Nick Ethier
bd454a4c6f
client: improve group service stanza interpolation and check_re… ( #6586 )
...
* client: improve group service stanza interpolation and check_restart support
Interpolation can now be done on group service stanzas. Note that some task runtime specific information
that was previously available when the service was registered poststart of a task is no longer available.
The check_restart stanza for checks defined on group services will now properly restart the allocation upon
check failures if configured.
2019-11-18 13:04:01 -05:00
Lars Lehtonen
22a3c21dd0
nomad: fix dropped test error
2019-11-13 12:49:41 -08:00
Michael Schurter
08afb7d605
vault: allow overriding implicit vault constraint
...
There's a bug in version parsing that breaks this constraint when using
a prerelease enterprise version of Vault (eg 1.3.0-beta1+ent). While
this does not fix the underlying bug it does provide a workaround for
future issues related to the implicit constraint. Like the implicit
Connect constraint: *all* implicit constraints should be overridable to
allow users to workaround bugs or other factors should the need arise.
2019-11-12 12:26:36 -08:00
Lars Lehtonen
e64f98837c
nomad: fix dropped error in TestJobEndpoint_Deregister_ACL ( #6602 )
2019-11-06 16:40:45 -05:00
Mahmood Ali
bb45a7a776
add tests for consul connect validation
2019-10-28 10:41:51 -04:00
Mahmood Ali
e29ee4c400
nomad: defensive check for namespaces in job registration call
...
In a job registration request, ensure that the request namespace "header" and job
namespace field match. This should be the case already in prod, as http
handlers ensures that the values match [1].
This mitigates bugs that exploit bugs where we may check a value but act
on another, resulting into bypassing ACL system.
[1] https://github.com/hashicorp/nomad/blob/v0.9.5/command/agent/job_endpoint.go#L415-L418
2019-09-26 17:02:47 -04:00
Danielle Lancashire
78b61de45f
config: Hoist volume.config.source into volume
...
Currently, using a Volume in a job uses the following configuration:
```
volume "alias-name" {
type = "volume-type"
read_only = true
config {
source = "host_volume_name"
}
}
```
This commit migrates to the following:
```
volume "alias-name" {
type = "volume-type"
source = "host_volume_name"
read_only = true
}
```
The original design was based due to being uncertain about the future of storage
plugins, and to allow maxium flexibility.
However, this causes a few issues, namely:
- We frequently need to parse this configuration during submission,
scheduling, and mounting
- It complicates the configuration from and end users perspective
- It complicates the ability to do validation
As we understand the problem space of CSI a little more, it has become
clear that we won't need the `source` to be in config, as it will be
used in the majority of cases:
- Host Volumes: Always need a source
- Preallocated CSI Volumes: Always needs a source from a volume or claim name
- Dynamic Persistent CSI Volumes*: Always needs a source to attach the volumes
to for managing upgrades and to avoid dangling.
- Dynamic Ephemeral CSI Volumes*: Less thought out, but `source` will probably point
to the plugin name, and a `config` block will
allow you to pass meta to the plugin. Or will
point to a pre-configured ephemeral config.
*If implemented
The new design simplifies this by merging the source into the volume
stanza to solve the above issues with usability, performance, and error
handling.
2019-09-13 04:37:59 +02:00
Danielle
0428284aee
Merge pull request #6180 from hashicorp/dani/readonly-acl
...
Fine grained ACLs for Host Volumes
2019-08-21 22:22:14 +02:00
Danielle Lancashire
91bb67f713
acls: Break mount acl into mount-rw and mount-ro
2019-08-21 21:17:30 +02:00
Nick Ethier
24f5a4c276
sidecar_task override in connect admission controller ( #6140 )
...
* structs: use seperate SidecarTask struct for sidecar_task stanza and add merge
* nomad: merge SidecarTask into proxy task during connect Mutate hook
2019-08-20 01:22:46 -04:00
Nick Ethier
965f00b2fc
Builtin Admission Controller Framework ( #6116 )
...
