Commit Graph

17 Commits

Author SHA1 Message Date
James Rasell 1f877bac1c
acl: fix encoding expiration time in ACL token list API. (#14542) 2022-09-12 15:50:35 +02:00
James Rasell 601588df6b
Merge branch 'main' into f-gh-13120-sso-umbrella-merged-main 2022-08-25 12:14:29 +01:00
Tim Gross bf57d76ec7
allow ACL policies to be associated with workload identity (#14140)
The original design for workload identities and ACLs allows for operators to
extend the automatic capabilities of a workload by using a specially-named
policy. This has shown to be potentially unsafe because of naming collisions, so
instead we'll allow operators to explicitly attach a policy to a workload
identity.

This changeset adds workload identity fields to ACL policy objects and threads
that all the way down to the command line. It also a new secondary index to the
ACL policy table on namespace and job so that claim resolution can efficiently
query for related policies.
2022-08-22 16:41:21 -04:00
James Rasell 2736cf0dfa
acl: make listing RPC and HTTP API a stub return object. (#14211)
Making the ACL Role listing return object a stub future-proofs the
endpoint. In the event the role object grows, we are not bound by
having to return all fields within the list endpoint or change the
signature of the endpoint to reduce the list return size.
2022-08-22 17:20:23 +02:00
James Rasell f5d8cb2d90
api: add ACL role linking to ACL tokens. 2022-08-17 14:45:32 +01:00
James Rasell 8724974683
api: add ACL Role API implementation for CRUD actions. 2022-08-11 08:44:37 +01:00
James Rasell 2c540b03c5
api: use errors.New not fmt.Errorf when error doesn't have format. (#14027)
* api: use errors.New not fmt.Errorf when error doesn't have format.

* semgrep: add rule to catch fmt.Errorf use without formatting.
2022-08-05 17:05:47 +02:00
James Rasell f6d12a3c00
acl: enable configuration and visualisation of token expiration for users (#13846)
* api: add ACL token expiry params to HTTP API

* cli: allow setting and displaying ACL token expiry
2022-07-20 10:06:23 +02:00
James Rasell 0c0b028a59
core: allow deleting of evaluations (#13492)
* core: add eval delete RPC and core functionality.

* agent: add eval delete HTTP endpoint.

* api: add eval delete API functionality.

* cli: add eval delete command.

* docs: add eval delete website documentation.
2022-07-06 16:30:11 +02:00
Lance Haig 4bf27d743d
Allow Operator Generated bootstrap token (#12520) 2022-06-03 07:37:24 -04:00
Tim Gross 75878f978e HTTP API support for 'nomad ui -login'
Endpoints for requesting and exchanging one-time tokens via the HTTP
API. Includes documentation updates.
2021-03-10 08:17:56 -05:00
Alex Dadgar dd3920d681 Self token lookup 2017-10-13 13:12:20 -07:00
Armon Dadgar d49bc49274 api: full CRUD for ACL token API 2017-09-04 13:09:34 -07:00
Armon Dadgar 4512094058 api: support token listing 2017-09-04 13:09:34 -07:00
Armon Dadgar 1e9f19ef40 api: support querying policies 2017-09-04 13:09:34 -07:00
Armon Dadgar 41249d9b6a api: support policy delete 2017-09-04 13:09:34 -07:00
Armon Dadgar 147471ffbf api: Adding support for ACL tokens 2017-09-04 13:09:34 -07:00