Commit graph

86 commits

Author SHA1 Message Date
Michael Schurter 93cea382dd Remove support for pre-0.5 nodes
Nodes before 0.5 did not have a SecretID. Since SecretID is now a
required field and 0.4.x is >2 point releases ago, drop support for it.
2017-10-13 11:28:47 -07:00
Michael Schurter 15b991e039 base64 migrate token
HTTP header values must be ASCII.

Also constant time compare tokens and test the generate and compare
helper functions.
2017-10-13 10:59:13 -07:00
Michael Schurter 021b4c1ae9 Fix AuthToken use on Node.GetAllocs 2017-10-12 17:12:41 -07:00
Michael Schurter ab7b6d1315 Allow Node.SecretID for GetNode and GetAlloc 2017-10-12 16:27:33 -07:00
Michael Schurter 84d8a51be1 SecretID -> AuthToken 2017-10-12 15:16:33 -07:00
Alex Dadgar 53f2ea88a5 Small fixes
This commit:

* Fixes the error checking in migration tests now that we are using the
canonical ErrPermissionDenied error
* Guard against NPE when looking up objects to generate the migration
token
* Handle an additional case in ShouldMigrate()
2017-10-11 17:13:50 -07:00
Chelsea Holland Komlo c67bfc2ee4 fixups from code review
change creation of a migrate token to be for a previous allocation
2017-10-11 17:13:50 -07:00
Chelsea Holland Komlo 410adaf726 Add functionality for authenticated volumes 2017-10-11 17:09:20 -07:00
Chelsea Holland Komlo 36ad6bc6bf add MigrateTokens to server response for allocs 2017-10-11 17:09:20 -07:00
Michael Schurter e50acae1a9 ForceLeave endpoint must use Server.ResolveToken
The ForceLeaveRequest endpoint may only be called on servers, but the
code was using a Client to resolve tokens. This would cause a panic when
an agent wasn't both a Server and a Client.
2017-10-09 15:49:04 -07:00
Michael Schurter a66c53d45a Remove structs import from api
Goes a step further and removes structs import from api's tests as well
by moving GenerateUUID to its own package.
2017-09-29 10:36:08 -07:00
Michael Schurter 816e7e544e Filter Node.GetAllocs results by readable namespaces 2017-09-15 14:27:11 -07:00
Michael Schurter 01816af088 Node.List ACL enforcement 2017-09-14 22:01:18 -07:00
Michael Schurter aca9e337aa Node.GetAllocs ACL enforcement 2017-09-14 21:42:19 -07:00
Michael Schurter 4fc44c686c Node.GetNode ACL enforcement 2017-09-14 20:59:18 -07:00
Michael Schurter 21ee5f4720 Node.Evaluate ACL enforcement 2017-09-14 20:41:44 -07:00
Michael Schurter 0cfaaa0a4d Node.UpdateDrain ACL enforcement 2017-09-14 20:33:31 -07:00
Alex Dadgar 84d06f6abe Sync namespace changes 2017-09-07 17:04:21 -07:00
Luke Farnell f0ced87b95 fixed all spelling mistakes for goreport 2017-08-07 17:13:05 -04:00
Alex Dadgar 54a4d01bf6 Fix error checking 2017-03-29 13:59:43 -07:00
Michael Schurter 507862ade3 Add WrapRecoverable helper 2017-03-27 15:37:15 -07:00
Michael Schurter 0e6c564406 Improve artifact download error message
Fixes #2289

Unfortunately took more RecoverableError hijinx than I would have liked.
There might be a better way.
2017-03-24 15:26:05 -07:00
Alex Dadgar c1d4927088 Debug lines 2017-03-06 10:25:26 -08:00
Alex Dadgar 743cf410ef Include alloc on server side err/logs 2017-02-14 16:26:49 -08:00
Alex Dadgar dea460281d Merge pull request #2282 from hashicorp/f-raft-v2-stage-one
Update to Raft V2 stage one
2017-02-08 15:26:16 -08:00
Alex Dadgar b51ba01d54 Merge pull request #2293 from hashicorp/f-vendor-memdb
Vendor MemDB
2017-02-08 14:51:01 -08:00
Alex Dadgar b69b357c7f Nomad builds 2017-02-07 20:31:23 -08:00
Alex Dadgar 6f9866ca69 Fix forwarded recoverable error 2017-02-05 13:14:24 -08:00
Alex Dadgar ee368762ae It builds 2017-02-02 16:07:15 -08:00
Brad Sickles c67f10166d fmt 2017-02-01 16:37:19 -05:00
Brad Sickles da12d8811a Third time is a charm. 2017-02-01 16:18:12 -05:00
Brad Sickles 5a8f2d3f60 Properly dealing with non-nil errors. 2017-02-01 16:07:19 -05:00
Brad Sickles 429fdb3ce7 Preventing panics of RecoverableError casts 2017-02-01 14:38:59 -05:00
Michael Schurter a3a3656dbb Switch to use recoverable errors from Cleanup
TaskRunner handles retrying but Cleanup handles all of CreatedResources.
2017-01-13 16:46:08 -08:00
Alex Dadgar fde7a24865 Consul-template fixes + PreviousAlloc in api 2016-10-28 15:50:35 -07:00
Alex Dadgar 03fde26656 Fix inplace update for pre secret node 2016-10-26 22:05:44 -07:00
Alex Dadgar fc8856e82b Remove default 2016-10-24 15:01:08 -07:00
Alex Dadgar 0070178741 Thread through whether DeriveToken error is recoverable or not 2016-10-22 18:08:30 -07:00
Alex Dadgar 6047414fb9 address comments 2016-08-31 14:10:33 -07:00
Alex Dadgar 48696ba0cc Use tomb to shutdown
Token revocation

Remove from the statestore

Revoke tokens

Don't error when Vault is disabled as this could cause issue if the operator ever goes from enabled to disabled

update server interface to allow enable/disable and config loading

test the new functions

Leader revoke

Use active
2016-08-28 14:06:25 -07:00
Alex Dadgar db2806a9c1 Merge pull request #1629 from hashicorp/f-derive-token
Server Deriving Tokens on behalf of Clients
2016-08-23 13:58:47 -07:00
Alex Dadgar 19be6b57b2 fixes 2016-08-19 20:02:32 -07:00
Alex Dadgar 7f18074637 remove debug 2016-08-19 17:30:16 -07:00
Alex Dadgar 909f552d9e tests 2016-08-19 16:40:37 -07:00
Alex Dadgar 10cd844ca8 Commit Vault Accessors to vault and return the response 2016-08-19 16:40:37 -07:00
Alex Dadgar 19752edfaf Pipeline Vault token creation 2016-08-19 16:40:37 -07:00
Alex Dadgar 94b870a58b Start 2016-08-19 16:40:37 -07:00
Alex Dadgar 16285a0dc6 Enforce serverside secret id match 2016-08-19 10:50:49 -07:00
Alex Dadgar 895c31f605 Nodes generate Secret ID and used for retrieving allocations and registering 2016-08-17 16:31:47 -07:00
Alex Dadgar ebac5cb283 Node.Register handles the case of transistioning to ready and creating evals 2016-07-21 15:22:02 -07:00