Commit graph

4529 commits

Author SHA1 Message Date
hc-github-team-nomad-core 00cf4f973d
backport of commit b44cef0e66fa02f76f7fa69c045a54f371d2c908 (#18618)
Co-authored-by: James Rasell <jrasell@users.noreply.github.com>
2023-09-29 08:43:01 +01:00
Phil Renaud bfba4f5e13
[ui] ACL Roles in the UI, plus Role, Policy and Token management (#17770) (#18599)
* Rename pages to include roles

* Models and adapters

* [ui] Any policy checks in the UI now check for roles' policies as well as token policies (#18346)

* combinedPolicies as a concept

* Classic decorator on role adapter

* We added a new request for roles, so the test based on a specific order of requests got fickle fast

* Mirage roles cluster scaffolded

* Acceptance test for roles and policies on the login page

* Update mirage mock for nodes fetch to account for role policies / empty token.policies

* Roles-derived policies checks

* [ui] Access Control with Roles and Tokens (#18413)

* top level policies routes moved into access control

* A few more routes and name cleanup

* Delog and test fixes to account for new url prefix and document titles

* Overview page

* Tokens and Roles routes

* Tokens helios table

* Add a role

* Hacky role page and deletion

* New policy keyboard shortcut and roles breadcrumb nav

* If you leave New Role but havent made any changes, remove the newly-created record from store

* Roles index list and general role route crud

* Roles index actually links to roles now

* Helios button styles for new roles and policies

* Handle when you try to create a new role without having any policies

* Token editing generally

* Create Token functionality

* Cant delete self-token but management token editing and deleting is fine

* Upgrading helios caused codemirror to explode, shimmed

* Policies table fix

* without bang-element condition, modifier would refire over and over

* Token TTL or Time setting

* time will take you on

* Mirage hooks for create and list roles

* Ensure policy names only use allow characters in mirage mocks

* Mirage mocked roles and policies in the default cluster

* log and lintfix

* chromedriver to 2.1.2

* unused unit tests removed

* Nice profile dropdown

* With the HDS accordion, rename our internal component scss ref

* design revisions after discussion

* Tooltip on deleted-policy tokens

* Two-step button peripheral isDeleting gcode removed

* Never to null on token save

* copywrite headers added and empty routefiles removed

* acceptance test fixes for policies endpoint

* Route for updating a token

* Policies testfixes

* Ember on-click-outside modifier upgraded with general ember-modifier upgrade

* Test adjustments to account for new profile header dropdown

* Test adjustments for tokens via policy pages

* Removed an unused route

* Access Control index page tests

* a11y tests

* Tokens index acceptance tests generally

* Lintfix

* Token edit page tests

* Token editing tests

* New token expiration tests

* Roles Index tests

* Role editing policies tests

* A complete set of Access Control Roles tests

* Policies test

* Be more specific about which row to check for expiration time

* Nil check on expirationTime equality

* Management tokens shouldnt show No Roles/Policies, give them their own designation

* Route guard on selftoken, conditional columns, and afterModel at parent to prevent orphaned policies on tokens/roles from stopping a new save

* Policy unloading on delete and other todos plus autofocus conditionally re-enabled

