v7.25.0-experimental.0

Pre-release

Pre-release

github-actions released this 17 Mar 01:10

· 567 commits to main since this release

v7.25.0-experimental.0

21c05fb

Changelog

137b9e9 Add tests for SetBrokerURL
fbb7ea4 "Silence usage" for 'pelican token' commands
99ab90b A helper func to consolidate the common logics in Server APIs - Also improve the registration deletion API to check the renaming server entry in a race condition-free way
6eccefa A safer approach to handle server-set downtimes prior to 7.22 - Build a UUID set from federationDowntimes - Strip any downtimes synchronized by Registry already, from the downtimes provided by server ad
b19bd01 A third attempt at cleaning up Windows ordering issues
a0271d5 API endpoint to get server local metadata
6fc2312 Actually capture "trace" level logs in 'initFilterLogging' and 'SetLogging'
1409b95 Actually start broker if the broker is enabled in the director
0bc9695 Add 'info' sub-command and backup metadata
6df3d5e Add 'tls: unexpected message' as a retryable error on an idle connection
f66796a Add @williamnswanson's language tweaks to Docker persistence docs
e583ad2 Add AI-generated planning document for client_api server.
cad2b92 Add Adaptive Sort knob and touch up other constants
9a53ecf Add CLI documentation generator
c092c27 Add CacheHit field to developer data
edc5552 Add ChecksumMismatchError comment to IsRetryable
fb67b8e Add ClassAd configuration support for client
51e5dce Add Client.EnableOverwrites parameter and implement overwrite mode
6150e0f Add Contact.ConnectionSetup error type (code 3006)
6c3134b Add Copilot instructions for Pelican repository
b60e16b Add DELETE endpoints for swagger
f5b853a Add DELETE endpoints for users and groups
938f10e Add Dark Mode in Fixed State
fd8f0b9 Add Depth to allowed headers
a7f9853 Add Documentation for Error Codes
015b6f9 Add E2E test to assert that stats are being produced and metrics are being updated
dac4033 Add E2E tests for Pelican metrics
3255db5 Add GetEnvVarName() method to all parameter types
e47c1bc Add GitHub OAuth2 authentication support
05a7c1a Add GitHub action to check for large objects in PRs
8c8843e Add GitHub organization support for group-based authorization
bd27df3 Add Group UI
86fecb8 Add HTCondor integration test and update Dockerfile
da4a507 Add Logging.Cache.Lotman parameter and plumb into xrootd config
cb304d0 Add More Descriptive Confirmation Text
934a87a Add NPM formatter Move hooks to different stages
de687e3 Add OAuth2 client management API.
f50a058 Add PROPFIND to accepted CORS request Methods
bd6a250 Add Panic level mapping for consistency with other logging configs
46315f0 Add Plugin.DirectorDecisionPercentage configuration parameter
e7c9cd1 Add Property Based Tests for HA Directors
69c635e Add RFC 7592 support, allowing detection of validity of clients
f15c1d1 Add SSH storage to the supported cases
9d24fdd Add TestAllocateMemoryError and update errorAccum tests
300d4dc Add Transfer.ChecksumMismatch error type and standardize Transfer exit codes
80e9683 Add --direct flag to the command line
84338c9 Add Server.EnablePKCS11 config param
31b142a Add Server.EnablePKCS11 setter and update package-lock.json
5701b3e Add a few eye relief whitespaces for config print commands
0e2dc1d Add a helper function and struct for capability name conversion - When an Origin/Cache running Pelican before v7.22.0, they are advertising with the old names. This commit converts them into the new ones
a692e74 Add a regression test ensuring path.Clean is always present in the authz code
5bcc2ba Add action to check if the current branch is rebased on main
4816bbd Add additional CAs to the trust store when containers start up
8327b9a Add additional comments based on reviewer feedback
d843c4a Add additional docs related to bootstrapping config location to params page
891e998 Add address file functionality to write server addresses after startup
b580696 Add advanced section on Pelican's authz systems
d8d80d8 Add alice user to pelican-dev container for multi-user testing
29986c2 Add alice user to pelican-test container
b9cad33 Add an --inplace flag to object sync and get
dcae926 Add analyze-tests job
4a6e380 Add audience verification for the POSIXv2 origin
044ef06 Add back in generated params that were lost in rebase
cfbda66 Add back logging under trace level
9702b72 Add basic unit tests that would have caught TTLCache key mismatch
7617e37 Add basic user docs for working with protected data (tokens)
d3cd6c2 Add bootstrap support for gotestsum installation
c7166bf Add callback mechanism for runtime parameter changes
2b3d7a2 Add cleanup function and properly set command args
a9e084e Add client defaults
f419e5b Add comprehensive documentation for Pelican HTTP headers
c2db839 Add comprehensive persistent data documentation for Docker containers
d760b29 Add comprehensive status-code tests for download/upload
cb2a26b Add comprehensive tests for InvalidByteInChunkLengthError wrapping
08083da Add comprehensive tests for new features
8132b3a Add comprehensive unit tests for wrapDownloadError
4499ca6 Add conda-forge installation documentation
72676a9 Add configuration parameters for auto shutdown - Also set the defaults
8249a25 Add control for user to choose sort
f12ae1a Add control for user to choose sort
8528cb9 Add devcontainer configuration for GitHub Codespaces and VS Code Dev Containers
8158368 Add docker-compose method for developing website
dd03fd8 Add docker-compose method for developing website
a0014eb Add docs for Key Auto-Generation, Multiple Keys and Key Replacement
a7738cd Add documentation
fea8623 Add documentation pages for Error Codes
d2d4527 Add e2e integration test for POSC origin
69372ab Add e2e test
4a2efd0 Add extensive Globus and WebDAV E2E tests
d9af7ab Add finite timeout to connect test
11b30ef Add gotestsum and logrus test hook for cleaner test output
fbf4d72 Add header response timeout to the list of retryable WebDAV errors
4fee278 Add health check for available free space
e81d2c4 Add helper text to user form inputs
9d95426 Add human-readable String() method to improve log message
375e21c Add implementation of disk usage monitor
0758f61 Add in the identity module; new umask test
0eeca06 Add in typing
9cf9f38 Add initial documentation for the SSH backend
8eda24d Add integration test for GetEnvVarName with viper
7ac2e2b Add integration test for site-local cache
e34f47a Add io.FS interface implementation for Pelican client
c41bca0 Add io.Writer/Reader support to TransferEngine
ffb7f9f Add issuer to user table, integrate with existing groups code
06df260 Add knob to disable client X509 in Caches, error if enabled with bad cert
eb153e8 Add link to Worldwide LHC Computing Grid in WLCG Profile
e09812e Add links to OSDF sysadmin docs
58301aa Add metric to detect attempts to get fed info from Director
ee83934 Add missed tests
bc0926a Add missing Origin disk usage calculation defaults
aa5c187 Add missing POSIXv2 configuration file for origin_serve tests
2e6cd1e Add missing config params in the example
dcf82dd Add missing file
2a222d6 Add missing return
3b51e1e Add missing ssh-auth auto-generated commands reference page
9a6ba3e Add missing storage health consumption health param defaults
b2fed86 Add more docs review feedback, touch up some language
119800c Add new "tunneling" mode to SSH backend; various quality-of-life fixes
5dc8f02 Add new 'Cache.EnableSiteLocalMode' config knob
939bba2 Add new client API for asynchronous client execution
2d12d86 Add new documentation pages
0f088e3 Add new fields to AuthorizationTemplateForm.tsx
76edea8 Add new fields to AuthorizationTemplateForm.tsx
0cc9a26 Add new fields to AuthorizationTemplateForm.tsx
86b9fa4 Add new fields to AuthorizationTemplateForm.tsx
53f041a Add origin/cache-set downtimes back to server ad - We should not provide 95% info in server ad but hide the remaining 5%
cef1237 Add other backends (HTTP/WebDAV, Globus, S3/blob) to internal Pelican
e3cd87f Add param that disables Director's hosting of federation metadata
812dd6b Add path sanitization to prevent relative directory attacks (..)
