* ui: add namespace filter feature
ui: add namespace filtering to variables.index
test: namespace filter
refact: fix action in template
ui: move data fetching and query param logic to
ui: controller query parameter logic
ui: prevent from forwarding query param
ui: create variables controller
refact: use dependency injection for controlling parent qp
chore: clean-up reset in route
chore: clean-up reset in route
* ui: add namespace filter to secure var form (#13629)
ui: update variable factory to accept namespaces
refact: update api to accept disabled
ui: add namespace setting logic to form
refact: remove debugger
refact: get correct selectors for
ui: move data loading to namespace-filter component
chore: prettify template
ui: update factory to handle namespace setting
refact: remove inline styling for grid class
* ui: fix placement of filter in `SecureVariablesForm` (#13762)
* refact: conditionally render css class
* chore: remove unused CSS property
* refact: edit path-input class to prevent textarea override
* refact: inject missing store service (#13763)
* chore: patch fixes for when no default namespace is available (#13782)
* test: add tests for namespace filtering conditions (#13816)
* test: add tests for namespace filtering and namespaces appearing in form
* patch namespace related issue to saving and querying (#13825)
* refact: use namespace id, not entity
* refact: update adapter to edit request to include qp
* ui: early exit if no snapshot
* refact: test passes wrong interface to method
* chore: add missing url update URL builder
* refact: model in doesn't have absolutePath
* Align error message
* chore: update tests (#13905)
* chore: patch brittle tests with better selectors
* chore: update assertion count
Co-authored-by: Phil Renaud <phil@riotindustries.com>
When we delete a namespace, we check to ensure that there are no non-terminal
jobs or CSI volume, which also covers evals, allocs, etc. Secure variables are
also namespaces, so extend this check to them as well.
When we delete a namespace, we check to ensure that there are no non-terminal
jobs, which effectively covers evals, allocs, etc. CSI volumes are also
namespaced, so extend this check to cover CSI volumes.
Workload identities grant implicit access to policies, and operators
will not want to craft separate policies for each invocation of a
periodic or dispatch job. Use the parent job's ID as the JobID claim.
The search RPC used a placeholder policy for searching within the secure
variables context. Now that we have ACL policies built for secure variables, we
can use them for search. Requires a new loose policy for checking if a token has
any secure variables access within a namespace, so that we can filter on
specific paths in the iterator.
Most of our objects use int64 timestamps derived from `UnixNano()` instead of
`time.Time` objects. Switch the keyring metadata to use `UnixNano()` for
consistency across the API.
To discourage accidentally DoS'ing the cluster with secure variables
data, we're providing a very low limit to the maximum size of a given
secure variable. This currently matches the limit for dispatch
payloads.
In future versions, we may increase this limit or make it
configurable, once we have better metrics from real-world operators.
Document the secure variables keyring commands, document the aliased
gossip keyring commands, and note that the old gossip keyring commands
are deprecated.
Return 429 response on HTTP max connection limit. Instead of silently closing
the connection, return a `429 Too Many Requests` HTTP response with a helpful
error message to aid debugging when the connection limit is unintentionally
reached.
Set a 10-millisecond write timeout and rate limiter for connection-limit 429
response to prevent writing the HTTP response from consuming too many server
resources.
Add `nomad.agent.http.exceeded metric` counting the number of HTTP connections
exceeding concurrency limit.
* Support pathLinkedEntities starting with nomad/jobs/ instead of jobs/
* links from jobs/groups/tasks to variables now look for nomad/jobs/ instead of jobs/
* Tests updated to reflect nomad/jobs/ change
* Acceptance test for disallowing nomad/foo/, and hint text updates
* Defensive logic in case path not yet set
* Allow exactly nomad/jobs as a variable path
Tasks are automatically granted access to variables on a path that matches their
workload identity, with a well-known prefix. Change the prefix to `nomad/jobs`
to allow for future prefixes like `nomad/volumes` or `nomad/plugins`. Reserve
the prefix by emitting errors during validation.
When applying a raft log to expire ACL tokens, we need to use a
timestamp provided by the leader so that the result is deterministic
across servers. Use leader's timestamp from RPC call
This PR creates a top-level 'check' page for job-specification docs.
The content for checks is about half the content of the service page, and
is about to increase in size when we add docs about Nomad service checks.
Seemed like a good idea to just split the checks section out into its own
thing (e.g. check_restart is already a topic).
Doing the move first lets us backport this change without adding Nomad service
check stuff yet.
Mostly just a lift-and-shift but with some tweaked examples to de-emphasize
the use of script checks.
The "Secure Nomad with Access Control" guide provides a tutorial for
bootstrapping Nomad ACLs, writing policies, and creating tokens. Add a reference
guide just for the ACL policy specification.
* docs: tighten up parameterized job metrics docs
* docs: improve alloc status descriptions
Remove `nomad.client.allocations.start` as it doesn't exist.
The test for simulating a key rotation across leader elections was
flaky because we weren't waiting for a leader election and was
checking the server configs rather than raft for which server was
currently the leader. Fixing the flake revealed a bug in the test that
we weren't ensuring the new leader was running its own replication, so
it wouldn't pick up the key material from the previous follower.
asymmetric