86d5c4fa67
build(deps): bump github.com/docker/go-units from 0.4.0 to 0.5.0 in /api ( #14430 )
...
* build(deps): bump github.com/docker/go-units from 0.4.0 to 0.5.0 in /api
Bumps [github.com/docker/go-units](https://github.com/docker/go-units ) from 0.4.0 to 0.5.0.
- [Release notes](https://github.com/docker/go-units/releases )
- [Commits](https://github.com/docker/go-units/compare/v0.4.0...v0.5.0 )
---
updated-dependencies:
- dependency-name: github.com/docker/go-units
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
* deps: also update go-units in nomad
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Seth Hoenig <shoenig@duck.com>
2022-09-26 09:30:17 -05:00
d4436ccd5f
build(deps): bump github.com/hashicorp/serf from 0.9.7 to 0.10.0 ( #14365 )
...
Bumps [github.com/hashicorp/serf](https://github.com/hashicorp/serf ) from 0.9.7 to 0.10.0.
- [Release notes](https://github.com/hashicorp/serf/releases )
- [Changelog](https://github.com/hashicorp/serf/blob/master/CHANGELOG.md )
- [Commits](https://github.com/hashicorp/serf/compare/v0.9.7...v0.10.0 )
---
updated-dependencies:
- dependency-name: github.com/hashicorp/serf
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-09-26 09:11:56 -05:00
6e71053c9c
build(deps): bump github.com/zclconf/go-cty from 1.8.0 to 1.11.0 ( #14363 )
...
Bumps [github.com/zclconf/go-cty](https://github.com/zclconf/go-cty ) from 1.8.0 to 1.11.0.
- [Release notes](https://github.com/zclconf/go-cty/releases )
- [Changelog](https://github.com/zclconf/go-cty/blob/main/CHANGELOG.md )
- [Commits](https://github.com/zclconf/go-cty/compare/v1.8.0...v1.11.0 )
---
updated-dependencies:
- dependency-name: github.com/zclconf/go-cty
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-09-26 09:06:39 -05:00
819514c7ff
build(deps): bump github.com/hashicorp/go-getter from 1.6.1 to 1.6.2 ( #14459 )
...
Bumps [github.com/hashicorp/go-getter](https://github.com/hashicorp/go-getter ) from 1.6.1 to 1.6.2.
- [Release notes](https://github.com/hashicorp/go-getter/releases )
- [Changelog](https://github.com/hashicorp/go-getter/blob/main/.goreleaser.yml )
- [Commits](https://github.com/hashicorp/go-getter/compare/v1.6.1...v1.6.2 )
---
updated-dependencies:
- dependency-name: github.com/hashicorp/go-getter
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-09-26 08:54:36 -05:00
a60f20fe30
build(deps): bump github.com/golang-jwt/jwt/v4 from 4.4.1 to 4.4.2 ( #14406 )
...
Bumps [github.com/golang-jwt/jwt/v4](https://github.com/golang-jwt/jwt ) from 4.4.1 to 4.4.2.
- [Release notes](https://github.com/golang-jwt/jwt/releases )
- [Changelog](https://github.com/golang-jwt/jwt/blob/main/VERSION_HISTORY.md )
- [Commits](https://github.com/golang-jwt/jwt/compare/v4.4.1...v4.4.2 )
---
updated-dependencies:
- dependency-name: github.com/golang-jwt/jwt/v4
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-09-26 08:52:16 -05:00
87ec5fdee5
deps: update set and test ( #14680 )
...
This PR updates go-set and shoenig/test, which introduced some breaking
API changes.
2022-09-26 08:28:03 -05:00
0211240a03
[vars] Update Consul Template dependency ( #14667 )
...
* Bump CT dependency
* go mod tidied
2022-09-22 16:44:48 -04:00
2088ca3345
cleanup more helper updates ( #14638 )
...
* cleanup: refactor MapStringStringSliceValueSet to be cleaner
* cleanup: replace SliceStringToSet with actual set
* cleanup: replace SliceStringSubset with real set
* cleanup: replace SliceStringContains with slices.Contains
* cleanup: remove unused function SliceStringHasPrefix
* cleanup: fixup StringHasPrefixInSlice doc string
* cleanup: refactor SliceSetDisjoint to use real set
* cleanup: replace CompareSliceSetString with SliceSetEq
* cleanup: replace CompareMapStringString with maps.Equal
* cleanup: replace CopyMapStringString with CopyMap
* cleanup: replace CopyMapStringInterface with CopyMap
* cleanup: fixup more CopyMapStringString and CopyMapStringInt
* cleanup: replace CopySliceString with slices.Clone
* cleanup: remove unused CopySliceInt
* cleanup: refactor CopyMapStringSliceString to be generic as CopyMapOfSlice
* cleanup: replace CopyMap with maps.Clone
* cleanup: run go mod tidy
2022-09-21 14:53:25 -05:00
f51a8c73e6
deps: update armon/go-metrics to v0.4.1 ( #14493 )
2022-09-09 09:20:55 +02:00
7921f044e5
migrate autopilot implementation to raft-autopilot ( #14441 )
...