08476bd Add pelican credentials token setup command with credential file support
2551f8e Add periodic SQLite database backup with compression and encryption
957ebdf Add periodic metadata comparison loop
fbdb102 Add placeholder
6fa1eaa Add placeholder to Dockerfile
331c846 Add pre-commit documentation to CONTRIBUTE.md
911bbbc Add pre-commit/GHA linting rules for markdown (one sentence per line)
dbb3fed Add quick reference table for essential volume mounts
8bf4936 Add range-reader tests
29fcbca Add recipe of getting the public JWKS key from the private key
4940a96 Add regenerated error_codes.go file
4e2d6b7 Add remote path to all transfer attempt URLs
0022aba Add retry logic for PROPFIND idle connection errors
2af1503 Add retry on a HTTP 400
ac76b68 Add runtime-configurable annotations for parameters
ec0434b Add scheduled macOS/Windows test workflows; extract scripts
97f6e30 Add server ID to local DB's downtimes table
04c8bb1 Add server lookup by prefix and return server ID from registry
9087169 Add single-object groups/users APIs and update members behavior
3fcb51f Add support for --dry-run in the CLI
3c17914 Add support for COPY verb for POSIXv2
3e6a5ac Add support for JSON-based output
2f798fa Add support for disabling direct reads
c3713cd Add support for issuer-per-namespace
c9e7676 Add support for prestage async command
ddb01fb Add support for prestaging API in the cache
6a46f69 Add support for the registration access token (RAT) on the client side
2b0f116 Add temporary log level change feature - core implementation
60b2406 Add test failure analysis for JUnit artifacts
4e350cb Add test for preferred cache env var
dc487c1 Add test for proxy connection error wrapping
cc2db7b Add tests for HTTP status code error handling in federation metadata discovery
dd1b352 Add tests for NetworkResetError wrapping
88a2e75 Add tests for function without them
8058c8e Add tests for the OIDC discovery handlers
bf2ca29 Add third-party-copy (HTTP COPY) support to the client library
b3b04c9 Add tracking for consecutive auth failures in Client - Retry up to 3 times before giving up
703237e Add transfer error infor when director can't be contacted and when a local file can't be found
b5ef1ad Add unit test coverage for the directory listing
5b128d2 Add unit test that fails if deprecated config replacement lives in defaults yamls
4504b82 Add unit tests for TPC (monitorTPC, mock HTTP COPY server) and integration tests
60a4414 Add unit tests for apikey command
c5b73b1 Add unit tests for tokens
e2ae9ea Add user and group update functions
3bc139f Add util functions for temp file names
a62dbd6 Add xrdhttp-pelican to the GitHub Action install script for OS X
a02cd07 Add xrootd-style monitoring packets for the POSIXv2-style origin
88f104d Added a counter to mark skipped uploads due to 403 errors
a7b9e8b Added a fix to a test that wasn't using windows seperators
513a13a Added a guard on the defer close to check for nil watcher
529f43d Added a test for downloadObject directory permissions
f7bebb8 Added comments to verifier and checked for empty collection id
81b9ce6 Added depth limited recursive listings
6900761 Added foreign key reference to group members table
d3cf5b6 Added missing case where we fail early, but after director contact
f51cfbf Added more details for metrics
be09e17 Added new error codes:
a78abfb Added test coverage for new endpoints and behavior
4e01fac Added test to verify expected cache invalidation
051e73d Added testing for recursive listings
2e16aee Added tests for CheckAdmin function
f956044 Added tests for new sync functionality
203ad41 Added tests for temp file creation and cleanup
c16d37b Additional Windows fixes
688f244 Additional missed v1.25 references
4ae1e61 Address PR feedback: checksums, token handling, refactoring, and tests
a3b6e58 Address PR feedback: fix copyright year, use config utilities, extract downtime check helper
ba09713 Address PR feedback: improve log messages and skip tests during active downtime
8cb85aa Address PR review
c40d93f Address PR review and other updates
cbb15d1 Address PR review feedback for POSC integration
f0ea166 Address PR review feedback: improve formatting, clarity, and best practices
48f8cad Address PR review feedback: wrap init error, add DEK zeroing, SQLite integrity check, timestamp consistency, and server type comment
4c571f4 Address PR reviews
7e592f4 Address PR reviews
033e0e1 Address all code review feedback - refactor transfer handling
b24f0ef Address code review feedback
c44ef2e Address code review feedback
df9a29e Address code review feedback
f28ecf7 Address code review feedback: extract TTL cache option and improve error message
ed6168f Address code review feedback: fix trailing newline, improve architecture-agnostic paths, and simplify instructions
0e95857 Address copilot code review comments
8acc545 Address forgotten comment update
a131950 Address pre-commit errors
117365e Address review comments
6213d69 Address review comments
83cfb75 Address review comments to split content-vs-object size
8e741c7 Address review comments: visibility, copyright, and refactoring
e618e38 Address review feedback
1828a55 Address review feedback
a376458 Address review feedback -- update code comment
3b01774 Address review feedback on AGENTS.md
894da13 Address review feedback on test and client code
8f8aa24 Address review feedback: move gotestsum to system location and add logging hooks to federation tests
4627f23 Address reviewer comments
18f6099 Address reviewer comments
afa8767 Addressed PR comments
c68bc6c Addressed PR review requests
83c7327 Adjust fed token dirs and their perms - Setup the permanent and temporary directory for the federation token file and sets proper perms. - The permanent directory is always owned by xrootd user. - In normal mode, the temporary directory is owned by the root. While in drop privileges mode, it is owned by the pelican user. - This commit is updated after the changes in #3081 to catch up the fixes in the set defaults process
4026f0e Adjust fed token test to reflect that fed root is used as issuer
5e0c2d6 Adjust federation discovery so we always find a federation host
57ab3f6 Adjust foreign key relations
b3bdc51 Adjust help text w.r.t. Globus OAuth2 callback URLs
6e1ab48 Adjusted NewFedTest to have OIDC files for the registry
40f4681 Adjusted a test to account for the change in error wrapping
61bb778 Adjusted tests that now have changed due to the iota changes
9878146 Adjusted tests to work with the error_codes.go
1f31110 Adjusted tests with registry serve to use OIDC
5e01b77 Adjusted the get_put_test to use OIDC for the registry
c6f39cc Adjusts the http tests to use PelicanError
058ecee Align all local metadata with its counterpart in Registry - sync the exact metadata from Registry - update unit tests
daab6af Allow a few retries for object age to appear
07bcd87 Allow admins to add/remove members in any group (#3049)
7e38a1f Allow passing of GORELEASER_CURRENT_TAG env down through containers
ae3b80f Allow retry of concurrent MKCOL
8b2f963 Alphabetize Xrootd components in parameters.yaml
5311e2f Also serve openid-configuration from the test server to avoid race condition from updating to the director
fd06c45 Always require fed discovery and provide unit tests for discoverFederationImpl
6857da9 Always set listings for service-generated authfiles
884dab3 Always use param package to get config names
cd219ff Append a foreign-keys parameter to the DSN at initialization
7352b9e Apply suggestions from code review
c77138a Apply suggestions from code review
a405125 Apply suggestions from code review
e1f94cb Apply suggestions from code review
581a610 Apply suggestions from code review
60635e3 Appropriately wraps missing token errors
9b7685d Assorted clean-up of scheduled tests infrastructure
139ab9a Assume missing Depth header indicates a stat
8823eac Attempt to add a form for the storage directories
63118d8 Auto-shutdown on stale authfile/scitokens.cfg - A new state to track the result of authfile/scitokens.cfg update - A new health component OriginCache_ConfigUpdates to report the result of authfile/scitokens.cfg update to Prometheus
a73c610 Autofill Security Contact If From Origin
9a52f51 Autofill Security Contact If From Origin
6f3aa9c Automate startup of the client-agent server
79b2957 Automatically cleanup the stale entries in the servers and services tables - They are caused by the damaged foreign key constraint in services table and we didn't update webUI to use server deletion API in time. - See https://opensciencegrid.atlassian.net/browse/OPS-438
bb94460 Automatically refresh the namespaces when scitokens.cfg changes
9b1c511 Autopopulate Federation Information with discoveryUrl Contents
08b9363 Avoid panic when DB is not yet initialized
1b11126 Avoid potential panic in prometheus if xrootd decrements destructions
bd1f4a3 Avoid shadow err in broker test triggering races
5e7aa23 Avoid shutdown errors from killing the test
704cff0 Avoid triggering a redirect (which can cause a second use of one-shot connection)
dcae737 Bad pelican url now wrapped as a SpecificationError
13968f0 Be consistent about choice of TTLCache keys in Director stat utilities
5c25640 Be consistent in authfile ordering example
1229cdc Begin drafting troubleshooting guide
987c5df Bring down xrootd metrics logging to trace
e3deab2 Build Pelican using the most recent version of the toolchain
13dbf34 Build params after upstream overhauls to param package
1e9d4a5 Bump XRootD version to 5.9.1
723268f Bump XRootD version to 5.9.1-1.3 to pick up the full PKCS#11 support
ab222af Bump golanci-lint version to try for golang v1.25 support.
5bfa551 Bump next from 15.5.3 to 15.5.7 in /web_ui/frontend
7df1cca Bump osx installer
30d99d5 Bump test timeout to 1s from 200ms
702a15f Bump version of xrootd-s3-http to v0.6.2
fca9d7b Bump version of xrootd-s3-http to v0.6.3
ee3ffb9 Bump version to 0.6.4
38ec12c Bump version, build from source, and pull in libraries in osx installer
d0acf5f Bump xrdcl-pelican to v1.6.2
0d2c363 Bump xrootd-s3-http version
f03f3f4 Bump xrootd-s3-http version to 0.5.3
021826f Cache PKCS11 Info and harden socket lifecycle
d50e0ad Cache director lookups
c8eee05 Calculate the file stat in memory
c6ce903 Capture timeout config at launch time of LaunchXrootdMaintenance - avoiding Viper race issues
a7d5097 Centralize the incorrect‑password handler - Swap repeated password‑error blocks to helper calls
98c0232 Change XRootD release
a26210f Change command to apikey and prevent never expiring tokens
b1690f0 Change error handling to proceed with tests when downtime check fails, add comprehensive unit tests
b0a4011 Change language to refer to a 'mint issuer', not a 'get issuer'
f1c00fc Change ordering of loading POSIX OSS plugins
528ced2 Change param name to Server.AdminGroups
59f2fc7 Change the blocking channel send to a non-blocking send - Use a select statement with a default case - Ensure that after the first shutdown signal is sent successfully, subsequent attempts to send (from rapid maintenance cycles) don't block
f1a78b4 Change to expected FileNotFoundError
a47acad Check TLS credential files permissions in drop-privs mode - When drop privileges is enabled, check the pelican user can read TLS credentials. - If it doesn't, shut down the program with an error message to prompt the admin to manually change the perms. - Pelican won't automatically change them because these files are usually mounted from outside filesystem. Pelican can't change their perms. - Note that XRootD does not need direct access to these files as Pelican copies them to a runtime location. - Skip this check on Windows because few Pelican server is running on Windows. syscall.Stat_t only exists on Unix-like systems (Linux, macOS). On Windows, it doesn't exist and causes a compile-time error.
