New ACL Role RPC endpoints have been created to allow the creation,
update, read, and deletion of ACL roles. All endpoints require a
management token; in the future readers will also be allowed to
view roles associated to their ACL token.
The create endpoint in particular is responsible for deduplicating
ACL policy links and ensuring named policies are found within
state. This is done within the RPC handler so we perform a single
loop through the links for slight efficiency.
This PR changes the behavior of 'nomad job validate' to forward the
request to the nomad leader, rather than responding from any server.
This is because we need the leader when validating Vault tokens, since
the leader is the only server with an active vault client.
* Changelog and lintfix
* Changelog removed
* Forbidden state on individual variables
* CanRead checked on variable path links
* Mirage fixture with lesser secure variables access, temporary fix for * namespaces
* Read flow acceptance tests
* Unit tests for variable.canRead
* lintfix
* TODO squashed, thanks Jai
* explicitly link mirage fixture vars to jobs via namespace
* Typofix; delete to read
* Linking the original alloc
* Percy snapshots uniquely named
* Guarantee that the alloc we depend on has tasks within it
* Logging variables
* Trying to skip delete
* Now without create flow either
* Dedicated cluster fixture for testing variables
* Disambiguate percy calls
This commit includes the new state schema for ACL roles along with
state interaction functions for CRUD actions.
The change also includes snapshot persist and restore
functionality and the addition of FSM messages for Raft updates
which will come via RPC endpoints.
* Check against all your policies' namespaces' secvars' paths' capabilities to see if you can list vars
* Changelog and lintfix
* Unit tests for list-vars
* Removed unused computed dep
* Changelog removed
The QEMU driver can take an optional `graceful_shutdown` configuration
which will create a Unix socket to send ACPI shutdown signal to the VM.
Unix sockets have a hard length limit and the driver implementation
assumed that QEMU versions 2.10.1 were able to handle longer paths. This
is not correct, the linked QEMU fix only changed the behaviour from
silently truncating longer socket paths to throwing an error.
By validating the socket path before starting the QEMU machine we can
provide users a more actionable and meaningful error message, and by
using a shorter socket file name we leave a bit more room for
user-defined values in the path, such as the task name.
The maximum length allowed is also platform-dependant, so validation
needs to be different for each OS.
UID/GID 0 is usually reserved for the root user/group. While Nomad
clients are expected to run as root it may not always be the case.
Setting these values as -1 if not defined will fallback to the pervious
behaviour of not attempting to set file ownership and use whatever
UID/GID the Nomad agent is running as. It will also keep backwards
compatibility, which is specially important for platforms where this
feature is not supported, like Windows.
When a QEMU task is recovered the monitor socket path was not being
restored into the task handler, so the `graceful_shutdown` configuration
was effectively ignored if the client restarted.