>
2020-07-30 14:04:37 -04:00
Matthew McGinn
15c57a86b4
fix up "atleast" -> "at least"
Change-type: patch
Signed-off-by: Matthew McGinn <matthew@balena.io>
2020-07-29 11:55:22 -04:00
Miguel Casqueira
cac2e3612c Support setting device/fleet configuration in extra_uEnv.txt
Closes: #1385
Change-Type: minor
Signed-off-by: Miguel Casqueira <miguel@balena.io>
2020-07-28 16:36:16 -04:00
Pagan Gazzard
eeda7e3ab1 Extract current state reporting to its own module
Change-type: minor
2020-07-24 17:35:17 +01:00
dt-rush
41987d8e76 log detection of changes to VPN status
Change-type: patch
Signed-off-by: dt-rush <nickp@balena.io>
2020-07-23 19:20:59 -04:00
Rich Bayliss
6ef3bd2362
docker-utils: Test network gateway determination logic
Change-type: patch
Signed-off-by: Rich Bayliss <rich@balena.io>
2020-07-22 13:17:16 +01:00
Rich Bayliss
898c7e71da
bug: Fix unhandled promise rejection
When invoking iptables-restore it can fail. This wasn't handled
and this makes sure that it fails gracefully.

Change-type: patch
Signed-off-by: Rich Bayliss <rich@balena.io>
2020-07-13 13:05:12 +01:00
Cameron Diver
5337c0102c Convert deviceConfig module to a singleton
Change-type: patch
Signed-off-by: Cameron Diver <cameron@balena.io>
2020-07-08 12:05:09 +01:00
Cameron Diver
03ca0ee9ad
avahi: Control with HOST_DISCOVERABILITY
The host config variable HOST_DISCOVERABILITY can be set to
true or false, controlling the state of the avahi service. This
determines if the device advertises it's presence over mDNS.

Change-type: patch
Signed-off-by: Cameron Diver <cameron@balena.io>
Signed-off-by: Rich Bayliss <rich@balena.io>
2020-07-06 13:02:29 +01:00
Rich Bayliss
28c5a44e71
firewall: Add Host Firewall functionality
Controlled by BALENA_HOST_FIREWALL_MODE, the firewall can
either be 'on' or 'off'.

- In the 'off' state, all traffic is allowed.
- In the 'on' state, only traffic for the core services provided
  by Balena is allowed.

Change-type: patch
Signed-off-by: Rich Bayliss <rich@balena.io>
2020-07-01 18:43:08 +01:00
Miguel Casqueira
59fc589eb2 Added support for configuring FDT directive in extlinux.conf
Change-type: minor
Signed-off-by: Miguel Casqueira <miguel@balena.io>
2020-06-23 15:56:10 -04:00
Miguel Casqueira
3098abeca5 Refactor backends into seperate files and added tests for extlinux
Signed-off-by: Miguel Casqueira <miguel@balena.io>
2020-06-23 15:56:10 -04:00
Miguel Casqueira
7a27b6c671 Refactor device-config tests styling
Signed-off-by: Miguel Casqueira <miguel@balena.io>
2020-06-23 15:56:10 -04:00
Rich Bayliss
1b91ef3405
state: Report device MAC address to the API
When reporting device information, send the MAC address of any
interfaces on the system. Also expose in the Supervisor API at
the route GET /v1/device.

Change-type: patch
Signed-off-by: Rich Bayliss <rich@balena.io>
2020-06-22 10:41:06 +01:00
Cameron Diver
0e8d92e08a Make service-manager module a singleton
Change-type: patch
Signed-off-by: Cameron Diver <cameron@balena.io>
2020-06-17 14:56:57 +00:00
Cameron Diver
adaad786af Make volume-manager module a singleton
Change-type: patch
Signed-off-by: Cameron Diver <cameron@balena.io>
2020-06-17 14:56:57 +00:00
Cameron Diver
8fc97b9de8 Make network-manager module a singleton
Change-type: patch
Signed-off-by: Cameron Diver <cameron@balena.io>
2020-06-17 14:56:57 +00:00
Akis Kesoglou
1dccbaecd8 Use API v6
See: https://github.com/balena-io/open-balena/issues/80
Change-type: minor
2020-06-15 13:57:32 +03:00
Robert Günzler
ae646a07ec Add label to expose gpu to container
In the absence of an upstream implementation of the DeviceRequest API introduced
as part of Docker API v1.40 we roll our own using a feature label.

As per my comment in the code, we fall back to the default behavior of
docker cli's `--gpu` and request single device with the `gpu` capabilty.
The only implementation at the moment is the NVIDIA driver; here:
https://github.com/balena-os/balena-engine/blob/master/daemon/nvidia_linux.go

Background on the composefile implementation:
https://github.com/compose-spec/compose-spec/issues/74
https://github.com/docker/compose/issues/6691

Change-type: patch
Connects-to: https://github.com/balena-os/balena-jetson/pull/75
Signed-off-by: Robert Günzler <robertg@balena.io>
2020-06-11 14:06:16 +02:00
Cameron Diver
b31d5007fb Move database app processing out to its own module
This is part of the work to make the application-manager module much
less monolithic, in preperation for system apps and more generally
multi-app.

