Commit graph

23804 commits

Author SHA1 Message Date
Seth Hoenig 1901cfaba8
Merge pull request #14069 from brian-athinkingape/cli-fix-memstats-cgroupsv2
cli: for systems with cgroups v2, fix alloation resource utilization showing 0 memory used
2022-08-11 07:27:48 -05:00
James Rasell dca3422322
Merge pull request #14057 from hashicorp/f-gh-13120-acl-role-rpc-endpoints
ACL Role: add RPC, HTTP API, and API SDK functionality.
2022-08-11 10:32:16 +02:00
James Rasell 8724974683
api: add ACL Role API implementation for CRUD actions. 2022-08-11 08:44:37 +01:00
James Rasell 9cd0dd2ff7
http: add ACL Role HTTP endpoints for CRUD actions.
These new endpoints are exposed under the /v1/acl/roles and
/v1/acl/role endpoints.
2022-08-11 08:44:19 +01:00
James Rasell 581a5bb6ad
rpc: add ACL Role RPC endpoint for CRUD actions.
New ACL Role RPC endpoints have been created to allow the creation,
update, read, and deletion of ACL roles. All endpoints require a
management token; in the future readers will also be allowed to
view roles associated to their ACL token.

The create endpoint in particular is responsible for deduplicating
ACL policy links and ensuring named policies are found within
state. This is done within the RPC handler so we perform a single
loop through the links for slight efficiency.
2022-08-11 08:43:50 +01:00
Morantron 741170160f
Update index.mdx 2022-08-11 09:03:52 +02:00
Luiz Aoqui e91d36902f
ci: delete generated files after build (#14070)
The generated files are created as part of the final build process but
should not present in the repository afterwards.
2022-08-10 20:36:03 -04:00
Seth Hoenig 3d925a78e5
Merge pull request #14065 from hashicorp/b-fwd-vtoken-validation
cli: forward request for job validation to nomad leader
2022-08-10 15:14:01 -05:00
Seth Hoenig 3aaaedf52e cli: forward request for job validation to nomad leader
This PR changes the behavior of 'nomad job validate' to forward the
request to the nomad leader, rather than responding from any server.

This is because we need the leader when validating Vault tokens, since
the leader is the only server with an active vault client.
2022-08-10 14:34:04 -05:00
Seth Hoenig 295a33150e
Merge pull request #14077 from Dgotlieb/template-doc-typo-fix
template doc typo fix
2022-08-10 14:01:58 -05:00
Jai cf37860a13
test: add unit tests for namespace matching util (#14078) 2022-08-10 12:01:00 -04:00
dgotlieb 7fbc8baaeb
doc typo fix
docker and podman don't suck 🤣
2022-08-10 15:04:07 +03:00
Luiz Aoqui 815adbada5
Post 1.3.3 release (#14064)
* Generate files for 1.3.3 release

* Prepare for next release

* Merge release 1.3.3 files

Co-authored-by: hc-github-team-nomad-core <github-team-nomad-core@hashicorp.com>
2022-08-09 17:27:29 -04:00
Brian Chau 63b60ced2a Add changelog 14069 2022-08-09 14:16:34 -07:00
Brian Chau 6621bb9db5 cli: for systems with cgroups v2, fix alloation resource utilization showing 0 memory used 2022-08-09 14:09:14 -07:00
Phil Renaud 894e61f4dd
[ui] Fixes a bug for first-time SecVars users on namespaces (#14067)
* Fixes a bug for first-time SecVars users on namespaces

* Namespace computed dep

* Namespace computed dep
2022-08-09 16:56:18 -04:00
Jai 34104488a3
refact: update serializer log for prefix and namespace (#14062) 2022-08-09 14:08:28 -04:00
Phil Renaud 4da169e155
[ui] "Can Read" checks on individual Secure Variables (#14020)
* Changelog and lintfix

* Changelog removed

* Forbidden state on individual variables

* CanRead checked on variable path links

* Mirage fixture with lesser secure variables access, temporary fix for * namespaces

* Read flow acceptance tests

* Unit tests for variable.canRead

* lintfix

* TODO squashed, thanks Jai

* explicitly link mirage fixture vars to jobs via namespace

* Typofix; delete to read

* Linking the original alloc

* Percy snapshots uniquely named

* Guarantee that the alloc we depend on has tasks within it

* Logging variables

* Trying to skip delete

* Now without create flow either

* Dedicated cluster fixture for testing variables

* Disambiguate percy calls
2022-08-09 13:17:55 -04:00
James Rasell e660c9a908
core: add ACL role state schema and functionality. (#13955)
This commit includes the new state schema for ACL roles along with
state interaction functions for CRUD actions.