* nomad: add admission controller framework
* nomad: add admission controller framework and Consul Connect hooks
* run admission controllers before checking permissions
* client: add default node meta for connect configurables
* nomad: remove validateJob func since it has been moved to admission controller
* nomad: use new TaskKind type
* client: use consts for connect sidecar image and log level
* Apply suggestions from code review
Co-Authored-By: Michael Schurter <mschurter@hashicorp.com>
* nomad: add job register test with connect sidecar
* Update nomad/job_endpoint_hooks.go
Co-Authored-By: Michael Schurter <mschurter@hashicorp.com>
2019-08-15 11:22:37 -04:00
Danielle Lancashire
b38c1d810e
job_endpoint: Validate volume permissions
2019-08-12 15:39:09 +02:00
Jasmine Dahilig
8d980edd2e
add create and modify timestamps to evaluations ( #5881 )
2019-08-07 09:50:35 -07:00
Preetha Appan
4d3f74e161
Fix test setup to have correct jobcreateindex for deployments
2019-05-13 18:53:47 -05:00
Preetha Appan
d448750449
Lookup job only once, and fix tests
2019-05-13 18:33:41 -05:00
Michael Schurter
c0cd96ef75
Update nomad/job_endpoint_test.go
...
Co-Authored-By: cgbaker <cgbaker@hashicorp.com>
2019-04-10 10:34:10 -05:00
Chris Baker
0ba1600545
server/job_endpoint: accept vault token and pass as part of Job.RegisterRequest [ #4555 ]
2019-04-10 10:34:10 -05:00
Mahmood Ali
4414a2ce1c
tests: remove tests for unsupported features
...
With switching to driver plugins, driver validation is quite tricky and
we need to do some design thinking before supporting it against.
2019-01-10 10:21:48 -05:00
Danielle Tomlinson
d4cbd608ff
nomad: Remove on-submission job validation
...
With the introduction of driver plugins, we're temporarily relying on
_run time validation_ of driver configurations, rather than submission
time.
2018-11-30 10:47:08 +01:00
Nick Ethier
e75e3ae665
nomad: use require pkg for tests
2018-06-11 13:50:50 -04:00
Nick Ethier
50c72adbd7
nomad: code review comments
2018-06-11 13:27:48 -04:00
Nick Ethier
41e010cdc2
nomad: add 'Dispatch' field to Job
...
New -bash: Dispatch: command not found field is used to denote if the Job is a child dispatched job of
a parameterized job.
2018-06-11 11:59:03 -04:00
Preetha Appan
b12df3c64b
Added CLI for evaluating job given ID, and modified client API for evaluate to take a request payload
2018-05-09 15:04:27 -05:00
Preetha Appan
ef531b0f34
Add unit tests for forced rescheduling
2018-05-09 11:30:42 -05:00
Alex Dadgar
5320205853
Sort signals in implicit constraint
...
Fixes https://github.com/hashicorp/nomad/issues/4212
2018-04-26 10:12:47 -07:00
Michael Schurter
341d87aa48
tests: use mock.BatchJob to fix tests
2018-03-21 16:51:45 -07:00
Michael Schurter
c3e8f6319c
gofmt -s (simplify) files
2018-03-16 16:31:16 -07:00
Alex Dadgar
586ae36d13
Batch Deregister RPC
2018-03-16 10:53:03 -07:00
Michael Schurter
7dd7fbcda2
non-Existent -> nonexistent
...
Reverting from #3963
https://www.merriam-webster.com/dictionary/existent
2018-03-12 11:59:33 -07:00
Josh Soref
85fabc63c8
spelling: expected
2018-03-11 17:57:01 +00:00
Josh Soref
7f6e4012a0
spelling: existent
2018-03-11 18:30:37 +00:00
Alex Dadgar
a6dfffa4fa
Add testing interfaces
2018-02-15 13:59:00 -08:00
Chelsea Holland Komlo
2f22442370
use assert library
2017-12-06 15:03:02 -05:00
Chelsea Holland Komlo
b08611cfac
move kill_signal to task level, extend to docker
2017-12-06 14:36:39 -05:00
Michael Schurter
84d8a51be1
SecretID -> AuthToken
2017-10-12 15:16:33 -07:00
Michael Schurter
57ff12432b
Move acl helpers from nomad/ into nomad/mock
...
They're useful in command/agent/ tests.
2017-10-06 14:50:06 -07:00
Chelsea Komlo
7c8a5228d4
Merge pull request #3290 from hashicorp/f-acl-job-dispatch
...
Add ACL for dispatch job
2017-10-06 13:33:21 -04:00
Chelsea Komlo
97e34725e1
Merge pull request #3278 from hashicorp/f-acl-job-getjob
...
