e9c17c56d1
Merge pull request #3353 from hashicorp/f-acl-prefix-search
...
Prefix Search ACL enforcement
2017-10-11 20:26:03 -07:00
d34c6e0135
fix test
2017-10-11 18:08:37 -07:00
2673481a48
Refactor permissions checks into funcs
...
funcs are in the _oss file to ease creating Enterprise versions which
support Quotas and Namespaces.
2017-10-11 18:05:27 -07:00
53f2ea88a5
Small fixes
...
This commit:
* Fixes the error checking in migration tests now that we are using the
canonical ErrPermissionDenied error
* Guard against NPE when looking up objects to generate the migration
token
* Handle an additional case in ShouldMigrate()
2017-10-11 17:13:50 -07:00
c67bfc2ee4
fixups from code review
...
change creation of a migrate token to be for a previous allocation
2017-10-11 17:13:50 -07:00
b018ca4d46
fixing up code review comments
2017-10-11 17:09:20 -07:00
410adaf726
Add functionality for authenticated volumes
2017-10-11 17:09:20 -07:00
36ad6bc6bf
add MigrateTokens to server response for allocs
2017-10-11 17:09:20 -07:00
be69374ecd
Prefix Search ACL enforcement
2017-10-11 17:00:12 -07:00
d82db5ab45
Merge pull request #3351 from hashicorp/f-acl-system
...
System ACL enforcement
2017-10-11 16:32:50 -07:00
51fe1d8f73
Merge pull request #3350 from hashicorp/f-acl-status-members
...
Status.Members ACL enforcement
2017-10-11 16:32:25 -07:00
8c1a97765e
Merge pull request #3339 from hashicorp/f-acl-force-periodic
...
Force Periodic ACL enforcement
2017-10-11 16:26:29 -07:00
0d27053aab
Operator ACL enforcement
2017-10-10 15:18:19 -07:00
0cf7a3950b
Force Periodic ACL enforcement
2017-10-10 15:16:41 -07:00
4e005d4753
System ACL enforcement
...
Enforce ACL for System.GarbageCollect and System.ReconcileJobSummaries
RPC endpoints.
2017-10-10 10:53:10 -07:00
de767ffa04
Status.Members ACL enforcement
...
Was incorrectly checked on the HTTP API before. Moved to RPC endpoint.
2017-10-10 10:36:54 -07:00
e50acae1a9
ForceLeave endpoint must use Server.ResolveToken
...
The ForceLeaveRequest endpoint may only be called on servers, but the
code was using a Client to resolve tokens. This would cause a panic when
an agent wasn't both a Server and a Client.
2017-10-09 15:49:04 -07:00
492c861419
/v1/client/agent/* ACL enforcement
2017-10-09 12:18:54 -07:00
57ff12432b
Move acl helpers from nomad/ into nomad/mock
...
They're useful in command/agent/ tests.
2017-10-06 14:50:06 -07:00
4acff9c2bd
Support AnonymousACLToken in GetPolicies
2017-10-06 14:35:14 -07:00
7c8a5228d4
Merge pull request #3290 from hashicorp/f-acl-job-dispatch
...
Add ACL for dispatch job
2017-10-06 13:33:21 -04:00
22169a7cd4
Eval.Allocations ACL enforcement
2017-10-03 14:57:47 -07:00
b3db8f41fd
Eval.List ACL enforcement
2017-10-03 14:57:47 -07:00
fae1be5ab2
Eval.GetEval ACL enforcement
2017-10-03 14:57:47 -07:00
bd6418aa27
Deployment.Allocations ACL enforcement
2017-10-02 15:23:29 -07:00
08c82eb00f
Deployment.List ACL enforcement
2017-10-02 15:13:56 -07:00
60a7dc3c83
Deployment.SetAllocHealth ACL enforcement
2017-10-02 15:02:18 -07:00
c9d2c62d0b
Deployment.Promote ACL enforcement
2017-10-02 14:31:58 -07:00
0409a54f19
Deployment.Pause ACL enforcement
2017-10-02 14:25:32 -07:00
b888e49df4
Deployment.Fail ACL enforcement
2017-10-02 14:23:33 -07:00
97e34725e1
Merge pull request #3278 from hashicorp/f-acl-job-getjob
...
Add ACL for GetJob
2017-09-29 17:44:31 -04:00
388cdaa2e8
Merge pull request #3272 from hashicorp/f-acl-job-stable
...
Add ACL endpoint for Job Stable
2017-09-29 17:44:09 -04:00
efcc61a253
Merge pull request #3302 from hashicorp/b-remove-structs-from-api
...
Remove `structs` import from `api`
2017-09-29 11:39:43 -07:00
f1a8676ee4
Merge pull request #3298 from hashicorp/b-fix-check-restart-plan
...
