Commit graph

210 commits

Author SHA1 Message Date
Nick Ethier bd454a4c6f
client: improve group service stanza interpolation and check_re… (#6586)
* client: improve group service stanza interpolation and check_restart support

Interpolation can now be done on group service stanzas. Note that some task runtime specific information
that was previously available when the service was registered poststart of a task is no longer available.

The check_restart stanza for checks defined on group services will now properly restart the allocation upon
check failures if configured.
2019-11-18 13:04:01 -05:00
Lars Lehtonen 22a3c21dd0
nomad: fix dropped test error 2019-11-13 12:49:41 -08:00
Michael Schurter 08afb7d605 vault: allow overriding implicit vault constraint
There's a bug in version parsing that breaks this constraint when using
a prerelease enterprise version of Vault (eg 1.3.0-beta1+ent). While
this does not fix the underlying bug it does provide a workaround for
future issues related to the implicit constraint. Like the implicit
Connect constraint: *all* implicit constraints should be overridable to
allow users to workaround bugs or other factors should the need arise.
2019-11-12 12:26:36 -08:00
Lars Lehtonen e64f98837c nomad: fix dropped error in TestJobEndpoint_Deregister_ACL (#6602) 2019-11-06 16:40:45 -05:00
Mahmood Ali bb45a7a776 add tests for consul connect validation 2019-10-28 10:41:51 -04:00
Mahmood Ali e29ee4c400 nomad: defensive check for namespaces in job registration call
In a job registration request, ensure that the request namespace "header" and job
namespace field match.  This should be the case already in prod, as http
handlers ensures that the values match [1].

This mitigates bugs that exploit bugs where we may check a value but act
on another, resulting into bypassing ACL system.

[1] https://github.com/hashicorp/nomad/blob/v0.9.5/command/agent/job_endpoint.go#L415-L418
2019-09-26 17:02:47 -04:00
Danielle Lancashire 78b61de45f
config: Hoist volume.config.source into volume
Currently, using a Volume in a job uses the following configuration:

```
volume "alias-name" {
  type = "volume-type"
  read_only = true

  config {
    source = "host_volume_name"
  }
}
```

This commit migrates to the following:

```
volume "alias-name" {
  type = "volume-type"
  source = "host_volume_name"
  read_only = true
}
```

The original design was based due to being uncertain about the future of storage
plugins, and to allow maxium flexibility.

However, this causes a few issues, namely:
- We frequently need to parse this configuration during submission,
scheduling, and mounting
- It complicates the configuration from and end users perspective
- It complicates the ability to do validation

As we understand the problem space of CSI a little more, it has become
clear that we won't need the `source` to be in config, as it will be
used in the majority of cases:

- Host Volumes: Always need a source
- Preallocated CSI Volumes: Always needs a source from a volume or claim name
- Dynamic Persistent CSI Volumes*: Always needs a source to attach the volumes
                                   to for managing upgrades and to avoid dangling.
- Dynamic Ephemeral CSI Volumes*: Less thought out, but `source` will probably point
                                  to the plugin name, and a `config` block will
                                  allow you to pass meta to the plugin. Or will
                                  point to a pre-configured ephemeral config.
*If implemented

The new design simplifies this by merging the source into the volume
stanza to solve the above issues with usability, performance, and error
handling.
2019-09-13 04:37:59 +02:00
Danielle 0428284aee
Merge pull request #6180 from hashicorp/dani/readonly-acl
Fine grained ACLs for Host Volumes
2019-08-21 22:22:14 +02:00
Danielle Lancashire 91bb67f713
acls: Break mount acl into mount-rw and mount-ro 2019-08-21 21:17:30 +02:00
Nick Ethier 24f5a4c276
sidecar_task override in connect admission controller (#6140)
* structs: use seperate SidecarTask struct for sidecar_task stanza and add merge

* nomad: merge SidecarTask into proxy task during connect Mutate hook
2019-08-20 01:22:46 -04:00
Nick Ethier 965f00b2fc
Builtin Admission Controller Framework (#6116)
* nomad: add admission controller framework