83440e9 Check error on additional 'param.Set'
0fe2ac3 Check errors coming from 'param.Set()'
4e0a0b3 Check local filesystem before contacting director
f04b8fb Check the approval status of the server with multi services during auto-registration - If the server has multiple service registrations, check if any of them is approved. If not, return an error. - Use config param to prevent checking the approval in non-prod env
22abe93 Check the documentation for OSDF's default parameters
fdc9142 Checkpoint: address first round of human review items
a1e5407 Chunk objects across multiple local files; tweak transfers
ba17c24 Clarified disabled test message and changed error code
f6c4d94 Clarify authfile ordering example
5b7adc1 Clarify comments
8197052 Clarify non-root user information in README
b9a6f47 Clarify the TLS cert filepath in drop privs mode - No matter in normal or drop-privileges mode, the TLS certificate file used by XRootD is always runtimeXRootD/copied-tls-creds.crt. The other file runtimeXRootD/pelican/copied-tls-creds.crt is just an intermediate product in drop privileges mode
959a624 Clarify user-created configuration files in Copilot instructions
3aac34d Classified errors when local stat fails on upload
cb2ff1c Clean generated URL paths
87d67f2 Clean up a few error messages/small issues that caught my eye
90f8971 Clean up and document OA4MP QDL scripts
43c39d9 Clean up and document the list of ignored files for image builds
f582758 Clean up deprecation handling for Xrootd.Port
d90a1ab Clean up pet peeves I noticed while fixing logging bug
ba8c705 Clean up some outdated info in the Docker docs page
6be8ac1 Clean up vars/files that are no longer used
df3ed3d Clean up white space
53f297b Clean up whitespace formatting in test helper function
e26f3b6 Clean-up testing workflows in GitHub Actions
9ed00b2 Clean-up the config for 'typos'
bf41a7f Cleaned up user extraction from bearer token
a667373 Cleanup AI slop
2748ce4 Cleanup of error handling around expired tokens and federation token failures
d8802f9 Cleanup pre-commit/linter issues
de43c23 Cleanup stat_test to avoid shellcheck issues
4304afb Cleanup tests after modifying discovery process
b68a03f Cleanup to use type-safe param name getter
bc5e0fa Cleanup unused metrics and unit tests
b776687 Clear broker state between test runs
5b915c0 Client modifications needed for the local cache
350af60 Client.PreferredCaches now can use a comma as seperator
5de4ce3 Common Broker URL getter for Origin and Cache - Checks Origin.EnableBroker or Cache.EnableBroker and sets the broker URL appropriately
3dc865e Compute appropriate upload and download URLs based on redirector base
fbc2e9f Configure setup-go to check for the latest patch release
e0bccac Configure xrootd: run with pkcs11 helper when enabled - Plumb PKCS#11 helper-derived env vars (P11_KIT_SERVER_ADDRESS, OPENSSL_CONF), and stop injecting a client key file into XRootD when the helper is active - Right before we render the XRootD template, ConfigXrootd now rewrites xrdConfig.Server.{TLSCertificateChain, TLSKey} fields -- When PKCS#11 is off, both fields are set to the same runtime file (which still contains cert+key), so the template produces the same path it used to. -- When PKCS#11 is on, Server.TLSCertificateChain stays pointed at the runtime cert file (no key), while Server.TLSKey is swapped out for the pkcs11 URI (pkcs11:...). That URI needs to reach XRootD so it can use the engine to sign with the helper. -- Note: the template sees whatever is in the XrootdConfig struct at render time, not the raw config parameter. - Unit test: assert the runtime file only contains cert material when pkcs11 signing is active
d2292e0 Consolidate config init between client and server
3252d38 Continue despite director failure
fc09b45 Convert additional scripts to new random port mechanism
e6407f1 Convert issuer to user Next.JS instead of rendering HTML
8361df1 Convert pelican configuration to be thread-safe on mutation
db91765 Convert unneeded warning to debug statment
b6da3cf Correct CORS documentation to match actual code
991c498 Correctly classify response header timeout errors
728b0d0 Correctly clean up progress bars for completed transfers
e12980a Create api-key command
e2e09fc Create new migration for users and groups
b657781 Create some simple visualizations from the failures
3cb130d DB updates - Add server_id to downtimes table - Rename the service_names table into server_names for proper semantics. See the definition of server, service, ... https://github.com/orgs/PelicanPlatform/discussions/2445#discussioncomment-13621390
fe6e1dd Deduplicate site-local docs mentions of pulling from Origins
fe84370 Deprecate Debug param and map old behavior into Logging.Level
f544363 Deprecate various 'DbLocation' params
b0406cc Developer helper: if S3 plugin isn't available, auto-skip tests
e0987f3 Director carries server IDs through ads - Propagates serverId in ad responses, and extends the e2e test to supply IDs.
8858a2d Disable Broker for site-local caches
8504066 Disable Director Tests for site-local caches
0035b18 Disable cache testing if requested; reduces test noise
4337430 Disable noisy tests to make failures understandable
33b35ec Disable select POSIXv2 tests on Windows
be06f33 Disable touch on hit in namespace keys TTL cache
1e8d9b9 Display all servers' downtime on Director; Backward compatibility for downtime entries set by Registry before v7.22
025225d Display metadata discrepancy alert on webUI
737ff8c Do NOT disable TLS verification
a455b05 Do not configure OA4MP if it's not the used issuer implementation.
a4d9d9a Do not log the refresh token received by the client
35fafd9 Do not publicly document parameters that no one should be setting
1303604 Docs for GitHub OAuth
1a41a49 Docs for using PKCS#11 to complete the TLS key sign
46b492f Document downtime operations for server admin
ef1348c Document how to test changes on your own fork
7337131 Don't advertise caches running in site-local mode
bb4957b Don't apply one-sentence-per-line rule to .mdx
bb40d63 Don't build package from source
dbb68da Don't build test for windows
d17a2e0 Don't check Origin configuration while configuring XRootD if Cache
d19c6c8 Don't reference nonexistent CLI flag in help text
3391573 Don't try to delete /dev/null
f676114 Don't warn about multi-prefix broker config if broker isn't configured
a6b4082 Downloads without --inplace will save to a temp file before renaming
ea0118f Drop StatusCodeError fallback from IsRetryable
c54f450 Drop redundant endpoint that exposes registered server's JWKS
a1d3f56 Drop redundant server jwks getter - Registry uses a resolver RegisterServerJWKSResolver() for in-process key lookups, avoiding HTTP round-trips and import cycles. - It's unnecessary to have another fallback HTTP-based key fetching logic fetchRegisteredServerJWKS(), because in this case, only Registry server needs to lookup key. It should not do it by sending a HTTP request to itself.
201aced E2E test update
d8399b3 Emit output when there are no failures, use PEP 8-style comments
cd7aba9 Enable Director federation metadata hosting in test that relies on it
c38ff55 Enable Director to scrape brokered Origins.
15a576b Enable POSC plugin integration
2b953cc Enable and wire PKCS#11 helper for origin/cache - Start helper early in origin_serve.go and cache_serve.go; auto-disable with WARN if deps missing.
40681b3 Enable checksumming on write
a38170c Enable scitoken debugging to understand Mac OS X failure
e01e6a2 Enable the build and test workflow to push images to non-Pelican repos
d367175 Enable third-party copies for origins
86c3eb4 Enhance devcontainer configuration with port attributes, workspace folder, and YAML extension
8c906a7 Ensure BadgerDB is shutdown before the directory is deleted
a31ddf2 Ensure goroutine always shuts down cleanly when the context is done
6522dcf Ensure restrictive permissions are set for the OpenSSL config file at the time of creation
19be478 Ensure symlinks do not permit access outside the tree
1c17319 Ensure that setup actions install the intended versions
8fd96a5 Ensure that stat routines do not block on sending to buffered channels
c5a2838 Ensure that tls.AlertErrors are not classifieds as certifcate errors
171b9d6 Ensure various tests are cleaned up to avoid leaking state
dd735f5 Even when a server-set downtime is already tracked in Registry (federationDowntimes), we should still check if there's an active downtime for this server and ensure filteredServers is updated immediately
b9b03b0 Exclude more files from Docker's build context
855577c Expanding structure of guide; in-progress
61cb28a Explicitly remove lr privileges for a namespace when it's write-only
e345074 Expose registered server public keys for the new token issuer type RegisteredServer
0369484 Extract UserId and OIDCSub from tokens in all verification paths
555b33a Extract the Provider/Engine mode detection into a helper function - And unit tests
867fd53 Extract wrapDownloadError function from download loop
2d04631 Extracted the Director test cycle logic into a helper function
728878e Factor out the path manipulation logic
5ad99fd Fail fast when an issuer returns a credential without the required scope - prevent the client from stashing unusable tokens and re-entering the auth loop
b0a0a10 Failsafe mechanism to the self-test metric (OriginCache_XRootD) - If the last health update for OriginCache_XRootD is older than maxAge, mark this component Critical to surface stale or missing self-tests.
