Commit graph

19 commits

Author SHA1 Message Date
Chris Baker 719077a26d added new policy capabilities for recommendations API
state store: call-out to generic update of job recommendations from job update method
recommendations API work, and http endpoint errors for OSS
support for scaling polices in task block of job spec
add query filters for ScalingPolicy list endpoint
command: nomad scaling policy list: added -job and -type
2020-10-28 14:32:16 +00:00
Mahmood Ali 1200c8185f handle when hcl parser panics
Apparently `\` followed by a digit number can cause hcl parser to panic!
Will fix in hcl library, but using a hammer to squash any similar issue
here.
2020-08-24 20:35:58 -04:00
Chris Baker 5979d6a81e more testing for ScalingPolicy, mainly around parsing and canonicalization for Min/Max 2020-03-24 19:43:50 +00:00
Chris Baker ca49563c94 added new ACL capabilities related to autoscaling:
- read-job-scaling
- scale-job
- list-scaling-policies
- read-scaling-policy

updated the read and right policy dispositions, added the new autoscaler disposition
2020-03-24 14:38:58 +00:00
Lang Martin 6b6ae6c2bd csi: ACLs for plugin endpoints (#7380)
* acl/policy: add PolicyList for global ACLs

* acl/acl: plugin policy

* acl/acl: maxPrivilege is required to allow "list"

* nomad/csi_endpoint: enforce plugin access with PolicyPlugin

* nomad/csi_endpoint: check job ACL swapped params

* nomad/csi_endpoint_test: test alloc filtering

* acl/policy: add namespace csi-register-plugin

* nomad/job_endpoint: check csi-register-plugin ACL on registration

* nomad/job_endpoint_test: add plugin job cases
2020-03-23 13:59:25 -04:00
Lang Martin b596e67f47 csi: implement volume ACLs (#7339)
* acl/policy: add the volume ACL policies

* nomad/csi_endpoint: enforce ACLs for volume access

* nomad/search_endpoint_oss: volume acls

* acl/acl: add plugin read as a global policy

* acl/policy: add PluginPolicy global cap type

* nomad/csi_endpoint: check the global plugin ACL policy

* nomad/mock/acl: PluginPolicy

* nomad/csi_endpoint: fix list rebase

* nomad/core_sched_test: new test since #7358

* nomad/csi_endpoint_test: use correct permissions for list

* nomad/csi_endpoint: allowCSIMount keeps ACL checks together

* nomad/job_endpoint: check mount permission for jobs

* nomad/job_endpoint_test: need plugin read, too
2020-03-23 13:59:25 -04:00
Danielle Lancashire 91bb67f713
acls: Break mount acl into mount-rw and mount-ro 2019-08-21 21:17:30 +02:00
Danielle Lancashire 5f734652f2
acl: Add HostVolume ACLs
This adds an initial implementation of ACLs for HostVolumes.

Because HostVolumes are a cluster-wide resource, they cannot be tied to
a namespace, thus here we allow similar wildcard definitions based on
their names, tied to a set of capabilities.

Initially, the only available capabilities are deny, or mount. These
may be extended in the future to allow read-fs, mount-readonly and
similar capabilities.
2019-08-12 15:39:09 +02:00
Mahmood Ali 40e62a6f17 Add ACL capabilities for nomad exec
This adds `alloc-exec` capability to allow operator to execute command into a
running task.  Furthermore, it adds `alloc-node-exec` capability, required when
the alloc task is raw_exec or a driver with no FSIsolation.
2019-04-30 14:02:16 -04:00
Danielle Tomlinson 803e1a8b86 acl: Add alloc-lifecycle namespace capability
This capability will gate access to features that allow interacting with
a running allocation, for example, signalling, stopping, and rescheduling
specific allocations.
2019-04-01 11:35:09 +02:00
Chelsea Holland Komlo bcfebe032b update error message for invalid policy 2017-10-17 12:21:38 -04:00
Chelsea Holland Komlo a90205f16e policy must specify at least one namespace 2017-10-17 12:12:54 -04:00
Alex Dadgar c1cc51dbee sync 2017-10-13 14:36:02 -07:00
Chelsea Komlo 7c8a5228d4 Merge pull request #3290 from hashicorp/f-acl-job-dispatch
Add ACL for dispatch job
2017-10-06 13:33:21 -04:00
Chelsea Holland Komlo 10528b01ba fix up policy test 2017-09-29 21:22:36 +00:00
Alex Dadgar 4173834231 Enable more linters 2017-09-26 15:26:33 -07:00
Alex Dadgar e5ec915ac3 sync 2017-09-19 10:08:23 -05:00
Armon Dadgar a0c3787a9e acl: adding validation to the namespace name 2017-09-04 13:03:14 -07:00
Armon Dadgar 4c3373cdef acl: Adding policy parsing with tests 2017-09-04 13:03:14 -07:00