* nomad: add admission controller framework and Consul Connect hooks

* run admission controllers before checking permissions

* client: add default node meta for connect configurables

* nomad: remove validateJob func since it has been moved to admission controller

* nomad: use new TaskKind type

* client: use consts for connect sidecar image and log level

* Apply suggestions from code review

Co-Authored-By: Michael Schurter <mschurter@hashicorp.com>

* nomad: add job register test with connect sidecar

* Update nomad/job_endpoint_hooks.go

Co-Authored-By: Michael Schurter <mschurter@hashicorp.com>
2019-08-15 11:22:37 -04:00
Danielle Lancashire b38c1d810e
job_endpoint: Validate volume permissions 2019-08-12 15:39:09 +02:00
Jasmine Dahilig 8d980edd2e
add create and modify timestamps to evaluations (#5881) 2019-08-07 09:50:35 -07:00
Preetha Appan 4d3f74e161
Fix test setup to have correct jobcreateindex for deployments 2019-05-13 18:53:47 -05:00
Preetha Appan d448750449
Lookup job only once, and fix tests 2019-05-13 18:33:41 -05:00
Michael Schurter c0cd96ef75
Update nomad/job_endpoint_test.go
Co-Authored-By: cgbaker <cgbaker@hashicorp.com>
2019-04-10 10:34:10 -05:00
Chris Baker 0ba1600545
server/job_endpoint: accept vault token and pass as part of Job.RegisterRequest [#4555] 2019-04-10 10:34:10 -05:00
Mahmood Ali 4414a2ce1c tests: remove tests for unsupported features
With switching to driver plugins, driver validation is quite tricky and
we need to do some design thinking before supporting it against.
2019-01-10 10:21:48 -05:00
Danielle Tomlinson d4cbd608ff nomad: Remove on-submission job validation
With the introduction of driver plugins, we're temporarily relying on
_run time validation_ of driver configurations, rather than submission
time.
2018-11-30 10:47:08 +01:00
Nick Ethier e75e3ae665
nomad: use require pkg for tests 2018-06-11 13:50:50 -04:00
Nick Ethier 50c72adbd7
nomad: code review comments 2018-06-11 13:27:48 -04:00
Nick Ethier 41e010cdc2
nomad: add 'Dispatch' field to Job
New -bash: Dispatch: command not found field is used to denote if the Job is a child dispatched job of
a parameterized job.
2018-06-11 11:59:03 -04:00
Preetha Appan b12df3c64b
Added CLI for evaluating job given ID, and modified client API for evaluate to take a request payload 2018-05-09 15:04:27 -05:00
Preetha Appan ef531b0f34
Add unit tests for forced rescheduling 2018-05-09 11:30:42 -05:00
Alex Dadgar 5320205853 Sort signals in implicit constraint
Fixes https://github.com/hashicorp/nomad/issues/4212
2018-04-26 10:12:47 -07:00
Michael Schurter 341d87aa48 tests: use mock.BatchJob to fix tests 2018-03-21 16:51:45 -07:00
Michael Schurter c3e8f6319c gofmt -s (simplify) files 2018-03-16 16:31:16 -07:00
Alex Dadgar 586ae36d13 Batch Deregister RPC 2018-03-16 10:53:03 -07:00
Michael Schurter 7dd7fbcda2 non-Existent -> nonexistent
Reverting from #3963