Add ACL for GetJob
2017-09-29 17:44:31 -04:00
Chelsea Komlo
388cdaa2e8
Merge pull request #3272 from hashicorp/f-acl-job-stable
...
Add ACL endpoint for Job Stable
2017-09-29 17:44:09 -04:00
Michael Schurter
a66c53d45a
Remove structs
import from api
...
Goes a step further and removes structs import from api's tests as well
by moving GenerateUUID to its own package.
2017-09-29 10:36:08 -07:00
Chelsea Komlo
3a015016cc
Merge pull request #3294 from hashicorp/f-acl-job-deregister
...
Add ACL for job deregister
2017-09-28 10:57:51 -04:00
Chelsea Komlo
c54a4f7c91
Merge pull request #3291 from hashicorp/f-acl-get-job-versions
...
Add ACL for job endpoint GetJobVersions
2017-09-28 10:35:19 -04:00
Chelsea Holland Komlo
c242ac1431
job dispatch should have dispatch policy
2017-09-28 14:28:28 +00:00
Chelsea Komlo
77ae328fbe
Merge pull request #3276 from hashicorp/f-acl-job-evaluate
...
Add read job permissions to evaluate endpoint
2017-09-27 18:01:15 -04:00
Chelsea Holland Komlo
90adc4dbc9
add checks for error message
2017-09-27 21:35:03 +00:00
Chelsea Komlo
d3d1bc6498
Merge pull request #3279 from hashicorp/f-acl-job-allocations
...
Add ACL to job allocations endpoint
2017-09-27 16:57:04 -04:00
Chelsea Komlo
8f1c89c721
Merge pull request #3283 from hashicorp/f-acl-job-latest-deployment
...
Add ACL to latest job api
2017-09-27 16:54:44 -04:00
Chelsea Holland Komlo
1bab53c9fd
acl for job deregister
2017-09-27 19:21:10 +00:00
Chelsea Komlo
b40de659a7
Merge pull request #3281 from hashicorp/f-acl-job-evaluations
...
Add ACL for Job Evaluations endpoint
2017-09-27 15:15:35 -04:00
Chelsea Holland Komlo
36e3212012
add acl for job endpoint GetJobVersions
2017-09-27 17:29:08 +00:00
Chelsea Komlo
b2cb0129c8
Merge pull request #3282 from hashicorp/f-acl-job-deployments
...
Add ACL for job deployments endpoint
2017-09-27 12:42:25 -04:00
Chelsea Holland Komlo
0db1367d43
add acl for dispatch job
2017-09-27 16:33:49 +00:00
Chelsea Holland Komlo
c4ac20f852
fix up comment
2017-09-27 15:25:10 +00:00
Chelsea Holland Komlo
d9701fed37
fixups from code review
2017-09-27 15:23:38 +00:00
Chelsea Holland Komlo
0ba6a1df0d
fixups from code review
2017-09-27 15:20:18 +00:00
Chelsea Holland Komlo
4b90de992e
fixups from code review
2017-09-27 15:07:45 +00:00
Alex Dadgar
4173834231
Enable more linters
2017-09-26 15:26:33 -07:00
Chelsea Holland Komlo
f4b7451c62
add acl to lastest job api
2017-09-26 20:53:43 +00:00
Chelsea Holland Komlo
55c4ca187e
add acl for job deployments endpoint
2017-09-26 20:33:03 +00:00
Chelsea Holland Komlo
a7b7b3f6c6
add acl for Job Evaluations endpoint
2017-09-26 20:12:37 +00:00
Chelsea Holland Komlo
2fb7772c2c
add acl to job allocations endpoint
2017-09-26 18:01:23 +00:00
Chelsea Holland Komlo
d3e8b4812b
better test assertions
2017-09-26 17:41:53 +00:00
Chelsea Holland Komlo
f912619157
add ACL for GetJob endpoint
2017-09-26 17:38:03 +00:00
Chelsea Holland Komlo
5f467a84d3
add read job permissions to evaluate endpoint
2017-09-26 16:05:17 +00:00
Chelsea Holland Komlo
78f853e253
add ACL endpoint for Job Stable
2017-09-25 22:17:58 +00:00
Chelsea Holland Komlo
014dc2d7de
Add ACL for Revert Job endpoint