Diff CheckRestart objects
2017-09-29 11:39:14 -07:00
b772fb650e
Merge pull request #3293 from hashicorp/f-self-token
...
Allow querying self token
2017-09-29 10:54:37 -07:00
a66c53d45a
Remove `structs` import from `api`
...
Goes a step further and removes structs import from api's tests as well
by moving GenerateUUID to its own package.
2017-09-29 10:36:08 -07:00
0e0ea82916
Test Check.Header add/removes
2017-09-28 17:08:43 -07:00
fe491421a3
Fix empty map
2017-09-28 16:15:04 -07:00
f9b66cbb60
Diff CheckRestart objects
2017-09-28 14:06:18 -07:00
3a015016cc
Merge pull request #3294 from hashicorp/f-acl-job-deregister
...
Add ACL for job deregister
2017-09-28 10:57:51 -04:00
c54a4f7c91
Merge pull request #3291 from hashicorp/f-acl-get-job-versions
...
Add ACL for job endpoint GetJobVersions
2017-09-28 10:35:19 -04:00
c242ac1431
job dispatch should have dispatch policy
2017-09-28 14:28:28 +00:00
77ae328fbe
Merge pull request #3276 from hashicorp/f-acl-job-evaluate
...
Add read job permissions to evaluate endpoint
2017-09-27 18:01:15 -04:00
90adc4dbc9
add checks for error message
2017-09-27 21:35:03 +00:00
d3d1bc6498
Merge pull request #3279 from hashicorp/f-acl-job-allocations
...
Add ACL to job allocations endpoint
2017-09-27 16:57:04 -04:00
8f1c89c721
Merge pull request #3283 from hashicorp/f-acl-job-latest-deployment
...
Add ACL to latest job api
2017-09-27 16:54:44 -04:00
765b030bec
Fixes
2017-09-27 13:42:56 -07:00
14e6026938
Allow querying self token
...
This PR allows querying self ACL token when the SecretID is for the
AccessorID in question.
2017-09-27 13:00:58 -07:00
1bab53c9fd
acl for job deregister
2017-09-27 19:21:10 +00:00
b40de659a7
Merge pull request #3281 from hashicorp/f-acl-job-evaluations
...
Add ACL for Job Evaluations endpoint
2017-09-27 15:15:35 -04:00
36e3212012
add acl for job endpoint GetJobVersions
2017-09-27 17:29:08 +00:00
b2cb0129c8
Merge pull request #3282 from hashicorp/f-acl-job-deployments
...
Add ACL for job deployments endpoint
2017-09-27 12:42:25 -04:00
0db1367d43
add acl for dispatch job
2017-09-27 16:33:49 +00:00
c4ac20f852
fix up comment
2017-09-27 15:25:10 +00:00
d9701fed37
fixups from code review
2017-09-27 15:23:38 +00:00
0ba6a1df0d
fixups from code review
2017-09-27 15:20:18 +00:00
4b90de992e
fixups from code review
2017-09-27 15:07:45 +00:00
4173834231
Enable more linters
2017-09-26 15:26:33 -07:00
f4b7451c62
add acl to lastest job api
2017-09-26 20:53:43 +00:00
55c4ca187e
add acl for job deployments endpoint
2017-09-26 20:33:03 +00:00
a7b7b3f6c6
add acl for Job Evaluations endpoint
2017-09-26 20:12:37 +00:00
2fb7772c2c
add acl to job allocations endpoint
2017-09-26 18:01:23 +00:00
d3e8b4812b
better test assertions
2017-09-26 17:41:53 +00:00
f912619157
add ACL for GetJob endpoint
2017-09-26 17:38:03 +00:00
5f467a84d3
add read job permissions to evaluate endpoint
2017-09-26 16:05:17 +00:00
78f853e253
add ACL endpoint for Job Stable
2017-09-25 22:17:58 +00:00
014dc2d7de
Add ACL for Revert Job endpoint
2017-09-25 21:51:19 +00:00
ddc979f459
Merge pull request #3266 from hashicorp/f-acl-job-validate
...
Add ACL for job validate endpoint
2017-09-25 14:09:02 -04:00
73b7466a6e
Run deployment garbage collector on an interval
...
Fixes https://github.com/hashicorp/nomad/issues/3244
2017-09-25 11:04:40 -07:00
18f4aa6fb3
fix type
2017-09-25 17:41:17 +00:00
d9ac59f6b0
add acl for job validate endpoint
2017-09-25 17:34:02 +00:00
828c4abc44
Fix upgrading from 0.6.x to 0.7.0
2017-09-19 10:28:14 -05:00
e5ec915ac3
sync
2017-09-19 10:08:23 -05:00
f92ffe5af5
Merge pull request #3105 from hashicorp/f-876-restart-unhealthy
...
