Commit graph

1847 commits

Author SHA1 Message Date
Alex Dadgar 10a07c525f fix flaky vault test 2017-10-23 16:48:20 -07:00
Alex Dadgar 1d6cdfbdc3 lax timing 2017-10-23 16:48:20 -07:00
Alex Dadgar 9f91ce64f6 Fix some flaky tests 2017-10-23 16:48:20 -07:00
Alex Dadgar dbc014b360 Standardize retrieving a free port into a helper package 2017-10-23 16:48:20 -07:00
Alex Dadgar ae6be0dac7 spelling mistake 2017-10-23 15:12:45 -07:00
Alex Dadgar 794daefa5e clear the token 2017-10-23 15:11:13 -07:00
Alex Dadgar d3e119f4d0 thread leader token through core gc and test 2017-10-23 15:04:00 -07:00
Alex Dadgar 5c34af1ee1 leader acl token 2017-10-23 14:10:14 -07:00
Alex Dadgar 1192385c63 Lax blocking query test timing 2017-10-20 13:07:17 -07:00
Alex Dadgar e7299676f6 generated 2017-10-19 15:20:39 -07:00
James Phillips 9a5651e83a
Applies leader loop fixes from Consul.
There was a deadlock issue we fixed under https://github.com/hashicorp/consul/issues/3230,
and then discovered an issue with under https://github.com/hashicorp/consul/issues/3545. This
PR ports over those fixes, as well as makes the revoke actions only happen if leadership was
established. This brings the Nomad leader loop inline with Consul's.
2017-10-16 22:01:49 -07:00
Chelsea Komlo 1ccc1f79f6 Merge pull request #3393 from hashicorp/b-delete-nonexistent-tokens
Return error if tokens cannot be deleted because they do not exist
2017-10-16 18:36:41 -04:00
Alex Dadgar be053364ba no namespaces in oss test 2017-10-16 14:21:29 -07:00
Chelsea Holland Komlo a8becb96c0 review feedback 2017-10-16 17:14:48 -04:00
Chelsea Holland Komlo 2377d97d51 return error if tokens cannot be deleted because they do not exist 2017-10-16 17:14:48 -04:00
Alex Dadgar c3f06b2134 Merge pull request #3384 from hashicorp/f-self-policies
Ability to introspect self token
2017-10-13 17:11:22 -07:00
Alex Dadgar c559f6652f Merge pull request #3386 from hashicorp/f-sync
sync
2017-10-13 15:32:58 -07:00
Alex Dadgar c1cc51dbee sync 2017-10-13 14:36:02 -07:00
Michael Schurter b63eee17e9 Merge pull request #3383 from hashicorp/b-migrate-token
base64 migrate token
2017-10-13 13:46:54 -07:00
Alex Dadgar 5d4f467519 ListPolicies and GetPolicy work w/o management token 2017-10-13 13:12:20 -07:00
Michael Schurter dfd2967cdb Merge pull request #3376 from hashicorp/f-node-acls
Allow Node.SecretID for Node.GetNode and Allocs.GetAlloc
2017-10-13 11:51:48 -07:00
Michael Schurter 93cea382dd Remove support for pre-0.5 nodes
Nodes before 0.5 did not have a SecretID. Since SecretID is now a
required field and 0.4.x is >2 point releases ago, drop support for it.
2017-10-13 11:28:47 -07:00
Michael Schurter 15b991e039 base64 migrate token
HTTP header values must be ASCII.

Also constant time compare tokens and test the generate and compare
helper functions.
2017-10-13 10:59:13 -07:00
Michael Schurter 6a1a509ea5 Fix Request.SecretID -> Request.AuthToken 2017-10-13 09:56:56 -07:00
Michael Schurter 021b4c1ae9 Fix AuthToken use on Node.GetAllocs 2017-10-12 17:12:41 -07:00
Michael Schurter 15b3df0b80 Merge pull request #3374 from hashicorp/f-auth-token
SecretID -> AuthToken
2017-10-12 16:57:49 -07:00
Michael Schurter ab7b6d1315 Allow Node.SecretID for GetNode and GetAlloc 2017-10-12 16:27:33 -07:00
Michael Schurter a003e3dd43 Add StateStore.NodeBySecretID 2017-10-12 15:27:29 -07:00
Michael Schurter 51bce7b1a3 Add index to Node.SecretID 2017-10-12 15:21:20 -07:00
Michael Schurter 84d8a51be1 SecretID -> AuthToken 2017-10-12 15:16:33 -07:00
Alex Dadgar e7e18c931c Fix sorting of job versions
Fixes an issue in which the versions were improperly sorted which would
cause pruning of the wrong job version. This essentially meant that job
versions above 255 would be dropped from the job version table (note
this was due to the prefix walk crossing from the 1-byte to 2-byte
threshold).