1476769 Fall back to system config location for non-root users if user config not provided
32b4b23 Fallback to in-process memory if the kernel session keyring is unavailable
88b05ff Federation metadata comparison core logic
c2f6ee9 Federation's broker url should not set to itself by default - If the default broker url is set, the federation discovery won't overwrite it with federation's broker url - Only Director run the broker. Setting it here would prevent federation discovery from populating the correct broker URL for caches/origins joining an existing federation.
b6ea046 Filter log lines from the client in the same manner as the servers
1d0ca53 Filter workflow runs to main branch only
2f62e93 Finish structure, adding todos
dd778ac Finishing draft
90241f3 First pass at site-local cache docs
cd07f62 Fix "Check Go Generate" CI error
c8605d1 Fix "easy" tests that failed upon requiring fed discovery
9825aef Fix 'config/config.go::GetEffectiveLogLevel()' to work with "Trace"
d898b8c Fix ConnectionSetupError to preserve underlying error When ECONNRESET/ECONNABORTED occurs during HTTP body reading ConnectionSetupError was created without preserving the original error. This prevented errors.Is() from detecting ECONNRESET through the error chain, breaking NetworkResetError detection.
2065bd7 Fix E2E tests for SSH
fbb9945 Fix HA Director Fowarding Loop for 3+ Directors
dc90efb Fix HTB cancellation test
a4344c3 Fix HTCondor plugin error reporting and improve filesystem error handling
85bb7a1 Fix Linter
c15e355 Fix OSX Installer
96a94b4 Fix PR validation workflow to detect keyword-based issue links
afcaed6 Fix TestHTCondorPlugin so that it can run as root
aafcf3b Fix TestTLSCertificateError to match actual error handling behavior
4359b4d Fix Windows build failure; remove unnecessary chmod
7b4c718 Fix a few small pet peeves in cmd/root.go
87f48f4 Fix additional instances of 'log.GetLevel' that broke after using global 'trace'
5e0d965 Fix authorization errors in POSIXv2
ee4697c Fix bad Callout type
98a27d1 Fix bad copilot tests
a06fc5f Fix bandit, pylint, and mypy issues in analyze_junit_results.py
b162e1b Fix bash formatting for Pixi command
27c057b Fix binary transfer detection
750b1d1 Fix broken links
6a8d607 Fix bug that prevented Origins with Logging.Level: Warn from starting
088217e Fix bugs in PelicanFS and improve testing
5dbda1c Fix bugs in server metadata getter - Use a callback function RegisteredServerJWKSResolver to inject a registry-provided JWKS resolver to token package, avoiding cycle import in registry and token packages - Update checkRegisteredServer to use the resolver first, falling back to the HTTP fetch helper - Update the registry side to register its resolver with the new API name
fa237cc Fix bugs that prevents origin from updating its own downtime - Registry admin edits to server-owned downtimes remain blocked
b0dc804 Fix build issue in E2E test
a2320a1 Fix build issues from new signature
6c616a7 Fix cache's self-test error in drop privileges mode
d59fc5a Fix calculation of upload URLs; make checksums respect os.Root
e02b60d Fix checksum logic
ad2fe0b Fix client tests that needed to manage some aspects of discovery
0e1476f Fix code review issues: srcToken URL, HEAD status check, channel buffering
e42e334 Fix concurrent map access in removeBufferedHook
68dedf9 Fix config bug related to origin/cache fed tokens
a4e4c92 Fix config/logging bug related to changed default log levels
11588e6 Fix configuration of Multiuser plugin
4f3fdab Fix deadlock in the HTB implementation
4f84634 Fix director discovery tests whose err conditions are no longer triggerable
7432c8f Fix director tests to fetch server ads from TTL cache instead of using static copy
83a2bdc Fix directory intialization and OSX installer
cd771bd Fix docs build issue -- no FAQ in main
7b68122 Fix docs typos: Pelcian --> Pelican
e74275d Fix documentation issues from code review
f0f2524 Fix double hyphen formatting in client docs Additional Flags section
9e21617 Fix downtime check logic to match existing pattern and remove trailing whitespace
eeba454 Fix error message
091959b Fix expected error message
184606f Fix failed unit test - Configure Federation.DiscoveryUrl by using the new helper function test_utils.MockFederationRoot(t, nil, nil) introduced by PR #2747 - Use federation's discovery URL as token issuer for Director/Federation tests
832c781 Fix failing unit tests
ce1e94e Fix federation issuer hostname in example scitokens config
2f45060 Fix final code review issues
6a5bc6a Fix flag formatting in origin and cache documentation pages
d589d46 Fix flakey tests
3da9c21 Fix flaky authfile test
e3a83fc Fix for additional unit test failures
6a508c2 Fix formatting for deprecated metrics section
d4f8377 Fix generation of test URL for the apiclient
5377537 Fix go generate issues
6bceabf Fix gofmt formatting in handle_http.go
db0d5cc Fix gotestsum PATH issue in GitHub Actions workflows
d9a2721 Fix groups/users migrations
7553d6f Fix how the client prints diagnostic version information
c7d2968 Fix http.Transport copy-by-value causing race conditions
9bc4cc3 Fix idle test timeout
8dac502 Fix issue found by linter
65ac76a Fix issues caused by rebase
bd7fedb Fix items from code review
b487516 Fix linter
86d9a19 Fix linter error
9e4d4b9 Fix linter error
52228eb Fix linter errors
6b1ff77 Fix linter errors
bbcecc6 Fix linter issue
04abc87 Fix linter issues
3929533 Fix linter issues: remove trailing whitespace and update object_put.go to use addQueryParam
b3e27ff Fix local cache test
093584e Fix lotman test that did not assume discovery
1279268 Fix markdown linter error: restore missing 'alice' in README
97985a5 Fix missed linter item
139c92c Fix modest build failures due to rebase
cbad691 Fix name of TLS certificate parameter
a03daf7 Fix new markdown formatting linter error
e87621f Fix observed unit test failures
b91b2c0 Fix page name
67df10c Fix param accessor usage in SetServerDefaults to read from viper instance
5e59247 Fix parameters.yaml validation errors
aecd970 Fix parameters.yaml, which did not include "cache" as affected comp for authfile
17b85cb Fix pending request with new channel-based design
94c4695 Fix pixi exec command syntax
c1a0fa0 Fix pointer issue
997e553 Fix race condition in TestDirectorRegistration and goroutine leaks
6568534 Fix race condition in director advertise shutdown
5ec2e85 Fix race condition in stat_test.sh by adding retry logic for 429 status codes
d090d04 Fix race condition in tests that registered t.TempDir() after registering cleanup cancel
5a37a8e Fix race conditions in logging
ecb5020 Fix race conditions with metadata registration
33c0cb6 Fix race when setting global federation info
b6997d7 Fix range read; minio on mac
4a75f8f Fix shadowing of ctx variable
1b3bf3a Fix shell compatibility in CONTRIBUTE.md symlink commands
27dc329 Fix site local cache test
b808980 Fix small fed discovery bug that caught my eye
e3dbb0b Fix some golangci-lint issues
2b2a128 Fix sort algs test to use server URL for avail map lookups
85747de Fix spelling error
dc1f55b Fix sporadic TestBrokerApi failure by polling for broker readiness
16ec843 Fix sporadic TestBrokerApi failure by polling for broker readiness
a6770b4 Fix sporadic origin test failures by using random port binding
6b310e0 Fix sporadic test failure due to Windows timer jitter
d47843b Fix sporadic test failures from context deadline exceeded during shutdown
efdc169 Fix storage health check status tracking
827bb79 Fix swagger docs
9d51b2a Fix syntax issues
ea818ec Fix test and implementation of fallback to "prestage by download"
fa3bd51 Fix test imports and simplify InvalidPath test
b74680b Fix tests and add user id response to create a user
198a2a9 Fix tests and if/else handling
8395c20 Fix tests that were missed due to os.Exit() calls
35b7f24 Fix tests to reflect new namespace-specific issuer
048793b Fix the permission and ownership setting for Globus access token file
a972f19 Fix time unit mismatch and use IndefiniteEndTime constant in downtime check
691a82c Fix timeout error check and fix error wrapping
ef673c3 Fix timeout of prestage
b2c616d Fix token tests and token accetability requirements
c1bc7d6 Fix trailing slash in unit test for root
1b2da04 Fix type in docs
13dd62a Fix typo
36ad4ed Fix typo in cache documentation (the the -> to the)
0159fdc Fix typos in api error messages
9492db0 Fix typos/grammar
08797fc Fix unit test failures.
