FreeNAS/freenas 7372e86src/middlewared/middlewared/utils/account authenticator.py

Fix
DeltaFile
+1-1src/middlewared/middlewared/utils/account/authenticator.py
+1-11 files

FreeNAS/freenas 12be4edsrc/middlewared/middlewared/utils/account authenticator.py

Fix
DeltaFile
+3-2src/middlewared/middlewared/utils/account/authenticator.py
+3-21 files

FreeNAS/freenas daf7953src/middlewared/middlewared/utils/account authenticator.py

Fix
DeltaFile
+14-4src/middlewared/middlewared/utils/account/authenticator.py
+14-41 files

FreeNAS/freenas b78c7e6src/middlewared/middlewared/utils/account authenticator.py

Fix
DeltaFile
+1-1src/middlewared/middlewared/utils/account/authenticator.py
+1-11 files

FreeNAS/freenas 0112486src/middlewared/middlewared/utils/account authenticator.py

Fix
DeltaFile
+1-1src/middlewared/middlewared/utils/account/authenticator.py
+1-11 files

FreeNAS/freenas 87b9c72src/middlewared/middlewared/utils/account authenticator.py

Fix
DeltaFile
+2-2src/middlewared/middlewared/utils/account/authenticator.py
+2-21 files

FreeNAS/freenas 167cd1asrc/middlewared/middlewared/utils/account authenticator.py

Fix
DeltaFile
+62-39src/middlewared/middlewared/utils/account/authenticator.py
+62-391 files

FreeNAS/freenas 4cc8311src/middlewared/middlewared/api/base/types user.py, src/middlewared/middlewared/pytest/unit/api/base/types test_user.py

use `accept_params`
DeltaFile
+3-2src/middlewared/middlewared/pytest/unit/api/base/types/test_user.py
+1-1src/middlewared/middlewared/api/base/types/user.py
+4-32 files

FreeNAS/freenas b6ee20dtests/api2 test_account.py

update user validation tests
DeltaFile
+2-2tests/api2/test_account.py
+2-21 files

FreeNAS/freenas 2369c15src/middlewared/middlewared/plugins etc.py

Fix
DeltaFile
+1-0src/middlewared/middlewared/plugins/etc.py
+1-01 files

FreeNAS/freenas edced0asrc/middlewared/middlewared/etc_files/pam.d middleware-api-key.mako middleware.mako

Add pam_limits
DeltaFile
+3-0src/middlewared/middlewared/etc_files/pam.d/middleware-api-key.mako
+3-0src/middlewared/middlewared/etc_files/pam.d/middleware.mako
+6-02 files

FreeNAS/freenas 12d6ea4src/middlewared/middlewared/alert/source fips.py

Address review
DeltaFile
+8-3src/middlewared/middlewared/alert/source/fips.py
+8-31 files

FreeNAS/freenas dca7720src/middlewared/middlewared/alert/source auth.py

Order sessions in AdminSessionAlertSource
DeltaFile
+3-0src/middlewared/middlewared/alert/source/auth.py
+3-01 files

FreeNAS/freenas eb35caesrc/middlewared/middlewared/plugins/nvmet __init__.py

Add missing __init__.py
DeltaFile
+0-0src/middlewared/middlewared/plugins/nvmet/__init__.py
+0-01 files

FreeNAS/freenas 5744ac4src/middlewared/middlewared/api/v25_10_0 audit.py

UUID can be an empty string for some reason
DeltaFile
+1-1src/middlewared/middlewared/api/v25_10_0/audit.py
+1-11 files

FreeNAS/freenas 8828981src/middlewared/middlewared/etc_files/pam.d middleware-api-key.mako

Fix
DeltaFile
+1-1src/middlewared/middlewared/etc_files/pam.d/middleware-api-key.mako
+1-11 files

FreeNAS/freenas d794b43tests/api2 test_zzzz_stig.py

Remove unnecessary mock removal calls.

