Commit graph

15828 commits

Author SHA1 Message Date
Nick Ethier 965f00b2fc
Builtin Admission Controller Framework (#6116)
* nomad: add admission controller framework

* nomad: add admission controller framework and Consul Connect hooks

* run admission controllers before checking permissions

* client: add default node meta for connect configurables

* nomad: remove validateJob func since it has been moved to admission controller

* nomad: use new TaskKind type

* client: use consts for connect sidecar image and log level

* Apply suggestions from code review

Co-Authored-By: Michael Schurter <mschurter@hashicorp.com>

* nomad: add job register test with connect sidecar

* Update nomad/job_endpoint_hooks.go

Co-Authored-By: Michael Schurter <mschurter@hashicorp.com>
2019-08-15 11:22:37 -04:00
Tim Gross 6aa84df54d changelog: -dev=connect feature 2019-08-15 08:57:27 -04:00
Michael Lange 836e7426b8 Encode characters in file paths to ensure proper URIs 2019-08-14 12:54:11 -07:00
Tim Gross 2a592a2e0c
agent: add optional param to -dev flag for connect (#6126)
Consul Connect must route traffic between network namespaces through a
public interface (i.e. not localhost). In order to support testing in
dev mode, users needed to manually set the interface which doesn't
make for a smooth experience.

This commit adds a facility for adding optional parameters to the
`nomad agent -dev` flag and uses it to add a `-dev=connect` flag that
binds to a public interface on the host.
2019-08-14 15:29:37 -04:00
Tim Gross 2e1d6d2167 ci: add GOMAXPROCS=1 to lint step to avoid OOM 2019-08-14 14:10:23 -04:00
Tim Gross 13376cff9c move nomad init outputs to go-bindata assets 2019-08-14 14:10:23 -04:00
Lucas BEE 406642f34a Fix missing plugin driver capabilities (#6128)
NetIsolationModes and MustInitiateNetwork were left out of the
driver Capabilities when using an external task driver plugin

Signed-off-by: Lucas BEE <pouulet@gmail.com>
2019-08-14 09:10:10 -04:00
Preetha 8c6312d973
Merge pull request #6097 from hashicorp/f-kind-validate
Add validation for kind field if it is a consul connect proxy
2019-08-13 11:05:30 -05:00
Mahmood Ali b53c48fcaf
Merge pull request #6123 from hashicorp/r-makefile-tweaks-20190513
Ease user customizations of Makefile
2019-08-13 10:30:10 -04:00
Mahmood Ali 422e7bd5a6 Allow per-user local customizations of makefile
Allow users to customize their makefiles by adding custom
targets/variables without checking them in.
2019-08-13 10:12:57 -04:00
Mahmood Ali c6f5fd3baa Honor GO_TAGS env-var
Allow honoring `GO_TAGS` environment variable if set.  Currently, users
must set variable as a makefile argument e.g. `make GO_TAGS=ui dev`, and
this allows us to use env-var syntax (e.g. `GO_TAGS=ui make dev`) and
make it convenient to set GO_TAGS globally.
2019-08-13 10:04:45 -04:00
Mahmood Ali a0c9a15919
Merge pull request #6122 from hashicorp/b-circleci-trs
circleci: fix test reports and some refactoring
2019-08-13 09:53:20 -04:00
Mahmood Ali 62d3eb235c parameterize golang version 2019-08-13 09:26:44 -04:00
Buck Doyle 7a29fdfaf7
website: Add TOC links in page body (#6113)
This adds the “Jump to section” feature from Terraform’s documentation.
2019-08-13 08:19:01 -05:00
Mahmood Ali d8ce90dde6 circleci: fix test reports and some refactoring 2019-08-12 20:30:20 -04:00
Preetha Appan 72e45dd01e
More code review feedback 2019-08-12 17:41:40 -05:00
Preetha 76c8a11b31
Apply suggestions from code review
Co-Authored-By: Michael Schurter <mschurter@hashicorp.com>
2019-08-12 17:03:30 -05:00
Tim Gross 03433f35d4 client/template: configuration for function blacklist and sandboxing
When rendering a task template, the `plugin` function is no longer
permitted by default and will raise an error. An operator can opt-in
to permitting this function with the new `template.function_blacklist`
field in the client configuration.