3ce542d Fix unit test failures:
7f9e6cf Fix unknown config key warning tests
138602d Fix unstable test - Set values after InitServer to avoid being overwritten by Viper defaults - Viper parameters are designed to parse string representations of durations - Set a test-local buffered config.ShutdownFlag to avoid blocking due to multiple sends; removed the forwarder goroutine
de9db62 Fix unstable test on GitHub Action - Use non-blocking forward so helper never stalls - Call cancel() and egrp.Wait() before the temp dir is removed
cf3dbcd Fix use of PROPFIND against director for stat
5123dbd Fix user identity resolution to use OIDC identifiers
7125797 Fix wlcg.groups to include groups with collection ACLs
0ac8359 Fix xroot scitokens test that was missing an issuer
3e70ac2 Fix: Windows directory cleanup and timer granularity
6188ac5 Fix: pass CA certificate
ac23d7c Fixed a minor loggin issues in the tests
97be4c9 Fixed an issue where Cache.DirectorTest is not enabled by default
8fb9757 Fixed capitalization in error message
9e21f42 Fixed links and removed the index page
9c2cdf3 Fixed race conditions and added authorization overrides
c1949e6 Fixed time skew tests
cd36c2f Fixed unwrapped error in plugin_test.go
6595826 Fixes due to my prompts to Copilot; other minor clean up
a55fce7 Fixes from code review
43596ad Fixes from the second round of human review
f566b51 Fixup Group Typing
551ed3f Fixup NPM Packages
081bbbd Fixup copyright dates
5cd39b0 Fixup minor lint/test failures
42e6266 Fixup package-lock.json
d0f62ae Fixup package-lock.json
8303746 Fixup redirection when returning from login
3a747a0 Fixup redirection when returning from login
09f6e50 Fixups from review
0e0bbd4 Foreign Keys Unit test - Verify that using FKs parameter in DSN in InitSQLiteDB func actually enforces FK constraints
d78b5dd Format Fix
99a7928 Format Fix
5b7f0c7 Format fix
fb5f73a Free space in the GitHub Action runner before building images
324c740 Further comment the QDL scripts that Pelican relies upon
8a7f75e Generate new config parameter for admin groups
b959dc7 Generate place holder before running go generate
6449097 Get normalized Fed discovery endpoint from config, not unnormalized value from param
f329159 Get rid of deprecated capability names in API response
941b0cf GetOIDCSupportedScopes() should fall back to the value of OIDC.Scopes when OIDC metadata discovery fails. - To support OAuth2-only providers like GitHub.
b996248 Give 'Logging.Level' a default: none label in parameters.yaml
5c8a023 Globus-XRootD config passthrough done
ea69f0d Globus-XRootD config passthrough done
08893a0 Granular downtime scopes
3fd148a Group/fold npm build output in GitHub Actions workflows
93eb22d HTTP Endpoint Tests to simulate /rules and /alert - Removed the simple unit tests earlier because they are covered by the new comprehensive tests
219c5c5 Handcraft expired token
40585f8 Handle Globus directories properly - In config.go, the Origin_GlobusConfigLocation directory (/run/pelican/xrootd/origin/globus) was being added to pelicanDirs and created with pelican user ownership. This caused all parent directories (/run/pelican, /run/pelican/xrootd, /run/pelican/xrootd/origin) to be created with pelican ownership before CheckXrootdEnv() ran, which couldn't fix them because config.MkdirAll() returns early for existing directories, causing the XRootD RunLocation is not owned by xrootd but pelican user and group - Origin.GlobusConfigLocation should be accessed by both pelican and xrootd user, to allow: 1. XRootD to read token files (*.tok, *.transfer.tok) at runtime, to authenticate requests to the Globus API 2. Pelican to write (create/update) token files, see persistToken() - How to let xrootd read the tokens after drop-privileges? The setgid bit is applied to Origin_GlobusConfigLocation/tokens to inherit the directory's group on files created in the directory
60353f6 Handle an edge case for fed-in-a-box - Because in fed-in-a-box, the registry and origin share the same SQLite database, the mirrored POST reaches the registry first, inserts the downtime, and then the origin’s local insert hits the unique downtimes.uuid constraint. The new logic in HandleCreateDowntime keeps the insert, but when GORM throws a "UNIQUE constraint faile" error, we update its metadata (primarily created/updated-by), and persist the changes
53d0729 Handle per-role XRootD restart info
a44209a Handle race condition in registration deletion - This guarantees the server is only deleted if no services remain at that time, even if a new registration is added concurrently.
b0014d9 Handle status-code errors via Pelican wrappers
733c17d Handle subtle WebDAV/filesystem interactions
b82d485 Hard drop Shoveler.StompPassword
dfc250c Have CreateTransferError use client.IsRetryable
3cc1c61 Have XrdCl debug settings match ours
8468afd Have a separate timeout context for the shutdown and helper run
c98913e Have alternate approach to checking cache existence.
db9b20c Have director advertise support for PROPFIND
fe76175 Have gotestsum silence most of the tests; only print on failure
f3c4be6 Have more realistic unit test overrides
da93b8b Heed the warning in 'SetServerDefaults' docstring
d27984a Human reviewed fixes for the TPC mode
2de1781 Human reviews for the OAuth2 issuer
c664ebf ID validation
f9c0eb9 Images: Pin xrdhttp-pelican to a specific version
93f0347 Images: bump xrdhttp-pelican version and release to 0.0.8-1
7addfe5 Implement Permission Denied error
4ef0208 Implement XRootD restart/reconfig functionality
de4c3f1 Implement generate command
7731760 Implement phase 2 - CLI integration
230f650 Implement rate limiter and Prometheus metrics for POSIXv2
fd0c598 Improve Downtime UI
a97681f Improve Downtime UI
79d9b84 Improve Downtime UI
663c3ea Improve Downtime UI
66f9285 Improve Downtime UI
f37aa8d Improve Downtime UI
8f3cdab Improve Downtime UI
1f61ba3 Improve Downtime UI
0626001 Improve Downtime UI
2a89622 Improve PKCS#11 helper wiring and logging
c58ff00 Improve PKCS#11 in Pelican
99dfa40 Improve doc description of Origin.EnableAtomicUploads
9d1a996 Improve documentation clarity: add verification steps and update devcontainer comments
22ae5f6 Improve downtime API
ba4b924 Improve error handling
4b99de0 Improve error message
7303385 Improve isolation between unit tests
9856c16 Improve language in docs
81f551a Improve p11proxy cleanup and logging - Since the Proxy handles its own cleanup internally via the context, there's no need for the caller to pass in an errgroup to manage cleanup goroutines - Made the entire Stop() method idempotent by adding a stopped flag and mutex, so multiple calls to Stop() won't cause issues - Made socket file removal idempotent by checking if the error is "file not exists" before logging a warnin - Added special handling for EOF errors in the p11proxy handler. During shutdown, when connections are closed, EOF errors are expected and should not be logged as warnings
f3427e2 Improve site-local cache E2E script to run on Mac OS X
24718c9 Improve test clean up and logs
b40f7e6 Improve the error messages for when the user provides a bad password
f8f070c Improve the federation test for broker
1bef3c0 Improve the logging content to give user concise information
14f7eb5 Improvements from human review
d752c87 Include director decision info in plugin transfer ClassAd
668fa83 Incorporate William's feedback RE site-local docs ordering
c35ade3 Incorporate feedback from review
9f0e66f Incorporate server id in server ad
552c87f Initial plan
bde3da9 Initial plan
851daca Initial plan
a6d1e57 Initial plan
09f6c60 Initial plan
14f0b66 Initial plan
cfec4be Initial plan
9cd79f2 Initial plan
affce41 Initial plan
91a9211 Initial plan
7d47e1b Initial plan
9385c4c Initial plan
6f62e11 Initial plan
360d99a Initial plan
8e9bddd Initial review round of embedded fosite issuer
da3d4be Initial version of the multiuser origin
a0bda08 Install additional packages into the dev container image
5659c26 Install go-p11-kit package
ad2ef52 Integrate N2N plugin to map FederationPrefix to StoragePrefix for XRoot storage backends
913bca2 Introduce 'client_default' & 'server_default' in parameters.yaml
952ec73 Keep env prefix as pelican
921f8b4 Keep the table schema, map go struct to table
62eb382 Lay the foundation for using go.mod to define the Go toolchain version
19fa7e8 Lint
dbb2d42 Lint
998a78a Lint
569859d Lint
94d5e66 Lint
b7d77d4 Lint
a2b92c7 Lint
faea00f Lint
140747c Lint
b7a8f4a Load and activate both the default and pkcs11 providers
52914e9 Log polish - pass request ID all the way through
03ff282 Log the ID token received by the server
3b443c1 Maintenance on the "go generate" action
1ffd5be Maintenance on the CodeQL action
d412ecd Maintenance on the Linux testing action
116c391 Maintenance on the linter action
f05d5ac Maintenance on the non-Linux tests
233756d Maintenance on the parameters.yaml validation action
2764e19 Maintenance on the release actions
caeff38 Major refactor of pelican_fs.go addressing all code review feedback
8cb0db0 Make 'web_ui/frontend/out/placeholder' part of repo to avoid build issues
a11a2c9 Make HTCondor plugin world-executable for unit test
e118e81 Make OIDC scopes configurable
5059f41 Make Origin/Cache downtime operations independent of Registry's immediate acknowledgement - Before: If Registry was unreachable, the entire downtime operation initiated by the Origin/Cache admin would fail - After: Even Registry's immediate acknowledgement fails, Origin/Cache completes the local operation, logs a warning, and relies on periodic server advertisements to sync with Registry
