Commit graph

1736 commits

Author SHA1 Message Date
Michael Schurter 01816af088 Node.List ACL enforcement 2017-09-14 22:01:18 -07:00
Michael Schurter aca9e337aa Node.GetAllocs ACL enforcement 2017-09-14 21:42:19 -07:00
Michael Schurter 369ab10405 Fix comments for Node ACL tests 2017-09-14 21:41:26 -07:00
Michael Schurter 4fc44c686c Node.GetNode ACL enforcement 2017-09-14 20:59:18 -07:00
Michael Schurter 21ee5f4720 Node.Evaluate ACL enforcement 2017-09-14 20:41:44 -07:00
Michael Schurter 0cfaaa0a4d Node.UpdateDrain ACL enforcement 2017-09-14 20:33:31 -07:00
Michael Schurter 41c05782b3 Add NodePolicy test helper 2017-09-14 20:33:12 -07:00
Michael Schurter aca3bebb0a Alloc.GetAlloc ACL enforcement 2017-09-14 17:44:57 -07:00
Michael Schurter f5faf97650 Alloc.List ACL enforcement 2017-09-14 17:43:17 -07:00
Michael Schurter 573a0df03d Watched -> TriggersRestart
Watched was a silly name
2017-09-14 16:48:39 -07:00
Michael Schurter d299d42089 Canonicalize and Merge CheckRestart in api 2017-09-14 16:48:39 -07:00
Michael Schurter ade29ecbed Improve check watcher logging and add tests
Also expose a mock Consul Agent to allow testing ServiceClient and
checkWatcher from TaskRunner without actually talking to a real Consul.
2017-09-14 16:47:41 -07:00
Michael Schurter a180c00fc3 on_warning=false -> ignore_warnings=false
Treat warnings as unhealthy by default
2017-09-14 16:46:54 -07:00
Michael Schurter 22690c5f4c Add check watcher for restarting unhealthy tasks 2017-09-14 16:46:54 -07:00
Michael Schurter b35d208428 Nest restart fields in CheckRestart 2017-09-14 16:46:54 -07:00
Michael Schurter bf34505509 Add restart fields 2017-09-14 16:46:54 -07:00
Chelsea Komlo 3b857c5e8f Merge pull request #3213 from hashicorp/f-acl-job-summary
Add job endpoint ACL
2017-09-14 18:21:19 -04:00
Alex Dadgar 3904bde9a3 Fix batch handling of complete allocs/node drains
This PR fixes:
* An issue in which a node-drain that contains a complete batch alloc
would cause a replacement
* An issue in which allocations with the same name during a scale
down/stop event wouldn't be properly stopped.
* An issue in which batch allocations from previous job versions may not
have been stopped properly.

Fixes https://github.com/hashicorp/nomad/issues/3210
2017-09-14 15:08:57 -07:00
Alex Dadgar 567eef50a8 Address feedback 2017-09-14 14:28:43 -07:00
Alex Dadgar 6911bd7676 Worker waits til max ModifyIndex across EvalsByJob
This PR fixes a scheduling race condition in which the plan results from
one invocation of the scheduler were not being considered by the next
since the Worker was not waiting for the correct index.

Fixes https://github.com/hashicorp/nomad/issues/3198
2017-09-14 14:28:43 -07:00
Chelsea Holland Komlo be7efd71d4 fixups from code review 2017-09-14 20:14:38 +00:00
Chelsea Holland Komlo 0d28c95b6b use separate response object 2017-09-14 19:17:05 +00:00
Chelsea Holland Komlo 79abb9810b update to use ACL test helpers 2017-09-14 19:08:25 +00:00
Chelsea Holland Komlo 3eff2a06c5 add job endpoint ACL 2017-09-14 18:17:35 +00:00
Alex Dadgar fa2dd57071 Merge pull request #3205 from hashicorp/f-deployment-acl
Deployment.GetDeployment ACL enforcement
2017-09-14 10:50:17 -07:00
Alex Dadgar 1e644393aa review feeback 2017-09-14 10:50:04 -07:00
Alex Dadgar 9b997d2670 fix multierror merge 2017-09-13 21:48:52 -07:00
Alex Dadgar 0de4df881f Merge pull request #3203 from hashicorp/b-search-hyphens
Fix UUID search with hyphens
2017-09-13 15:45:22 -07:00
Alex Dadgar 4b947222a8 Deployment.GetDeployment ACL enforcement 2017-09-13 11:44:23 -07:00
Alex Dadgar 54e04b5c0e Merge pull request #3201 from hashicorp/b-periodic-restore
Fix restoration of stopped periodic jobs
2017-09-13 11:42:29 -07:00
Alex Dadgar a2363e7583 sync acls 2017-09-13 11:38:29 -07:00
Alex Dadgar fb67f76b7b Fix UUID search with hyphens
This PR fixes:
* UUID lookup with hyphens and odd length. The math was wrong. There is
now a test that ranges over all possible values.
* Fixes an unreported issue that could be hit when a job has more than 4
hyphens in it as UUID lookup doesn't allow that.