Fixes https://github.com/hashicorp/nomad/issues/3357
2017-10-12 13:33:55 -07:00
Michael Schurter e9c17c56d1 Merge pull request #3353 from hashicorp/f-acl-prefix-search
Prefix Search ACL enforcement
2017-10-11 20:26:03 -07:00
Alex Dadgar d34c6e0135 fix test 2017-10-11 18:08:37 -07:00
Michael Schurter 2673481a48 Refactor permissions checks into funcs
funcs are in the _oss file to ease creating Enterprise versions which
support Quotas and Namespaces.
2017-10-11 18:05:27 -07:00
Alex Dadgar 53f2ea88a5 Small fixes
This commit:

* Fixes the error checking in migration tests now that we are using the
canonical ErrPermissionDenied error
* Guard against NPE when looking up objects to generate the migration
token
* Handle an additional case in ShouldMigrate()
2017-10-11 17:13:50 -07:00
Chelsea Holland Komlo c67bfc2ee4 fixups from code review
change creation of a migrate token to be for a previous allocation
2017-10-11 17:13:50 -07:00
Chelsea Holland Komlo b018ca4d46 fixing up code review comments 2017-10-11 17:09:20 -07:00
Chelsea Holland Komlo 410adaf726 Add functionality for authenticated volumes 2017-10-11 17:09:20 -07:00
Chelsea Holland Komlo 36ad6bc6bf add MigrateTokens to server response for allocs 2017-10-11 17:09:20 -07:00
Michael Schurter be69374ecd Prefix Search ACL enforcement 2017-10-11 17:00:12 -07:00
Michael Schurter d82db5ab45 Merge pull request #3351 from hashicorp/f-acl-system
System ACL enforcement
2017-10-11 16:32:50 -07:00
Michael Schurter 51fe1d8f73 Merge pull request #3350 from hashicorp/f-acl-status-members
Status.Members ACL enforcement
2017-10-11 16:32:25 -07:00
Michael Schurter 8c1a97765e Merge pull request #3339 from hashicorp/f-acl-force-periodic
Force Periodic ACL enforcement
2017-10-11 16:26:29 -07:00
Michael Schurter 0d27053aab Operator ACL enforcement 2017-10-10 15:18:19 -07:00
Michael Schurter 0cf7a3950b Force Periodic ACL enforcement 2017-10-10 15:16:41 -07:00
Michael Schurter 4e005d4753 System ACL enforcement
Enforce ACL for System.GarbageCollect and System.ReconcileJobSummaries
RPC endpoints.
2017-10-10 10:53:10 -07:00
Michael Schurter de767ffa04 Status.Members ACL enforcement
Was incorrectly checked on the HTTP API before. Moved to RPC endpoint.
2017-10-10 10:36:54 -07:00
Michael Schurter e50acae1a9 ForceLeave endpoint must use Server.ResolveToken
The ForceLeaveRequest endpoint may only be called on servers, but the
code was using a Client to resolve tokens. This would cause a panic when
an agent wasn't both a Server and a Client.
2017-10-09 15:49:04 -07:00
Michael Schurter 492c861419 /v1/client/agent/* ACL enforcement 2017-10-09 12:18:54 -07:00
Michael Schurter 57ff12432b Move acl helpers from nomad/ into nomad/mock
They're useful in command/agent/ tests.
2017-10-06 14:50:06 -07:00
Michael Schurter 4acff9c2bd Support AnonymousACLToken in GetPolicies 2017-10-06 14:35:14 -07:00
Chelsea Komlo 7c8a5228d4 Merge pull request #3290 from hashicorp/f-acl-job-dispatch
Add ACL for dispatch job
2017-10-06 13:33:21 -04:00
Michael Schurter 22169a7cd4 Eval.Allocations ACL enforcement 2017-10-03 14:57:47 -07:00
Michael Schurter b3db8f41fd Eval.List ACL enforcement 2017-10-03 14:57:47 -07:00
Michael Schurter fae1be5ab2 Eval.GetEval ACL enforcement 2017-10-03 14:57:47 -07:00
Michael Schurter bd6418aa27 Deployment.Allocations ACL enforcement 2017-10-02 15:23:29 -07:00
Michael Schurter 08c82eb00f Deployment.List ACL enforcement 2017-10-02 15:13:56 -07:00
Michael Schurter 60a7dc3c83 Deployment.SetAllocHealth ACL enforcement 2017-10-02 15:02:18 -07:00
Michael Schurter c9d2c62d0b Deployment.Promote ACL enforcement 2017-10-02 14:31:58 -07:00
Michael Schurter 0409a54f19 Deployment.Pause ACL enforcement 2017-10-02 14:25:32 -07:00
Michael Schurter b888e49df4 Deployment.Fail ACL enforcement 2017-10-02 14:23:33 -07:00
Chelsea Komlo 97e34725e1 Merge pull request #3278 from hashicorp/f-acl-job-getjob
Add ACL for GetJob
2017-09-29 17:44:31 -04:00
Chelsea Komlo 388cdaa2e8 Merge pull request #3272 from hashicorp/f-acl-job-stable
Add ACL endpoint for Job Stable
2017-09-29 17:44:09 -04:00
