Commit graph

26 commits

Author SHA1 Message Date
Michael Schurter 9f179e9fab Fix HTTP code for permission denied errors
Fixes #3697

The existing code and test case only covered the leader behavior. When
querying against non-leaders the error has an "rpc error: " prefix.

To provide consistency in HTTP error response I also strip the "rpc
error: " prefix for 403 responses as they offer no beneficial additional
information (and in theory disclose a tiny bit of data to unauthorized
users, but it would be a pretty weird bit of data to use in a malicious
way).
2018-01-09 15:25:53 -08:00
Chelsea Komlo 2dfda33703 Nomad agent reload TLS configuration on SIGHUP (#3479)
* Allow server TLS configuration to be reloaded via SIGHUP

* dynamic tls reloading for nomad agents

* code cleanup and refactoring

* ensure keyloader is initialized, add comments

* allow downgrading from TLS

* initalize keyloader if necessary

* integration test for tls reload

* fix up test to assert success on reloaded TLS configuration

* failure in loading a new TLS config should remain at current

Reload only the config if agent is already using TLS

* reload agent configuration before specific server/client

lock keyloader before loading/caching a new certificate

* introduce a get-or-set method for keyloader

* fixups from code review

* fix up linting errors

* fixups from code review

* add lock for config updates; improve copy of tls config

* GetCertificate only reloads certificates dynamically for the server

* config updates/copies should be on agent

* improve http integration test

* simplify agent reloading storing a local copy of config

* reuse the same keyloader when reloading

* Test that server and client get reloaded but keep keyloader

* Keyloader exposes GetClientCertificate as well for outgoing connections

* Fix spelling

* correct changelog style
2017-11-14 17:53:23 -08:00
Alex Dadgar dbc014b360 Standardize retrieving a free port into a helper package 2017-10-23 16:48:20 -07:00
Alex Dadgar d6b970eec9 Handle invalid token as well 2017-10-12 15:39:05 -07:00
Alex Dadgar 0b538ded83 403 instead of 500 for permission denied 2017-10-12 14:10:20 -07:00
Armon Dadgar 5c94e7e99f agent: thread through token for ACL endpoint tests 2017-09-04 13:05:53 -07:00
Armon Dadgar 4107335cb2 agent: Adding X-Nomad-Token header parsing 2017-09-04 13:05:53 -07:00
Armon Dadgar 4bda2fa9e9 nomad: ACL endpoints check support enabled and redirect to authority 2017-09-04 13:05:53 -07:00
Alex Dadgar 828b9bfae4 fix http test 2017-08-16 11:01:12 -07:00
Alex Dadgar 4e90d56098 More parallel 2017-07-20 09:36:34 -07:00
Alex Dadgar 9037693436 New test agent 2017-07-19 22:14:36 -07:00
Michael Schurter 749406e50b Remove extra Travis logging 2017-05-04 17:35:54 -07:00
Michael Schurter 24c8434368 Adding logging for Travis 2017-05-03 15:18:48 -07:00
Michael Schurter 4dc897a664 Don't reuse transport/client 2017-05-03 13:26:55 -07:00
Michael Schurter d42bad098a Extensively test verify_https_client behavior
verify_https_client support added in #2587
2017-05-02 16:48:16 -07:00
Adam Stankiewicz 4daf4cb8c9
Remove unnecessary parameter from NewHTTPServer 2017-04-10 16:24:49 +02:00
Alex Dadgar d82747bd33 Benchmark 2016-12-09 14:44:50 -08:00
Alex Dadgar 636f886e30 Use codegen for json marshalling: 20% faster, 12% less bytes allocated, 85% less allocations 2016-05-18 09:45:46 -07:00
Sean Chittenden 7b8a5dcc15
Fix the unit tests for TestPrettyPrintOff
A different failing test masked that this wasn't even being run.

Pointy Hat: sean- for testing first on Travis in a branch vs verifying locally
2016-05-11 15:48:43 -07:00
Sean Chittenden 693e1c6ea9
Fix unit tests for TestPrettyPrintBare 2016-05-11 15:20:57 -07:00
Sean Chittenden 36a50e0f15
Update tests for pretty printing that includes a newline.
Add a test verifying that pretty printing can be disabled, too.
2016-05-11 10:55:01 -07:00
Diptanu Choudhury b86e60b9de Allow users to configure arbitrary headers in config 2016-01-22 11:00:43 -08:00
Armon Dadgar 2ff133c0e6 nomad: rename region1 to global. Fixes #41 2015-09-13 18:18:40 -07:00
Armon Dadgar 327368d763 http/job: adding update endpoint 2015-09-05 19:08:47 -07:00
Armon Dadgar f858c31426 http: framework jobs endpoints 2015-09-05 18:00:30 -07:00
Armon Dadgar 4bf257e951 http: basic framework 2015-09-05 17:06:05 -07:00