d0ea46e Make Prometheus data retention policy configurable
914ebb6 Make an embedded issuer per export
bcb6e8b Make common test db migration pattern a function
ccb95f9 Make concurrency param validation consistent
e6070ca Make credentials always sent as HTTP Basic auth
4548f64 Make failure to parse EKU a fatal error
617a95b Make groups param required
526ca82 Make helper function small, pure and side-effect free - applyDowntimeFilters now takes the current downtime filter, detail info snapshots and returns fresh copies instead of mutating globals
21c05fb Make log level tests more robust
62c0b7d Make pelican_url module thread-safe and reset between unit tests
f3f18b6 Make sure runtime dir is not the global one for tests
2fe50c1 Make sure server/transfer manager can shutdown background threads
bddb969 Make the sql query more robust
dbffa83 Make tls.AlertError retryable
95992ab Make xrootd/pelican user UID:GID in images configurable
ce87362 Map new fields from API (IsOrigin/IsCache) into existing db fields
1ca263d Markdown formatting action is redundant and not needed
7acc5b8 Merge remote-tracking branch 'origin/group-ui' into group-ui
602aaa3 Merge remote-tracking branch 'origin/main' into copilot/allow-mutable-configuration
e8d90db Migrate plugin and plugin tests to new classads library
7aa82d3 Migrate ports back to being random free ones
36f9708 Migrate terminology from 'client api' to 'client agent'
56e1425 Minor fixes for CI tests
324f383 Minor fixes post-major rebase
e225580 Minor fixup to creating the SSSD user
1b61ace Minor grammar/typo fix
615d429 Minor optimizations to facilitate repeated container image builds
f1a0068 Minor semantic fix for docs
337a4d3 Mirror the downtimes to Registry if they are set by Orign/Cache - including CREATE/PUT/DELETE handlers - Mint a new token for all these mirroring ops
5e10410 Misc linter and Windows fixes
b83fd39 Modify test and swagger docs
83336cf More aggressively flush in-progress operations
d6a2a2b More linting
fac4d0b More linting
8a43893 More restructure; add Getting Help page
bf01354 Move Cache.ClientStatisticsLocation configuration after the runtime directories are initialized
0c1c218 Move PELICAN_MAXMINDKEY config handling into config package and deprecate
79e9626 Move ResetTestState from defer into t.Cleanup to avoid race with goroutines
60aafca Move address file to runtime directory instead of config directory
06dde4e Move address file write before dropping privileges - In drop-privileges mode the process runs as the unprivileged user after dropPrivileges() and can no longer write to RuntimeDir (e.g. /run/pelican), which caused "permission denied" when writing the address file and a fatal startup error. - This is safe because Server_ExternalWebUrl, Origin_Url, and Cache_Url are not set or changed after the drop in LaunchModules.
3c3a9eb Move broker listener startup after initial advertisement - LaunchBrokerListener() have to read the metadata, which is acquired through the advertisement
9471b3e Move broker metrics to a shared location - The broker is now used by both the Origin and Cache services. This commit moves its metrics to a common location so they can be accessed by both, rather than being coupled to the Origin.
643a3f7 Move cache monitoring and reduce chatty logging
879d22f Move configuration and validation to config/config.go
1c5033c Move error message down
f44236d Move metadata to top of page
6aa3579 Move metadata to top of page
a50db1a Move pelican url logic up to resolve test failures
f18b2a5 Move utilites out of cmd/director.go
033a6d5 Move validateServerType() to config package - To group relevant funcs together and improve reusability
43a87f5 Moved common code into addDataToClassAd
42b06ec Moved errors into their proper location
6859fa7 Moved iota enums into different const blocks
e0e439e New federation test for Cache with Broker enabled - The test verifies that: 1. The cache broker metric collector exists 2. The cache broker is properly enabled 3. The broker listener starts up successfully 4. The cache polls the broker endpoint (visible in logs) 5. Broker metrics can be incremented
0466ec1 Next round of human-reviewed changes
acf33bf Next round of improvements for POSIXv2
16622d9 No longer set Origin/Cache-originated downtimes on DIrector through server ads
f34f67d Now closes the fp before renaming (requried for windows)
aedbe14 Now proccesses upload - object already exists errors
586835a Now wraps metadata discovery errors with PelicanErrors
fdfa7bc On synced upload, 403 errors are considered a skip
9c99db3 One sentence per line and one line per sentence for params documentation
78df796 Only add 'alice' user once
e17bc38 Only list the approved servers
b970017 Only throw an overwrite error when syncing is not enabled
c738d08 Only warn about missing pkcs11 bits if this feature was explicitly requested
21de0db Origin and Caches now check for a minimum xrootd version before starting
2696699 Origin use registered prefix when polling broker
b01ab3f PKCS11 integration strategy update
66ab0fc Panic if we can't restore credentials to the correct state
c975450 Phase 3 of transfer agent - persist current queue into a local DB.
fe5987c Plumb director decision info through the client layer
dfbcc22 Point federation-based monitoring scitokens cfg at Federation issuer
ac322a4 Polish GitHub OAuth docs
3b6dcc3 Post-rebase fixups
f7b102c Prefer 'npm ci' to 'npm install' in GitHub Actions
b2a7d8a Prefer human-readable OIDC claims for username display (#3044)
9e5d1aa Preserve the misspelled metric name for backwards compatibility
4cfa811 Pretty print times in locale
c00263c Prevent background goroutine from reading TLS hello from cache
b10d55d Prevent killing PID 1 and set test to dummy PIDs
8108d18 Process all downtimes in a single loop for both display and filtering - get rid of the unnecessary "runningServers" variable - It's ok to add non-running servers to filteredServers, which has no effect if the server isn't in serverAds. Those entries just sit there unused until the server comes online
aedffe7 Properly wrap errors
9097b76 Provide E2E integration test for xrootd monitoring
a9d714d Provide a env var switch to quickly test POSIXv2 backend
5e5b333 Provide accurate endTime for the shutdown downtime, and scopes required by downtime CLI
c96b471 Provide an E2E cache test for offline origins
abdcb26 Push per-test logging setup across the project
9e7b1ed Put POSC behind a feature flag
b7792e9 Re-generate params after rebase
97831b5 Rebase and regenerate docs code
17856f7 Rebase changes onto latest main after PR #2832 consolidation
8cdcd97 Rebased on main
1066560 Reconfigure global fed info object during fed tests
94a6989 Record the server ID along with the server name in local DB
58cf9e6 Refactor GetServerMetadata according to the review feedback. - The function now returns a server_structs.ServerRegistration struct to represent metadata, instead of individual strings. This makes it more extensible for future additions without changing the function signature. - Other minor changes
463e24f Refactor PR to use new restart code and avoid direct use of viper
4cf2f63 Refactor config_test.go to avoid globals
9607255 Refactor runDirectorTestCycle to consolidate duplicate logics - Instead of having duplicate healthTestUtils setting blocks in success/failure branches, now it just has one setter - Similarily, single call to reportStatusToServer, testStatusMetric, and reportStatusMetric - The overall flow: 1. Run the Director-test 2. Determine status/message based on result 3. Update healthTestUtils once 4. Call reportStatusToServer once 5. Record metrics once - Also address the review comment: safely build the error message, only appending testErr.Error() if testErr is not nil
ecfc292 Refactor and Improve Upload_TempLocation and StoragePrefix validation
d43d2f1 Refactor broker callback initialization
8eda847 Refactor client
613a054 Refactor command to use predefined structs
cb0e873 Refactor env var config test to use table style
39bc769 Refactor query param handling, use actual getCmd in tests, add prefercached conflict check
1e2646b Refactor rate-limiting implementation and metrics
b924071 Refactor test mocking to use package-level variable
06b3701 Refactor the restart test to avoid polling for failure twice
58ff434 Refactor to avoid reflection in recovery
d4c59d9 Refactored createTransferError
1be22d7 Refactored tests guided by reviewer comments
8077a92 Reject UploadTempLocation under StoragePrefix at startup
9dc24a7 Remove 'Content-Disposition: attachment' header from Origins
592ca22 Remove InvalidByteInChunkLengthError fallback from IsRetryable
fab2119 Remove XRootD prefix test
5a47a57 Remove --enablerepo=osg-development
c9d9eea Remove database mover code - Registry DB migration (to pelican.sqlite) was completed in v7.19
3434ede Remove deprecated configs in drop privileges process
fb1f75d Remove devel/debug print statement
694ae0d Remove duplicate SetServerDefaults call
b9b5bf1 Remove duplicate build of pelican binary
f9bfec1 Remove generated tag
d23c42f Remove hand-created token; force CLI to create one
38b5272 Remove legacy classads package
8a9cfdc Remove merge conflict markers from osx_install.sh
ea3ddcf Remove old Federation URL