Nomad's original autopilot was importing from a private package in Consul. It
has been moved out to a shared library. Switch Nomad to use this library so that
we can eliminate the import of Consul, which is necessary to build Nomad ENT
with the current version of the Consul SDK. This also will let us pick up
autopilot improvements shared with Consul more easily.
2022-09-01 14:27:10 -04:00
9f8a3824c4
build(deps): bump github.com/hashicorp/go-version from 1.4.0 to 1.6.0 ( #14364 )
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: James Rasell <jrasell@hashicorp.com>
2022-09-01 11:55:42 +02:00
5c0e34dd33
Vars: Update CT dependency to support variables. ( #14399 )
...
* Update Consul Template dep to support Nomad vars
* Remove `Peering` config for Consul Testservers
Upgrading to the 1.14 Consul SDK introduces and additional default
configuration—`Peering`—that is not compatible with versions of Consul
before v1.13.0. because Nomad tests against Consul v1.11.1, this
configuration has to be nil'ed out before passing it to the Consul
binary.
2022-08-30 15:26:01 -04:00
c9d678a91a
keyring: wrap root key in key encryption key ( #14388 )
...
Update the on-disk format for the root key so that it's wrapped with a unique
per-key/per-server key encryption key. This is a bit of security theatre for the
current implementation, but it uses `go-kms-wrapping` as the interface for
wrapping the key. This provides a shim for future support of external KMS such
as cloud provider APIs or Vault transit encryption.
* Removes the JSON serialization extension we had on the `RootKey` struct; this
struct is now only used for key replication and not for disk serialization, so
we don't need this helper.
* Creates a helper for generating cryptographically random slices of bytes that
properly accounts for short reads from the source.
* No observable functional changes outside of the on-disk format, so there are
no test updates.
2022-08-30 10:59:25 -04:00
9d0e274f27
cleanup: cleanup more slice-set comparisons
2022-08-29 12:04:21 -05:00
451194397f
build(deps): bump github.com/hashicorp/go-memdb from 1.3.2 to 1.3.3 ( #14206 )
...
Bumps [github.com/hashicorp/go-memdb](https://github.com/hashicorp/go-memdb ) from 1.3.2 to 1.3.3.
- [Release notes](https://github.com/hashicorp/go-memdb/releases )
- [Changelog](https://github.com/hashicorp/go-memdb/blob/main/changes.go )
- [Commits](https://github.com/hashicorp/go-memdb/compare/v1.3.2...v1.3.3 )
---
updated-dependencies:
- dependency-name: github.com/hashicorp/go-memdb
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-08-26 10:07:41 -04:00
42792c4813
build(deps): bump github.com/hashicorp/go-hclog from 1.2.0 to 1.2.2 ( #14208 )
...
Bumps [github.com/hashicorp/go-hclog](https://github.com/hashicorp/go-hclog ) from 1.2.0 to 1.2.2.
- [Release notes](https://github.com/hashicorp/go-hclog/releases )
- [Commits](https://github.com/hashicorp/go-hclog/compare/v1.2.0...v1.2.2 )
---
updated-dependencies:
- dependency-name: github.com/hashicorp/go-hclog
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-08-26 09:31:54 -04:00
1eb34c1099
build(deps): bump github.com/aws/aws-sdk-go from 1.42.27 to 1.44.84 ( #14326 )
...
Bumps [github.com/aws/aws-sdk-go](https://github.com/aws/aws-sdk-go ) from 1.42.27 to 1.44.84.
- [Release notes](https://github.com/aws/aws-sdk-go/releases )
- [Changelog](https://github.com/aws/aws-sdk-go/blob/main/CHANGELOG.md )
- [Commits](https://github.com/aws/aws-sdk-go/compare/v1.42.27...v1.44.84 )
---
updated-dependencies:
- dependency-name: github.com/aws/aws-sdk-go
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-08-26 09:13:37 -04:00
6d3389653b
build(deps): bump github.com/shirou/gopsutil/v3 from 3.21.12 to 3.22.7 ( #14209 )
...
