Commit Graph

22973 Commits

Author SHA1 Message Date
Tim Gross 4c4895e19c
e2e: configure prometheus for mTLS for `Metrics` suite (#12181)
The `Metrics` suite uses prometheus to scrape Nomad metrics so that
we're testing the full user experience of extracting metrics from
Nomad. With the addition of mTLS, we need to make sure prometheus also
has mTLS configuration because the metrics endpoint is protected.

Update the Nomad client configuration and prometheus job to bind-mount
the client's certs into the task so that the job can use these certs
to scrape the server. This is a temporary solution that gets the job
passing; we should give the job its own certificates (issued by
Vault?) when we've done some of the infrastructure rework we'd like.
2022-03-04 08:55:06 -05:00
Tim Gross f470eb9f1e
csi: ensure `WriteOptions` aren't nil when handling secrets (#12182)
When we set the headers for CSI secrets in the `WriteOptions`, it
turns out that we're not always passing a non-nil object. In that
case, instanstiate it on demand in the API.
2022-03-04 08:49:04 -05:00
James Rasell 6aa741dd16
docs: add note regarding HCLv2 func and interpolation. 2022-03-04 12:06:25 +01:00
James Rasell 58c542c223
Merge pull request #12172 from hashicorp/f-gh-262
service discovery: add HTTP endpoints and sdk wrapper
2022-03-04 09:29:32 +01:00
James Rasell 2773e1e8fe
Merge pull request #12171 from hashicorp/f-gh-259
service discovery: add RPC endpoints and FSM logic
2022-03-04 09:25:11 +01:00
Luiz Aoqui b1809eb48c
Fix CSI volume list with prefix and `*` namespace (#12184)
When using a prefix value and the * wildcard for namespace, the endpoint
would not take the prefix value into consideration due to the order in
which the checks were executed but also the logic for retrieving volumes
from the state store.

This commit changes the order to check for a prefix first and wraps the
result iterator of the state store query in a filter to apply the
prefix.
2022-03-03 17:27:04 -05:00
Tim Gross b8b08fb32d
e2e: use UUID for CSI idempotency token (#12183)
The AWS EBS plugin appears to use the name field of the volume as an
idempotency token that persists across the entire AWS account, not
just the plugin lifespan.

Also fix the regex for the volume ID, which was originally taken from
the job ID regex but isn't actually the same. This hasn't failed tests
for us because we've always passed in the same volume ID.
2022-03-03 17:00:00 -05:00
Tim Gross 1502af3523
e2e: use `operator api` for Networking suite validation (#12180)
With mTLS enabled, using `curl` in a bash script for validation
involves having to configure arguments to `curl` based on whether or
not the test infrastructure is using mTLS, whether ACLs are enabled,
etc. Use the new `operator api` command instead to pick up the client
configuration from the test environment automatically.
2022-03-03 15:17:29 -05:00
Tim Gross 3247e422d1
csi: add missing fields to HTTP API response (#12178)
The HTTP endpoint for CSI manually serializes the internal struct to
the API struct for purposes of redaction (see also #10470). Add fields
that were missing from this serialization so they don't show up as
always empty in the API response.
2022-03-03 15:15:28 -05:00
James Rasell d61c683b19
api: add service registration HTTP API wrapper. 2022-03-03 12:14:00 +01:00
James Rasell 8ce6684955
http: add alloc service registration agent HTTP endpoint. 2022-03-03 12:13:32 +01:00
James Rasell 81fe915e6c
http: add job service registration agent HTTP endpoint. 2022-03-03 12:13:13 +01:00
James Rasell 60cc73fe5d
http: add agent service registration HTTP endpoint. 2022-03-03 12:13:00 +01:00
James Rasell ca6ba2e047
rpc: add job service registration list RPC endpoint. 2022-03-03 11:26:14 +01:00
James Rasell b68d573aa5
rpc: add alloc service registration list RPC endpoint. 2022-03-03 11:25:55 +01:00
James Rasell 1ad8ea558a
rpc: add service registration RPC endpoints. 2022-03-03 11:25:29 +01:00
James Rasell 4846e9f095
helper: add ipaddr pkg to check for any IP addresses. 2022-03-03 11:24:50 +01:00
James Rasell 52283f057f
fsm: add FSM functionality for service registration endpoints. 2022-03-03 11:24:29 +01:00
Luiz Aoqui fe38da1137
ci: disable Go test semgrep rules (#12175) 2022-03-02 20:30:27 -05:00
Michael Schurter 0f6923c750
Merge pull request #10808 from hashicorp/f-curl
cli: add operator api command
2022-03-02 10:12:16 -08:00
James Rasell d8f96f497c
Merge pull request #12140 from hashicorp/f-gh-258
events: add state objects and logic for service registrations.
2022-03-02 08:48:14 +01:00
James Rasell 2fe7bcb642
Merge pull request #12139 from hashicorp/f-gh-260
service discovery: add state store functionality
2022-03-02 08:47:21 +01:00
Michael Schurter a8833b7d86 docs: add op api examples 2022-03-01 17:15:26 -08:00
Michael Schurter 72134ef5a7 docs: add op api examples 2022-03-01 17:12:58 -08:00
Michael Schurter 0bb9f06637 cli: fix op api method handling 2022-03-01 16:44:15 -08:00
Michael Schurter fcf4515875 docs: add op api options 2022-03-01 16:43:53 -08:00
Ashlee M Boyer c3691a44df
docs: Fixing path for autoscaling/agent/source nav item (#12166) 2022-03-01 17:24:12 -05:00
Luiz Aoqui 01931587ba
api: paginated results with different ordering (#12128)
The paginator logic was built when go-memdb iterators would return items
ordered lexicographically by their ID prefixes, but #12054 added the
option for some tables to return results ordered by their `CreateIndex`
instead, which invalidated the previous paginator assumption.

