* Handle conflict swith a cas qp on save and create
* Notify error and give them refresh or overwrite options
* Merge conflict missed, resolved
* Mirage fixture
* Integration test
* Bracket closed (thx jai)
* Adjust tests to account for number of variables with auto-conflicter
The HCL parser allows for labels that aren't needed, which makes it easy to
accidentally write a `secure_variable` block that has the intended path as the
label for that block instead of the innner `path` block. This can result in
silent failure to lock down variables if an incorrectly specified block was used
to reduce the scope of capabilities (for example, if another correctly-written
rule allows access to `*`).
We can't detect the extraneous label in the HCL API, but we can detect if we're
missing `path` blocks entirely. Use this to block obvious user errors.
HTTP API consumers that have network line-of-sight to client nodes can connect
directly for a small number of APIs. But in environments where the consumer
doesn't have line-of-sight, there's a long pause waiting for the
`api.ClientConnTimeout` to expire. Warn about this in the API docs so that
authors can avoid the extra timeout.
* Starting on namespaced id
* Traversal for variables uniqued by namespace
* Delog
* Basic CRUD complete w namespaces included
* Correct secvar breadcrumb joining and testfix now that namespaces are included
* Testfixes with namespaces in place
* Namespace-aware duplicate path warning
* Duplicate path warning test additions
* Trimpath reimplemented on dupe check
* Solves a bug where slash was not being passed to the can write check
* PR fixes
* variable paths integration test fix now uses store
* Seems far less hacky in retrospect
* PR feedback addressed
* test fixes after inclusion of path as local non-model var
* Prevent confusion by dropping namespace from QPs on PUT, since its already in .data
* Solves a harsh bug where you have namespace access but no secvars access (#14098)
* Solves a harsh bug where you have namespace access but no secvars access
* Lint cleanup
* Remove unneeded condition
The List RPCs only checked the ACL for the Prefix argument of the request. Add
an ACL filter to the paginator for the List RPC.
Extend test coverage of ACLs in the List RPC and in the `acl` package, and add a
"deny" capability so that operators can deny specific paths or prefixes below an
allowed path.
Move conflict resolution implementation into the state store with a new Apply RPC.
This also makes the RPC for secure variables much more similar to Consul's KV,
which will help us support soft deletes in a post-1.4.0 version of Nomad.
Reimplement quotas in the state store functions.
Co-authored-by: Charlie Voiselle <464492+angrycub@users.noreply.github.com>
This PR changes the behavior of 'nomad job validate' to forward the
request to the nomad leader, rather than responding from any server.
This is because we need the leader when validating Vault tokens, since
the leader is the only server with an active vault client.
* Changelog and lintfix
* Changelog removed
* Forbidden state on individual variables
* CanRead checked on variable path links
* Mirage fixture with lesser secure variables access, temporary fix for * namespaces
* Read flow acceptance tests
* Unit tests for variable.canRead
* lintfix
* TODO squashed, thanks Jai
* explicitly link mirage fixture vars to jobs via namespace
* Typofix; delete to read
* Linking the original alloc
* Percy snapshots uniquely named
* Guarantee that the alloc we depend on has tasks within it
* Logging variables
* Trying to skip delete
* Now without create flow either
* Dedicated cluster fixture for testing variables
* Disambiguate percy calls