* Invalid policies non-links now a concept for Roles index

* HDS style links to make job.variables.alert links look like links again

* Mirage finding looks weird so making model async in hash even though redundant

* Drop rsvp

* RSVP wasnt the problem, cached lookups were

* remove old todo comments

* de-log
2023-09-27 17:02:48 -04:00
hc-github-team-nomad-core 84b6321235
backport of commit 20f6ec75ef06a8d9edb078849545346e942b9e69 (#18581)
Co-authored-by: Jose Merchan <jose.maria.merchan@gmail.com>
2023-09-26 10:28:19 +01:00
hc-github-team-nomad-core 27f53350ff
backport of commit f37f84182db6ef657e64775fdc992721706bac88 (#18518)
Co-authored-by: Shantanu Gadgil <shantanugadgil@users.noreply.github.com>
2023-09-15 10:21:19 -04:00
hc-github-team-nomad-core c7b1966565
backport of commit 1339599185af9dbfcca6f0aa1001c6753b8c682b (#18517)
Co-authored-by: Gerard Nguyen <nguyenvanthao1991@gmail.com>
2023-09-15 09:16:38 -04:00
hc-github-team-nomad-core 1425eecbbe
backport of commit d2dd64f2c488cea92c14731091f6f668a9e7b969 (#18515)
Co-authored-by: Shantanu Gadgil <shantanugadgil@users.noreply.github.com>
2023-09-15 09:35:57 +01:00
hc-github-team-nomad-core 5edf9f7c8f
backport of commit 0329393a28a94c70e5470a9d43b8e2d43caf0759 (#18501)
Co-authored-by: wrli20 <41421510+wrli20@users.noreply.github.com>
2023-09-14 09:25:34 -04:00
hc-github-team-nomad-core 9a188167cb
backport of commit 4b6cc14216adda35d38c8a2d7f050de9e05114e0 (#18482)
Co-authored-by: Joshua Timmons <joshua.timmons1@gmail.com>
2023-09-13 10:23:00 -04:00
hc-github-team-nomad-core 171d14707b
backport of commit 46e72aa8d5fa11f3854724a5c1e8061d52b180de (#18478)
Co-authored-by: wrli20 <41421510+wrli20@users.noreply.github.com>
2023-09-13 14:02:00 +01:00
hc-github-team-nomad-core 2ef7a280b0
backport of commit d923fc554d09ceb51b530467a354860b25114fd3 (#18450)
Co-authored-by: James Rasell <jrasell@users.noreply.github.com>
2023-09-11 16:21:44 +01:00
hc-github-team-nomad-core 460b2a3bae
backport of commit 4f3a2e1a7d7a88390dd53fcbf5d90646075853c5 (#18418)
Co-authored-by: James Rasell <jrasell@users.noreply.github.com>
2023-09-07 09:43:09 +01:00
hc-github-team-nomad-core 428711a903
backport of commit 82cbbacf69c05e465797a9ac99a46f1f76a28f66 (#18403)
Co-authored-by: Dao Thanh Tung <ttdao.2015@accountancy.smu.edu.sg>
2023-09-06 11:34:05 +01:00
hc-github-team-nomad-core b67acf823b
backport of commit 652532b8caae1d7e1e63ceb0b8407b2b54cb4cff (#18398)
Co-authored-by: James Rasell <jrasell@users.noreply.github.com>
2023-09-06 09:36:17 +01:00
hc-github-team-nomad-core dec824e797
backport of commit a03aa0cebb9e2d74b91d94aebc903a9af946e8f7 (#18391)
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-09-05 13:54:31 +01:00
hc-github-team-nomad-core 4e8088dfa8
backport of commit e69e3c66776519bc5f551e18ca41ec305dc9e704 (#18310)
Co-authored-by: Luiz Aoqui <luiz@hashicorp.com>
2023-08-23 16:01:29 -04:00
hc-github-team-nomad-core e035c3d9c0
backport of commit 6c43080b55f5afa18d114a354c4aa808b010c161 (#18304)
Co-authored-by: Luiz Aoqui <luiz@hashicorp.com>
2023-08-23 11:50:29 -04:00
Iwan Aucamp debb009cb8
docs: fix a sentence in vault-integration.mdx (#18296) 2023-08-23 11:44:15 +01:00
hc-github-team-nomad-core e4c7388608
backport of commit 3e61b3a37df9ff0836b52ba5440106ad0f607dd7 (#18294)
Co-authored-by: Андрей Неустроев <99169437+aneustroev@users.noreply.github.com>
2023-08-22 16:01:24 -04:00
hc-github-team-nomad-core 3ec251d29c
backport of commit 7548eecbaae6824e1051cf511dd004f99a6a93c0 (#18291)
Co-authored-by: Luiz Aoqui <luiz@hashicorp.com>
2023-08-22 15:13:04 -04:00
hc-github-team-nomad-core 27a14e4da1
backport of commit 1e9ccc3ed89adcdfaf4282d432782c03e0e5c615 (#18261)
Co-authored-by: János Szathmáry <29057504+janory@users.noreply.github.com>
2023-08-18 17:44:54 -04:00
hc-github-team-nomad-core d5e3b7c262
backport of commit 6eec37f0717cf62b4fc36ec89e53a7f348f2bddc (#18231)
This pull request was automerged via backport-assistant
2023-08-16 17:13:01 -05:00
hc-github-team-nomad-core 50e0282aca
backport of commit 8a8c4cd45cb471e5a4ce1b301b55571a8594d994 (#18227)
This pull request was automerged via backport-assistant
2023-08-16 16:25:12 -05:00
hc-github-team-nomad-core dafef5b777
Backport of docs: expand documentation on node pools into release/1.6.x (#18222)
This pull request was automerged via backport-assistant
2023-08-16 10:22:41 -05:00
Shantanu Gadgil 04a3628cc4 docs: ampersand and bash backgrounding problem (#18175)
the `&` symbol messes up the command when copy pasting into a shell
2023-08-14 15:13:19 -04:00
Esteban Barrios 9f19d7c373 config: add configurable content security policy (#18085) 2023-08-14 14:25:21 -04:00
hc-github-team-nomad-core 8bf5067f86
backport of commit 7bfd268c8ca9caa1c07a2ad4cf197f8b3f97dca1 (#18177)
This pull request was automerged via backport-assistant
2023-08-08 07:34:11 -05:00
hc-github-team-nomad-core f812bccb4e
Backport of Tuning job versions retention. #17635 into release/1.6.x (#18169)
This pull request was automerged via backport-assistant
2023-08-07 13:48:09 -05:00
hc-github-team-nomad-core e959895ee7
backport of commit 53c53f1a47e872f7c25673a40c76818dcf9ef0c7 (#18145)
This pull request was automerged via backport-assistant
2023-08-03 15:06:24 -05:00
Karuppiah Natarajan fe4dd2f5bd docs: fix link for stopping an agent (#18130) 2023-08-02 11:52:02 -04:00
Tim Gross 9fe88ebefe cli: support wildcard namespace in alloc subcommands (#18095)
The alloc exec and filesystem/logs commands allow passing the `-job` flag to
select a random allocation. If the namespace for the command is set to `*`, the
RPC handler doesn't handle this correctly as it's expecting to query for a
specific job. Most commands handle this ambiguity by first verifying that only a
single object of the type in question exists (ex. a single node or job).

