Alex Dadgar
10a07c525f
fix flaky vault test
2017-10-23 16:48:20 -07:00
Alex Dadgar
1d6cdfbdc3
lax timing
2017-10-23 16:48:20 -07:00
Alex Dadgar
9f91ce64f6
Fix some flaky tests
2017-10-23 16:48:20 -07:00
Alex Dadgar
dbc014b360
Standardize retrieving a free port into a helper package
2017-10-23 16:48:20 -07:00
Alex Dadgar
ae6be0dac7
spelling mistake
2017-10-23 15:12:45 -07:00
Alex Dadgar
794daefa5e
clear the token
2017-10-23 15:11:13 -07:00
Alex Dadgar
d3e119f4d0
thread leader token through core gc and test
2017-10-23 15:04:00 -07:00
Alex Dadgar
5c34af1ee1
leader acl token
2017-10-23 14:10:14 -07:00
Alex Dadgar
1192385c63
Lax blocking query test timing
2017-10-20 13:07:17 -07:00
Alex Dadgar
e7299676f6
generated
2017-10-19 15:20:39 -07:00
James Phillips
9a5651e83a
Applies leader loop fixes from Consul.
...
There was a deadlock issue we fixed under https://github.com/hashicorp/consul/issues/3230 ,
and then discovered an issue with under https://github.com/hashicorp/consul/issues/3545 . This
PR ports over those fixes, as well as makes the revoke actions only happen if leadership was
established. This brings the Nomad leader loop inline with Consul's.
2017-10-16 22:01:49 -07:00
Chelsea Komlo
1ccc1f79f6
Merge pull request #3393 from hashicorp/b-delete-nonexistent-tokens
...
Return error if tokens cannot be deleted because they do not exist
2017-10-16 18:36:41 -04:00
Alex Dadgar
be053364ba
no namespaces in oss test
2017-10-16 14:21:29 -07:00
Chelsea Holland Komlo
a8becb96c0
review feedback
2017-10-16 17:14:48 -04:00
Chelsea Holland Komlo
2377d97d51
return error if tokens cannot be deleted because they do not exist
2017-10-16 17:14:48 -04:00
Alex Dadgar
c3f06b2134
Merge pull request #3384 from hashicorp/f-self-policies
...
Ability to introspect self token
2017-10-13 17:11:22 -07:00
Alex Dadgar
c559f6652f
Merge pull request #3386 from hashicorp/f-sync
...
sync
2017-10-13 15:32:58 -07:00
Alex Dadgar
c1cc51dbee
sync
2017-10-13 14:36:02 -07:00
Michael Schurter
b63eee17e9
Merge pull request #3383 from hashicorp/b-migrate-token
...
base64 migrate token
2017-10-13 13:46:54 -07:00
Alex Dadgar
5d4f467519
ListPolicies and GetPolicy work w/o management token
2017-10-13 13:12:20 -07:00
Michael Schurter
dfd2967cdb
Merge pull request #3376 from hashicorp/f-node-acls
...
Allow Node.SecretID for Node.GetNode and Allocs.GetAlloc
2017-10-13 11:51:48 -07:00
Michael Schurter
93cea382dd
Remove support for pre-0.5 nodes
...
Nodes before 0.5 did not have a SecretID. Since SecretID is now a
required field and 0.4.x is >2 point releases ago, drop support for it.
2017-10-13 11:28:47 -07:00
Michael Schurter
15b991e039
base64 migrate token
...
HTTP header values must be ASCII.
Also constant time compare tokens and test the generate and compare
helper functions.
2017-10-13 10:59:13 -07:00
Michael Schurter
6a1a509ea5
Fix Request.SecretID -> Request.AuthToken
2017-10-13 09:56:56 -07:00
Michael Schurter
021b4c1ae9
Fix AuthToken use on Node.GetAllocs
2017-10-12 17:12:41 -07:00
Michael Schurter
15b3df0b80
Merge pull request #3374 from hashicorp/f-auth-token
...