The iterator used for pagination must still return results in some order
so that the paginator can properly handle requests where the next_token
value is not present in the results anymore (e.g., the eval was GC'ed).

In these situations, the paginator will start the returned page in the
first element right after where the requested token should've been.

This commit moves the logic to generate pagination tokens from the
elements being paginated to the iterator itself so that callers can have
more control over the token format to make sure they are properly
ordered and stable.

It also allows configuring the paginator as being ordered in ascending
or descending order, which is relevant when looking for a token that may
not be present anymore.
2022-03-01 15:36:49 -05:00
Tim Gross f65c804544
csi: subcommand for volume snapshot (#12152) 2022-03-01 13:30:30 -05:00
Tim Gross f4dfaec589
CSI: set plugin socket path on restore (#12149)
The Prestart hook for task runner hooks doesn't get called when we
restore a task, because the task is already running. The Postrun hook
for CSI plugin supervisors needs the socket path to have been
populated so that the client has a valid path.
2022-03-01 10:22:52 -05:00
Tim Gross f2a4ad0949
CSI: implement support for topology (#12129) 2022-03-01 10:15:46 -05:00
Tim Gross c90e674918
CSI: use HTTP headers for passing CSI secrets (#12144) 2022-03-01 08:47:01 -05:00
Tim Gross a499401b34
csi: fix redaction of `volume status` mount flags (#12150)
The `volume status` command and associated API redacts the entire
mount options instead of just the `MountFlags` field that can contain
sensitive data. Return a redacted value so that the return value makes
sense to operators who have set this field.
2022-03-01 08:34:03 -05:00
Tim Gross 99d03cdc6c
CSI: sort capabilities in `plugin status` (#12154)
Also fix `LIST_SNAPSHOTS` capability name
2022-03-01 07:59:31 -05:00
Tim Gross ca06f6153a
docs: clarify that plugin commands are for CSI only (#12151) 2022-03-01 07:57:41 -05:00
Tim Gross 02ae95ab22
csi: respect -verbose flag for allocs in volume status (#12153) 2022-03-01 07:57:29 -05:00
Kevin Wang 166011237b
fix(website): hide version select on `/plugins` & `/tools` (#12145)
* fix(website/plugins): display version select

* fix: hide version select on `/tools` + `/plugins`
2022-02-28 12:44:08 -05:00
Tim Gross 77fac26d5e
CI: increase test run timeout (#12143) 2022-02-28 11:30:59 -05:00
Seth Hoenig 5cf57e429a
Merge pull request #12137 from hashicorp/rpc-advertise-docs
docs: clairfy advertise.rpc effect
2022-02-28 08:15:28 -06:00
James Rasell 8a23afdb56
events: add state objects and logic for service registrations. 2022-02-28 10:44:58 +01:00
James Rasell 20249bb761
state: add service registration restore functionality. 2022-02-28 10:15:27 +01:00
James Rasell 74b367553e
state: add service registration state interaction functions. 2022-02-28 10:15:03 +01:00
James Rasell cfdb5a3c66
structs: add service registration struct and basic composed funcs. 2022-02-28 10:14:40 +01:00
James Rasell 1da859c60e
mock: add service registration mock generation for test use. 2022-02-28 10:14:25 +01:00
James Rasell cf0b63d561
state: add the table schema for the service_registrations table. 2022-02-28 10:14:10 +01:00
Jorge Marey a466f01120 Add metadata to namespaces 2022-02-27 09:09:10 +01:00
Michael Schurter cbf6ba843d
cli: fix op api typos
Co-authored-by: Seth Hoenig <seth.a.hoenig@gmail.com>
2022-02-25 16:31:56 -08:00
Michael Schurter 4550c5fb80 cli: only return 1 on errors from op api
We don't want people to expect stable error codes for errors, and I
don't think these were useful for scripts anyway.
2022-02-25 16:23:31 -08:00
Michael Schurter aeff156177 docs: fix nav for op api 2022-02-25 16:21:14 -08:00
Seth Hoenig 5269b2e02f docs: clairfy advertise.rpc effect
The advertise.rpc config option is not intuitive. At first glance you'd
assume it works like advertise.http or advertise.serf, but it does not.

The current behavior is working as intended, but the documentation is
very hard to parse and doesn't draw a clear picture of what the setting
actually does.

Closes https://github.com/hashicorp/nomad/issues/11075
2022-02-25 16:02:29 -06:00