Fixes https://github.com/hashicorp/nomad/issues/3141
2017-09-13 10:28:42 -07:00
Alex Dadgar e3dbcdcb44 Fix restoration of stopped periodic jobs
This PR fixes an issue in which we would add a stopped periodic job to
the periodic launcher.
2017-09-12 14:25:40 -07:00
Alex Dadgar 5aa8f1a82e pass in uid to codecgen 2017-09-11 15:40:27 -07:00
Armon Dadgar 3d5ecaafff Address @dadgar feedback 2017-09-11 10:30:59 -07:00
Armon Dadgar 20a8e590a0 nomad: support ACL bootstrap reset 2017-09-10 16:03:30 -07:00
Alex Dadgar d329fbe54d Fix search contexts 2017-09-07 17:13:18 -07:00
Alex Dadgar 84d06f6abe Sync namespace changes 2017-09-07 17:04:21 -07:00
Alex Dadgar abfc56a871 WatchCtx propogates context error 2017-09-06 17:37:40 -07:00
Armon Dadgar 1c7fb1bfbb Remove generated structs 2017-09-04 13:33:37 -07:00
Armon Dadgar 10500c39e5 nomad: fixing test 2017-09-04 13:21:01 -07:00
Armon Dadgar e74ea8a152 nomad: use hashes for efficient token/policy diffing 2017-09-04 13:09:34 -07:00
Armon Dadgar 97404e3f8c nomad: compute hash for ACL policies and tokens 2017-09-04 13:09:34 -07:00
Armon Dadgar 99c1001b2c nomad: avoid replication consistency issues by setting MinQueryIndex 2017-09-04 13:07:44 -07:00
Armon Dadgar b8bf35f087 ACL RPCs allow stale reads for scalability 2017-09-04 13:07:44 -07:00
Armon Dadgar ac6283c31f nomad: enforce ACLs on job submit 2017-09-04 13:05:53 -07:00
Armon Dadgar 6f5150a227 nomad: allow getting policies which are subset of token, fixes client resolution 2017-09-04 13:05:53 -07:00
Armon Dadgar 387a8a923b nomad: adding policy subset check 2017-09-04 13:05:53 -07:00
Armon Dadgar 18ddb910fa nomad: forward DeleteToken requests for global tokens 2017-09-04 13:05:53 -07:00
Armon Dadgar b807f5df6f nomad: forward UpsertToken requests for global tokens 2017-09-04 13:05:53 -07:00
Armon Dadgar 3e46094cee Passthrough replication token for token/policy replication 2017-09-04 13:05:53 -07:00
Armon Dadgar 855240b1b5 nomad: ACL endpoints enforce permissions 2017-09-04 13:05:53 -07:00
Armon Dadgar ddcc5f89bc Add ErrPermissionDenied, rename TokenNotFound 2017-09-04 13:05:53 -07:00
Armon Dadgar 304a02d93b nomad: Add SecretID to QueryOptions and WriteMeta 2017-09-04 13:05:53 -07:00
Armon Dadgar 4bda2fa9e9 nomad: ACL endpoints check support enabled and redirect to authority 2017-09-04 13:05:53 -07:00
Armon Dadgar e24a4abf2c nomad: adding ACL bootstrap endpoints 2017-09-04 13:05:53 -07:00
Armon Dadgar 1ace912341 nomad: adding bootstrapping checks 2017-09-04 13:05:53 -07:00
Armon Dadgar 06a7f12fad nomad: adding bootstrap state store method 2017-09-04 13:05:53 -07:00
Armon Dadgar 76a03f2d8e Address @dadgar feedback 2017-09-04 13:05:53 -07:00
Armon Dadgar e7586a80df nomad: Switch from SHA1 to Blake2 @chelseakomlo 2017-09-04 13:05:36 -07:00
Armon Dadgar fc23a4e7e5 structs: sort policies to avoid order dependence for caching 2017-09-04 13:05:36 -07:00
Armon Dadgar 459c2b6fa7 nomad: switch policy/token replication to use batch endpoints 2017-09-04 13:05:36 -07:00
Armon Dadgar edc38185cc noamd: Adding batch fetch endpoints for ACL tokens and policies 2017-09-04 13:05:36 -07:00
Armon Dadgar 6a9d4e2dc3 nomad: Adding token resolution endpoint 2017-09-04 13:05:36 -07:00
