Commit graph

23492 commits

Author SHA1 Message Date
Seth Hoenig dcda57e729 nsd: add support for setting headers on nomad service http checks
This PR enables setting of the headers block on services registered
into Nomad's service provider. Works just like the existing support
in Consul checks.
2022-08-03 10:06:44 -05:00
Seth Hoenig 067aa00a6a
Merge pull request #13953 from hashicorp/f-nsd-check-methods
nsd: add support for specifying check.method in nomad service checks
2022-08-03 08:28:38 -05:00
Seth Hoenig 103a21c880 ui: fix bug where allocation memory usage is always zero
This PR fixes a bug where allocation memory usage is always zero on
Linux systems where the kernel is configured to use cgroups v2.
2022-08-02 17:04:02 -05:00
Piotr Kazmierczak 530280505f
client: enable specifying user/group permissions in the template stanza (#13755)
* Adds Uid/Gid parameters to template.

* Updated diff_test

* fixed order

* update jobspec and api

* removed obsolete code

* helper functions for jobspec parse test

* updated documentation

* adjusted API jobs test.

* propagate uid/gid setting to job_endpoint

* adjusted job_endpoint tests

* making uid/gid into pointers

* refactor

* updated documentation

* updated documentation

* Update client/allocrunner/taskrunner/template/template_test.go

Co-authored-by: Luiz Aoqui <luiz@hashicorp.com>

* Update website/content/api-docs/json-jobs.mdx

Co-authored-by: Luiz Aoqui <luiz@hashicorp.com>

* propagating documentation change from Luiz

* formatting

* changelog entry

* changed changelog entry

Co-authored-by: Luiz Aoqui <luiz@hashicorp.com>
2022-08-02 22:15:38 +02:00
Jai 13bf88fdf7
refact: default dropdown option based on model (#13969) 2022-08-02 13:23:09 -04:00
Michele Degges e43744f45f
[CI-only] Use pattern matching for release_branches (#13857)
### Description
Pattern matching was [recently added](https://github.com/hashicorp/crt-orchestrator/pull/51) so that teams no longer have to explicitly list every branch that should trigger the CRT pipeline. This simplifies release preparation- anytime a new release branch is created, it will produce releasable artifacts and exercise the full pipeline.

### Testing & Reproduction steps
This has been tested in multiple projects since being rolled out. There are no nomad-specific tests that need to be done.

### Links
PR where this functionality was added: https://github.com/hashicorp/crt-orchestrator/pull/51

### PR Checklist

* [ ] updated test coverage
* [ ] external facing docs updated
* [X] not a security concern
2022-08-02 09:38:33 -07:00
Seth Hoenig 6c171c54c2
Merge pull request #13968 from hashicorp/b-fix-flakey-tcp-check-test
checks: better goroutine handling for test tcp server
2022-08-02 10:43:48 -05:00
Seth Hoenig 0b65950637 checks: better goroutine handling for test tcp server
This PR hopefully fixes a race condition of our little test tcp server
that the check observer is making connections against for test cases.

The tcp listener would either startup too slow or exit too soon.
2022-08-02 10:31:12 -05:00
James Rasell bb5b510c9d
cli: do not import structs, use API package only. (#13938) 2022-08-02 16:33:08 +02:00
Seth Hoenig c5af63c281
Merge pull request #13962 from hashicorp/f-update-aws-env
build: update aws env cpu info
2022-08-02 09:14:00 -05:00
Tim Gross e025afdf87
docs: concepts for secure variables and workload identity (#13764)
Includes concept docs for secure variables, concept docs for workload
identity, and an operations docs for keyring management.
2022-08-02 10:06:26 -04:00
Eric Weber cbce13c1ac
Add stage_publish_base_dir field to csi_plugin stanza of a job (#13919)
* Allow specification of CSI staging and publishing directory path
* Add website documentation for stage_publish_dir
* Replace erroneous reference to csi_plugin.mount_config with csi_plugin.mount_dir
* Avoid requiring CSI plugins to be redeployed after introducing StagePublishDir
2022-08-02 09:42:44 -04:00
Tim Gross e5ac6464f6
secure vars: enforce ENT quotas (OSS work) (#13951)
Move the secure variables quota enforcement calls into the state store to ensure
quota checks are atomic with quota updates (in the same transaction).

Switch to a machine-size int instead of a uint64 for quota tracking. The
ENT-side quota spec is described as int, and negative values have a meaning as
"not permitted at all". Using the same type for tracking will make it easier to
the math around checks, and uint64 is infeasibly large anyways.