https://www.merriam-webster.com/dictionary/existent
2018-03-12 11:59:33 -07:00
Josh Soref 85fabc63c8 spelling: expected 2018-03-11 17:57:01 +00:00
Josh Soref 7f6e4012a0 spelling: existent 2018-03-11 18:30:37 +00:00
Alex Dadgar a6dfffa4fa Add testing interfaces 2018-02-15 13:59:00 -08:00
Chelsea Holland Komlo 2f22442370 use assert library 2017-12-06 15:03:02 -05:00
Chelsea Holland Komlo b08611cfac move kill_signal to task level, extend to docker 2017-12-06 14:36:39 -05:00
Michael Schurter 84d8a51be1 SecretID -> AuthToken 2017-10-12 15:16:33 -07:00
Michael Schurter 57ff12432b Move acl helpers from nomad/ into nomad/mock
They're useful in command/agent/ tests.
2017-10-06 14:50:06 -07:00
Chelsea Komlo 7c8a5228d4 Merge pull request #3290 from hashicorp/f-acl-job-dispatch
Add ACL for dispatch job
2017-10-06 13:33:21 -04:00
Chelsea Komlo 97e34725e1 Merge pull request #3278 from hashicorp/f-acl-job-getjob
Add ACL for GetJob
2017-09-29 17:44:31 -04:00
Chelsea Komlo 388cdaa2e8 Merge pull request #3272 from hashicorp/f-acl-job-stable
Add ACL endpoint for Job Stable
2017-09-29 17:44:09 -04:00
Michael Schurter a66c53d45a Remove structs import from api
Goes a step further and removes structs import from api's tests as well
by moving GenerateUUID to its own package.
2017-09-29 10:36:08 -07:00
Chelsea Komlo 3a015016cc Merge pull request #3294 from hashicorp/f-acl-job-deregister
Add ACL for job deregister
2017-09-28 10:57:51 -04:00
Chelsea Komlo c54a4f7c91 Merge pull request #3291 from hashicorp/f-acl-get-job-versions
Add ACL for job endpoint GetJobVersions
2017-09-28 10:35:19 -04:00
Chelsea Holland Komlo c242ac1431 job dispatch should have dispatch policy 2017-09-28 14:28:28 +00:00
Chelsea Komlo 77ae328fbe Merge pull request #3276 from hashicorp/f-acl-job-evaluate
Add read job permissions to evaluate endpoint
2017-09-27 18:01:15 -04:00
Chelsea Holland Komlo 90adc4dbc9 add checks for error message 2017-09-27 21:35:03 +00:00
Chelsea Komlo d3d1bc6498 Merge pull request #3279 from hashicorp/f-acl-job-allocations
Add ACL to job allocations endpoint
2017-09-27 16:57:04 -04:00
Chelsea Komlo 8f1c89c721 Merge pull request #3283 from hashicorp/f-acl-job-latest-deployment
Add ACL to latest job api
2017-09-27 16:54:44 -04:00
Chelsea Holland Komlo 1bab53c9fd acl for job deregister 2017-09-27 19:21:10 +00:00
Chelsea Komlo b40de659a7 Merge pull request #3281 from hashicorp/f-acl-job-evaluations
Add ACL for Job Evaluations endpoint
2017-09-27 15:15:35 -04:00
Chelsea Holland Komlo 36e3212012 add acl for job endpoint GetJobVersions 2017-09-27 17:29:08 +00:00
Chelsea Komlo b2cb0129c8 Merge pull request #3282 from hashicorp/f-acl-job-deployments
Add ACL for job deployments endpoint
2017-09-27 12:42:25 -04:00
Chelsea Holland Komlo 0db1367d43 add acl for dispatch job 2017-09-27 16:33:49 +00:00
Chelsea Holland Komlo c4ac20f852 fix up comment 2017-09-27 15:25:10 +00:00
Chelsea Holland Komlo d9701fed37 fixups from code review 2017-09-27 15:23:38 +00:00
Chelsea Holland Komlo 0ba6a1df0d fixups from code review 2017-09-27 15:20:18 +00:00
Chelsea Holland Komlo 4b90de992e fixups from code review 2017-09-27 15:07:45 +00:00
Alex Dadgar 4173834231 Enable more linters 2017-09-26 15:26:33 -07:00
Chelsea Holland Komlo f4b7451c62 add acl to lastest job api 2017-09-26 20:53:43 +00:00
Chelsea Holland Komlo 55c4ca187e add acl for job deployments endpoint 2017-09-26 20:33:03 +00:00
Chelsea Holland Komlo a7b7b3f6c6 add acl for Job Evaluations endpoint 2017-09-26 20:12:37 +00:00
Chelsea Holland Komlo 2fb7772c2c add acl to job allocations endpoint 2017-09-26 18:01:23 +00:00
