Commit graph

25 commits

Author SHA1 Message Date
Mahmood Ali 4b2ba62e35 acl: check ACL against object namespace
Fix a bug where a millicious user can access or manipulate an alloc in a
namespace they don't have access to.  The allocation endpoints perform
ACL checks against the request namespace, not the allocation namespace,
and performs the allocation lookup independently from namespaces.

Here, we check that the requested can access the alloc namespace
regardless of the declared request namespace.

Ideally, we'd enforce that the declared request namespace matches
the actual allocation namespace.  Unfortunately, we haven't documented
alloc endpoints as namespaced functions; we suspect starting to enforce
this will be very disruptive and inappropriate for a nomad point
release.  As such, we maintain current behavior that doesn't require
passing the proper namespace in request.  A future major release may
start enforcing checking declared namespace.
2019-10-08 12:59:22 -04:00
Michael Schurter 59e0b67c7f connect: task hook for bootstrapping envoy sidecar
Fixes #6041

Unlike all other Consul operations, boostrapping requires Consul be
available. This PR tries Consul 3 times with a backoff to account for
the group services being asynchronously registered with Consul.
2019-08-22 08:15:32 -07:00
Mahmood Ali 33ff8c3e8d tests: expect Docker on AppVeyor
Prepare to run docker on AppVeyor Windows environment
2019-02-20 07:41:47 -05:00
Mahmood Ali 0ba7b0c132 tests: helper function for checking docker presense 2019-01-07 08:27:06 -05:00
Alex Dadgar de98774f2c Add test and docs 2018-05-31 18:05:03 -07:00
Michael Schurter d687761ebf rkt: test Stats() and always run tests
Remove the NOMAD_TEST_RKT flag as a guard for rkt tests. Still require
Linux, root, and rkt to be installed. Only check for rkt installation
once in hopes of speeding up rkt tests a bit.
2018-04-24 11:05:42 -07:00
Michael Schurter 5032bf4f5a Skip tests that require root when not root
Also skip Chown on allocdir migration on Windows and when non-root.
Windows doesn't support it, and it will always fail as a non-root user.
2017-12-12 16:58:27 -08:00
Alex Dadgar 99c81b5848 Skip if no docker 2017-10-19 16:55:10 -07:00
Alex Dadgar c62cd5cc55 Revendor docker client 2017-02-14 17:34:05 -08:00
Diptanu Choudhury e893e71e21 Moved the dockerIsConnected to testutils 2016-03-25 17:15:51 -07:00
Alex Dadgar f210fcd1a6 Merge pull request #380 from hashicorp/f-daemonize
Improve spawn-daemon and Nomad Client usage of it
2015-11-04 16:44:50 -08:00
Alex Dadgar d83777f198 Make a basic executor that can be shared and fix some fingerprinting/tests 2015-11-03 12:47:48 -08:00
Alex Dadgar 2781cbbde1 Exec driver only applies on linux as root 2015-10-28 17:22:04 -07:00
Alex Dadgar 9f7dcc4ced Use same binary as Fingerprint in the QemuCompatible function 2015-10-28 10:28:53 -07:00
Alex Dadgar a5a1e45f4b Get Qemu to fingerprint and test properly on both windows and linux 2015-10-27 15:27:11 -07:00
Abhishek Chanda 70293e9bc8 Run gofmt 2015-10-26 19:24:37 +00:00
Abhishek Chanda 6ecab13b5d Cleanup tests
- Consolidate checking if non-windows and if qemu is installed
- Fix non-windows check
2015-10-23 14:19:22 -07:00
Abhishek Chanda ba362fae07 Run gofmt 2015-10-07 22:24:16 +00:00
Abhishek Chanda 4be849445d Fix function call
Make it skip if rkt is not installed
2015-10-06 15:56:39 -07:00
Abhishek Chanda 528632da3d Add missing import and remove unsued one 2015-10-06 15:56:39 -07:00
Abhishek Chanda ab6d756dfe Remove a stray comment 2015-10-06 15:56:39 -07:00
Abhishek Chanda b6b7d9e875 Add a test fort he rkt driver 2015-10-06 15:56:39 -07:00
Alex Dadgar 3cea4288b9 Merge qemu test 2015-09-25 16:49:14 -07:00
Alex Dadgar 6725cbb3f5 Mount shared alloc dir, modified API and tests 2015-09-25 16:46:41 -07:00
Alex Dadgar e095664c49 Guard tests 2015-09-22 17:10:03 -07:00