Add secure vars to quota HTTP API and CLI outputs and API docs.
2022-08-02 09:32:09 -04:00
Seth Hoenig 20b26d32bb
Merge pull request #13956 from hashicorp/build-update-golang
build: update to go1.18.5
2022-08-02 08:01:49 -05:00
Seth Hoenig 90972707f9 build: update aws env cpu info 2022-08-02 07:59:58 -05:00
Tim Gross f14fafe914
docs: fix path for quota/usage API (#13952) 2022-08-02 08:46:45 -04:00
Seth Hoenig 35c76098d6 build: update to go1.18.5 2022-08-02 07:36:35 -05:00
Seth Hoenig a4d4a76994 nsd: add support for specifying check.method in nomad service checks
Unblock 'check.method' in service validation. Add tests around making
sure this value gets plumbed through.
2022-08-01 16:13:48 -05:00
Jai e9273cafed
add namespace to path matching algorithm (#13948)
* refact:  namespace should be bound property

* chore: pass bound namespace property in template

* chore: update tests to account for bound namespace refactoring

* test: add test coverage for factoring namespace in path matching algo
2022-08-01 15:33:47 -04:00
Tim Gross 6c080e0b10
e2e: move namespaces test out of legacy framework (#13934)
This PR continues work we've started on other test suites to use the native
golang test runner instead of the custom framework.
2022-08-01 13:24:34 -04:00
Seth Hoenig fb740a6335
Merge pull request #13944 from hashicorp/deps-update-raft
deps: update raft library
2022-08-01 10:35:17 -05:00
Seth Hoenig 965c47ae5c
Merge pull request #13941 from hashicorp/deps-update-test
deps: update test package
2022-08-01 10:14:18 -05:00
Seth Hoenig 642f16dba3 deps: update raft library
Another attempt at resolving the flakey TestNomad_BootstrapExpect_NonVoter
2022-08-01 09:56:08 -05:00
James Rasell 66b23dc588
deps: update stringer version installed to bring generics fix (#13942) 2022-08-01 16:50:58 +02:00
Seth Hoenig 0417492bba deps: update test package
Upgrading to v0.3.0 gives us the ability to add more context to test
case failures.

https://github.com/shoenig/test/pull/23
2022-08-01 08:53:00 -05:00
Tim Gross 8404f998f7
fix flaky TestAgent_ProxyRPC_Dev test (#13925)
This test is a fairly trivial test of the agent RPC, but the test setup waits
for a short fixed window after the node starts to send the RPC. After looking at
detailed logs for recent test failures, it looks like the node registration for
the first node doesn't get a chance to happen before we make the RPC call. Use
`WaitForResultUntil` to give the test more time to run in slower test
environments, while allowing it to finish quickly if possible.
2022-07-28 14:47:15 -04:00
Tim Gross e093b7d5c1
test: disable docker OOM detection test on cgroups v2 (#13928)
OOM detection under cgroups v2 is flaky under versions of `containerd` before
v1.6.3, but our `containerd` dependency is transitive on `moby/moby`, who have
not yet updated. Disable this test for cgroups v2 environments until we can
update the dependency chain.
2022-07-28 14:47:06 -04:00
Tim Gross eb06c25d5f
deps: remove deprecated net/context (#13932)
The `golang.org/x/net/context` package was merged into the stdlib as of go
1.7. Update the imports to use the identical stdlib version. Clean up import
blocks for the impacted files to remove unnecessary package aliasing.
2022-07-28 14:46:56 -04:00
Lars Lehtonen a80df0480e
testing: fix dropped test errors in command/agent (#13926) 2022-07-28 11:04:31 -04:00
Seth Hoenig 55428f4a04
Merge pull request #13923 from hashicorp/docs-website-via-podman
website: enable setting custom tool for launching website dev container
2022-07-26 10:40:10 -05:00
Seth Hoenig 6f4fda3999 website: enable setting custom tool for launching website dev container
When working in a podman environment, it's nice to just run the website
development container using podman.
2022-07-26 09:15:03 -05:00
asymmetric b89718d70e
Update filesystem.mdx (#13738)
fix alloc working directory path
2022-07-25 10:25:48 -04:00
Scott Holodak 12ef89a61a
docs: fix placement for scaling and csi_plugin (#13892) 2022-07-25 10:06:59 -04:00
Jai 7d90d22956
ui: add namespace filter to variables.index (#13618)
* ui: add namespace filter feature

ui:  add namespace filtering to variables.index

test:  namespace filter

refact:  fix action in template

ui:  move data fetching and query param logic to

ui:  controller query parameter logic

ui:  prevent  from forwarding query param

ui:  create variables controller

refact:  use dependency injection for controlling parent qp

chore: clean-up reset in  route

chore:  clean-up reset in  route

* ui:  add namespace filter to secure var form (#13629)

ui:  update variable factory to accept namespaces

refact:  update  api to accept disabled

ui:  add namespace setting logic to form

refact:  remove debugger

refact:  get correct selectors for

ui:  move data loading to namespace-filter component

chore:  prettify template

ui: update factory to handle namespace setting

refact:  remove inline styling for grid class

* ui:  fix placement of filter in `SecureVariablesForm` (#13762)

