Commit graph

2102 commits

Author SHA1 Message Date
Preetha Appan 4cad96a1c3
Remove unnecessary newlines 2018-01-31 09:58:05 -06:00
Preetha Appan d016cbdf7b
Unit test for alloc struct's GCEligible method 2018-01-31 09:58:05 -06:00
Preetha Appan dd91a2f5be
Make garbage collection be aware of rescheduling info in allocations 2018-01-31 09:58:05 -06:00
Preetha Appan b7e59e8037
Fix logging levels per code review 2018-01-31 09:58:05 -06:00
Preetha ec1de50d01
replace err with warn 2018-01-31 09:58:05 -06:00
Preetha Appan 5f501f632b
s/assert/require/g 2018-01-31 09:58:05 -06:00
Preetha Appan 52a665836e
Remove extra fields set in client allocations during update 2018-01-31 09:58:05 -06:00
Preetha Appan 57e20b6399
Fix flaky test that fails when there is CPU contention 2018-01-31 09:56:53 -06:00
Preetha Appan 0c56a12a77
Add RescheduleTracker to allocations API struct 2018-01-31 09:56:53 -06:00
Preetha Appan 9c600c6d6c
Clean up comments, and one more unit test 2018-01-31 09:56:53 -06:00
Preetha Appan f3eb343ffa
Reconcile against reschedule tracker api changes 2018-01-31 09:56:53 -06:00
Preetha Appan 2567b51c58
Edge trigger evaluation when allocations client status is failed 2018-01-31 09:56:53 -06:00
Preetha Appan ea4a889e28
Address more code review feedback 2018-01-31 09:56:53 -06:00
Preetha Appan 031c566ada
Reschedule previous allocs and track their reschedule attempts 2018-01-31 09:56:53 -06:00
Preetha Appan 6fcd9f67a8
Named fields in unit test and one more test case 2018-01-31 09:56:53 -06:00
Preetha Appan 5ee3cdecc5
Clean up the copy method + unit test 2018-01-31 09:56:53 -06:00
Preetha Appan 8408835af8
Wrap reschedule events in another struct and other review feedback 2018-01-31 09:56:53 -06:00
Preetha Appan 0a39f213e3
Export RescheduleEligible method for accessibility from UpdateAlloc endpoint 2018-01-31 09:56:53 -06:00
Preetha Appan e2eabffcbd
Add comment 2018-01-31 09:56:53 -06:00
Preetha Appan 28364331cc
New structs and methods for reschedule policy, reschedule tracking and unit tests 2018-01-31 09:56:53 -06:00
Kyle Havlovitz cb2321353c
Merge pull request #3812 from hashicorp/autopilot-config-change
Refactor redundancy_zone/upgrade_version out of client meta
2018-01-30 16:14:26 -08:00
Kyle Havlovitz 0eb0acacdc Fix remaining issues with autopilot change 2018-01-30 15:21:28 -08:00
Kyle Havlovitz 2ccf565bf6 Refactor redundancy_zone/upgrade_version out of client meta 2018-01-29 20:03:38 -08:00
Alex Dadgar 31e212f467
Merge pull request #3684 from jrasell/f_gh_3678
Update `node-status` verbose command to include node address.
2018-01-29 15:32:14 -08:00
Preetha Appan 288ff0b6f0
Add test case to verify setting next alloc id correctly 2018-01-24 17:55:29 -06:00
Preetha Appan fd2fbefa4c
Add a field to track the next allocation during a replacement 2018-01-24 17:55:05 -06:00
Kyle Havlovitz a162b9ce14 Move server health loop into autopilot leader actions 2018-01-23 12:57:02 -08:00
Chelsea Komlo d09cc2a69f
Merge pull request #3492 from hashicorp/f-client-tls-reload
Client/Server TLS dynamic reload
2018-01-23 05:51:32 -05:00
Michael Schurter 694b547a6b
Merge pull request #3682 from hashicorp/b-3681-always-set-driver-ip
Always advertise driver IP when in driver mode
2018-01-22 16:41:34 -08:00
Chelsea Holland Komlo 7d3c240871 swap raft layer tls wrapper 2018-01-19 17:00:15 -05:00
Michael Schurter 8a0cf66822 Improve invalid port error message for services
Related to #3681

If a user specifies an invalid port *label* when using
address_mode=driver they'll get an error message about the label being
an invalid number which is very confusing.