Armon Dadgar d9c56725d0 nomad: refactor to use CompileACLObject and handle anonymous token 2017-09-04 13:05:35 -07:00
Armon Dadgar 98e0f98f7e structs: Adding ACL compilation helper 2017-09-04 13:05:35 -07:00
Armon Dadgar 583e654246 structs: cache key helper for policy list 2017-09-04 13:05:35 -07:00
Armon Dadgar 3efdf1f7d9 Address @chelseakomlo comments 2017-09-04 13:04:45 -07:00
Armon Dadgar 99cea1ac23 Moving shared ACL objects 2017-09-04 13:04:45 -07:00
Armon Dadgar dc1904b57a nomad: adding ACL token resolution logic 2017-09-04 13:04:45 -07:00
Armon Dadgar 018973aea8 Address @dadgar feedback 2017-09-04 13:04:45 -07:00
Armon Dadgar 5a3a931ec5 nomad: adding global token replication 2017-09-04 13:04:45 -07:00
Armon Dadgar 583a11cebd nomad: Adding ability to filter list of tokens to global only 2017-09-04 13:04:45 -07:00
Armon Dadgar cb827b6696 nomad: adding policy replication support 2017-09-04 13:04:45 -07:00
Armon Dadgar 7d4aa1975f agent: thread through ACL config to Server 2017-09-04 13:04:45 -07:00
Armon Dadgar bc697dc50e Address @dadgar feedback 2017-09-04 13:04:45 -07:00
Armon Dadgar 30b607987e nomad: generate accessor/secret ID server side 2017-09-04 13:04:45 -07:00
Armon Dadgar bd2db18c80 agent: Adding HTTP endpoints for ACL tokens 2017-09-04 13:04:45 -07:00
Armon Dadgar f91d2608cb nomad: renambe PublicID to AccessorID for consistency 2017-09-04 13:04:45 -07:00
Armon Dadgar e5c69f162c nomad: implement ACL token endpoints 2017-09-04 13:04:45 -07:00
Armon Dadgar e9bad0bf37 nomad: Add ACL Token snapshot/restore to FSM 2017-09-04 13:04:45 -07:00
Armon Dadgar a17991e907 nomad: CRUD methods for ACLTokens 2017-09-04 13:04:45 -07:00
Armon Dadgar 8623bf9a5b nomad: adding ACLToken table 2017-09-04 13:04:45 -07:00
Armon Dadgar e9c583807a nomad: adding ACLToken struct 2017-09-04 13:04:45 -07:00
Armon Dadgar cde8e9301b nomad: fixing state store tests due to signature mismatch 2017-09-04 13:04:44 -07:00
Armon Dadgar 3702587667 nomad: Adding Validate for ACLPolicy 2017-09-04 13:04:44 -07:00
Armon Dadgar 11672e4e01 nomad: adding validation of policy name and rules 2017-09-04 13:03:15 -07:00
Armon Dadgar 18e6053b58 agent: Adding ACL Policy endpoints 2017-09-04 13:03:15 -07:00
Armon Dadgar d52e099fc2 Addressing @dadgar feedback 2017-09-04 13:03:15 -07:00
Armon Dadgar afdde24799 nomad: adding upsert policy endpoint 2017-09-04 13:03:15 -07:00
Armon Dadgar e3e243f433 nomad: implement policy delete endpoint 2017-09-04 13:03:15 -07:00
Armon Dadgar e4f5f305ea nomad: adding Get/List endpoints for ACL policies 2017-09-04 13:03:15 -07:00
Armon Dadgar 8a4dda8577 nomad: update method signature for tests 2017-09-04 13:03:15 -07:00
Armon Dadgar f147f25fe5 Addressing @dadgar review feedback 2017-09-04 13:03:15 -07:00
Armon Dadgar 351afa0069 nomad: Upsert and Delete ACL policies can take a list 2017-09-04 13:03:14 -07:00
Armon Dadgar 10b583ea38 nomad: adding FSM snapshot/restore of ACL policies 2017-09-04 13:03:14 -07:00
Armon Dadgar 4cb544e8f3 nomad: Adding CRUD to state store for ACL Policies 2017-09-04 13:03:14 -07:00
Armon Dadgar 85cad11885 nomad: adding policy table to state store 2017-09-04 13:03:14 -07:00
Alex Dadgar ad87c6fba5 Include google compare library 2017-09-01 16:42:09 -07:00
Alex Dadgar 26e66ed1c5 fix checking of context error 2017-09-01 09:53:09 -07:00