Restart unhealthy tasks
2017-09-17 19:38:32 -07:00
fdf6120987
add acl token as meta flag
...
add API test for job ACL
2017-09-15 23:33:43 +00:00
16ef183ddf
Merge pull request #3219 from hashicorp/f-acl-job-list
...
Add job list ACL
2017-09-15 19:32:34 -04:00
c98b79dcb4
Test CheckRestart.Validate
2017-09-15 15:12:47 -07:00
816e7e544e
Filter Node.GetAllocs results by readable namespaces
2017-09-15 14:27:11 -07:00
8727092e8e
add job list acl
2017-09-15 21:26:27 +00:00
1af9352403
Check for permission denied errors
2017-09-15 10:41:28 -07:00
01816af088
Node.List ACL enforcement
2017-09-14 22:01:18 -07:00
aca9e337aa
Node.GetAllocs ACL enforcement
2017-09-14 21:42:19 -07:00
369ab10405
Fix comments for Node ACL tests
2017-09-14 21:41:26 -07:00
4fc44c686c
Node.GetNode ACL enforcement
2017-09-14 20:59:18 -07:00
21ee5f4720
Node.Evaluate ACL enforcement
2017-09-14 20:41:44 -07:00
0cfaaa0a4d
Node.UpdateDrain ACL enforcement
2017-09-14 20:33:31 -07:00
41c05782b3
Add NodePolicy test helper
2017-09-14 20:33:12 -07:00
aca3bebb0a
Alloc.GetAlloc ACL enforcement
2017-09-14 17:44:57 -07:00
f5faf97650
Alloc.List ACL enforcement
2017-09-14 17:43:17 -07:00
573a0df03d
Watched -> TriggersRestart
...
Watched was a silly name
2017-09-14 16:48:39 -07:00
d299d42089
Canonicalize and Merge CheckRestart in api
2017-09-14 16:48:39 -07:00
ade29ecbed
Improve check watcher logging and add tests
...
Also expose a mock Consul Agent to allow testing ServiceClient and
checkWatcher from TaskRunner without actually talking to a real Consul.
2017-09-14 16:47:41 -07:00
a180c00fc3
on_warning=false -> ignore_warnings=false
...
Treat warnings as unhealthy by default
2017-09-14 16:46:54 -07:00
22690c5f4c
Add check watcher for restarting unhealthy tasks
2017-09-14 16:46:54 -07:00
b35d208428
Nest restart fields in CheckRestart
2017-09-14 16:46:54 -07:00
bf34505509
Add restart fields
2017-09-14 16:46:54 -07:00
3b857c5e8f
Merge pull request #3213 from hashicorp/f-acl-job-summary
...
Add job endpoint ACL
2017-09-14 18:21:19 -04:00
3904bde9a3
Fix batch handling of complete allocs/node drains
...
This PR fixes:
* An issue in which a node-drain that contains a complete batch alloc
would cause a replacement
* An issue in which allocations with the same name during a scale
down/stop event wouldn't be properly stopped.
* An issue in which batch allocations from previous job versions may not
have been stopped properly.
Fixes https://github.com/hashicorp/nomad/issues/3210
2017-09-14 15:08:57 -07:00
567eef50a8
Address feedback
2017-09-14 14:28:43 -07:00
6911bd7676
Worker waits til max ModifyIndex across EvalsByJob
...
This PR fixes a scheduling race condition in which the plan results from
one invocation of the scheduler were not being considered by the next
since the Worker was not waiting for the correct index.
Fixes https://github.com/hashicorp/nomad/issues/3198
2017-09-14 14:28:43 -07:00
be7efd71d4
fixups from code review
2017-09-14 20:14:38 +00:00
0d28c95b6b
use separate response object
2017-09-14 19:17:05 +00:00
79abb9810b
update to use ACL test helpers
2017-09-14 19:08:25 +00:00
3eff2a06c5
add job endpoint ACL
2017-09-14 18:17:35 +00:00
fa2dd57071
Merge pull request #3205 from hashicorp/f-deployment-acl
...
Deployment.GetDeployment ACL enforcement
2017-09-14 10:50:17 -07:00
1e644393aa
review feeback
2017-09-14 10:50:04 -07:00
9b997d2670
fix multierror merge
2017-09-13 21:48:52 -07:00
0de4df881f
Merge pull request #3203 from hashicorp/b-search-hyphens
...
Fix UUID search with hyphens
2017-09-13 15:45:22 -07:00
4b947222a8
Deployment.GetDeployment ACL enforcement
2017-09-13 11:44:23 -07:00
54e04b5c0e
Merge pull request #3201 from hashicorp/b-periodic-restore
...