Change-type: patch
Signed-off-by: Cameron Diver <cameron@balena.io>
2020-06-11 11:55:11 +01:00
Cameron Diver
2b3dc2fbce Make images module a singleton
Change-type: patch
Signed-off-by: Cameron Diver <cameron@balena.io>
2020-06-10 11:29:28 +01:00
Miguel Casqueira
ffe814e447 Refactored @ts-ignore to @ts-expect-error in test file
Change-type: patch
Signed-off-by: Miguel Casqueira <miguel@balena.io>
2020-06-08 13:24:19 -04:00
Cameron Diver
651e48b1bd Make logger module a singleton
Change-type: patch
Signed-off-by: Cameron Diver <cameron@balena.io>
2020-06-08 17:19:20 +01:00
Cameron Diver
389e14ec6b Make the event-tracker module a singleton
Change-type: patch
Signed-off-by: Cameron Diver <cameron@balena.io>
2020-06-08 10:13:33 +01:00
Miguel Casqueira
9fc2e86322 Convert all test files to TS and add .spec to all filenames
Change-type: patch
Signed-off-by: Miguel Casqueira <miguel@balena.io>
2020-06-05 18:34:24 -04:00
Pagan Gazzard
17a5d8dd49 Isolate target state fetching to its own module which emits on update
Change-type: minor
2020-06-03 17:37:38 -04:00
Cameron Diver
aad20e2c2f Make docker module a singleton
Change-type: patch
Signed-off-by: Cameron Diver <cameron@balena.io>
2020-06-02 17:57:18 +01:00
Cameron Diver
ff4a31a0e6 Make the config module a singleton
Change-type: patch
Co-authored-by: Pagan Gazzard <page@balena.io>
Signed-off-by: Cameron Diver <cameron@balena.io>
2020-06-02 14:29:05 +01:00
Miguel Casqueira
5550a3a330 Refactor device-state healthchecks to log reason for failure
Closes: #1292
Change-type: minor
Signed-off-by: Miguel Casqueira <miguel@balena.io>
2020-05-29 16:24:01 -04:00
Miguel Casqueira
ef83acdaeb Refactor api-binder healthchecks to log reason for failure
Signed-off-by: Miguel Casqueira <miguel@balena.io>
2020-05-29 16:14:58 -04:00
Miguel Casqueira
f494178b2b Added test coverage for GET /v1/healthy
Signed-off-by: Miguel Casqueira <miguel@balena.io>
2020-05-29 16:14:15 -04:00
Cameron Diver
1d7381327e Make the db module a singleton
We were treating the database class as a singleton, but still having to pass
around the db instance. Now we can simply require the db module and have
access to the database handle.

Change-type: patch
Signed-off-by: Cameron Diver <cameron@balena.io>
2020-05-29 15:02:38 +01:00
Cameron Diver
eaaa9c257e check for 409 status code, rather than string matching uuid conflicts
Change-type: patch
Signed-off-by: Cameron Diver <cameron@balena.io>
2020-05-21 14:57:26 -04:00
Miguel Casqueira
db7c27037c Improved handling of invalid appId in V2 state endpoint
Closes: #1294
Change-type: patch
Signed-off-by: Miguel Casqueira <miguel@balena.io>
2020-05-19 10:53:19 -04:00
Miguel Casqueira
466c7999db Remove CoffeeScript tests and all CoffeeScript tools
Closes: #1318
Change-Type: patch
Signed-off-by: Miguel Casqueira <miguel@balena.io>
2020-05-15 13:01:51 -04:00
Pagan Gazzard
758f3caa48 Update to @balena/lint 5.x
Change-type: patch
2020-05-15 12:08:42 +01:00
Miguel Casqueira
838c1ebba4 Correctly check if value is a valid Integer
Closes: #1180
Change-type: patch
Signed-off-by: Miguel Casqueira <miguel@balena.io>
2020-05-12 12:42:14 -04:00
Miguel Casqueira
8295858b32 Added endpoint to check if VPN is connected
Change-type: minor
Signed-off-by: Miguel Casqueira <miguel@balena.io>
2020-05-11 21:21:44 -04:00
Miguel Casqueira
f6aa4dd015 Fixed stubs for test suite
Closes: #1280
Change-type: patch
Signed-off-by: Miguel Casqueira <miguel@balena.io>
2020-05-11 18:16:22 -04:00
Pagan Gazzard
913418bb37 Remove unnecessary config.json keys
Change-type: patch
2020-05-08 12:56:42 +01:00
Miguel Casqueira
60c07fc2fc Move SupervisorAPI state change logs to appropriate functions
Closes: #1277
Change-type: patch
Signed-off-by: Miguel Casqueira <miguel@balena.io>
2020-05-07 13:48:12 -04:00
Cameron Diver
31957566e5 Remove legacy fallback to DROP rule in iptables
This has not been necessary for a long time, and wwe can now remove it.

Change-type: patch
Signed-off-by: Cameron Diver <cameron@balena.io>
2020-05-05 12:15:19 +01:00
Cameron Diver
7b1f03ced5 Add an ESTABLISHED flag to API iptables rules
This allows a response to an input with dport=`supevisor api port` and
is required when the host OS is doing stateful firewalling.

This should not affect things when stateful firewalling is not in
effect, as the standard OUTPUT chain policy is ACCEPT, so we're just
being explicit about it.

Change-type: patch
Backport-to: next, current, sunset
Signed-off-by: Cameron Diver <cameron@balena.io>
2020-05-05 12:15:12 +01:00
Miguel Casqueira
2007a98940 Added Bearer Authorization spec
Closes: #1249
Change-type: minor
Signed-off-by: Miguel Casqueira <miguel@balena.io>
2020-05-04 13:22:58 -04:00
Miguel Casqueira
698435a5c8 Added spec for current auth implementation
Signed-off-by: Miguel Casqueira <miguel@balena.io>
2020-05-04 10:49:09 -04:00
Cameron Diver
a43d71d1ac 📄 Upgrade knex to avoid CVE-2019-10757
Change-type: patch
Signed-off-by: Cameron Diver <cameron@balena.io>
2020-04-15 13:37:50 +01:00