* build(deps): bump github.com/shirou/gopsutil/v3 from 3.21.12 to 3.22.7
Bumps [github.com/shirou/gopsutil/v3](https://github.com/shirou/gopsutil ) from 3.21.12 to 3.22.7.
- [Release notes](https://github.com/shirou/gopsutil/releases )
- [Commits](https://github.com/shirou/gopsutil/compare/v3.21.12...v3.22.7 )
---
updated-dependencies:
- dependency-name: github.com/shirou/gopsutil/v3
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
* changelog entry
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Tim Gross <tgross@hashicorp.com>
2022-08-25 14:15:41 -04:00
ea1802ffa0
deps: sync versions of go-discover in go.mod ( #14269 )
...
In #13491 the version of `go-discover` was updated in `go.mod` but the
comment above it mentions that it also needs to be updated in the
`replace` directive.
2022-08-24 10:32:13 -04:00
4c1a0d4907
cleanup: first pass at fixing command package warnings
...
This PR is the first of several for cleaning up warnings, and refactoring
bits of code in the command package. First pass is over acl_ files and
gets some helpers in place.
2022-08-17 15:33:37 -05:00
dba6b39815
SV CLI: var init ( #13820 )
...
* Nomad dep: add museli/reflow
* SV CLI: var init
2022-08-15 13:43:29 -04:00
3d2f581b33
Merge pull request #14114 from hashicorp/dependabot/go_modules/oss.indeed.com/go/libtime-1.6.0
...
build(deps): bump oss.indeed.com/go/libtime from 1.5.0 to 1.6.0
2022-08-15 10:17:44 -05:00
bb298856b0
build(deps): bump oss.indeed.com/go/libtime from 1.5.0 to 1.6.0
...
Bumps [oss.indeed.com/go/libtime](https://github.com/indeedeng/libtime ) from 1.5.0 to 1.6.0.
- [Release notes](https://github.com/indeedeng/libtime/releases )
- [Commits](https://github.com/indeedeng/libtime/compare/v1.5.0...v1.6.0 )
---
updated-dependencies:
- dependency-name: oss.indeed.com/go/libtime
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
2022-08-15 15:12:03 +00:00
abe3bfce8e
build(deps): bump github.com/fsouza/go-dockerclient from 1.6.5 to 1.8.2
...
Bumps [github.com/fsouza/go-dockerclient](https://github.com/fsouza/go-dockerclient ) from 1.6.5 to 1.8.2.
- [Release notes](https://github.com/fsouza/go-dockerclient/releases )
- [Changelog](https://github.com/fsouza/go-dockerclient/blob/main/container_changes_test.go )
- [Commits](https://github.com/fsouza/go-dockerclient/compare/v1.6.5...v1.8.2 )
---
updated-dependencies:
- dependency-name: github.com/fsouza/go-dockerclient
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
2022-08-15 14:53:54 +00:00
c24ed407c0
Merge pull request #14111 from hashicorp/dependabot/go_modules/github.com/armon/go-metrics-0.4.0
...
build(deps): bump github.com/armon/go-metrics from 0.3.10 to 0.4.0
2022-08-15 09:52:51 -05:00
fc218b48dc
build(deps): bump github.com/armon/go-metrics from 0.3.10 to 0.4.0
...
Bumps [github.com/armon/go-metrics](https://github.com/armon/go-metrics ) from 0.3.10 to 0.4.0.
- [Release notes](https://github.com/armon/go-metrics/releases )
- [Commits](https://github.com/armon/go-metrics/compare/v0.3.10...v0.4.0 )
---
updated-dependencies:
- dependency-name: github.com/armon/go-metrics
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
2022-08-15 14:49:29 +00:00
03ff90f02c
build(deps): bump github.com/mitchellh/cli from 1.1.2 to 1.1.4
...
Bumps [github.com/mitchellh/cli](https://github.com/mitchellh/cli ) from 1.1.2 to 1.1.4.
- [Release notes](https://github.com/mitchellh/cli/releases )
- [Commits](https://github.com/mitchellh/cli/compare/v1.1.2...v1.1.4 )
---
updated-dependencies:
- dependency-name: github.com/mitchellh/cli
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
2022-08-15 14:25:31 +00:00
077f46c74a
Merge pull request #14025 from hashicorp/dependabot/go_modules/go.etcd.io/bbolt-1.3.6
...
build(deps): bump go.etcd.io/bbolt from 1.3.5 to 1.3.6
2022-08-15 09:13:48 -05:00
d3c0e5db04
build(deps): bump google.golang.org/grpc from 1.45.0 to 1.48.0
...
Bumps [google.golang.org/grpc](https://github.com/grpc/grpc-go ) from 1.45.0 to 1.48.0.