(cherry picked from commit 133462ee6f75d8c58f365ac76acbea065a491d4b)
DeltaFile
+0-9tests/api2/test_zzzz_stig.py
+0-91 files

FreeNAS/freenas 4d15236src/middlewared/middlewared/plugins/security update.py, tests/api2 test_zzzz_stig.py

Add validation checks for STIG enable.
Add STIG CI tests.

(cherry picked from commit 38196d6e40295d2fda7998c043e08ae13fc33f37)
DeltaFile
+91-22tests/api2/test_zzzz_stig.py
+19-19src/middlewared/middlewared/plugins/security/update.py
+110-412 files

FreeNAS/freenas 8bf13c7src/middlewared/middlewared/plugins/security update.py, tests/api2 test_zzzz_stig.py

NAS-135481 / 25.10 / Add validation checks for STIG enable. (#16311)

The features Docker, VM support and TrueNAS Connect are not allowed
under STIG mode.
Moved validation checks for those to the STIG enable command to
facilitate CI testing.

Update the STIG CI test to include the STIG enable validation checks.
Also added CI tests to confirm the features cannot be enabled while in
STIG mode.

Passing CI tests:
http://jenkins.eng.ixsystems.net:8080/job/tests/job/api_tests/4028/
DeltaFile
+82-22tests/api2/test_zzzz_stig.py
+19-19src/middlewared/middlewared/plugins/security/update.py
+101-412 files

FreeNAS/freenas 02cafedsrc/middlewared/middlewared/utils/account authenticator.py, tests/api2 test_account_privilege_authentication.py

Fix
DeltaFile
+0-10tests/api2/test_account_privilege_authentication.py
+3-3src/middlewared/middlewared/utils/account/authenticator.py
+3-132 files

FreeNAS/freenas 4f25f6asrc/middlewared/middlewared/plugins/apps migration_utils.py upgrade.py, src/middlewared/middlewared/pytest/unit/plugins/apps test_migration_utils.py test_upgrade_values.py

Introduce support for app config migrations (#15434)
DeltaFile
+411-0src/middlewared/middlewared/pytest/unit/plugins/apps/test_migration_utils.py
+192-0src/middlewared/middlewared/pytest/unit/plugins/apps/test_upgrade_values.py
+91-0src/middlewared/middlewared/plugins/apps/migration_utils.py
+57-1src/middlewared/middlewared/plugins/apps/upgrade.py
+751-14 files

FreeNAS/freenas 627e4fbsrc/middlewared/middlewared/api/v25_04_0 virt_instance.py, src/middlewared/middlewared/api/v25_04_1 virt_instance.py

NAS-135377 / 25.04.1 / Expand possible incus instance status results in API (by anodos325) (#16289)

This commit adds FROZEN and ERROR as possible incus instance status
since they are mentioned in incus documentation. Lxc additionally
defines state strings of STARTING, STOPPING, FREEZING, and THAWED which
technically possibly surface as instance state. C.f src/lxc/state.c in
lxc codebase.

Original PR: https://github.com/truenas/middleware/pull/16276
Jira URL: https://ixsystems.atlassian.net/browse/NAS-135377

Co-authored-by: Andrew Walker <awalker at ixsystems.com>
DeltaFile
+1-1src/middlewared/middlewared/api/v25_04_0/virt_instance.py
+1-1src/middlewared/middlewared/api/v25_04_1/virt_instance.py
+2-22 files

FreeNAS/freenas d9dd62asrc/middlewared/middlewared/plugins account.py idmap.py, src/middlewared/middlewared/plugins/account_ constants.py

NAS-135375 / 25.04.1 / Add a synthetic container root user (by anodos325) (#16320)

This commit adds a user truenas_container_root that doesn't get written
to passwd and shadow files, but exists in user-related API responses.
This allows users to assign permissions to the root uid in
non-privileged containers and generally have UI look less confusing.