2017-09-25 21:51:19 +00:00
Chelsea Holland Komlo
18f4aa6fb3
fix type
2017-09-25 17:41:17 +00:00
Chelsea Holland Komlo
d9ac59f6b0
add acl for job validate endpoint
2017-09-25 17:34:02 +00:00
Alex Dadgar
e5ec915ac3
sync
2017-09-19 10:08:23 -05:00
Chelsea Holland Komlo
8727092e8e
add job list acl
2017-09-15 21:26:27 +00:00
Chelsea Holland Komlo
be7efd71d4
fixups from code review
2017-09-14 20:14:38 +00:00
Chelsea Holland Komlo
0d28c95b6b
use separate response object
2017-09-14 19:17:05 +00:00
Chelsea Holland Komlo
79abb9810b
update to use ACL test helpers
2017-09-14 19:08:25 +00:00
Chelsea Holland Komlo
3eff2a06c5
add job endpoint ACL
2017-09-14 18:17:35 +00:00
Alex Dadgar
84d06f6abe
Sync namespace changes
2017-09-07 17:04:21 -07:00
Armon Dadgar
ac6283c31f
nomad: enforce ACLs on job submit
2017-09-04 13:05:53 -07:00
Luke Farnell
f0ced87b95
fixed all spelling mistakes for goreport
2017-08-07 17:13:05 -04:00
Alex Dadgar
06eddf243c
parallel nomad tests
2017-07-25 17:39:36 -07:00
Alex Dadgar
45712c6ca3
test fixes
2017-07-07 14:11:27 -07:00
Alex Dadgar
9f016606aa
Fix some tests, eval monitor shows deployment id and deployment cancels based on version
2017-07-07 12:12:48 -07:00
Alex Dadgar
5457bb7962
Job stability
2017-07-07 12:10:04 -07:00
Alex Dadgar
09dfa2fc10
Rename CreateDeployments and remove cancelling behavior in state_store
2017-07-07 12:10:04 -07:00
Alex Dadgar
abf34204cc
JobVersions returns struct with optional diff
2017-07-07 12:05:57 -07:00
Alex Dadgar
f233629a4f
job deployment endpoint + api
2017-07-07 12:05:56 -07:00
Alex Dadgar
8f4b22c1e1
Fix tests
2017-07-07 12:03:11 -07:00
Alex Dadgar
07b1c3e5db
Only upsert a job if the spec changes and push deployment creation into reconciler
2017-07-07 12:03:11 -07:00
Michael Schurter
9c56f70d12
Validate job updates
...
Incurs a local read-before-write but because validation is transitive
there's no need to retry the read-validate-write on concurrent updates.
2017-06-27 16:08:18 -07:00
Alex Dadgar
6232b66ea7
Thread through warnings about deprecations
2017-05-09 20:52:47 -07:00
Alex Dadgar
321e01988a
Don't allow revert to current version
2017-04-20 11:14:06 -07:00
Alex Dadgar
1b97c9abdd
Revert server endpoint
2017-04-20 11:14:06 -07:00
Alex Dadgar
34332af70e
GC and some fixes
2017-04-15 17:08:05 -07:00
Alex Dadgar
7abcdff7fd
GetJobVersions server endpoint
2017-04-15 17:08:05 -07:00
Alex Dadgar
103e8d21fb
Fix dispatch of periodic job
...
This PR fixes an issue in which when a periodic and parameterized job
was dispatched, an allocation would be immediately created.
Fixes https://github.com/hashicorp/nomad/issues/2470
2017-03-27 16:55:17 -07:00
Alex Dadgar
d182aac7a7
Fix nomad tests
2017-02-07 22:10:33 -08:00
Alex Dadgar
04862ca10e
Tests compile
2017-02-07 21:30:57 -08:00
Alex Dadgar
07bc00404e
fix typo
2017-01-22 14:08:40 -08:00
Michael Schurter
1f7b5b4b47
Rename Constructor -> Parameterized Job
2017-01-20 12:43:10 -08:00
Alex Dadgar
4e8035756b
Fix test and prevent job with payload from being submitted
2016-12-18 16:32:14 -08:00
Alex Dadgar
2761e1d8ea
fix tests
2016-12-16 10:21:56 -08:00
Alex Dadgar
4a5c3c8db0
Rename structs
2016-12-14 14:28:43 -08:00