Update these commands so that when the `-job` flag is set we first verify
there's a single job that matches. This also allows us to extend the
functionality to allow for the `-job` flag to support prefix matching.

Fixes: #12097
2023-07-31 13:15:49 -04:00
Gunnar 7fb7f77b45 docs: added accessor info to Tuples in template.mdx (#18101) 2023-07-31 11:08:09 -04:00
hc-github-team-nomad-core 2ed92e0c6c
Backport of feature: Add new field render_templates on restart block into release/1.6.x (#18094)
This pull request was automerged via backport-assistant
2023-07-28 13:54:00 -05:00
hc-github-team-nomad-core 34ac0e5aad
cli: add help message for -consul-namespace (#18081) (#18091)
Add missing help entry for the `-consul-namespace` flag in `nomad job
run`.
2023-07-28 10:34:44 -04:00
hc-github-team-nomad-core 77d1f188c6
backport of commit 1e73a8a6991214fb57afa37de425dd7b0e765623 (#18089)
This pull request was automerged via backport-assistant
2023-07-28 02:49:50 -05:00
hc-github-team-nomad-core 04a95ef5c7
backport of commit 6219ebc93dbf575015fa2921eee13daaff2b1d5e (#18049)
This pull request was automerged via backport-assistant
2023-07-24 10:33:18 -05:00
hc-github-team-nomad-core b1bfb59394
Backport of metrics: report task memory_max value into release/1.6.x (#18004)
This pull request was automerged via backport-assistant
2023-07-19 15:50:34 -05:00
hc-github-team-nomad-core 3011314f23
Backport of volume-status : show namespace the volume belongs to into release/1.6.x (#17997)
This pull request was automerged via backport-assistant
2023-07-19 15:37:18 -05:00
hc-github-team-nomad-core 872db79967
Backport of updating to specify mTLS rpc endpoints into release/1.6.x (#17990)
This pull request was automerged via backport-assistant
2023-07-19 13:17:10 -05:00
Luiz Aoqui ac90c6f008 acl: fix parsing of policies with blocks w/o label
An ACL policy with a block without label generates unexpected results.
For example, a policy such as this:

```
namespace {
  policy = "read"
}
```