I also added a bunch of testing around Service.AddressMode validation
since I was concerned by the linked issue that there were cases I was
missing. Unfortunately when address_mode=driver is used there's only so
much validation that can be done as structs/structs.go validation never
peeks into the driver config which would be needed to verify the port
labels/map.
2018-01-18 15:35:24 -08:00
Kyle Havlovitz 8d41f4ad40 Formatting/test adjustments 2018-01-18 15:03:35 -08:00
Kyle Havlovitz 12ff22ea70 Merge branch 'master' into autopilot 2018-01-18 13:29:25 -08:00
Chelsea Holland Komlo a8f655fbb3 allow for similar error messages for closed connections 2018-01-17 12:02:40 -05:00
Chelsea Holland Komlo 35466a331a fixing up raft reload tests
close second goroutine in raft-net
2018-01-17 10:29:15 -05:00
Kyle Havlovitz bc385bcc93 Fix comments/text referring to consul 2018-01-17 00:20:13 -08:00
Kyle Havlovitz 7b980c42d8 Add raft remove by id endpoint/command 2018-01-16 13:35:32 -08:00
Chelsea Holland Komlo 5f52e8e103 feedback from code review 2018-01-16 11:55:11 -05:00
Chelsea Holland Komlo 649f86f094 refactor creating a new tls configuration 2018-01-16 08:02:39 -05:00
James Rasell 2e6af96eec
Use advertise addr not 'unique.network.ip' in verbose node-status 2018-01-11 07:17:58 +00:00
Charlie Voiselle 1bb1ab5069 fix typo
Priviledge -> privilege
2018-01-08 15:56:07 -05:00
Chelsea Holland Komlo 214d128eb9 reload raft transport layer
fix up linting
2018-01-08 14:52:28 -05:00
Chelsea Holland Komlo 0708d34135 call reload on agent, client, and server separately 2018-01-08 09:56:31 -05:00
Chelsea Holland Komlo 3f34b59ee6 remove unnecessary nil checks; default case
add tests for TLSConfig object
2018-01-08 09:24:28 -05:00
Chelsea Holland Komlo d9ec538d6a don't ignore error in http reloading
code review feedback
2018-01-08 09:21:06 -05:00
Chelsea Holland Komlo 909bb0af07 refactor rpc listener methods, wait for proper shutdown 2018-01-08 09:21:06 -05:00
Chelsea Holland Komlo 6a2432659a code review fixups 2018-01-08 09:21:06 -05:00
Chelsea Holland Komlo 9741097406 reloading tls config should be atomic for clients/servers 2018-01-08 09:21:06 -05:00
Chelsea Holland Komlo e7bd156ef2 check error on generating tls context 2018-01-08 09:21:06 -05:00
Chelsea Holland Komlo 9b0a7a7f7c remove code duplication 2018-01-08 09:21:06 -05:00
Chelsea Holland Komlo 4e0dbd23cf prevent races when reloading, fully shut down raft 2018-01-08 09:21:06 -05:00
Chelsea Holland Komlo ae7fc4695e fixups from code review
Revert "close raft long-lived connections"

This reverts commit 3ffda28206fcb3d63ad117fd1d27ae6f832b6625.