Chelsea Holland Komlo d3e8b4812b better test assertions 2017-09-26 17:41:53 +00:00
Chelsea Holland Komlo f912619157 add ACL for GetJob endpoint 2017-09-26 17:38:03 +00:00
Chelsea Holland Komlo 5f467a84d3 add read job permissions to evaluate endpoint 2017-09-26 16:05:17 +00:00
Chelsea Holland Komlo 78f853e253 add ACL endpoint for Job Stable 2017-09-25 22:17:58 +00:00
Chelsea Holland Komlo 014dc2d7de Add ACL for Revert Job endpoint 2017-09-25 21:51:19 +00:00
Chelsea Holland Komlo 18f4aa6fb3 fix type 2017-09-25 17:41:17 +00:00
Chelsea Holland Komlo d9ac59f6b0 add acl for job validate endpoint 2017-09-25 17:34:02 +00:00
Alex Dadgar e5ec915ac3 sync 2017-09-19 10:08:23 -05:00
Chelsea Holland Komlo 8727092e8e add job list acl 2017-09-15 21:26:27 +00:00
Chelsea Holland Komlo be7efd71d4 fixups from code review 2017-09-14 20:14:38 +00:00
Chelsea Holland Komlo 0d28c95b6b use separate response object 2017-09-14 19:17:05 +00:00
Chelsea Holland Komlo 79abb9810b update to use ACL test helpers 2017-09-14 19:08:25 +00:00
Chelsea Holland Komlo 3eff2a06c5 add job endpoint ACL 2017-09-14 18:17:35 +00:00
Alex Dadgar 84d06f6abe Sync namespace changes 2017-09-07 17:04:21 -07:00
Armon Dadgar ac6283c31f nomad: enforce ACLs on job submit 2017-09-04 13:05:53 -07:00
Luke Farnell f0ced87b95 fixed all spelling mistakes for goreport 2017-08-07 17:13:05 -04:00
Alex Dadgar 06eddf243c parallel nomad tests 2017-07-25 17:39:36 -07:00
Alex Dadgar 45712c6ca3 test fixes 2017-07-07 14:11:27 -07:00
Alex Dadgar 9f016606aa Fix some tests, eval monitor shows deployment id and deployment cancels based on version 2017-07-07 12:12:48 -07:00
Alex Dadgar 5457bb7962 Job stability 2017-07-07 12:10:04 -07:00
Alex Dadgar 09dfa2fc10 Rename CreateDeployments and remove cancelling behavior in state_store 2017-07-07 12:10:04 -07:00
Alex Dadgar abf34204cc JobVersions returns struct with optional diff 2017-07-07 12:05:57 -07:00
Alex Dadgar f233629a4f job deployment endpoint + api 2017-07-07 12:05:56 -07:00
Alex Dadgar 8f4b22c1e1 Fix tests 2017-07-07 12:03:11 -07:00
Alex Dadgar 07b1c3e5db Only upsert a job if the spec changes and push deployment creation into reconciler 2017-07-07 12:03:11 -07:00
Michael Schurter 9c56f70d12 Validate job updates
Incurs a local read-before-write but because validation is transitive
there's no need to retry the read-validate-write on concurrent updates.
2017-06-27 16:08:18 -07:00
Alex Dadgar 6232b66ea7 Thread through warnings about deprecations 2017-05-09 20:52:47 -07:00
Alex Dadgar 321e01988a Don't allow revert to current version 2017-04-20 11:14:06 -07:00
Alex Dadgar 1b97c9abdd Revert server endpoint 2017-04-20 11:14:06 -07:00
Alex Dadgar 34332af70e GC and some fixes 2017-04-15 17:08:05 -07:00
Alex Dadgar 7abcdff7fd GetJobVersions server endpoint 2017-04-15 17:08:05 -07:00
Alex Dadgar 103e8d21fb Fix dispatch of periodic job
This PR fixes an issue in which when a periodic and parameterized job
was dispatched, an allocation would be immediately created.

Fixes https://github.com/hashicorp/nomad/issues/2470
2017-03-27 16:55:17 -07:00
Alex Dadgar d182aac7a7 Fix nomad tests 2017-02-07 22:10:33 -08:00
Alex Dadgar 04862ca10e Tests compile 2017-02-07 21:30:57 -08:00
Alex Dadgar 07bc00404e fix typo 2017-01-22 14:08:40 -08:00
Michael Schurter 1f7b5b4b47 Rename Constructor -> Parameterized Job 2017-01-20 12:43:10 -08:00
Alex Dadgar 4e8035756b Fix test and prevent job with payload from being submitted 2016-12-18 16:32:14 -08:00
Alex Dadgar 2761e1d8ea fix tests 2016-12-16 10:21:56 -08:00
Alex Dadgar 4a5c3c8db0 Rename structs 2016-12-14 14:28:43 -08:00