NAS-135481 / 25.10 / Add validation checks for STIG enable. (#16311)
The features Docker, VM support and TrueNAS Connect are not allowed
under STIG mode.
Moved validation checks for those to the STIG enable command to
facilitate CI testing.
Update the STIG CI test to include the STIG enable validation checks.
Also added CI tests to confirm the features cannot be enabled while in
STIG mode.
Passing CI tests:
http://jenkins.eng.ixsystems.net:8080/job/tests/job/api_tests/4028/
NAS-135377 / 25.04.1 / Expand possible incus instance status results in API (by anodos325) (#16289)
This commit adds FROZEN and ERROR as possible incus instance status
since they are mentioned in incus documentation. Lxc additionally
defines state strings of STARTING, STOPPING, FREEZING, and THAWED which
technically possibly surface as instance state. C.f src/lxc/state.c in
lxc codebase.
Original PR: https://github.com/truenas/middleware/pull/16276
Jira URL: https://ixsystems.atlassian.net/browse/NAS-135377
Co-authored-by: Andrew Walker <awalker at ixsystems.com>
NAS-135375 / 25.04.1 / Add a synthetic container root user (by anodos325) (#16320)
This commit adds a user truenas_container_root that doesn't get written
to passwd and shadow files, but exists in user-related API responses.
This allows users to assign permissions to the root uid in
non-privileged containers and generally have UI look less confusing.
Original PR: https://github.com/truenas/middleware/pull/16319
Jira URL: https://ixsystems.atlassian.net/browse/NAS-135375
---------
Co-authored-by: Andrew Walker <awalker at ixsystems.com>
NAS-135375 / 25.10 / Add a synthetic container root user (#16319)
This commit adds a user truenas_container_root that doesn't get written
to passwd and shadow files, but exists in user-related API responses.
This allows users to assign permissions to the root uid in
non-privileged containers and generally have UI look less confusing.
NAS-135471 / 25.10 / convert AuditBackend to new api (#16305)
Convert this private namespace to utilize the new api_method decorator.
---------
Co-authored-by: Logan Cary <logan.cary at ixsystems.com>
Add a synthetic container root user
This commit adds a user truenas_container_root that doesn't get
written to passwd and shadow files, but exists in user.query
responses. This allows users to assign permissions to the
root uid in non-privileged containers and generally have UI
look less confusing.
NAS-135477 / 25.10 / Make sure certs are only renewed on active node (#16308)
This PR adds changes to make sure that certs are only renewed on the
active node and standby/active both do not try to do that.