Commit graph

9357 commits

Author SHA1 Message Date
Michael Schurter dfd2967cdb Merge pull request #3376 from hashicorp/f-node-acls
Allow Node.SecretID for Node.GetNode and Allocs.GetAlloc
2017-10-13 11:51:48 -07:00
Michael Schurter 93cea382dd Remove support for pre-0.5 nodes
Nodes before 0.5 did not have a SecretID. Since SecretID is now a
required field and 0.4.x is >2 point releases ago, drop support for it.
2017-10-13 11:28:47 -07:00
Michael Schurter 15b991e039 base64 migrate token
HTTP header values must be ASCII.

Also constant time compare tokens and test the generate and compare
helper functions.
2017-10-13 10:59:13 -07:00
Alex Dadgar 56c4a50ba1 vault_grace doc 2017-10-13 10:15:44 -07:00
Alex Dadgar 85178d6048 rkt remove allocid 2017-10-13 10:07:50 -07:00
Alex Dadgar 949fce4fee Merge pull request #3382 from sheerun/patch-5
Remove AllocID from ExecutorContext
2017-10-13 10:06:06 -07:00
Michael Schurter 6a1a509ea5 Fix Request.SecretID -> Request.AuthToken 2017-10-13 09:56:56 -07:00
Alex Dadgar 87f550403b Merge pull request #3379 from sheerun/docs-1
Fix typo: job -> task
2017-10-13 09:51:35 -07:00
Adam Stankiewicz cefbc72b49
Remove AllocID from ExecutorContext 2017-10-13 17:07:49 +02:00
Adam Stankiewicz eb4dd2f3ba
Fix typo: job -> task 2017-10-13 11:51:17 +02:00
Michael Lange 4a35f3c5a5 Handle 403s gracefully
- When a list 403s, treat it as if it were empty
- When a single resource 403s, redirect to an application error page
  that has a backdoor link to the tokens page
2017-10-12 17:40:49 -07:00
Michael Lange f6f024235e Handle the case where hash.Members is undefined 2017-10-12 17:40:04 -07:00
Michael Lange 1f6ce06744 Specialized error for 403s that links to the ACLs page 2017-10-12 17:24:32 -07:00
Michael Lange f081bf57ec Merge pull request #3358 from hashicorp/f-ui-namespaces
UI for Namespaces (enterprise only)
2017-10-12 17:22:15 -07:00
Michael Schurter 021b4c1ae9 Fix AuthToken use on Node.GetAllocs 2017-10-12 17:12:41 -07:00
Michael Schurter 15b3df0b80 Merge pull request #3374 from hashicorp/f-auth-token
SecretID -> AuthToken
2017-10-12 16:57:49 -07:00
Michael Schurter 4a70d4356a Alloc watcher must send Node.SecretID as AuthToken
An auth token is required if ACLs are enabled
2017-10-12 16:38:02 -07:00
Michael Schurter ab7b6d1315 Allow Node.SecretID for GetNode and GetAlloc 2017-10-12 16:27:33 -07:00
Alex Dadgar 686c332d12 Merge pull request #3372 from hashicorp/b-versions
Fix sorting of job versions
2017-10-12 15:48:01 -07:00
Alex Dadgar 5940a1fbde Merge pull request #3373 from hashicorp/f-403
Permission denied results in 403
2017-10-12 15:47:29 -07:00
Alex Dadgar d6b970eec9 Handle invalid token as well 2017-10-12 15:39:05 -07:00
Michael Schurter a003e3dd43 Add StateStore.NodeBySecretID 2017-10-12 15:27:29 -07:00
Michael Schurter 51bce7b1a3 Add index to Node.SecretID 2017-10-12 15:21:20 -07:00
Michael Schurter 84d8a51be1 SecretID -> AuthToken 2017-10-12 15:16:33 -07:00
Michael Schurter a75e039c46 Merge pull request #3371 from hashicorp/d-sentinel-link
Link to the Sentinel docs from the guide
2017-10-12 14:33:58 -07:00
Alex Dadgar 0b538ded83 403 instead of 500 for permission denied 2017-10-12 14:10:20 -07:00
Alex Dadgar b5fc557253 ACL command options 2017-10-12 13:51:39 -07:00
Alex Dadgar 259595bcdb changelog 2017-10-12 13:36:46 -07:00
Alex Dadgar e7e18c931c Fix sorting of job versions
Fixes an issue in which the versions were improperly sorted which would
cause pruning of the wrong job version. This essentially meant that job
versions above 255 would be dropped from the job version table (note
this was due to the prefix walk crossing from the 1-byte to 2-byte
threshold).