The change also includes snapshot persist and restore
functionality and the addition of FSM messages for Raft updates
which will come via RPC endpoints.
2022-08-09 09:33:41 +02:00
dependabot[bot] e229037fb8
build(deps): bump go.etcd.io/bbolt from 1.3.5 to 1.3.6
Bumps [go.etcd.io/bbolt](https://github.com/etcd-io/bbolt) from 1.3.5 to 1.3.6.
- [Release notes](https://github.com/etcd-io/bbolt/releases)
- [Commits](https://github.com/etcd-io/bbolt/compare/v1.3.5...v1.3.6)

---
updated-dependencies:
- dependency-name: go.etcd.io/bbolt
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-08-08 20:48:49 +00:00
dependabot[bot] 0004e0a5b7
build(deps): bump github.com/containernetworking/cni from 1.0.1 to 1.1.2
Bumps [github.com/containernetworking/cni](https://github.com/containernetworking/cni) from 1.0.1 to 1.1.2.
- [Release notes](https://github.com/containernetworking/cni/releases)
- [Commits](https://github.com/containernetworking/cni/compare/v1.0.1...v1.1.2)

---
updated-dependencies:
- dependency-name: github.com/containernetworking/cni
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-08-08 20:48:29 +00:00
Seth Hoenig a0f52b9554
Merge pull request #13798 from hashicorp/dependabot/go_modules/github.com/hashicorp/consul/api-1.13.1
chore(deps): bump github.com/hashicorp/consul/api from 1.13.0 to 1.13.1
2022-08-08 15:47:17 -05:00
Seth Hoenig 0b52c27a15
Merge pull request #14045 from Abirdcfly/main
fix minor unreachable code caused by t.Fatal
2022-08-08 11:47:02 -05:00
Jai f97b677928
ui: handle error messages for when filtering doesn't return matches (#14048)
* refact: add conditional logic to variables.index

* refact: add conditional logic to variables.path

* refact: update query selectors in assertions
2022-08-08 12:44:38 -04:00
Abirdcfly d66943d4f7 fix minor unreachable code caused by t.Fatal
Signed-off-by: Abirdcfly <fp544037857@gmail.com>
2022-08-08 23:50:11 +08:00
claire labry 94c16eda16
Merge pull request #13815 from hashicorp/post-publish-website
Introduces the post publish website event
2022-08-08 10:34:31 -05:00
Seth Hoenig ebc8166b9e
Merge pull request #14033 from hashicorp/f-plumb-task-names
core: automatically plumb task name into task-level services and checks
2022-08-08 09:06:04 -05:00
Seth Hoenig 2775981df1
Merge pull request #14026 from hashicorp/docs-tweak-readme
docs: minor readme tweaks
2022-08-08 08:54:20 -05:00
Charlie Voiselle 9a19279f59
Sweep of docs for repeated words; minor edits (#14032) 2022-08-05 16:45:30 -04:00
Jai 113466040f
refact: namespace glob matching (#14037)
* refact: allow namespace glob matching

* test:  namespace glob matching
2022-08-05 16:40:22 -04:00
dependabot[bot] fd7312967b
build(deps): bump tmpl from 1.0.4 to 1.0.5 in /ui (#11212)
Bumps [tmpl](https://github.com/daaku/nodejs-tmpl) from 1.0.4 to 1.0.5.
- [Release notes](https://github.com/daaku/nodejs-tmpl/releases)
- [Commits](https://github.com/daaku/nodejs-tmpl/commits/v1.0.5)

---
updated-dependencies:
- dependency-name: tmpl
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-08-05 15:09:18 -04:00
Seth Hoenig 2b6bda49b9 core: automatically plumb task name into task-level services and checks 2022-08-05 12:42:41 -05:00
James Rasell 2c540b03c5
api: use errors.New not fmt.Errorf when error doesn't have format. (#14027)
* api: use errors.New not fmt.Errorf when error doesn't have format.

