Michael Schurter
dfd2967cdb
Merge pull request #3376 from hashicorp/f-node-acls
...
Allow Node.SecretID for Node.GetNode and Allocs.GetAlloc
2017-10-13 11:51:48 -07:00
Michael Schurter
93cea382dd
Remove support for pre-0.5 nodes
...
Nodes before 0.5 did not have a SecretID. Since SecretID is now a
required field and 0.4.x is >2 point releases ago, drop support for it.
2017-10-13 11:28:47 -07:00
Michael Schurter
15b991e039
base64 migrate token
...
HTTP header values must be ASCII.
Also constant time compare tokens and test the generate and compare
helper functions.
2017-10-13 10:59:13 -07:00
Alex Dadgar
56c4a50ba1
vault_grace doc
2017-10-13 10:15:44 -07:00
Alex Dadgar
85178d6048
rkt remove allocid
2017-10-13 10:07:50 -07:00
Alex Dadgar
949fce4fee
Merge pull request #3382 from sheerun/patch-5
...
Remove AllocID from ExecutorContext
2017-10-13 10:06:06 -07:00
Michael Schurter
6a1a509ea5
Fix Request.SecretID -> Request.AuthToken
2017-10-13 09:56:56 -07:00
Alex Dadgar
87f550403b
Merge pull request #3379 from sheerun/docs-1
...
Fix typo: job -> task
2017-10-13 09:51:35 -07:00
Adam Stankiewicz
cefbc72b49
Remove AllocID from ExecutorContext
2017-10-13 17:07:49 +02:00
Adam Stankiewicz
eb4dd2f3ba
Fix typo: job -> task
2017-10-13 11:51:17 +02:00
Michael Lange
4a35f3c5a5
Handle 403s gracefully
...
- When a list 403s, treat it as if it were empty
- When a single resource 403s, redirect to an application error page
that has a backdoor link to the tokens page
2017-10-12 17:40:49 -07:00
Michael Lange
f6f024235e
Handle the case where hash.Members is undefined
2017-10-12 17:40:04 -07:00
Michael Lange
1f6ce06744
Specialized error for 403s that links to the ACLs page
2017-10-12 17:24:32 -07:00
Michael Lange
f081bf57ec
Merge pull request #3358 from hashicorp/f-ui-namespaces
...
UI for Namespaces (enterprise only)
2017-10-12 17:22:15 -07:00
Michael Schurter
021b4c1ae9
Fix AuthToken use on Node.GetAllocs
2017-10-12 17:12:41 -07:00
Michael Schurter
15b3df0b80
Merge pull request #3374 from hashicorp/f-auth-token
...
SecretID -> AuthToken
2017-10-12 16:57:49 -07:00
Michael Schurter
4a70d4356a
Alloc watcher must send Node.SecretID as AuthToken
...
An auth token is required if ACLs are enabled
2017-10-12 16:38:02 -07:00
Michael Schurter
ab7b6d1315
Allow Node.SecretID for GetNode and GetAlloc
2017-10-12 16:27:33 -07:00
Alex Dadgar
686c332d12
Merge pull request #3372 from hashicorp/b-versions
...
Fix sorting of job versions
2017-10-12 15:48:01 -07:00
Alex Dadgar
5940a1fbde
Merge pull request #3373 from hashicorp/f-403
...
Permission denied results in 403
2017-10-12 15:47:29 -07:00
Alex Dadgar
d6b970eec9
Handle invalid token as well
2017-10-12 15:39:05 -07:00
Michael Schurter
a003e3dd43
Add StateStore.NodeBySecretID
2017-10-12 15:27:29 -07:00
Michael Schurter
51bce7b1a3
Add index to Node.SecretID
2017-10-12 15:21:20 -07:00
Michael Schurter
84d8a51be1
SecretID -> AuthToken
2017-10-12 15:16:33 -07:00
Michael Schurter
a75e039c46
Merge pull request #3371 from hashicorp/d-sentinel-link
...