reload raft connections on changing tls
2018-01-08 09:21:06 -05:00
Chelsea Holland Komlo dfb6a3d9a8 close raft long-lived connections 2018-01-08 09:21:06 -05:00
Chelsea Holland Komlo acd3d1b162 fix up downgrading client to plaintext
add locks around changing server configuration
2018-01-08 09:21:06 -05:00
Chelsea Holland Komlo c0ad9a4627 add ability to upgrade/downgrade nomad agents tls configurations via sighup 2018-01-08 09:21:06 -05:00
Conchubhar Gannon 5847b3eb79
fix(minor typo) 2018-01-08 11:30:00 +00:00
Preetha Appan fcded9ba61
Add a TODO comment around handling peer address for remove peer correctly for raft protocol 3 2018-01-05 14:22:45 -06:00
Alex Dadgar 6b748fef9e Remove consul log line 2018-01-04 15:08:12 -08:00
Alex Dadgar 2f561609b7 Fix detection of successful batch allocations
This PR restores older behavior of detecting successful batch
allocations (04d86ffd1006fde9dfb2ca8c1237fe60b995b0e3). This has the
side effect that we correctly filter desired status stop but not
successful batch allocations and create their replacements.
2018-01-04 14:20:32 -08:00
Michael Schurter 8496cc8192
Merge pull request #3685 from filipochnik/abs-path
Prevent absolute URLs in checks paths
2018-01-04 10:55:36 -08:00
Preetha 1712b03705
Merge branch 'master' into 0.8 2018-01-03 16:06:38 -06:00
Fabian Holler f99aaa9134 revert change to increase min. CPU resource value from 20 to 100
In the commit 622d3ddb92ea7e656ef831641c02024cb5a5d6d1
"Fixed test and moved constants into standalone func" the minimum CPU
resource value for a job was increased from 100 to 20.

This can break the nomad setup for people that used lower CPU
values and are at the maximum MHz value of the available CPU on a
machine.
Change the minimum back to 20 MHz to ensure downwards compatibility.
2018-01-02 16:09:44 +01:00
Filip Ochnik fc99d3fc2d Prevent absolute URLs in checks paths 2017-12-21 10:32:12 +01:00
James Rasell 45e8f977f7
Update node-status verbose command to include node address.
This change updates the `nomad node-status -verbose` command to
also include the addreess of the node. This is helpful for cluster
administrators to quickly discover information and access nodes
when required.
2017-12-21 08:58:35 +00:00
Chelsea Holland Komlo 940bc59790 Fixes #3679
code review fixups; add changelog
2017-12-20 17:58:07 -05:00
Chelsea Holland Komlo 24c56e3976 search endpoint forwarding 2017-12-20 17:57:28 -05:00
Alex Dadgar bfc62ae41c bump version and remove generated structs 2017-12-19 17:10:52 -08:00
Alex Dadgar f0127afd93 generated files 2017-12-19 16:57:34 -08:00
Michael Schurter 5d65eba2e6 Strip mocked dynamic port for fsm test 2017-12-19 16:41:35 -08:00
Michael Schurter 714eb0b266 Services should not require a port
Fixes #3673
2017-12-19 15:50:23 -08:00
Preetha Appan d788c0464c
Clean up error logging 2017-12-18 17:56:12 -06:00
Alex Dadgar 1791cc3ca5 Handle upgrade path 2017-12-18 15:51:35 -08:00
Kyle Havlovitz 1c07066064 Add autopilot functionality based on Consul's autopilot 2017-12-18 14:29:41 -08:00
Preetha Appan 40cb1d327c
Address some code review comments 2017-12-18 15:22:23 -06:00
Preetha Appan 51bd0b59c7
Return an error if evaluation doesn't exist in state store at plan apply time. 2017-12-18 14:55:36 -06:00
Preetha Appan 3c36abfe14
Update eval modify index as part of plan apply. 2017-12-18 10:03:55 -06:00
Preetha Appan 3b4d7ac2a3
Fix some typos 2017-12-14 13:29:27 -06:00
Kyle Havlovitz 045f346293
Use region instead of datacenter for version checking 2017-12-12 10:17:16 -06:00
Kyle Havlovitz f088446d48
Add missing exist checks and doc line 2017-12-12 10:17:16 -06:00
Kyle Havlovitz b775fc7b33
Added support for v2 raft APIs and -raft-protocol option 2017-12-12 10:17:16 -06:00
Alex Dadgar d61ade8f02 remove generated structs 2017-12-11 17:51:41 -08:00
Alex Dadgar 8e63d545c4 generated assets 2017-12-11 17:30:37 -08:00
Chelsea Holland Komlo 5951222ccb fix for rpc_upgrade_mode 2017-12-11 19:23:45 -05:00
Alex Dadgar 86608124ca Fix followers not creating periodic launch
Fix an issue in which periodic launches wouldn't be made on followers.
2017-12-11 13:55:17 -08:00
Michael Schurter 2dca0671b7 Lowercase service IDs to prevent eye bleeding 2017-12-08 15:54:04 -08:00
Michael Schurter 45494f7304 Fix port labels on mock Alloc/Job/Node 2017-12-08 14:50:06 -08:00
Michael Schurter 0d8995fb83 Improve validation and testing of service/check ports 2017-12-08 13:52:23 -08:00
Michael Schurter d613e0aaf5 Move service hash logic to Service.Hash method 2017-12-08 12:03:43 -08:00
Michael Schurter b71edf846f Hash fields used in task service IDs
Fixes #3620

