diff --git a/cmd/incusd/api_cluster.go b/cmd/incusd/api_cluster.go index 25e7b1b1ae5..67658fbbd40 100644 --- a/cmd/incusd/api_cluster.go +++ b/cmd/incusd/api_cluster.go @@ -79,36 +79,6 @@ var clusterNodeStateCmd = APIEndpoint{ Post: APIEndpointAction{Handler: clusterNodeStatePost, AccessHandler: allowPermission(auth.ObjectTypeServer, auth.EntitlementCanEdit)}, } -var internalClusterAcceptCmd = APIEndpoint{ - Path: "cluster/accept", - - Post: APIEndpointAction{Handler: internalClusterPostAccept, AccessHandler: allowPermission(auth.ObjectTypeServer, auth.EntitlementCanEdit)}, -} - -var internalClusterRebalanceCmd = APIEndpoint{ - Path: "cluster/rebalance", - - Post: APIEndpointAction{Handler: internalClusterPostRebalance, AccessHandler: allowPermission(auth.ObjectTypeServer, auth.EntitlementCanEdit)}, -} - -var internalClusterAssignCmd = APIEndpoint{ - Path: "cluster/assign", - - Post: APIEndpointAction{Handler: internalClusterPostAssign, AccessHandler: allowPermission(auth.ObjectTypeServer, auth.EntitlementCanEdit)}, -} - -var internalClusterHandoverCmd = APIEndpoint{ - Path: "cluster/handover", - - Post: APIEndpointAction{Handler: internalClusterPostHandover, AccessHandler: allowPermission(auth.ObjectTypeServer, auth.EntitlementCanEdit)}, -} - -var internalClusterRaftNodeCmd = APIEndpoint{ - Path: "cluster/raft-node/{address}", - - Delete: APIEndpointAction{Handler: internalClusterRaftNodeDelete, AccessHandler: allowPermission(auth.ObjectTypeServer, auth.EntitlementCanEdit)}, -} - // swagger:operation GET /1.0/cluster cluster cluster_get // // Get the cluster configuration diff --git a/cmd/incusd/api_internal.go b/cmd/incusd/api_internal.go index ffe35027749..afc91d15633 100644 --- a/cmd/incusd/api_internal.go +++ b/cmd/incusd/api_internal.go @@ -69,18 +69,71 @@ var apiInternal = []APIEndpoint{ internalWarningCreateCmd, } +// Daemon management internal commands. +var internalReadyCmd = APIEndpoint{ + Path: "ready", + + Get: APIEndpointAction{Handler: internalWaitReady, AccessHandler: allowPermission(auth.ObjectTypeServer, auth.EntitlementCanEdit)}, +} + var internalShutdownCmd = APIEndpoint{ Path: "shutdown", Put: APIEndpointAction{Handler: internalShutdown, AccessHandler: allowPermission(auth.ObjectTypeServer, auth.EntitlementCanEdit)}, } -var internalReadyCmd = APIEndpoint{ - Path: "ready", +// Internal managemnt traffic. +var internalImageOptimizeCmd = APIEndpoint{ + Path: "image-optimize", - Get: APIEndpointAction{Handler: internalWaitReady, AccessHandler: allowPermission(auth.ObjectTypeServer, auth.EntitlementCanEdit)}, + Post: APIEndpointAction{Handler: internalOptimizeImage, AccessHandler: allowPermission(auth.ObjectTypeServer, auth.EntitlementCanEdit)}, +} + +var internalRebalanceLoadCmd = APIEndpoint{ + Path: "rebalance", + + Get: APIEndpointAction{Handler: internalRebalanceLoad, AccessHandler: allowPermission(auth.ObjectTypeServer, auth.EntitlementCanEdit)}, +} + +var internalSQLCmd = APIEndpoint{ + Path: "sql", + + Get: APIEndpointAction{Handler: internalSQLGet, AccessHandler: allowPermission(auth.ObjectTypeServer, auth.EntitlementCanEdit)}, + Post: APIEndpointAction{Handler: internalSQLPost, AccessHandler: allowPermission(auth.ObjectTypeServer, auth.EntitlementCanEdit)}, +} + +// Internal cluster traffic. +var internalClusterAcceptCmd = APIEndpoint{ + Path: "cluster/accept", + + Post: APIEndpointAction{Handler: internalClusterPostAccept, AccessHandler: allowPermission(auth.ObjectTypeServer, auth.EntitlementCanEdit)}, +} + +var internalClusterAssignCmd = APIEndpoint{ + Path: "cluster/assign", + + Post: APIEndpointAction{Handler: internalClusterPostAssign, AccessHandler: allowPermission(auth.ObjectTypeServer, auth.EntitlementCanEdit)}, +} + +var internalClusterHandoverCmd = APIEndpoint{ + Path: "cluster/handover", + + Post: APIEndpointAction{Handler: internalClusterPostHandover, AccessHandler: allowPermission(auth.ObjectTypeServer, auth.EntitlementCanEdit)}, } +var internalClusterRaftNodeCmd = APIEndpoint{ + Path: "cluster/raft-node/{address}", + + Delete: APIEndpointAction{Handler: internalClusterRaftNodeDelete, AccessHandler: allowPermission(auth.ObjectTypeServer, auth.EntitlementCanEdit)}, +} + +var internalClusterRebalanceCmd = APIEndpoint{ + Path: "cluster/rebalance", + + Post: APIEndpointAction{Handler: internalClusterPostRebalance, AccessHandler: allowPermission(auth.ObjectTypeServer, auth.EntitlementCanEdit)}, +} + +// Container hooks. var internalContainerOnStartCmd = APIEndpoint{ Path: "containers/{instanceRef}/onstart", @@ -99,61 +152,44 @@ var internalContainerOnStopCmd = APIEndpoint{ Get: APIEndpointAction{Handler: internalContainerOnStop, AccessHandler: allowPermission(auth.ObjectTypeServer, auth.EntitlementCanEdit)}, } +// Virtual machine hooks. var internalVirtualMachineOnResizeCmd = APIEndpoint{ Path: "virtual-machines/{instanceRef}/onresize", Get: APIEndpointAction{Handler: internalVirtualMachineOnResize, AccessHandler: allowPermission(auth.ObjectTypeServer, auth.EntitlementCanEdit)}, } -var internalSQLCmd = APIEndpoint{ - Path: "sql", +// Debugging. +var internalBGPStateCmd = APIEndpoint{ + Path: "debug/bgp", - Get: APIEndpointAction{Handler: internalSQLGet, AccessHandler: allowPermission(auth.ObjectTypeServer, auth.EntitlementCanEdit)}, - Post: APIEndpointAction{Handler: internalSQLPost, AccessHandler: allowPermission(auth.ObjectTypeServer, auth.EntitlementCanEdit)}, + Get: APIEndpointAction{Handler: internalBGPState, AccessHandler: allowPermission(auth.ObjectTypeServer, auth.EntitlementCanEdit)}, } var internalGarbageCollectorCmd = APIEndpoint{ - Path: "gc", + Path: "debug/gc", Get: APIEndpointAction{Handler: internalGC, AccessHandler: allowPermission(auth.ObjectTypeServer, auth.EntitlementCanEdit)}, } -var internalRAFTSnapshotCmd = APIEndpoint{ - Path: "raft-snapshot", - - Get: APIEndpointAction{Handler: internalRAFTSnapshot, AccessHandler: allowPermission(auth.ObjectTypeServer, auth.EntitlementCanEdit)}, -} - var internalImageRefreshCmd = APIEndpoint{ - Path: "testing/image-refresh", + Path: "debug/image-refresh", Get: APIEndpointAction{Handler: internalRefreshImage, AccessHandler: allowPermission(auth.ObjectTypeServer, auth.EntitlementCanEdit)}, } -var internalImageOptimizeCmd = APIEndpoint{ - Path: "image-optimize", +var internalRAFTSnapshotCmd = APIEndpoint{ + Path: "debug/raft-snapshot", - Post: APIEndpointAction{Handler: internalOptimizeImage, AccessHandler: allowPermission(auth.ObjectTypeServer, auth.EntitlementCanEdit)}, + Get: APIEndpointAction{Handler: internalRAFTSnapshot, AccessHandler: allowPermission(auth.ObjectTypeServer, auth.EntitlementCanEdit)}, } var internalWarningCreateCmd = APIEndpoint{ - Path: "testing/warnings", + Path: "debug/warnings", Post: APIEndpointAction{Handler: internalCreateWarning, AccessHandler: allowPermission(auth.ObjectTypeServer, auth.EntitlementCanEdit)}, } -var