Is applied to a namespace called `policy` instead of the documented
behaviour of applying it to the `default` namespace.

This happens because of the way HCL1 decodes blocks. Since it doesn't
know if a block is expected to have a label it applies the `key` tag to
the content of the block and, in the example above, the first key is
`policy`, so it sets that as the `namespace` block label.

Since this happens internally in the HCL decoder it's not possible to
detect the problem externally.

Fixing the problem inside the decoder is challenging because the JSON
and HCL parsers generate different ASTs that makes impossible to
differentiate between a JSON tree from an invalid HCL tree within the
decoder.

The fix in this commit consists of manually parsing the policy after
decoding to clear labels that were not set in the file. This allows the
validation rules to consistently catch and return any errors, no matter
if the policy is an invalid HCL or JSON.
2023-07-18 12:09:37 -04:00
hc-github-team-nomad-core c9ef870f96
backport of commit a9eecb457cef34ee856681a51af94fe0f6db4b21 (#17947)
This pull request was automerged via backport-assistant
2023-07-14 04:23:26 -05:00
hc-github-team-nomad-core 2f7892667f
backport of commit b75f9bd459700112cb31a329dc54ddeba46d749e (#17942)
This pull request was automerged via backport-assistant
2023-07-13 17:26:01 -05:00
hc-github-team-nomad-core 90a4579208
backport of commit 25a062650f38b682733fe51d886188a8d0504844 (#17922)
This pull request was automerged via backport-assistant
2023-07-12 10:17:45 -05:00
hc-github-team-nomad-core 9e31dec7ca
Backport of docs: add plugin docs for pledge task driver into release/1.6.x (#17919)
This pull request was automerged via backport-assistant
2023-07-12 10:16:57 -05:00
hc-github-team-nomad-core 51eb8284c7
backport of commit 3d5bce76d00dff29c42c37bb20e38e4bf1d2187d (#17904)
This pull request was automerged via backport-assistant
2023-07-11 12:53:51 -05:00
hc-github-team-nomad-core 0951fe1c50
backport of commit 0a5e90120b18ff450457463d6bcee68ec6804bb0 (#17900)
This pull request was automerged via backport-assistant
2023-07-11 10:00:05 -05:00
Kévin Dunglas 9f0f897077
docs: fix typo in regex_replace.mdx (#17891) 2023-07-11 14:03:40 +01:00
Lance Haig 0455389534
Add the ability to customise the details of the CA (#17309)
Co-authored-by: James Rasell <jrasell@users.noreply.github.com>
2023-07-11 08:53:09 +01:00
Michael Schurter 278fd44a8b
docs: v1.6.0 requires ipc_lock cap for mlock (#17881)
Fixes #17780
2023-07-10 11:53:07 -07:00
James Rasell 3bfec68556
docs: detail Consul ACL token env var config option. (#17859) 2023-07-10 14:26:18 +01:00
Seth Hoenig edd0a405d7
website: use full registry name so it works with podman again (#17809) 2023-07-06 13:22:12 -05:00