Previously we concatenated tags into task service IDs. This could break
deregistration of tag names that contained double //s like some Fabio
tags.

This change breaks service ID backward compatibility so on upgrade all
users services and checks will be removed and re-added with new IDs.

This change has the side effect of including all service fields in the
ID's hash, so we no longer have to track PortLabel and AddressMode
changes independently.
2017-12-08 12:03:43 -08:00
Michael Schurter af8964e896 Improve port label validation and diff testing 2017-12-08 12:03:43 -08:00
Michael Schurter 4b20441eef Validate port label for host address mode
Also skip getting an address for script checks which don't use them.

Fixed a weird invalid reserved port in a TaskRunner test helper as well
as a problem with our mock Alloc/Job. Hopefully the latter doesn't cause
other tests to fail, but we were referencing an invalid PortLabel and
just not catching it before.
2017-12-08 12:03:43 -08:00
Michael Schurter 4ae115dc59 Allow custom ports for services and checks
Fixes #3380

Adds address_mode to checks (but no auto) and allows services and checks
to set literal port numbers when using address_mode=driver.

This allows SDNs, overlays, etc to advertise internal and host addresses
as well as do checks against either.
2017-12-08 12:03:00 -08:00
Chelsea Holland Komlo 3f231a0856 add test for kill signal in required signals
update changelog
2017-12-07 11:40:15 -05:00
Chelsea Holland Komlo 2f22442370 use assert library 2017-12-06 15:03:02 -05:00
Chelsea Holland Komlo b08611cfac move kill_signal to task level, extend to docker 2017-12-06 14:36:39 -05:00
Thomas Bartelmess 9acfa166c0
Changed Superset to only return the resource name
The Superset method on Resources used to return a string in the format of “[resource name] exhausted”.
This was leading to the output in plan/create job API DimensionExhausted to return keys like
```
"DimensionExhausted": {"cpu exhausted": 1}
```
This was not anywhere documented, however, one of the examples on the website showed it like this.

The other side effect of this is that the CLI formats the strings from the name of the key leading to output like
```
* Dimension "cpu exhausted" exhausted on 1 nodes
```
2017-11-28 23:16:08 -05:00
Thomas Bartelmess 60e4c777ac
Fixed error messges for MeetsMinResources 2017-11-28 19:44:33 -05:00
Preetha Appan 8e01dc27a3 Use request namespace in Register method 2017-11-20 17:12:13 -06:00
Charlie Voiselle 679e49448e Changed permission check to requested namespace
Original code checked to see if the user had submit-job on the default namespace.
2017-11-20 15:00:24 -05:00
Preetha 785a1a3fcc
Merge pull request #3569 from iconara/patch-2
Fix error messages for transitioning jobs to/from periodic
2017-11-20 07:57:36 -06:00
Preetha ff23499145
Shorter comment for SetEventDisplayMessage 2017-11-18 09:30:50 -06:00
Theo Hultberg 5a6984693f
Fix error messages for transitioning jobs to/from periodic
The error messages are flipped; when you transition a job from _not_ being periodic to being periodic you get the message "cannot update periodic job to being non-periodic", and vice versa.
2017-11-18 11:50:52 +01:00
Preetha Appan 3592635ede Populate DisplayMessage in various http endpoints that return allocations, plus unit tests. 2017-11-17 14:53:26 -06:00
Preetha Appan 1c4375163a Change error message to use original name for clarity, rather than the name after substituting env vars with placeholder. 2017-11-17 08:44:18 -06:00
Preetha Appan d3110f21bd Changes service name validation logic to ignore any environment variables first. 2017-11-15 15:35:43 -06:00
Chelsea Komlo 2dfda33703 Nomad agent reload TLS configuration on SIGHUP (#3479)
* Allow server TLS configuration to be reloaded via SIGHUP