SecretID -> AuthToken
2017-10-12 16:57:49 -07:00
Michael Schurter
ab7b6d1315
Allow Node.SecretID for GetNode and GetAlloc
2017-10-12 16:27:33 -07:00
Michael Schurter
a003e3dd43
Add StateStore.NodeBySecretID
2017-10-12 15:27:29 -07:00
Michael Schurter
51bce7b1a3
Add index to Node.SecretID
2017-10-12 15:21:20 -07:00
Michael Schurter
84d8a51be1
SecretID -> AuthToken
2017-10-12 15:16:33 -07:00
Alex Dadgar
e7e18c931c
Fix sorting of job versions
...
Fixes an issue in which the versions were improperly sorted which would
cause pruning of the wrong job version. This essentially meant that job
versions above 255 would be dropped from the job version table (note
this was due to the prefix walk crossing from the 1-byte to 2-byte
threshold).
Fixes https://github.com/hashicorp/nomad/issues/3357
2017-10-12 13:33:55 -07:00
Michael Schurter
e9c17c56d1
Merge pull request #3353 from hashicorp/f-acl-prefix-search
...
Prefix Search ACL enforcement
2017-10-11 20:26:03 -07:00
Alex Dadgar
d34c6e0135
fix test
2017-10-11 18:08:37 -07:00
Michael Schurter
2673481a48
Refactor permissions checks into funcs
...
funcs are in the _oss file to ease creating Enterprise versions which
support Quotas and Namespaces.
2017-10-11 18:05:27 -07:00
Alex Dadgar
53f2ea88a5
Small fixes
...
This commit:
* Fixes the error checking in migration tests now that we are using the
canonical ErrPermissionDenied error
* Guard against NPE when looking up objects to generate the migration
token
* Handle an additional case in ShouldMigrate()
2017-10-11 17:13:50 -07:00
Chelsea Holland Komlo
c67bfc2ee4
fixups from code review
...
change creation of a migrate token to be for a previous allocation
2017-10-11 17:13:50 -07:00
Chelsea Holland Komlo
b018ca4d46
fixing up code review comments
2017-10-11 17:09:20 -07:00
Chelsea Holland Komlo
410adaf726
Add functionality for authenticated volumes
2017-10-11 17:09:20 -07:00
Chelsea Holland Komlo
36ad6bc6bf
add MigrateTokens to server response for allocs
2017-10-11 17:09:20 -07:00
Michael Schurter
be69374ecd
Prefix Search ACL enforcement
2017-10-11 17:00:12 -07:00
Michael Schurter
d82db5ab45
Merge pull request #3351 from hashicorp/f-acl-system
...
System ACL enforcement
2017-10-11 16:32:50 -07:00
Michael Schurter
51fe1d8f73
Merge pull request #3350 from hashicorp/f-acl-status-members
...
Status.Members ACL enforcement
2017-10-11 16:32:25 -07:00
Michael Schurter
8c1a97765e
Merge pull request #3339 from hashicorp/f-acl-force-periodic
...
Force Periodic ACL enforcement
2017-10-11 16:26:29 -07:00
Michael Schurter
0d27053aab
Operator ACL enforcement
2017-10-10 15:18:19 -07:00
Michael Schurter
0cf7a3950b
Force Periodic ACL enforcement
2017-10-10 15:16:41 -07:00
Michael Schurter
4e005d4753
System ACL enforcement
...
Enforce ACL for System.GarbageCollect and System.ReconcileJobSummaries
RPC endpoints.
2017-10-10 10:53:10 -07:00
Michael Schurter
de767ffa04
Status.Members ACL enforcement
...
Was incorrectly checked on the HTTP API before. Moved to RPC endpoint.
2017-10-10 10:36:54 -07:00
Michael Schurter
e50acae1a9
ForceLeave endpoint must use Server.ResolveToken
...
The ForceLeaveRequest endpoint may only be called on servers, but the
code was using a Client to resolve tokens. This would cause a panic when
an agent wasn't both a Server and a Client.