Original PR: https://github.com/truenas/middleware/pull/16319
Jira URL: https://ixsystems.atlassian.net/browse/NAS-135375

---------

Co-authored-by: Andrew Walker <awalker at ixsystems.com>
DeltaFile
+41-0tests/unit/test_container_root.py
+16-0src/middlewared/middlewared/plugins/account_/constants.py
+14-1src/middlewared/middlewared/plugins/account.py
+7-1src/middlewared/middlewared/plugins/idmap.py
+5-1src/middlewared/middlewared/plugins/filesystem.py
+83-35 files

FreeNAS/freenas 82d3471src/middlewared/middlewared/plugins account.py idmap.py, src/middlewared/middlewared/plugins/account_ constants.py

NAS-135375 / 25.10 / Add a synthetic container root user (#16319)

This commit adds a user truenas_container_root that doesn't get written
to passwd and shadow files, but exists in user-related API responses.
This allows users to assign permissions to the root uid in
non-privileged containers and generally have UI look less confusing.
DeltaFile
+41-0tests/unit/test_container_root.py
+16-0src/middlewared/middlewared/plugins/account_/constants.py
+14-1src/middlewared/middlewared/plugins/account.py
+7-1src/middlewared/middlewared/plugins/idmap.py
+5-1src/middlewared/middlewared/plugins/filesystem.py
+83-35 files

FreeNAS/freenas 509d468src/middlewared/middlewared/plugins/audit backend.py

NAS-135471 / 25.10 / convert AuditBackend to new api (#16305)

Convert this private namespace to utilize the new api_method decorator.

---------

Co-authored-by: Logan Cary <logan.cary at ixsystems.com>
DeltaFile
+25-17src/middlewared/middlewared/plugins/audit/backend.py
+25-171 files

FreeNAS/freenas 4ceb8d9src/middlewared/middlewared/plugins account.py idmap.py, src/middlewared/middlewared/plugins/account_ constants.py

Add a synthetic container root user

This commit adds a user truenas_container_root that doesn't get
written to passwd and shadow files, but exists in user.query
responses. This allows users to assign permissions to the
root uid in non-privileged containers and generally have UI
look less confusing.
DeltaFile
+41-0tests/unit/test_container_root.py
+14-1src/middlewared/middlewared/plugins/account.py
+15-0src/middlewared/middlewared/plugins/account_/constants.py
+7-1src/middlewared/middlewared/plugins/idmap.py
+5-1src/middlewared/middlewared/plugins/filesystem.py
+82-35 files

FreeNAS/freenas ec44c0fsrc/middlewared/middlewared/plugins/crypto_ renew_certs.py, src/middlewared/middlewared/plugins/failover_ event.py

NAS-135477 / 25.10 / Make sure certs are only renewed on active node (#16308)

This PR adds changes to make sure that certs are only renewed on the
active node and standby/active both do not try to do that.
DeltaFile
+6-0src/middlewared/middlewared/plugins/crypto_/renew_certs.py
+4-0src/middlewared/middlewared/plugins/failover_/event.py
+10-02 files

FreeNAS/freenas 3c2d5afsrc/middlewared/middlewared/plugins account.py

Fix
DeltaFile
+3-1src/middlewared/middlewared/plugins/account.py
+3-11 files

FreeNAS/freenas 51941bdsrc/middlewared/middlewared/api/v25_10_0 virt_instance.py, src/middlewared/middlewared/plugins/virt instance.py

Allow running containers in privileged mode
DeltaFile
+15-1src/middlewared/middlewared/api/v25_10_0/virt_instance.py
+9-2src/middlewared/middlewared/plugins/virt/instance.py
+24-32 files

FreeNAS/freenas 08ba76fsrc/middlewared/middlewared/plugins/audit backend.py

address reviews
DeltaFile
+7-8src/middlewared/middlewared/plugins/audit/backend.py
+7-81 files