* dynamic tls reloading for nomad agents

* code cleanup and refactoring

* ensure keyloader is initialized, add comments

* allow downgrading from TLS

* initalize keyloader if necessary

* integration test for tls reload

* fix up test to assert success on reloaded TLS configuration

* failure in loading a new TLS config should remain at current

Reload only the config if agent is already using TLS

* reload agent configuration before specific server/client

lock keyloader before loading/caching a new certificate

* introduce a get-or-set method for keyloader

* fixups from code review

* fix up linting errors

* fixups from code review

* add lock for config updates; improve copy of tls config

* GetCertificate only reloads certificates dynamically for the server

* config updates/copies should be on agent

* improve http integration test

* simplify agent reloading storing a local copy of config

* reuse the same keyloader when reloading

* Test that server and client get reloaded but keep keyloader

* Keyloader exposes GetClientCertificate as well for outgoing connections

* Fix spelling

* correct changelog style
2017-11-14 17:53:23 -08:00
Preetha 0e6484a397
Merge pull request #3536 from angrycub/b-resource-memory-test-fix
Fixed test and moved constants into standalone func
2017-11-13 17:00:14 -06:00
Charlie Voiselle eda764c0ca Review feedback + re-add dropped import 2017-11-13 12:51:19 -05:00
Charlie Voiselle 4b186861a9 gofmt and goimports nomad/structs/structs.go 2017-11-13 12:32:52 -05:00
Preetha Appan be5fd87b9a Fixes bug with display message logic due to deprecating GenericSource. Also added more test cases to cover a bunch more edge cases 2017-11-13 11:14:57 -06:00
Charlie Voiselle 26acd7f025 Fixed test and moved constants into standalone func
In #3520, work was done to true up the defaults for Nomad resource
stanzas with the documentation.  This fixes the tests that I
accidentally broke in the process.  Some questions were raised about
using dynamic elements as part of expects, which is why I opted to
copy the MinResources pattern.   During this refactor I also noticed
that structs.go had a similar issue and an inconsistent minium for CPU.
2017-11-13 12:05:30 -05:00
Preetha 0d0804d6ff
Merge pull request #3496 from hashicorp/b-auto-revert-stable
Makes auto reverts robust against infinite revert cycles
2017-11-03 17:28:28 -05:00
Preetha Appan 6468883cd1 Adds comment to handleRollbackValidity method and other small test readability fixes. 2017-11-03 17:05:15 -05:00
Preetha Appan 7526853b4b Added more unit tests for testing rollback when job has identical spec to AllocHealth and DeploymentStatus endpoints. 2017-11-03 16:07:06 -05:00
Preetha Appan b9f44c0ae0 Check that job version doesn't change when rollback does not occur due to identical spec 2017-11-03 15:46:37 -05:00
Alex Dadgar 2c587fd67b
Merge pull request #3402 from hashicorp/leader-loop
Applies leader loop fixes from Consul.
2017-11-03 13:40:59 -07:00
Preetha Appan 317fbf04b1 Adds SpecChanged check to alloc health and fail deployment end points, and other code review comments. 2017-11-03 15:33:34 -05:00
Preetha Appan 97474a1521 Clarify comment about infinite revert cycles 2017-11-03 14:25:14 -05:00
Preetha Appan 0eaef09675 Remove event GenericSource, and address other code review comments. Also added deprecation info in comments. 2017-11-03 10:10:06 -05:00
Preetha Appan 1a864dd7e8 Revert unintentional change to plan_apply.go during rebase 2017-11-03 09:13:01 -05:00
Preetha Appan 797af051b8 Address some code review comments 2017-11-03 09:13:01 -05:00
Preetha Appan b86c5a99b1 Unit test for PopulateEventDisplayMessage 2017-11-03 09:13:01 -05:00
Preetha Appan 7672535290 Added explanatory comment 2017-11-03 09:13:01 -05:00
Preetha Appan 5f09c968b3 Move logic for determinic event display message to task_runner, added two new fields DisplayMessage and Details. 2017-11-03 09:13:01 -05:00
Preetha Appan 5b94a1ab45 Add ModifyTime to Allocation and update it both on plan applies and client initiated updates 2017-11-03 09:13:01 -05:00
Preetha Appan b5e7985461 Remove extra newline 2017-11-03 08:15:11 -05:00
Preetha Appan abbe4103d1 Update rollback test to add a spec change, and add new test for rollback failed status 2017-11-02 19:53:27 -05:00
Preetha Appan 5505391663 Fixes auto revert to check if the job's spec has changed before reverting. This prevents infinite reverting when reverting to a job version that was previously stable, but not so after attempting a revert. 2017-11-02 19:53:27 -05:00
Preetha 2f67e839c1
Merge pull request #3484 from hashicorp/b-nomad-0.7.1
merge nomad 0.7.1 branch
2017-11-01 16:50:37 -05:00
Chelsea Holland Komlo bf90176278 connection receives only EOF 2017-11-01 15:21:05 -05:00
Chelsea Holland Komlo e348deecf5 fixups from code review 2017-11-01 15:21:05 -05:00
Chelsea Holland Komlo afe9f9a714 add rpc_upgrade_mode as config option for tls upgrades 2017-11-01 15:19:52 -05:00