Fix restoration of stopped periodic jobs
2017-09-13 11:42:29 -07:00
a2363e7583
sync acls
2017-09-13 11:38:29 -07:00
fb67f76b7b
Fix UUID search with hyphens
...
This PR fixes:
* UUID lookup with hyphens and odd length. The math was wrong. There is
now a test that ranges over all possible values.
* Fixes an unreported issue that could be hit when a job has more than 4
hyphens in it as UUID lookup doesn't allow that.
Fixes https://github.com/hashicorp/nomad/issues/3141
2017-09-13 10:28:42 -07:00
e3dbcdcb44
Fix restoration of stopped periodic jobs
...
This PR fixes an issue in which we would add a stopped periodic job to
the periodic launcher.
2017-09-12 14:25:40 -07:00
5aa8f1a82e
pass in uid to codecgen
2017-09-11 15:40:27 -07:00
3d5ecaafff
Address @dadgar feedback
2017-09-11 10:30:59 -07:00
20a8e590a0
nomad: support ACL bootstrap reset
2017-09-10 16:03:30 -07:00
d329fbe54d
Fix search contexts
2017-09-07 17:13:18 -07:00
84d06f6abe
Sync namespace changes
2017-09-07 17:04:21 -07:00
abfc56a871
WatchCtx propogates context error
2017-09-06 17:37:40 -07:00
1c7fb1bfbb
Remove generated structs
2017-09-04 13:33:37 -07:00
10500c39e5
nomad: fixing test
2017-09-04 13:21:01 -07:00
e74ea8a152
nomad: use hashes for efficient token/policy diffing
2017-09-04 13:09:34 -07:00
97404e3f8c
nomad: compute hash for ACL policies and tokens
2017-09-04 13:09:34 -07:00
99c1001b2c
nomad: avoid replication consistency issues by setting MinQueryIndex
2017-09-04 13:07:44 -07:00
b8bf35f087
ACL RPCs allow stale reads for scalability
2017-09-04 13:07:44 -07:00
ac6283c31f
nomad: enforce ACLs on job submit
2017-09-04 13:05:53 -07:00
6f5150a227
nomad: allow getting policies which are subset of token, fixes client resolution
2017-09-04 13:05:53 -07:00
387a8a923b
nomad: adding policy subset check
2017-09-04 13:05:53 -07:00
18ddb910fa
nomad: forward DeleteToken requests for global tokens
2017-09-04 13:05:53 -07:00
b807f5df6f
nomad: forward UpsertToken requests for global tokens
2017-09-04 13:05:53 -07:00
3e46094cee
Passthrough replication token for token/policy replication
2017-09-04 13:05:53 -07:00
855240b1b5
nomad: ACL endpoints enforce permissions
2017-09-04 13:05:53 -07:00
ddcc5f89bc
Add ErrPermissionDenied, rename TokenNotFound
2017-09-04 13:05:53 -07:00
304a02d93b
nomad: Add SecretID to QueryOptions and WriteMeta
2017-09-04 13:05:53 -07:00
4bda2fa9e9
nomad: ACL endpoints check support enabled and redirect to authority
2017-09-04 13:05:53 -07:00
e24a4abf2c
nomad: adding ACL bootstrap endpoints
2017-09-04 13:05:53 -07:00
1ace912341
nomad: adding bootstrapping checks
2017-09-04 13:05:53 -07:00
06a7f12fad
nomad: adding bootstrap state store method
2017-09-04 13:05:53 -07:00
76a03f2d8e
Address @dadgar feedback
2017-09-04 13:05:53 -07:00
e7586a80df
nomad: Switch from SHA1 to Blake2 @chelseakomlo
2017-09-04 13:05:36 -07:00
fc23a4e7e5
structs: sort policies to avoid order dependence for caching
2017-09-04 13:05:36 -07:00
459c2b6fa7
nomad: switch policy/token replication to use batch endpoints
2017-09-04 13:05:36 -07:00
edc38185cc
noamd: Adding batch fetch endpoints for ACL tokens and policies
2017-09-04 13:05:36 -07:00
6a9d4e2dc3
nomad: Adding token resolution endpoint
2017-09-04 13:05:36 -07:00
d9c56725d0
nomad: refactor to use CompileACLObject and handle anonymous token
2017-09-04 13:05:35 -07:00
98e0f98f7e
structs: Adding ACL compilation helper
2017-09-04 13:05:35 -07:00
583e654246
structs: cache key helper for policy list
2017-09-04 13:05:35 -07:00
3efdf1f7d9
Address @chelseakomlo comments
2017-09-04 13:04:45 -07:00
99cea1ac23
Moving shared ACL objects
2017-09-04 13:04:45 -07:00
dc1904b57a
nomad: adding ACL token resolution logic
2017-09-04 13:04:45 -07:00
Michael Schurter