- [Release notes](https://github.com/grpc/grpc-go/releases )
- [Commits](https://github.com/grpc/grpc-go/compare/v1.45.0...v1.48.0 )
---
updated-dependencies:
- dependency-name: google.golang.org/grpc
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
2022-08-14 09:09:31 +00:00
e229037fb8
build(deps): bump go.etcd.io/bbolt from 1.3.5 to 1.3.6
...
Bumps [go.etcd.io/bbolt](https://github.com/etcd-io/bbolt ) from 1.3.5 to 1.3.6.
- [Release notes](https://github.com/etcd-io/bbolt/releases )
- [Commits](https://github.com/etcd-io/bbolt/compare/v1.3.5...v1.3.6 )
---
updated-dependencies:
- dependency-name: go.etcd.io/bbolt
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
2022-08-08 20:48:49 +00:00
0004e0a5b7
build(deps): bump github.com/containernetworking/cni from 1.0.1 to 1.1.2
...
Bumps [github.com/containernetworking/cni](https://github.com/containernetworking/cni ) from 1.0.1 to 1.1.2.
- [Release notes](https://github.com/containernetworking/cni/releases )
- [Commits](https://github.com/containernetworking/cni/compare/v1.0.1...v1.1.2 )
---
updated-dependencies:
- dependency-name: github.com/containernetworking/cni
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
2022-08-08 20:48:29 +00:00
221ac2741c
chore(deps): bump github.com/hashicorp/consul/api from 1.13.0 to 1.13.1
...
Bumps [github.com/hashicorp/consul/api](https://github.com/hashicorp/consul ) from 1.13.0 to 1.13.1.
- [Release notes](https://github.com/hashicorp/consul/releases )
- [Changelog](https://github.com/hashicorp/consul/blob/main/CHANGELOG.md )
- [Commits](https://github.com/hashicorp/consul/compare/api/v1.13.0...api/v1.13.1 )
---
updated-dependencies:
- dependency-name: github.com/hashicorp/consul/api
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
2022-08-05 12:37:18 +00:00
eb933ad27d
Merge pull request #14019 from hashicorp/deps-update-runc-to-v1.1.3
...
deps: update runc to v1.1.3
2022-08-05 07:34:16 -05:00
bc09a2e114
deps: update opencontainers/runc to v1.1.3
2022-08-04 12:56:49 -05:00
9affe31a0f
qemu: reduce monitor socket path ( #13971 )
...
The QEMU driver can take an optional `graceful_shutdown` configuration
which will create a Unix socket to send ACPI shutdown signal to the VM.
Unix sockets have a hard length limit and the driver implementation
assumed that QEMU versions 2.10.1 were able to handle longer paths. This
is not correct, the linked QEMU fix only changed the behaviour from
silently truncating longer socket paths to throwing an error.
By validating the socket path before starting the QEMU machine we can
provide users a more actionable and meaningful error message, and by
using a shorter socket file name we leave a bit more room for
user-defined values in the path, such as the task name.
The maximum length allowed is also platform-dependant, so validation
needs to be different for each OS.
2022-08-04 12:10:35 -04:00
77df9c133b
Add Nomad RetryConfig to agent template config ( #13907 )
...
* add Nomad RetryConfig to agent template config
2022-08-03 16:56:30 -04:00
fb740a6335
Merge pull request #13944 from hashicorp/deps-update-raft
...
deps: update raft library
2022-08-01 10:35:17 -05:00
642f16dba3
deps: update raft library
...
Another attempt at resolving the flakey TestNomad_BootstrapExpect_NonVoter
2022-08-01 09:56:08 -05:00
0417492bba
deps: update test package
...
Upgrading to v0.3.0 gives us the ability to add more context to test
case failures.
https://github.com/shoenig/test/pull/23
2022-08-01 08:53:00 -05:00
93cfeb177b
cleanup: example refactoring out map[string]struct{} using set.Set
...
This PR is a little demo of using github.com/hashicorp/go-set to
replace the use of map[T]struct{} as a make-shift set.
2022-07-19 22:50:49 -05:00
d3d1199b81
chore(deps): bump github.com/mitchellh/mapstructure from 1.4.3 to 1.5.0 in /api ( #12725 )
...
* chore(deps): bump github.com/mitchellh/mapstructure in /api
Bumps [github.com/mitchellh/mapstructure](https://github.com/mitchellh/mapstructure ) from 1.4.3 to 1.5.0.