When rendering a task template, path parameters for the `file`
function will be treated as relative to the task directory by
default. Relative paths or symlinks that point outside the task
directory will raise an error. An operator can opt-out of this
protection with the new `template.disable_file_sandbox` field in the
client configuration.
2019-08-12 16:34:48 -04:00
Tim Gross bf8b27c4c7 update consul-template to latest version
pulls in configuration option for blacklisting template functions from:
https://github.com/hashicorp/consul-template/pull/1243
https://github.com/hashicorp/consul-template/pull/1246

pulls in configuration option for file sandboxing from:
https://github.com/hashicorp/consul-template/pull/1249
https://github.com/hashicorp/consul-template/pull/1254

pulls in vault KVv2 read fixes from:
https://github.com/hashicorp/consul-template/pull/1253
2019-08-12 16:34:48 -04:00
Preetha Appan 219dc05541
Fix type for kind 2019-08-12 14:39:50 -05:00
Preetha Appan 35506c516d
Improve validation logic and add table driven tests 2019-08-12 14:39:50 -05:00
Preetha Appan d324a9864e
Add validation for kind field if it is a consul connect proxy 2019-08-12 14:39:50 -05:00
Danielle d94244716c
Merge pull request #5681 from hashicorp/dani/circleci
Add CircleCI Configuration
2019-08-12 20:35:13 +02:00
Danielle Lancashire 80b8913745
api requires mount 2019-08-12 18:48:25 +02:00
Danielle Lancashire a5bac88aff
Add maketask for manual image builds 2019-08-12 18:42:12 +02:00
Danielle Lancashire f64b26fc3b
fix paths 2019-08-12 18:41:37 +02:00
Danielle Lancashire 083e9b1276
update docker file and switch to go 1.12.7 2019-08-12 18:41:37 +02:00
Danielle Lancashire c87ef42a3e
ci: Generate structs when testing 2019-08-12 18:41:37 +02:00
Danielle Lancashire e209bc3ac3
Use script to install protoc 2019-08-12 18:41:36 +02:00
Danielle Lancashire 892c322299
DRY up config 2019-08-12 18:41:36 +02:00
Danielle Lancashire f90c9f5214
makefile: Recover verbose handling 2019-08-12 18:41:36 +02:00
Danielle Lancashire c4bd6b45f3
Don't log env 2019-08-12 18:41:36 +02:00
Danielle Lancashire 27e72bbadd
Test Rocket 2019-08-12 18:41:36 +02:00
Danielle Tomlinson 886486e694
ci: Migrate to CircleCI
This commit provides an initial migration of general testing CI
infrastructure to CircleCI.

It uses CircleCI 2.1 paramereterised jobs to provide two base
configurations: a vm based `test-machine`, and docker based
`test-container`.

Jobs that require root, docker, or other similar features require the
machine based jobs, but others should be ran using the `test-container` package
as they are both cheaper and faster to run.
2019-08-12 18:41:36 +02:00
Mahmood Ali 20c44b4214
Merge pull request #6068 from hashicorp/r-always-honor-gotags
make: always honor GO_TAGS in dev
2019-08-12 11:22:48 -04:00
Tim Gross 58c395aa9c
tests: partial revert of splitting-out command pkg tests (#6101)
GOTEST_PKG_EXCLUDE overrides GOTEST_PKG entirely, so having both in
the same test run isn't supported and results in a whole lot of extra
tests being run.
2019-08-12 11:03:04 -04:00
Danielle 1fd9ef61f0
Merge pull request #6100 from hashicorp/f-host-volumes
Host Volumes Support: Rollup Edition
2019-08-12 16:58:37 +02:00
Danielle Lancashire 7e6c8e5ac1
Copy documentation to api/tasks 2019-08-12 16:22:27 +02:00
Danielle Lancashire dec1a58b47
fixup rebase 2019-08-12 15:41:14 +02:00
Danielle Lancashire b38c1d810e
job_endpoint: Validate volume permissions 2019-08-12 15:39:09 +02:00
Danielle Lancashire 5f734652f2
acl: Add HostVolume ACLs
This adds an initial implementation of ACLs for HostVolumes.

Because HostVolumes are a cluster-wide resource, they cannot be tied to
a namespace, thus here we allow similar wildcard definitions based on
their names, tied to a set of capabilities.

Initially, the only available capabilities are deny, or mount. These
may be extended in the future to allow read-fs, mount-readonly and
similar capabilities.
2019-08-12 15:39:09 +02:00
Danielle Lancashire 7208a7ab88
command: Cleanup node-status 2019-08-12 15:39:09 +02:00
Danielle Lancashire 333fdd723b
cli: Display host volume info in nomad node status 2019-08-12 15:39:09 +02:00
Danielle Lancashire 6caac09743
api: Add HostVolumeInfo to response parsing 2019-08-12 15:39:09 +02:00
Danielle Lancashire 33db40d4e6
structs: Document VolumeMount 2019-08-12 15:39:08 +02:00
Danielle Lancashire 861caa9564
HostVolumeConfig: Source -> Path 2019-08-12 15:39:08 +02:00
Danielle Lancashire e132a30899
structs: Unify Volume and VolumeRequest 2019-08-12 15:39:08 +02:00
Danielle fc53283489
Update scheduler/feasible.go
Co-Authored-By: Mahmood Ali <mahmood@hashicorp.com>
2019-08-12 15:39:08 +02:00
Danielle Lancashire 6ef8d5233e
client: Add volume_hook for mounting volumes 2019-08-12 15:39:08 +02:00
Danielle Lancashire 073836ec67
scheduler: Add a feasability checker for Host Vols 2019-08-12 15:39:08 +02:00