Commit graph

23 commits

Author SHA1 Message Date
Mahmood Ali 4b2ba62e35 acl: check ACL against object namespace
Fix a bug where a millicious user can access or manipulate an alloc in a
namespace they don't have access to.  The allocation endpoints perform
ACL checks against the request namespace, not the allocation namespace,
and performs the allocation lookup independently from namespaces.

Here, we check that the requested can access the alloc namespace
regardless of the declared request namespace.

Ideally, we'd enforce that the declared request namespace matches
the actual allocation namespace.  Unfortunately, we haven't documented
alloc endpoints as namespaced functions; we suspect starting to enforce
this will be very disruptive and inappropriate for a nomad point
release.  As such, we maintain current behavior that doesn't require
passing the proper namespace in request.  A future major release may
start enforcing checking declared namespace.
2019-10-08 12:59:22 -04:00
Mahmood Ali 6cefd8f97e tests: attempt to fix TestAutopilot_CleanupStaleRaftServer
Also add a utility function for waiting for stable leadership
2019-09-04 08:49:33 -04:00
Mahmood Ali fc72fff0ed test helper for registering jobs with acl
Test helper that allows registration of jobs when ACL is activated.
2019-04-30 10:23:56 -04:00
Mahmood Ali 8c82c19831 tests: IsTravis() -> IsCI()
Replace IsTravis() references that is intended for more CI environments
rather than for Travis environment specifically.
2019-02-20 08:21:03 -05:00
Mahmood Ali 33ff8c3e8d tests: expect Docker on AppVeyor
Prepare to run docker on AppVeyor Windows environment
2019-02-20 07:41:47 -05:00
Alex Dadgar 4bdccab550 goimports 2019-01-22 15:44:31 -08:00
Mahmood Ali b7d421a149 tests: WaitForRunning checks for pending only
WaitForRunning risks a race condition where the allocation succeeds and
completes before WaitForRunning is called (or while it is running).

Here, I made the behavior match the function documentation.

I considered making it stricter, but callers need to account for
allocation terminating immediately after WaitForRunning terminates
anyway.
2019-01-10 15:36:57 -05:00
Mahmood Ali c3eaa0f4c8 tests: enable and fix tests requiring mock driver 2019-01-10 10:10:11 -05:00
Michael Schurter f279b1d1b1 tests: test logs endpoint against pending task
Although the really exciting change is making WaitForRunning return the
allocations that it started. This should cut down test boilerplate
significantly.
2018-10-16 16:56:55 -07:00
Michael Schurter 6def5bc4f9 client: set host name when migrating over tls
Not setting the host name led the Go HTTP client to expect a certificate
with a DNS-resolvable name. Since Nomad uses `${role}.${region}.nomad`
names ephemeral dir migrations were broken when TLS was enabled.

Added an e2e test to ensure this doesn't break again as it's very
difficult to test and the TLS configuration is very easy to get wrong.
2018-09-05 17:24:17 -07:00
Alex Dadgar af1b185ce4 Fix flaky deadline tests 2018-04-03 16:51:57 -07:00
Alex Dadgar b18f789020 Unmark drain when nodes hit their deadline and only batch/system left and add all job type integration test 2018-03-28 17:25:58 -07:00
Michael Schurter 5f1f91a46c Use go-testing-interface instead of testing
This drops the testings stdlib pkg from our dependencies. Saves a
whopping 46kb on our binary (was really hoping for more of a win there),
but also avoids potential ugliness with how testing sets flags.
2017-07-25 15:35:19 -07:00
Michael Schurter aede1478db Create AssertUntil helper func 2017-04-06 17:05:09 -07:00
Alex Dadgar d82747bd33 Benchmark 2016-12-09 14:44:50 -08:00
Abhishek Chanda babd75c55c Use the CI env variable
Travis exports this variable to all builds. We don't need out own.
A number of other CI systems use this variable too.
2016-02-06 01:11:44 -08:00
Alex Dadgar e8067029cc Small fixes 2016-02-04 14:19:27 -08:00
Alex Dadgar a4ddfc306b ordering issue 2016-01-21 13:28:48 -08:00
Alex Dadgar fd21e890db Time Duration fixes 2016-01-21 12:29:13 -08:00
Alex Dadgar 1ceb6f012a Fix a bunch of tests
Up timeouts

trusty travis beta

Increase timeouts
2016-01-20 16:03:53 -08:00
Armon Dadgar 42734d2c3a nomad: allow region forwarding for status endpoints 2015-09-06 18:07:05 -07:00
Armon Dadgar 0bca2285a4 nomad: testing status endpoint 2015-06-04 13:26:16 +02:00
Armon Dadgar c18c068bf2 nomad: testing remove peer 2015-06-04 13:02:39 +02:00