Preetha Appan f483e81ffe Fix node end point test that was failing compilation 2017-11-01 15:16:38 -05:00
Diptanu Choudhury 5a0edf646b Resetting the timer at the beginning of the loop 2017-11-01 13:15:06 -07:00
Diptanu Choudhury 46bc4280b2 Adding support for tagged metrics 2017-11-01 13:15:06 -07:00
Diptanu Choudhury d4128f0e5a Setting the default stats collection interval 2017-11-01 13:15:06 -07:00
Diptanu Choudhury 524a1f0712 Publishing metrics for job summary 2017-11-01 13:15:06 -07:00
Preetha Appan d340c3adb1 Always set modify time on allocations, and other changes addressing review comments 2017-11-01 15:13:48 -05:00
Preetha Appan 39d70be009 Add ModifyTime to Allocation and update it both on plan applies and client initiated updates 2017-11-01 15:13:48 -05:00
Alex Dadgar 51c87ec858 bump version and remove generated 2017-11-01 10:02:25 -07:00
Alex Dadgar 11c24e90a1 generated 2017-11-01 09:42:18 -07:00
Alex Dadgar 51f869040f remove generated structs 2017-10-31 13:50:16 -07:00
Alex Dadgar 08ffcd6dd1 spelling error 2017-10-31 13:32:31 -07:00
Alex Dadgar 586eeedd3c
Merge pull request #3447 from hashicorp/f-node-purge-api
Added the purge API on node endpoints
2017-10-27 10:42:26 -07:00
Alex Dadgar 635f320b18
Merge pull request #3452 from hashicorp/f-system-gc
GetClientAllocs handles garbage collection events
2017-10-27 09:50:55 -07:00
Alex Dadgar 7df78be840 Changelog + assert 2017-10-27 09:50:10 -07:00
Alex Dadgar 5d9db4c2df Bypass status checks for system, periodic, parameterized jobs 2017-10-27 09:34:50 -07:00
Alex Dadgar 51795a6cb4 GetClientAllocs handles garbage collection events 2017-10-26 17:24:54 -07:00
Diptanu Choudhury 2868389c25 Added ACLs to the node de-register endpoint 2017-10-26 14:12:17 -07:00
Diptanu Choudhury 9b18737d15 Added the purge API on node endpoints 2017-10-25 23:51:53 -07:00
Alex Dadgar 593d4ceb45 generated code 2017-10-25 17:34:24 -07:00
Alex Dadgar 99496b2de3 Merge pull request #3431 from hashicorp/b-core-gc
Fix garbage collecting nodes/jobs when using ACLs
2017-10-25 16:30:26 -07:00
Alex Dadgar 3327dc8d2d Merge pull request #3434 from hashicorp/f-flaky
Fix flaky tests
2017-10-25 10:49:54 -07:00
Alex Dadgar f4aa5ea0c7 lax timing 2017-10-24 10:58:06 -07:00
Alex Dadgar cb0d0ef009 move to consul freeport implementation 2017-10-23 16:51:40 -07:00
Alex Dadgar 10a07c525f fix flaky vault test 2017-10-23 16:48:20 -07:00
Alex Dadgar 1d6cdfbdc3 lax timing 2017-10-23 16:48:20 -07:00
Alex Dadgar 9f91ce64f6 Fix some flaky tests 2017-10-23 16:48:20 -07:00
Alex Dadgar dbc014b360 Standardize retrieving a free port into a helper package 2017-10-23 16:48:20 -07:00
Alex Dadgar ae6be0dac7 spelling mistake 2017-10-23 15:12:45 -07:00
Alex Dadgar 794daefa5e clear the token 2017-10-23 15:11:13 -07:00
Alex Dadgar d3e119f4d0 thread leader token through core gc and test 2017-10-23 15:04:00 -07:00
Alex Dadgar 5c34af1ee1 leader acl token 2017-10-23 14:10:14 -07:00
Alex Dadgar 1192385c63 Lax blocking query test timing 2017-10-20 13:07:17 -07:00
Alex Dadgar e7299676f6 generated 2017-10-19 15:20:39 -07:00
James Phillips 9a5651e83a
Applies leader loop fixes from Consul.
There was a deadlock issue we fixed under https://github.com/hashicorp/consul/issues/3230,
and then discovered an issue with under https://github.com/hashicorp/consul/issues/3545. This
PR ports over those fixes, as well as makes the revoke actions only happen if leadership was
established. This brings the Nomad leader loop inline with Consul's.
2017-10-16 22:01:49 -07:00
Chelsea Komlo 1ccc1f79f6 Merge pull request #3393 from hashicorp/b-delete-nonexistent-tokens
Return error if tokens cannot be deleted because they do not exist
2017-10-16 18:36:41 -04:00
Alex Dadgar be053364ba no namespaces in oss test 2017-10-16 14:21:29 -07:00
Chelsea Holland Komlo a8becb96c0 review feedback 2017-10-16 17:14:48 -04:00
Chelsea Holland Komlo 2377d97d51 return error if tokens cannot be deleted because they do not exist 2017-10-16 17:14:48 -04:00
Alex Dadgar c3f06b2134 Merge pull request #3384 from hashicorp/f-self-policies
Ability to introspect self token
2017-10-13 17:11:22 -07:00
Alex Dadgar c559f6652f Merge pull request #3386 from hashicorp/f-sync
sync
2017-10-13 15:32:58 -07:00
Alex Dadgar c1cc51dbee sync 2017-10-13 14:36:02 -07:00
Michael Schurter b63eee17e9 Merge pull request #3383 from hashicorp/b-migrate-token
base64 migrate token
2017-10-13 13:46:54 -07:00
Alex Dadgar 5d4f467519 ListPolicies and GetPolicy work w/o management token 2017-10-13 13:12:20 -07:00
Michael Schurter dfd2967cdb Merge pull request #3376 from hashicorp/f-node-acls
Allow Node.SecretID for Node.GetNode and Allocs.GetAlloc
2017-10-13 11:51:48 -07:00
Michael Schurter 93cea382dd Remove support for pre-0.5 nodes
Nodes before 0.5 did not have a SecretID. Since SecretID is now a
required field and 0.4.x is >2 point releases ago, drop support for it.
2017-10-13 11:28:47 -07:00
Michael Schurter 15b991e039 base64 migrate token
HTTP header values must be ASCII.