Link to the Sentinel docs from the guide
2017-10-12 14:33:58 -07:00
Alex Dadgar
0b538ded83
403 instead of 500 for permission denied
2017-10-12 14:10:20 -07:00
Alex Dadgar
b5fc557253
ACL command options
2017-10-12 13:51:39 -07:00
Alex Dadgar
259595bcdb
changelog
2017-10-12 13:36:46 -07:00
Alex Dadgar
e7e18c931c
Fix sorting of job versions
...
Fixes an issue in which the versions were improperly sorted which would
cause pruning of the wrong job version. This essentially meant that job
versions above 255 would be dropped from the job version table (note
this was due to the prefix walk crossing from the 1-byte to 2-byte
threshold).
Fixes https://github.com/hashicorp/nomad/issues/3357
2017-10-12 13:33:55 -07:00
Michael Lange
303eb3279b
Merge pull request #3370 from hashicorp/b-ui-release-error-state-on-transition
...
Allow users to escape error pages with the back button
2017-10-12 13:03:31 -07:00
Rob Genova
316a4e0ac2
Update sentinel-policy.html.markdown
2017-10-12 12:56:55 -07:00
Michael Lange
be0920d3ca
Allow users to escape error pages with the back button
2017-10-12 12:35:00 -07:00
Michael Lange
bdbc4dfec7
Add a generic catch-all error message
2017-10-12 12:34:10 -07:00
Michael Schurter
06ad18bd15
Merge pull request #3362 from hashicorp/b-3326-malformed-consul-resp
...
Don't panic on unexpeced Consul response
2017-10-12 11:34:40 -07:00
Alex Dadgar
ca1da307e3
Merge pull request #3361 from hashicorp/d-ui
...
UI command documentation
2017-10-12 09:42:22 -07:00
Alex Dadgar
eafaba0e81
Update ui.html.md.erb
2017-10-12 09:42:11 -07:00
Michael Schurter
e9c17c56d1
Merge pull request #3353 from hashicorp/f-acl-prefix-search
...
Prefix Search ACL enforcement
2017-10-11 20:26:03 -07:00
Michael Schurter
59ff94cd71
Don't panic on unexpeced Consul response
...
Fixes #3326
2017-10-11 18:25:54 -07:00
Alex Dadgar
0c529f87a5
UI command documentation
2017-10-11 18:24:58 -07:00
Alex Dadgar
b1befc7be0
Merge pull request #3360 from hashicorp/f-consul-template
...
Use Vault default grace
2017-10-11 18:11:17 -07:00
Alex Dadgar
68d1a61e8e
fix test
2017-10-11 18:11:03 -07:00
Alex Dadgar
7ea4493a13
Merge pull request #3322 from hashicorp/f-authenticated-volumes
...
Authenticated client volumes
2017-10-11 18:09:21 -07:00
Alex Dadgar
d34c6e0135
fix test
2017-10-11 18:08:37 -07:00
Michael Schurter
2673481a48
Refactor permissions checks into funcs
...
funcs are in the _oss file to ease creating Enterprise versions which
support Quotas and Namespaces.
2017-10-11 18:05:27 -07:00
Alex Dadgar
961eb4c40e
documentation
2017-10-11 17:48:18 -07:00
Alex Dadgar
7efeb06713
changelog
2017-10-11 17:43:14 -07:00
Alex Dadgar
1b3af355a6
vendor consul-template
2017-10-11 17:23:09 -07:00
Alex Dadgar
ea4e9ed027
Change vault_grace default to match vaults
2017-10-11 17:20:12 -07:00
Alex Dadgar
53f2ea88a5
Small fixes
...
This commit:
* Fixes the error checking in migration tests now that we are using the
canonical ErrPermissionDenied error
* Guard against NPE when looking up objects to generate the migration
token
* Handle an additional case in ShouldMigrate()
2017-10-11 17:13:50 -07:00
Chelsea Holland Komlo
c67bfc2ee4
fixups from code review
...
change creation of a migrate token to be for a previous allocation
2017-10-11 17:13:50 -07:00