Michael Schurter efcc61a253 Merge pull request #3302 from hashicorp/b-remove-structs-from-api
Remove `structs` import from `api`
2017-09-29 11:39:43 -07:00
Michael Schurter f1a8676ee4 Merge pull request #3298 from hashicorp/b-fix-check-restart-plan
Diff CheckRestart objects
2017-09-29 11:39:14 -07:00
Alex Dadgar b772fb650e Merge pull request #3293 from hashicorp/f-self-token
Allow querying self token
2017-09-29 10:54:37 -07:00
Michael Schurter a66c53d45a Remove structs import from api
Goes a step further and removes structs import from api's tests as well
by moving GenerateUUID to its own package.
2017-09-29 10:36:08 -07:00
Michael Schurter 0e0ea82916 Test Check.Header add/removes 2017-09-28 17:08:43 -07:00
Alex Dadgar fe491421a3 Fix empty map 2017-09-28 16:15:04 -07:00
Michael Schurter f9b66cbb60 Diff CheckRestart objects 2017-09-28 14:06:18 -07:00
Chelsea Komlo 3a015016cc Merge pull request #3294 from hashicorp/f-acl-job-deregister
Add ACL for job deregister
2017-09-28 10:57:51 -04:00
Chelsea Komlo c54a4f7c91 Merge pull request #3291 from hashicorp/f-acl-get-job-versions
Add ACL for job endpoint GetJobVersions
2017-09-28 10:35:19 -04:00
Chelsea Holland Komlo c242ac1431 job dispatch should have dispatch policy 2017-09-28 14:28:28 +00:00
Chelsea Komlo 77ae328fbe Merge pull request #3276 from hashicorp/f-acl-job-evaluate
Add read job permissions to evaluate endpoint
2017-09-27 18:01:15 -04:00
Chelsea Holland Komlo 90adc4dbc9 add checks for error message 2017-09-27 21:35:03 +00:00
Chelsea Komlo d3d1bc6498 Merge pull request #3279 from hashicorp/f-acl-job-allocations
Add ACL to job allocations endpoint
2017-09-27 16:57:04 -04:00
Chelsea Komlo 8f1c89c721 Merge pull request #3283 from hashicorp/f-acl-job-latest-deployment
Add ACL to latest job api
2017-09-27 16:54:44 -04:00
Alex Dadgar 765b030bec Fixes 2017-09-27 13:42:56 -07:00
Alex Dadgar 14e6026938 Allow querying self token
This PR allows querying self ACL token when the SecretID is for the
AccessorID in question.
2017-09-27 13:00:58 -07:00
Chelsea Holland Komlo 1bab53c9fd acl for job deregister 2017-09-27 19:21:10 +00:00
Chelsea Komlo b40de659a7 Merge pull request #3281 from hashicorp/f-acl-job-evaluations
Add ACL for Job Evaluations endpoint
2017-09-27 15:15:35 -04:00
Chelsea Holland Komlo 36e3212012 add acl for job endpoint GetJobVersions 2017-09-27 17:29:08 +00:00
Chelsea Komlo b2cb0129c8 Merge pull request #3282 from hashicorp/f-acl-job-deployments
Add ACL for job deployments endpoint
2017-09-27 12:42:25 -04:00
Chelsea Holland Komlo 0db1367d43 add acl for dispatch job 2017-09-27 16:33:49 +00:00
Chelsea Holland Komlo c4ac20f852 fix up comment 2017-09-27 15:25:10 +00:00
Chelsea Holland Komlo d9701fed37 fixups from code review 2017-09-27 15:23:38 +00:00
Chelsea Holland Komlo 0ba6a1df0d fixups from code review 2017-09-27 15:20:18 +00:00
Chelsea Holland Komlo 4b90de992e fixups from code review 2017-09-27 15:07:45 +00:00
Alex Dadgar 4173834231 Enable more linters 2017-09-26 15:26:33 -07:00
Chelsea Holland Komlo f4b7451c62 add acl to lastest job api 2017-09-26 20:53:43 +00:00
Chelsea Holland Komlo 55c4ca187e add acl for job deployments endpoint 2017-09-26 20:33:03 +00:00
Chelsea Holland Komlo a7b7b3f6c6 add acl for Job Evaluations endpoint 2017-09-26 20:12:37 +00:00
Chelsea Holland Komlo 2fb7772c2c add acl to job allocations endpoint 2017-09-26 18:01:23 +00:00
Chelsea Holland Komlo d3e8b4812b better test assertions 2017-09-26 17:41:53 +00:00
Chelsea Holland Komlo f912619157 add ACL for GetJob endpoint 2017-09-26 17:38:03 +00:00
Chelsea Holland Komlo 5f467a84d3 add read job permissions to evaluate endpoint 2017-09-26 16:05:17 +00:00
Chelsea Holland Komlo 78f853e253 add ACL endpoint for Job Stable 2017-09-25 22:17:58 +00:00
Chelsea Holland Komlo 014dc2d7de Add ACL for Revert Job endpoint 2017-09-25 21:51:19 +00:00
Chelsea Komlo ddc979f459 Merge pull request #3266 from hashicorp/f-acl-job-validate
Add ACL for job validate endpoint
2017-09-25 14:09:02 -04:00
Alex Dadgar 73b7466a6e Run deployment garbage collector on an interval
Fixes https://github.com/hashicorp/nomad/issues/3244
2017-09-25 11:04:40 -07:00