Also constant time compare tokens and test the generate and compare
helper functions.
2017-10-13 10:59:13 -07:00
Michael Schurter 6a1a509ea5 Fix Request.SecretID -> Request.AuthToken 2017-10-13 09:56:56 -07:00
Michael Schurter 021b4c1ae9 Fix AuthToken use on Node.GetAllocs 2017-10-12 17:12:41 -07:00
Michael Schurter 15b3df0b80 Merge pull request #3374 from hashicorp/f-auth-token
SecretID -> AuthToken
2017-10-12 16:57:49 -07:00
Michael Schurter ab7b6d1315 Allow Node.SecretID for GetNode and GetAlloc 2017-10-12 16:27:33 -07:00
Michael Schurter a003e3dd43 Add StateStore.NodeBySecretID 2017-10-12 15:27:29 -07:00
Michael Schurter 51bce7b1a3 Add index to Node.SecretID 2017-10-12 15:21:20 -07:00
Michael Schurter 84d8a51be1 SecretID -> AuthToken 2017-10-12 15:16:33 -07:00
Alex Dadgar e7e18c931c Fix sorting of job versions
Fixes an issue in which the versions were improperly sorted which would
cause pruning of the wrong job version. This essentially meant that job
versions above 255 would be dropped from the job version table (note
this was due to the prefix walk crossing from the 1-byte to 2-byte
threshold).