dc4f636 Remove pixi installation instructions
4129364 Remove placeholder tests and add GitHub OAuth2 config example
bdfc6e4 Remove rebase commands
5f3c99e Remove redundant NetworkResetError check from IsRetryable
92c3e90 Remove redundant assertions in unit tests
e21803f Remove redundant file The content of this removed file is moved to the docs at /pelican/docs/app/federating-your-data/orig in/page.mdx
e4d4e43 Remove temp file logic and just delete on failure
500172a Remove test environment code: this affects the prune test (requiring it to complete in <1s to succeed)
f718fb4 Remove the Director-test support for Origin < v7.7
016e83d Remove trailing whitespace in AGENTS.md
19ef058 Remove unecessary heirarchy and make dropdown titles lower case
ac574f5 Remove unnecessary ExpandPath to avoid tilde being significant
f2a8028 Remove unnecessary metrics path check
570d39c Remove unused default setting
962b967 Remove unused function
9ceebf2 Remove unused functionality from the entrypoint script
8abdcb8 Remove unused isDowntimeActive function to fix linter errors
cdc2894 Remove unused patch file
d02f623 Remove use of viper according to new parameter setting
24e8668 Remove user usage
782a062 Remove username update logic and update error message in CreateUser
3ae406e Remove warnIssuerKey and relevant vars
a03fc86 Remove warning about creating private key at designated path
44ca0b8 Remove workflow steps that were accidentally re-added
8986e6c Removed Origin.EnableUI
ca05c80 Removed extra comments from isRetryable function
5c6c2a9 Removed incorrect catch all and added clarifying comment
0cd2932 Removed outputting of the password location
6b51337 Removed param.Server_EnableUI check
d7d6ba7 Removed redundant OIDC check
49702e1 Removed redundant go vet check
d51e688 Removed redundant language in error description
f1aa5db Removed version.go and version_test.go from windows builds
0b39e97 Rename the config file for typos
61910e4 Replace use of raw integers for rates with a proper type
adcc8f4 Replaces pelican generate keygen with pelican key create - Change the narrative to prompt user to use IssuerKeysDirectory by default
61bed0b Require the xrdhttp-pelican >= 0.0.10 RPM for pelican-server (#3086)
a992c5e Reset additional state between tests
d0407e2 Reset command state between subtests to fix test failures
e76464c Restore a few comments that were accidentally deleted during refactor
861dafc Restore pixi installation instructions with correct commands
b7646e1 Restore the exclusion on 'node_modules' for cache keys
41a17ee Restructure FAQ section
1238103 Return error whenever Director test report fails
77479b5 Return failed server deletion error msg
57e3bb8 Revert "Bump version of xrootd-s3-http to v0.6.2"
0cfabbe Revert "Handle legacy Capability name gracefully"
0e98240 Revert "Remove osg-development from installation repos"
7a73f79 Revert "Remove database mover code"
007d757 Revert the stopgap build fix from #3069
42280a7 Revert unnecessary approval check
e971c9e Review param usage in client_agent
22ff4ec Revise Testing section for clarity
e097e62 Revise the error message to reflect all possible reasons - Also wrap it in a Pelican Error Type
75558e6 Revive the rate-limited filesystem post-rebase
5f56510 Rework scope calculation and integrate scope checking in collections routes
6d689ef Reworked the validation
62c0235 Rewrite of the local cache
8da771d Rough draft of troubleshooting for functioning Origin access but no Cache access
cb88a6e Round of review fixes
141b2d4 Rule out the stale entries associated with a non-existent registration in the services table - Typically caused by the foreign key constraint is not enforced in the services table.
984e221 Run Prettier via GitHub Actions
40af0bd Run go generate
0632947 Run go mod tidy to catch updates of net package
16f4f8d Run gofmt on test file
d48eb9b Run gofmt to fix formatting issues in director/monitor.go
2de2e4d Run markdown formatting on all markdown files
c704413 Run the 'geoquery' script through standard Python tools
aa558b9 SQLite driver-specific Foreign-key constraint activation
99f2ab0 Semantic changes
a205235 Semantic improvements
63018fb Server approval status check - When auto-registration happens, Registry checks if the request sender is the owner of the server name it claims. This commit ensure that it is checking against an approved server name
1858b1d Server.EnableUI now only enabled the web ui
32d3245 Set downtime token's audience and check it - Let this token explicitly target Registry’s host:port
571a345 Set monitoring scopes only for admins (#2767)
3a96b29 Set proper perms for openssl-pkcs11.cnf
b904494 Set socket's perms and group
5bf296e Set user and userid in auth
1f79a94 Setup pre-commit to use Python 3.13 in the dev container
e792fae Similarly remove Content-Disposition from Caches
f83699b Simple linter fixes
e5b65bc Simple unit tests to verify two new Prometheus stubs - stubs for /rules and /alerts endpoints
553adec Simplify OIDC username claim resolution in generateUserGroupInfo
9bfc218 Simplify the capability names logic in webUI - Update the names in Capabilities interface - Conversion is done in backend, so the frontend doesn't need to map the old names to new ones
35e3718 Simplify volume mount documentation per review feedback
75d93f4 Site-local caches should query Director for Caches, not Origins
b37bd19 Skip registration for caches running in site-local mode
875d6a3 Skip test if user is not present
ef12d80 Skip test of directory listings at cache - hit an xrdcl-pelican bug
5018795 Some Python packages build C/C++ libraries on install
62675f0 Split default log levels for clients/servers
f3db1d2 Split out group members into users table and add QOL for group management
2ad3afb Split updateDowntimeFromRegistry into smaller helper functions
38cbb85 Stub implementations for two prometheus endpoints
a5de1f4 Support director only broker usage
88ab3af Support parsing the >- syntax for string slices
65ea291 Suppress query logs on Origin/Cache initial startup - GORM would generate a log for each DB query, no matter success (level: debug) or failure (level: error) - However, when the user starts an Origin/Cache for the first time, the DB is empty so the DB query will definitely get a "record not found" error - This error will be logged by GORM by default as an error log. But this may be misleading for the user because this is an expected behavior. The "record not found" is already handled by the subsequent code. - So this commit aims to suppress query logs on these two DB operations to avoid confusions.
bdd2e29 Swagger docs for Server APIs
46b1cfb Switch 'object rm' to 'object delete' in token docs
95b3c1d Switch from OSG 24 to OSG 25 to better match other practice
7f68638 Switch to AGENTS.md format for AI agent instructions
ca72245 Switch to installing the pelican-server binary in all server images
431366f Switch to stdlib for user detection to fix GHA
4348f3e Switch to useApiSWR hook to auto handle errors - Refactor getFederationDiscrepancy to use useApiSWR hook - Switch direct useSWR call to useApiSWR, which will automatically display alerts when API calls fail, just like other APIs. So there is no need to manually handle errors
d10bb5a Sync the JWKS URI - So the JWKS URI federation discovery endpoint and what's in Pelican process' global federation metadata pelican_url.FederationDiscovery - In discoverFederationImpl, fedInfo.JwksUri will first fill with the value of the Federation.JwkUrl config param. If it is not set, that function will probe Discovery Endpoint to get the jwks_uri there. At last, if fedInfo.JwksUri is still empty, it will fallbacks to Director's externalUrl + "/.well-known/issuer.jwks"
3571a0f Take the r/w lock now that we modifying pb.status
a359c1e Temporarily disable the warning threw to the user when they use IssuerKey - because Facilitation team and Integration team think this is not user-friendly
c671592 Test object path update - we don't want to use the old test object /ospool/uc-shared/public/OSG-Staff/validation/test.txt anywhere in our codebase. The new path we should use for this kind of testing is /pelicanplatform/test/hello-world.txt.
6a96d30 Test the new retry logic - It can only tolerant 3 failures before giving up. It returns error when the failure count is greater than 3
fe9ef67 Test the token scope validation
8b0c289 Tests no longer use linux specific paths
13ad9a8 Tests that build Pelican and don't need VCS info should make that explicit
2c1c95d Tidy up PID/lockfile usage to avoid races and stale files
0899c1f Tidy up and send output to the GitHub Action summary
a5eed76 Tidy up pet peeves in init_server_creds.go
f7e07c9 Token updates: add registered server issuer verification - Add the RegisteredServer issuer type, JWKS lookup by server ID, and unit coverage for the new auth flow.
c7275b1 Touch up comments/documentation for 'xroot' storage backend
2c7f72a TransferResponse now handles StoppedTransferErrors
e606c6f Transform redirect info to classad
3b13520 Trigger degraded state with a configurable ratio of server concurrency
1059ec1 Trigger site-local cache test in GHA
82a54c9 Try adding placeholder from generate package
5ab2c38 Try switching from 'issuers' to 'authorization servers' in authZ docs
1ba6be1 Try switching the DB interaction to GORM
ccc95c5 Try to make persistence test more robust, protecting against race conditions.