internalBGPStateCmd = APIEndpoint{ - Path: "testing/bgp", - - Get: APIEndpointAction{Handler: internalBGPState, AccessHandler: allowPermission(auth.ObjectTypeServer, auth.EntitlementCanEdit)}, -} - -var internalRebalanceLoadCmd = APIEndpoint{ - Path: "rebalance", - - Get: APIEndpointAction{Handler: internalRebalanceLoad, AccessHandler: allowPermission(auth.ObjectTypeServer, auth.EntitlementCanEdit)}, -} - type internalImageOptimizePost struct { Image api.Image `json:"image" yaml:"image"` Pool string `json:"pool" yaml:"pool"` diff --git a/test/suites/clustering.sh b/test/suites/clustering.sh index 7e47c640dbc..cac65f8517c 100644 --- a/test/suites/clustering.sh +++ b/test/suites/clustering.sh @@ -2782,7 +2782,7 @@ test_clustering_image_refresh() { # Trigger image refresh on all nodes for incus_dir in "${INCUS_ONE_DIR}" "${INCUS_TWO_DIR}" "${INCUS_THREE_DIR}"; do - INCUS_DIR="${incus_dir}" incus query /internal/testing/image-refresh & + INCUS_DIR="${incus_dir}" incus query /internal/debug/image-refresh & pids="$! ${pids}" done @@ -2820,7 +2820,7 @@ test_clustering_image_refresh() { # Trigger image refresh on all nodes. This shouldn't do anything as the image # is already up-to-date. for incus_dir in "${INCUS_ONE_DIR}" "${INCUS_TWO_DIR}" "${INCUS_THREE_DIR}"; do - INCUS_DIR="${incus_dir}" incus query /internal/testing/image-refresh & + INCUS_DIR="${incus_dir}" incus query /internal/debug/image-refresh & pids="$! ${pids}" done @@ -2846,7 +2846,7 @@ test_clustering_image_refresh() { # Trigger image refresh on all nodes for incus_dir in "${INCUS_ONE_DIR}" "${INCUS_TWO_DIR}" "${INCUS_THREE_DIR}"; do - INCUS_DIR="${incus_dir}" incus query /internal/testing/image-refresh & + INCUS_DIR="${incus_dir}" incus query /internal/debug/image-refresh & pids="$! ${pids}" done diff --git a/test/suites/fdleak.sh b/test/suites/fdleak.sh index c7550e27e68..88d9a2fa478 100644 --- a/test/suites/fdleak.sh +++ b/test/suites/fdleak.sh @@ -22,7 +22,7 @@ test_fdleak() { done incus list - incus query /internal/gc + incus query /internal/debug/gc exit 0 ) diff --git a/test/suites/network_forward.sh b/test/suites/network_forward.sh index 29b50622d07..d864f074765 100644 --- a/test/suites/network_forward.sh +++ b/test/suites/network_forward.sh @@ -30,12 +30,12 @@ test_network_forward() { incus network forward show "${netName}" 198.51.100.1 | grep -q -F "description: Test network forward" # Check forward is exported via BGP prefixes. - incus query /internal/testing/bgp | grep "198.51.100.1/32" + incus query /internal/debug/bgp | grep "198.51.100.1/32" incus network forward delete "${netName}" 198.51.100.1 # Check deleting network forward removes forward BGP prefix. - ! incus query /internal/testing/bgp | grep "198.51.100.1/32" || false + ! incus query /internal/debug/bgp | grep "198.51.100.1/32" || false # Check creating forward with default target creates valid firewall rules. incus network forward create "${netName}" 198.51.100.1 target_address=192.0.2.2 @@ -140,13 +140,13 @@ test_network_forward() { fi # Check forward is exported via BGP prefixes before network delete. - incus query /internal/testing/bgp | grep "198.51.100.1/32" + incus query /internal/debug/bgp | grep "198.51.100.1/32" # Check deleting the network clears the forward firewall rules. incus network delete "${netName}" # Check deleting network removes forward BGP prefix. - ! incus query /internal/testing/bgp | grep "198.51.100.1/32" || false + ! incus query /internal/debug/bgp | grep "198.51.100.1/32" || false if [ "$firewallDriver" = "xtables" ]; then ! iptables -w -t nat -S | grep -c "generated for Incus network-forward ${netName}" || false diff --git a/test/suites/warnings.sh b/test/suites/warnings.sh index d2741ef922a..01e01751743 100644 --- a/test/suites/warnings.sh +++ b/test/suites/warnings.sh @@ -3,13 +3,13 @@ test_warnings() { incus query --wait /1.0/warnings\?recursion=1 | jq -r '.