Fixes https://github.com/hashicorp/nomad/issues/3357
2017-10-12 13:33:55 -07:00
Michael Schurter e9c17c56d1 Merge pull request #3353 from hashicorp/f-acl-prefix-search
Prefix Search ACL enforcement
2017-10-11 20:26:03 -07:00
Alex Dadgar d34c6e0135 fix test 2017-10-11 18:08:37 -07:00
Michael Schurter 2673481a48 Refactor permissions checks into funcs
funcs are in the _oss file to ease creating Enterprise versions which
support Quotas and Namespaces.
2017-10-11 18:05:27 -07:00
Alex Dadgar 53f2ea88a5 Small fixes
This commit:

* Fixes the error checking in migration tests now that we are using the
canonical ErrPermissionDenied error
* Guard against NPE when looking up objects to generate the migration
token
* Handle an additional case in ShouldMigrate()
2017-10-11 17:13:50 -07:00
Chelsea Holland Komlo c67bfc2ee4 fixups from code review
change creation of a migrate token to be for a previous allocation
2017-10-11 17:13:50 -07:00
Chelsea Holland Komlo b018ca4d46 fixing up code review comments 2017-10-11 17:09:20 -07:00
Chelsea Holland Komlo 410adaf726 Add functionality for authenticated volumes 2017-10-11 17:09:20 -07:00
Chelsea Holland Komlo 36ad6bc6bf add MigrateTokens to server response for allocs 2017-10-11 17:09:20 -07:00
Michael Schurter be69374ecd Prefix Search ACL enforcement 2017-10-11 17:00:12 -07:00
Michael Schurter d82db5ab45 Merge pull request #3351 from hashicorp/f-acl-system
System ACL enforcement
2017-10-11 16:32:50 -07:00
Michael Schurter 51fe1d8f73 Merge pull request #3350 from hashicorp/f-acl-status-members
Status.Members ACL enforcement
2017-10-11 16:32:25 -07:00
Michael Schurter 8c1a97765e Merge pull request #3339 from hashicorp/f-acl-force-periodic
Force Periodic ACL enforcement
2017-10-11 16:26:29 -07:00
Michael Schurter 0d27053aab Operator ACL enforcement 2017-10-10 15:18:19 -07:00
Michael Schurter 0cf7a3950b Force Periodic ACL enforcement 2017-10-10 15:16:41 -07:00