05549b0 Trying to fix actions
431c740 Tune up stat test script to work with address file
f7cc62f Tuneup after invoking the set-logging-level from my terminal
0cc7e42 Unify minio startup scripts
67d4e7f Unit test fixes - particularly around chunk-encoded files
ef55cd1 Unit test for runtime namespace ads change triggers config files update - Test that scitokens.cfg and authfile are actually updated when namespace ads change during runtime - It simulates runtime by invoking the same write functions the maintenance loop uses.
d8c02d8 Unit tests - TestAutoShutdownOnStaleAuthfile: forces repeated Authfile failures, sets a tiny Xrootd.ConfigUpdateFailureTimeout, launches maintenance, and asserts a shutdown is requested via config.ShutdownFlag. - TestConfigUpdatesHealthOKWhenFresh: configures valid inputs so both emitters succeed repeatedly, launches maintenance, then asserts metrics.OriginCache_ConfigUpdates is OK.
618a655 Unit tests and comments amendment
c9a2ab8 Unit tests for metadata discrepancy checking logics
be535eb Unwrap Pelican error message, fixes pelican test errors
17c2d5d Update 'golang.org/x/crypto' after a user reported a CVE
3d7dbdb Update .gitignore
306c327 Update API json keys
14eb948 Update Auth Template
bf85e34 Update COPY support to catch up with the rest of the HTTP client
00259d8 Update Cache Broker connection counter - This mirrors the origin implementation and allows tracking of cache broker connections
88e1a13 Update Downtimes for new Server Concept
4d2c65b Update Downtimes for new Server Concept
2341dee Update Downtimes for new Server Concept
9616326 Update Downtimes for new Server Concept
4de2657 Update GoReleaser config to not use deprecated options
c7fb4a3 Update IsRetryable to handle wrapped ConnectionSetupError
4908367 Update OpenAPI documentation with new user and group API endpoints
42cbd24 Update Prometheus Docs
7ae5686 Update Registration Deletion
72862a3 Update X-Pelican-Broker description to clarify connection reversing purpose
2ca9ea2 Update _meta.js
80a967f Update _meta.js
7e72921 Update a few internal uses of 'param.Debug` to instead use 'Logging.Level'
74fc999 Update actions to run on experimental builds as well.
1421b49 Update and re-organize OA4MP-related resources
d171abf Update authenticated block to not render content you aren't auth'd for
81bb63d Update authenticated block to not render content you aren't auth'd for
56fe0cb Update authfile generation to work with more 'privileges'
0d9645d Update classads library
b987c43 Update collections commands and improve error handling
4891b6e Update container to 1.25 as well
075f197 Update container to 1.25 as well
ceba9ed Update design doc / README files
1901002 Update docs
6a661f8 Update docs for a special downtime - graceful shutdown
747c080 Update error message install instructions
55e5b04 Update golang to 1.25 to get os.Root semantics
82bf01c Update golang to 1.25 to get os.Root semantics
0ef00b8 Update gorelease config to retain symbols in pelican-server (only)
afac152 Update href for version links in _meta.js
f16dbdb Update messages based on reviewer feedback
f37e8f6 Update metadata discovery tests
317b45b Update monitoring parameter components
5fd1f36 Update npm packages
fd486cd Update parsing of authfile entries
b69edc3 Update pre-commit config to not use deprecated options
da589fa Update request/response types
e310157 Update swagger
c6c781c Update swagger to align with camelcase response
5329a95 Update test to reflect that an attempt was made
0a8064b Update tests for ChecksumMismatchError wrapping
ab32492 Update tests for ConnectionSetupError wrapping
6731cdd Update tests for authfile parsing changes
58612dd Update tests for wrapped dirListingNotSupportedError
f777050 Update tests to provide a user_id in cookie
2607008 Update the OA4MP launcher for the new resource layout
022d7fb Update the auth middleware for downtime mirroring - Allow registered servers (Origin/Cache) to manage downtime via bearer tokens, besides the existing admin cookies
ed5691d Update the description of Server.IssuerJwks
8ca55d0 Update the type of server when its service gets deleted
38cb57d Update to a new golangci-lint version to break caching in pre-commit
bdbf6b2 Update to use new param package
4580110 Update to xrdhttp-pelican v0.0.11
513ee75 Update token creation to reflect new origin issuer for fed-in-a-box
6a20311 Update typing
4a2aadd Update with reset-local
dabda03 Update xrdhttp-pelican to v0.0.10
a527368 Update xrdhttp-pelican to v0.0.9
17a1d80 Updated CheckAdmin function to use groups
c712cd2 Updated isRetryable to account for PelicanError wrapping
d536a9a Updated the credentials password messages to be less scary
85aa205 Updated the error_code_generator.go to add accessor functions
9744dea Updated the test to use http status codes rather than ints
dbac855 Updates token not found tests to use Pelican Errors
b7a617e Upgrade ServerName to ServerLocalMetadata
210706a Upgrade to OA4MP 6.2.3 and Apache Tomcat 9.0.115
ec9fab5 Use 'Terminal' component instead of triple backticks with bash to fix <> rendering
33f8045 Use HTTPS in broker test to match production behavior
a3b4041 Use URL as key, NOT server name for stat TTLCache
a48ae7a Use UserIdentity
a1ce1a3 Use bsdtar to work around a bug with ARM64 emulation and tar
cb6406f Use a set and a helper function to deduplicate downtimes
730d0ce Use a stock AlmaLinux image as the base image
a07f371 Use architecture-specific runners for multi-architecture builds
7c512f0 Use cache sitename for registered prefix
467464c Use classads in test instead of json
e77671e Use config helper functions to set/get log levels throughout the codebase
470c210 Use config.IsServerEnabled to determine directorTest enabling
14970e7 Use database User type
cf8a404 Use direct path to go.sum and package-lock.json
7226e26 Use federation discovery to set Registry hostname as token audience
2c3d8fa Use filteredServers map as single source of truth for downtime checking
c4186e3 Use global GroupPost
1858ea8 Use go.mod and package.json to lookup software versions
c11b68e Use param package and remove unnecessary config
511a075 Use scheme in default OSDF Discovery URL
3ea18de Use secretbox instead of box for symmetric data encryption in backups
b000f22 Use stable identifiers (ID, OIDC sub) for admin and authz checks (#3050)
167cb4b Use standard cache ports in site-local cache docs
8abc467 Use standard nextra callouts through Docker page
a63fb32 Use sub and issuer as main axes to identify a user
7adba12 Use t.Cleanup for test cleanup instead of defer
0bc82b1 Use the existing JWKS creation function in test utils - Instead of creating a new one
7b2e8d5 Use user ID to be primary reference to a user
2056ce5 Use xrdhttp-pelican plugin to handle fed token refresh in drop-privs mode - Note there's a counterpart PR in xrdhttp-pelican plugin repo
433791e Use year placeholder in license header template
87977e2 Used Howard's PR to pass a server's prefix to the broker
1e3c0aa Various linter formatting fixes
e4f98d0 WIP - checkpoint of the draft server handlers
f68c476 WIP: Addition of a new SSH-based backend for the origin
6d2db57 WIP: Collections AuthZ and Prototype Collections CLI
df19312 WIP: Continue work on retries
6a4cd37 WIP: Remaining new files
5a5b96b Warn of deprecation in old token generation docs
d6eda89 We now add DeveloperData/TransferErrorData on director contact failure
8d71573 Working version of the SSH backend post human review
93bfa97 Wrap *net.OpError (proxyconnect) as Contact.ConnectionSetupError
76ec198 Wrap ChecksumMismatchError as Transfer.ChecksumMismatch
4573d31 Wrap ConnectionSetupError with PelicanError in transfer handlers
7275a71 Wrap HTTP status code errors in DiscoverFederation with PelicanError types
40426cb Wrap InvalidByteInChunkLengthError as TransferError
e029ac2 Wrap all eventually-consistent fields in require.Eventually
c014ca0 Wrap allocateMemoryError with TransferError in download loop
accb350 Wrap dirListingNotSupportedError as SpecificationError
123972a Wrap permission denied error (also fixed indentation)
4d030b2 Wrap the metadata connection reset by peer error
c66a0c6 Wrapped an error added in the rebase
878c7ae Wrapped director i/o timeout errors
8390f88 Wrapped specific 404 errors and updated tests
1eb95e2 Wrapped timeouts in pelican errors
9bf6985 add redirect URL for Globus OAuth set up debugging
72ad059 address DB access feedback from Howard
6fadbce client: add tests for status code error wrapping
e16f63a client: refactor status code error wrapping and improve error handling
31e9a1d downloadObject now calls os.Makedir with 777 permissions
ad8b473 fail-stop multiple origin config for globus (for now)
4c6bd09 first round of feedback
471a8e8 fix linter issue
7e98503 fix name getters
678de8d fix parameters.yaml typo
ec942fa fixed some documentation/linting issues
9e5db34 fixed some review comments
da40907 fixup whitespace
fb06b3e globus changes
44a3515 migrate origin db to mono db
36ca641 p11proxy: introduce PKCS#11 RPC helper and OpenSSL integration - New pelican/p11proxy with Start/Stop, Info, Options. - Serve a PKCS#11 slot via p11kit.Handler exposing a private key (Go crypto.Signer) and X.509 cert. - Autodetect engine (pkcs11.so) and module (p11-kit-client.so) and write OPENSSL_CONF. - Generate pkcs11: URI and export P11_KIT_SERVER_ADDRESS; never write private keys to disk; cleanup socket/temp on stop.
b2198cc support transfer API expanded scopes and refresh token

Contributors

williamnswanson

Assets 30