[].uuid' | xargs -n1 incus warning delete # Create a global warning (no node and no project) - incus query --wait -X POST -d '{\"type_code\": 0, \"message\": \"global warning\"}' /internal/testing/warnings + incus query --wait -X POST -d '{\"type_code\": 0, \"message\": \"global warning\"}' /internal/debug/warnings # More valid queries - incus query --wait -X POST -d '{\"type_code\": 0, \"message\": \"global warning\", \"project\": \"default\"}' /internal/testing/warnings + incus query --wait -X POST -d '{\"type_code\": 0, \"message\": \"global warning\", \"project\": \"default\"}' /internal/debug/warnings # Update the last warning. This will not create a new warning. - incus query --wait -X POST -d '{\"type_code\": 0, \"message\": \"global warning 2\", \"project\": \"default\"}' /internal/testing/warnings + incus query --wait -X POST -d '{\"type_code\": 0, \"message\": \"global warning 2\", \"project\": \"default\"}' /internal/debug/warnings # There should be two warnings now. count=$(incus query --wait /1.0/warnings | jq 'length') @@ -19,13 +19,13 @@ test_warnings() { [ "${count}" -eq 2 ] || false # Invalid query (unknown project) - ! incus query --wait -X POST -d '{\"type_code\": 0, \"message\": \"global warning\", \"project\": \"foo\"}' /internal/testing/warnings || false + ! incus query --wait -X POST -d '{\"type_code\": 0, \"message\": \"global warning\", \"project\": \"foo\"}' /internal/debug/warnings || false # Invalid query (unknown type code) - ! incus query --wait -X POST -d '{\"type_code\": 999, \"message\": \"global warning\"}' /internal/testing/warnings || false + ! incus query --wait -X POST -d '{\"type_code\": 999, \"message\": \"global warning\"}' /internal/debug/warnings || false # Both entity type code as entity ID need to be valid otherwise no warning will be created. Note that empty/null values are valid as well. - ! incus query --wait -X POST -d '{\"type_code\": 0, \"message\": \"global warning\", \"entity_type_code\": 0, \"entity_id\": 0}' /internal/testing/warnings || false + ! incus query --wait -X POST -d '{\"type_code\": 0, \"message\": \"global warning\", \"entity_type_code\": 0, \"entity_id\": 0}' /internal/debug/warnings || false ensure_import_testimage @@ -33,7 +33,7 @@ test_warnings() { image_id=$(echo 'select image_id from images_aliases where name="testimage"' | incus admin sql global - | grep -Eo '[[:digit:]]+') # Create a warning with entity type "image" and entity ID ${image_id} (the imported testimage) - incus query --wait -X POST -d "{\\\"type_code\\\": 0, \\\"message\\\": \\\"global warning\\\", \\\"entity_type_code\\\": 1, \\\"entity_id\\\": ${image_id}}" /internal/testing/warnings + incus query --wait -X POST -d "{\\\"type_code\\\": 0, \\\"message\\\": \\\"global warning\\\", \\\"entity_type_code\\\": 1, \\\"entity_id\\\": ${image_id}}" /internal/debug/warnings # There should be three warnings now. count=$(incus warning list --format json | jq 'length')