* semgrep: add rule to catch fmt.Errorf use without formatting.
2022-08-05 17:05:47 +02:00
Phil Renaud 4283608bbf
[ui] "can list variables" capability refactor (#13996)
* Check against all your policies' namespaces' secvars' paths' capabilities to see if you can list vars

* Changelog and lintfix

* Unit tests for list-vars

* Removed unused computed dep

* Changelog removed
2022-08-05 10:45:22 -04:00
Seth Hoenig 141a70f385 docs: minor readme tweaks
- Remove Circle CI badge (pretty much always misleadingly red)
- Add MPL license badge
- Remove link to deprecated google groups
2022-08-05 07:45:03 -05:00
dependabot[bot] 221ac2741c
chore(deps): bump github.com/hashicorp/consul/api from 1.13.0 to 1.13.1
Bumps [github.com/hashicorp/consul/api](https://github.com/hashicorp/consul) from 1.13.0 to 1.13.1.
- [Release notes](https://github.com/hashicorp/consul/releases)
- [Changelog](https://github.com/hashicorp/consul/blob/main/CHANGELOG.md)
- [Commits](https://github.com/hashicorp/consul/compare/api/v1.13.0...api/v1.13.1)

---
updated-dependencies:
- dependency-name: github.com/hashicorp/consul/api
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-08-05 12:37:18 +00:00
Seth Hoenig eb933ad27d
Merge pull request #14019 from hashicorp/deps-update-runc-to-v1.1.3
deps: update runc to v1.1.3
2022-08-05 07:34:16 -05:00
Seth Hoenig 65e068f339
Merge pull request #14023 from hashicorp/nsd-check-body
nsd: add support for setting request body in http checks
2022-08-05 07:26:38 -05:00
Seth Hoenig f6f26fb72c nsd: add support for setting request body in http checks
This PR adds support for settings check.body in checks of services
making use of Nomad's service provider.
2022-08-04 14:40:23 -05:00
Seth Hoenig bc09a2e114 deps: update opencontainers/runc to v1.1.3 2022-08-04 12:56:49 -05:00
Luiz Aoqui 9affe31a0f
qemu: reduce monitor socket path (#13971)
The QEMU driver can take an optional `graceful_shutdown` configuration
which will create a Unix socket to send ACPI shutdown signal to the VM.

Unix sockets have a hard length limit and the driver implementation
assumed that QEMU versions 2.10.1 were able to handle longer paths. This
is not correct, the linked QEMU fix only changed the behaviour from
silently truncating longer socket paths to throwing an error.

By validating the socket path before starting the QEMU machine we can
provide users a more actionable and meaningful error message, and by
using a shorter socket file name we leave a bit more room for
user-defined values in the path, such as the task name.

The maximum length allowed is also platform-dependant, so validation
needs to be different for each OS.
2022-08-04 12:10:35 -04:00
Charles Z 7a8ec90fbe
allow unhealthy canaries without blocking autopromote (#14001) 2022-08-04 11:53:50 -04:00
Luiz Aoqui e3d78c343c
template: set default UID/GID to -1 (#13998)
UID/GID 0 is usually reserved for the root user/group. While Nomad
clients are expected to run as root it may not always be the case.

Setting these values as -1 if not defined will fallback to the pervious
behaviour of not attempting to set file ownership and use whatever
UID/GID the Nomad agent is running as. It will also keep backwards
compatibility, which is specially important for platforms where this
feature is not supported, like Windows.
2022-08-04 11:26:08 -04:00
Luiz Aoqui 2c0fea64e9
qemu: restore monitor socket path (#14000)
When a QEMU task is recovered the monitor socket path was not being
restored into the task handler, so the `graceful_shutdown` configuration
was effectively ignored if the client restarted.
2022-08-04 10:44:08 -04:00
Luiz Aoqui 8f05a55def
docs: remove link to HCL2 timestamp function (#13999)
The `timestamp` HCL2 function was never part of the set of supported
functions.
2022-08-04 10:07:51 -04:00
Seth Hoenig 838f5515d4
Merge pull request #13978 from hashicorp/f-nsd-check-headers
nsd: add support for setting headers on nomad service http checks
2022-08-04 07:21:07 -05:00
Derek Strickland 77df9c133b
Add Nomad RetryConfig to agent template config (#13907)
* add Nomad RetryConfig to agent template config
2022-08-03 16:56:30 -04:00
Phil Renaud e58a95ed2f
New variable creation adds the first namespace in your available list at variable creation time (#13991)
* New variable creation adds the first namespace in your available list at variable creation time

* Changelog
2022-08-03 15:09:25 -04:00
Seth Hoenig 8c82c91406
Merge pull request #13670 from hashicorp/ui-memory-cgroupsv2
ui: fix zero memory utilization bug on systems using cgroups v2
2022-08-03 13:18:57 -05:00
Seth Hoenig e2309754de cl: update cl for 13670 2022-08-03 13:18:09 -05:00