2017-10-09 15:49:04 -07:00
Michael Schurter
492c861419
/v1/client/agent/* ACL enforcement
2017-10-09 12:18:54 -07:00
Michael Schurter
57ff12432b
Move acl helpers from nomad/ into nomad/mock
...
They're useful in command/agent/ tests.
2017-10-06 14:50:06 -07:00
Michael Schurter
4acff9c2bd
Support AnonymousACLToken in GetPolicies
2017-10-06 14:35:14 -07:00
Chelsea Komlo
7c8a5228d4
Merge pull request #3290 from hashicorp/f-acl-job-dispatch
...
Add ACL for dispatch job
2017-10-06 13:33:21 -04:00
Michael Schurter
22169a7cd4
Eval.Allocations ACL enforcement
2017-10-03 14:57:47 -07:00
Michael Schurter
b3db8f41fd
Eval.List ACL enforcement
2017-10-03 14:57:47 -07:00
Michael Schurter
fae1be5ab2
Eval.GetEval ACL enforcement
2017-10-03 14:57:47 -07:00
Michael Schurter
bd6418aa27
Deployment.Allocations ACL enforcement
2017-10-02 15:23:29 -07:00
Michael Schurter
08c82eb00f
Deployment.List ACL enforcement
2017-10-02 15:13:56 -07:00
Michael Schurter
60a7dc3c83
Deployment.SetAllocHealth ACL enforcement
2017-10-02 15:02:18 -07:00
Michael Schurter
c9d2c62d0b
Deployment.Promote ACL enforcement
2017-10-02 14:31:58 -07:00
Michael Schurter
0409a54f19
Deployment.Pause ACL enforcement
2017-10-02 14:25:32 -07:00
Michael Schurter
b888e49df4
Deployment.Fail ACL enforcement
2017-10-02 14:23:33 -07:00
Chelsea Komlo
97e34725e1
Merge pull request #3278 from hashicorp/f-acl-job-getjob
...
Add ACL for GetJob
2017-09-29 17:44:31 -04:00
Chelsea Komlo
388cdaa2e8
Merge pull request #3272 from hashicorp/f-acl-job-stable
...
Add ACL endpoint for Job Stable
2017-09-29 17:44:09 -04:00
Michael Schurter
efcc61a253
Merge pull request #3302 from hashicorp/b-remove-structs-from-api
...
Remove `structs` import from `api`
2017-09-29 11:39:43 -07:00
Michael Schurter
f1a8676ee4
Merge pull request #3298 from hashicorp/b-fix-check-restart-plan
...
Diff CheckRestart objects
2017-09-29 11:39:14 -07:00
Alex Dadgar
b772fb650e
Merge pull request #3293 from hashicorp/f-self-token
...
Allow querying self token
2017-09-29 10:54:37 -07:00
Michael Schurter
a66c53d45a
Remove structs
import from api
...
Goes a step further and removes structs import from api's tests as well
by moving GenerateUUID to its own package.
2017-09-29 10:36:08 -07:00
Michael Schurter
0e0ea82916
Test Check.Header add/removes
2017-09-28 17:08:43 -07:00
Alex Dadgar
fe491421a3
Fix empty map
2017-09-28 16:15:04 -07:00
Michael Schurter
f9b66cbb60
Diff CheckRestart objects
2017-09-28 14:06:18 -07:00
Chelsea Komlo
3a015016cc
Merge pull request #3294 from hashicorp/f-acl-job-deregister
...
Add ACL for job deregister
2017-09-28 10:57:51 -04:00
Chelsea Komlo
c54a4f7c91
Merge pull request #3291 from hashicorp/f-acl-get-job-versions
...
Add ACL for job endpoint GetJobVersions
2017-09-28 10:35:19 -04:00
Chelsea Holland Komlo
c242ac1431
job dispatch should have dispatch policy
2017-09-28 14:28:28 +00:00
Chelsea Komlo
77ae328fbe
Merge pull request #3276 from hashicorp/f-acl-job-evaluate
...