- [Release notes](https://github.com/mitchellh/mapstructure/releases )
- [Changelog](https://github.com/mitchellh/mapstructure/blob/master/CHANGELOG.md )
- [Commits](https://github.com/mitchellh/mapstructure/compare/v1.4.3...v1.5.0 )
---
updated-dependencies:
- dependency-name: github.com/mitchellh/mapstructure
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
* Also bump mapstructure in main go.mod
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Michael Schurter <mschurter@hashicorp.com>
2022-07-13 11:57:16 -07:00
4b7253b33f
build(deps): bump github.com/gorilla/websocket from 1.4.2 to 1.5.0 in /api ( #12075 )
...
* build(deps): bump github.com/gorilla/websocket in /api
Bumps [github.com/gorilla/websocket](https://github.com/gorilla/websocket ) from 1.4.2 to 1.5.0.
- [Release notes](https://github.com/gorilla/websocket/releases )
- [Commits](https://github.com/gorilla/websocket/compare/v1.4.2...v1.5.0 )
---
updated-dependencies:
- dependency-name: github.com/gorilla/websocket
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
* deps: also bump websocket dep in main binary
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Michael Schurter <mschurter@hashicorp.com>
2022-07-12 16:49:31 -07:00
14fea78c23
build(deps): bump github.com/docker/distribution ( #12246 )
...
Bumps [github.com/docker/distribution](https://github.com/docker/distribution ) from 2.7.1+incompatible to 2.8.1+incompatible.
- [Release notes](https://github.com/docker/distribution/releases )
- [Commits](https://github.com/docker/distribution/compare/v2.7.1...v2.8.1 )
---
updated-dependencies:
- dependency-name: github.com/docker/distribution
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-07-12 16:31:56 -07:00
b9ebf94131
build(deps): bump github.com/hashicorp/consul/sdk from 0.8.0 to 0.9.0 ( #12007 )
...
Bumps [github.com/hashicorp/consul/sdk](https://github.com/hashicorp/consul ) from 0.8.0 to 0.9.0.
- [Release notes](https://github.com/hashicorp/consul/releases )
- [Changelog](https://github.com/hashicorp/consul/blob/main/CHANGELOG.md )
- [Commits](https://github.com/hashicorp/consul/compare/v0.8.0...v0.9.0 )
---
updated-dependencies:
- dependency-name: github.com/hashicorp/consul/sdk
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-07-12 12:58:34 -07:00
bfcbc00f4e
workload identity ( #13223 )
...
In order to support implicit ACL policies for tasks to get their own
secrets, each task would need to have its own ACL token. This would
add extra raft overhead as well as new garbage collection jobs for
cleaning up task-specific ACL tokens. Instead, Nomad will create a
workload Identity Claim for each task.
An Identity Claim is a JSON Web Token (JWT) signed by the server’s
private key and attached to an Allocation at the time a plan is
applied. The encoded JWT can be submitted as the X-Nomad-Token header
to replace ACL token secret IDs for the RPCs that support identity
claims.
Whenever a key is is added to a server’s keyring, it will use the key
as the seed for a Ed25519 public-private private keypair. That keypair
will be used for signing the JWT and for verifying the JWT.
This implementation is a ruthlessly minimal approach to support the
secure variables feature. When a JWT is verified, the allocation ID
will be checked against the Nomad state store, and non-existent or
terminal allocation IDs will cause the validation to be rejected. This
is sufficient to support the secure variables feature at launch
without requiring implementation of a background process to renew
soon-to-expire tokens.
2022-07-11 13:34:05 -04:00
2019eab2c8
Provide mock secure variables implementation ( #12980 )
...
* Add SecureVariable mock
* Add SecureVariableStub
* Add SecureVariable Copy and Stub funcs
2022-07-11 13:34:03 -04:00
b1a3a8a5bb
helpers: use unreachable assertion
2022-07-06 17:05:35 -05:00
5d91bddf2f
Merge pull request #13531 from hashicorp/dependabot/go_modules/api/github.com/stretchr/testify-1.8.0
...
build(deps): bump github.com/stretchr/testify from 1.7.5 to 1.8.0 in /api
2022-07-01 10:19:03 -05:00
4278846eeb
build(deps): bump github.com/stretchr/testify in /api
...
Bumps [github.com/stretchr/testify](https://github.com/stretchr/testify ) from 1.7.5 to 1.8.0.
- [Release notes](https://github.com/stretchr/testify/releases )
- [Commits](https://github.com/stretchr/testify/compare/v1.7.5...v1.8.0 )
---
updated-dependencies:
- dependency-name: github.com/stretchr/testify
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
2022-07-01 09:50:54 -05:00
97726c2fd8
Merge pull request #12862 from hashicorp/f-choose-services
...
api: enable selecting subset of services using rendezvous hashing
2022-06-30 15:17:40 -05:00
dependabot[bot]