The deprecated flags and config fields kept for the SQLite migration period (v1.4.0) have been removed along with all automatic migration code for BoltDB secondary storage, file-based audit logs, file-based discovery service snapshots, and circular buffer machine logs.
Signed-off-by: Oguz Kilcan <oguz.kilcan@siderolabs.com>
Change the interceptor order to move the Prometheus metrics collector earlier, so that we can get metrics for the calls that fail early. Related to siderolabs/omni#1606.
Additionally, ensure that `get` access to the `AuthConfig` resource does not require a GRPC signature.
Signed-off-by: Utku Ozdemir <utku.ozdemir@siderolabs.com>
It was using tabs instead of spaces for the `docker-compose.override.yml` file template.
Signed-off-by: Artem Chernyshev <artem.chernyshev@talos-systems.com>
default / e2e-backups (push) Blocked by required conditions
default / e2e-cluster-import (push) Blocked by required conditions
default / e2e-forced-removal (push) Blocked by required conditions
default / e2e-omni-upgrade (push) Blocked by required conditions
default / e2e-scaling (push) Blocked by required conditions
default / e2e-short (push) Blocked by required conditions
default / e2e-short-secureboot (push) Blocked by required conditions
default / e2e-templates (push) Blocked by required conditions
default / e2e-upgrades (push) Blocked by required conditions
default / e2e-workload-proxy (push) Blocked by required conditions
The inspector will start on `0.0.0.0:12000` if the compose is started
`WITH_DEBUG=true`.
Signed-off-by: Artem Chernyshev <artem.chernyshev@talos-systems.com>
default / e2e-forced-removal (push) Has been cancelled
default / e2e-omni-upgrade (push) Has been cancelled
default / e2e-scaling (push) Has been cancelled
default / e2e-short (push) Has been cancelled
default / e2e-short-secureboot (push) Has been cancelled
default / e2e-templates (push) Has been cancelled
default / e2e-upgrades (push) Has been cancelled
default / e2e-workload-proxy (push) Has been cancelled
- Bump some deps, namely cosi-runtime and Talos machinery.
- Update `auditState` to implement the new methods in COSI's `state.State`.
- Bump default Talos and Kubernetes versions to their latest.
- Rekres, which brings Go 1.24.5. Also update it in go.mod files.
- Fix linter errors coming from new linters.
Signed-off-by: Utku Ozdemir <utku.ozdemir@siderolabs.com>
This PR implements audit logs. To enable it you have to set the `--audit-log-dir` flag
to a directory where the audit logs will be stored. The audit logs are stored in a JSON format.
Example:
```json
{"event_type":"update","resource_type":"PublicKeys.omni.sidero.dev","event_ts":1722537710182,"event_data":{"user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36","ip_address":"<snip>","user_id":"a19a7a38-1793-4262-a9ef-97bc00c7a155","role":"Admin","email":"useremail@userdomain.com","confirmation_type":"auth0","fingerprint":"15acb974f769bdccd38a4b28f282b78736b80bc7","public_key_expiration":1722565909}}
```
Keep in mind that `event_ts` are in milliseconds instead of seconds.
Field `event_data` contains all relevant information about the event.
To enabled it in the development environment you will have to add the
`--audit-log-dir /tmp/omni-data/audit-logs` line to `docker-compose.override.yml`
or run `generate-certs` again.
For #37
Signed-off-by: Dmitriy Matrenichev <dmitry.matrenichev@siderolabs.com>
Fix the flakiness in `ReplaceControlPlanes` test that was introduced by the recently added `KubernetesNodeAuditController`. This controller changed the Kubernetes node deletion logic to not block the `ClusterMachineTeardownController` for node deletions, as itself would take care of it later.
This causes the replaced control plane node in this test to be removed with a delay, as it is now removed by the audit controller after a grace period.
Improve the assertion between k8s<>Omni nodes by:
- not only asserting the number of nodes but also their names
- adding retries to this assertion, so it would keep trying until the audit controller does its job and removes the node from Kubernetes
- increasing its timeout to give the audit controller enough time (as it gives nodes a grace period of a minute) to remove the node
Signed-off-by: Utku Ozdemir <utku.ozdemir@siderolabs.com>
Start the watch before sending the destroy call to not miss events.
Add support for passing more than a single resource to the call, e.g., `omnictl delete link link-1 link-2 link-3`.
Additionally, bring back the "WatchKind" behavior when `--all` or `--selector` is used, or when the number of resources to be deleted is above a certain size.
Signed-off-by: Utku Ozdemir <utku.ozdemir@siderolabs.com>
Omni is source-available under BUSL.
Signed-off-by: Andrey Smirnov <andrey.smirnov@siderolabs.com>
Co-Authored-By: Artem Chernyshev <artem.chernyshev@talos-systems.com>
Co-Authored-By: Utku Ozdemir <utku.ozdemir@siderolabs.com>
Co-Authored-By: Dmitriy Matrenichev <dmitry.matrenichev@siderolabs.com>
Co-Authored-By: Philipp Sauter <philipp.sauter@siderolabs.com>
Co-Authored-By: Noel Georgi <git@frezbo.dev>
Co-Authored-By: evgeniybryzh <evgeniybryzh@gmail.com>
Co-Authored-By: Tim Jones <tim.jones@siderolabs.com>
Co-Authored-By: Andrew Rynhard <andrew@rynhard.io>
Co-Authored-By: Spencer Smith <spencer.smith@talos-systems.com>
Co-Authored-By: Christian Rolland <christian.rolland@siderolabs.com>
Co-Authored-By: Gerard de Leeuw <gdeleeuw@leeuwit.nl>
Co-Authored-By: Steve Francis <67986293+steverfrancis@users.noreply.github.com>
Co-Authored-By: Volodymyr Mazurets <volodymyrmazureets@gmail.com>