Fixes https://github.com/hashicorp/nomad/issues/3357
2017-10-12 13:33:55 -07:00
Michael Lange 303eb3279b Merge pull request #3370 from hashicorp/b-ui-release-error-state-on-transition
Allow users to escape error pages with the back button
2017-10-12 13:03:31 -07:00
Rob Genova 316a4e0ac2 Update sentinel-policy.html.markdown 2017-10-12 12:56:55 -07:00
Michael Lange be0920d3ca Allow users to escape error pages with the back button 2017-10-12 12:35:00 -07:00
Michael Lange bdbc4dfec7 Add a generic catch-all error message 2017-10-12 12:34:10 -07:00
Michael Schurter 06ad18bd15 Merge pull request #3362 from hashicorp/b-3326-malformed-consul-resp
Don't panic on unexpeced Consul response
2017-10-12 11:34:40 -07:00
Alex Dadgar ca1da307e3 Merge pull request #3361 from hashicorp/d-ui
UI command documentation
2017-10-12 09:42:22 -07:00
Alex Dadgar eafaba0e81 Update ui.html.md.erb 2017-10-12 09:42:11 -07:00
Michael Schurter e9c17c56d1 Merge pull request #3353 from hashicorp/f-acl-prefix-search
Prefix Search ACL enforcement
2017-10-11 20:26:03 -07:00
Michael Schurter 59ff94cd71 Don't panic on unexpeced Consul response
Fixes #3326
2017-10-11 18:25:54 -07:00
Alex Dadgar 0c529f87a5 UI command documentation 2017-10-11 18:24:58 -07:00
Alex Dadgar b1befc7be0 Merge pull request #3360 from hashicorp/f-consul-template
Use Vault default grace
2017-10-11 18:11:17 -07:00
Alex Dadgar 68d1a61e8e fix test 2017-10-11 18:11:03 -07:00
Alex Dadgar 7ea4493a13 Merge pull request #3322 from hashicorp/f-authenticated-volumes
Authenticated client volumes
2017-10-11 18:09:21 -07:00
Alex Dadgar d34c6e0135 fix test 2017-10-11 18:08:37 -07:00
Michael Schurter 2673481a48 Refactor permissions checks into funcs
funcs are in the _oss file to ease creating Enterprise versions which
support Quotas and Namespaces.
2017-10-11 18:05:27 -07:00
Alex Dadgar 961eb4c40e documentation 2017-10-11 17:48:18 -07:00
Alex Dadgar 7efeb06713 changelog 2017-10-11 17:43:14 -07:00
Alex Dadgar 1b3af355a6 vendor consul-template 2017-10-11 17:23:09 -07:00
Alex Dadgar ea4e9ed027 Change vault_grace default to match vaults 2017-10-11 17:20:12 -07:00
Alex Dadgar 53f2ea88a5 Small fixes
This commit:

* Fixes the error checking in migration tests now that we are using the
canonical ErrPermissionDenied error
* Guard against NPE when looking up objects to generate the migration
token
* Handle an additional case in ShouldMigrate()
2017-10-11 17:13:50 -07:00
Chelsea Holland Komlo c67bfc2ee4 fixups from code review
change creation of a migrate token to be for a previous allocation
2017-10-11 17:13:50 -07:00