We have a CSR authorizer plugin for calling to an IPC service.
In this commit we add test implementation of such a service.
We also remove the simple_csr_authorizer plugin and fold its
functionality into the new test_csr_authorizer functionality.
In order to support batch jobs systems that run many users' jobs and
which jobs need credentials, we add a /get-tgts end-point that is a
batched version of the /get-tgt end-point. This end-point returns JSON.
Also, we make GETs optional, default to not-allowed in preference of
POSTs.
We also correct handling of POST (before POSTs with non-zero-length bodies
would cause the server to close the connection), and add additional CSRF
protection features, including the ability to disable all GET requests
for /get-keys and /get-config.
- Don't log "Request from wrong address (ignoring)".
- Add "wrongaddr=yes" kv to final log message.
- Add request and ticket addresses (up to 3) to final log message.
The --connect-to option is much nicer and better than --resolve for testing,
but for testing against localhost --resolve is good enough and available in
older versions of curl.