Add read job permissions to evaluate endpoint
2017-09-27 18:01:15 -04:00
Chelsea Holland Komlo
90adc4dbc9
add checks for error message
2017-09-27 21:35:03 +00:00
Chelsea Komlo
d3d1bc6498
Merge pull request #3279 from hashicorp/f-acl-job-allocations
...
Add ACL to job allocations endpoint
2017-09-27 16:57:04 -04:00
Chelsea Komlo
8f1c89c721
Merge pull request #3283 from hashicorp/f-acl-job-latest-deployment
...
Add ACL to latest job api
2017-09-27 16:54:44 -04:00
Alex Dadgar
765b030bec
Fixes
2017-09-27 13:42:56 -07:00
Alex Dadgar
14e6026938
Allow querying self token
...
This PR allows querying self ACL token when the SecretID is for the
AccessorID in question.
2017-09-27 13:00:58 -07:00
Chelsea Holland Komlo
1bab53c9fd
acl for job deregister
2017-09-27 19:21:10 +00:00
Chelsea Komlo
b40de659a7
Merge pull request #3281 from hashicorp/f-acl-job-evaluations
...
Add ACL for Job Evaluations endpoint
2017-09-27 15:15:35 -04:00
Chelsea Holland Komlo
36e3212012
add acl for job endpoint GetJobVersions
2017-09-27 17:29:08 +00:00
Chelsea Komlo
b2cb0129c8
Merge pull request #3282 from hashicorp/f-acl-job-deployments
...
Add ACL for job deployments endpoint
2017-09-27 12:42:25 -04:00
Chelsea Holland Komlo
0db1367d43
add acl for dispatch job
2017-09-27 16:33:49 +00:00
Chelsea Holland Komlo
c4ac20f852
fix up comment
2017-09-27 15:25:10 +00:00
Chelsea Holland Komlo
d9701fed37
fixups from code review
2017-09-27 15:23:38 +00:00
Chelsea Holland Komlo
0ba6a1df0d
fixups from code review
2017-09-27 15:20:18 +00:00
Chelsea Holland Komlo
4b90de992e
fixups from code review
2017-09-27 15:07:45 +00:00
Alex Dadgar
4173834231
Enable more linters
2017-09-26 15:26:33 -07:00
Chelsea Holland Komlo
f4b7451c62
add acl to lastest job api
2017-09-26 20:53:43 +00:00
Chelsea Holland Komlo
55c4ca187e
add acl for job deployments endpoint
2017-09-26 20:33:03 +00:00
Chelsea Holland Komlo
a7b7b3f6c6
add acl for Job Evaluations endpoint
2017-09-26 20:12:37 +00:00
Chelsea Holland Komlo
2fb7772c2c
add acl to job allocations endpoint
2017-09-26 18:01:23 +00:00
Chelsea Holland Komlo
d3e8b4812b
better test assertions
2017-09-26 17:41:53 +00:00
Chelsea Holland Komlo
f912619157
add ACL for GetJob endpoint
2017-09-26 17:38:03 +00:00
Chelsea Holland Komlo
5f467a84d3
add read job permissions to evaluate endpoint
2017-09-26 16:05:17 +00:00
Chelsea Holland Komlo
78f853e253
add ACL endpoint for Job Stable
2017-09-25 22:17:58 +00:00
Chelsea Holland Komlo
014dc2d7de
Add ACL for Revert Job endpoint
2017-09-25 21:51:19 +00:00
Chelsea Komlo
ddc979f459
Merge pull request #3266 from hashicorp/f-acl-job-validate
...
Add ACL for job validate endpoint
2017-09-25 14:09:02 -04:00
Alex Dadgar
73b7466a6e
Run deployment garbage collector on an interval
...
Fixes https://github.com/hashicorp/nomad/issues/3244
2017-09-25 11:04:40 -07:00