* refact:  conditionally render css class

* chore:  remove unused CSS property

* refact:  edit path-input class to prevent textarea override

* refact:  inject missing store service (#13763)

* chore:  patch fixes for when no default namespace is available (#13782)

* test:  add tests for namespace filtering conditions (#13816)

* test:  add tests for namespace filtering and namespaces appearing in form

* patch namespace related issue to saving and querying (#13825)

* refact:  use namespace id, not entity

* refact:  update adapter to edit request to include qp

* ui: early exit if no snapshot

* refact:  test passes wrong interface to method

* chore:  add missing url update URL builder

* refact:  model in  doesn't have absolutePath

* Align error message

* chore:  update tests (#13905)

* chore:  patch brittle tests with better selectors

* chore:  update assertion count

Co-authored-by: Phil Renaud <phil@riotindustries.com>
2022-07-22 16:05:35 -04:00
Luiz Aoqui 6c31a51919
changelog: add entry for #13865 and #13866 (#13901) 2022-07-22 15:19:33 -04:00
Seth Hoenig c2e0a7c278
Merge pull request #13894 from hashicorp/cleanup-remove-darwin-lib
cleanup: remove unneeded darwin lib
2022-07-22 14:03:22 -05:00
Seth Hoenig 2f20a75d38 cl: add cl about removing lib/darwin library 2022-07-22 14:02:58 -05:00
Charlie Voiselle 456ad33b7c
Fix link (#13881) 2022-07-22 12:27:45 -04:00
Seth Hoenig 9536aaddc6 cleanup: remove unneeded darwin lib 2022-07-22 10:33:45 -05:00
Tim Gross 04677d205e
block deleting namespace if it contains a secure variable (#13888)
When we delete a namespace, we check to ensure that there are no non-terminal
jobs or CSI volume, which also covers evals, allocs, etc. Secure variables are
also namespaces, so extend this check to them as well.
2022-07-22 10:06:35 -04:00
Seth Hoenig 5aaa31a6dc
Merge pull request #13882 from hashicorp/cleanup-onupdate-consts
cleanup: use constants for on_update values
2022-07-22 08:58:36 -05:00
Tim Gross c7a11a86c6
block deleting namespaces if the namespace contains a volume (#13880)
When we delete a namespace, we check to ensure that there are no non-terminal
jobs, which effectively covers evals, allocs, etc. CSI volumes are also
namespaced, so extend this check to cover CSI volumes.
2022-07-21 16:13:52 -04:00
Seth Hoenig d8fe1d10ba cleanup: use constants for on_update values 2022-07-21 13:09:47 -05:00
Michael Schurter 0d1c9a53a4
docs: clarify submit-job allows stopping (#13871) 2022-07-21 10:18:57 -07:00
Seth Hoenig c61e779b48
Merge pull request #13715 from hashicorp/dev-nsd-checks
client: add support for checks in nomad services
2022-07-21 10:22:57 -05:00
Seth Hoenig 606e3ebdd4 client: updates from pr feedback 2022-07-21 09:54:27 -05:00
Seth Hoenig 8e6eeaa37e
Merge pull request #13869 from hashicorp/b-uniq-services-2
servicedisco: ensure service uniqueness in job validation
2022-07-21 08:24:24 -05:00
Seth Hoenig 67c6336c67
Merge pull request #13870 from hashicorp/exp-fp-optimization
client: use test timeouts for network fingerprinters in dev mode
2022-07-21 08:18:02 -05:00
Tim Gross d11da1df5c
workload identity: use parent ID for dispatch/periodic jobs (#13748)
Workload identities grant implicit access to policies, and operators
will not want to craft separate policies for each invocation of a
periodic or dispatch job. Use the parent job's ID as the JobID claim.
2022-07-21 09:05:54 -04:00
Tim Gross 9c43c28575
search: use secure vars ACL policy for secure vars context (#13788)
The search RPC used a placeholder policy for searching within the secure
variables context. Now that we have ACL policies built for secure variables, we
can use them for search. Requires a new loose policy for checking if a token has
any secure variables access within a namespace, so that we can filter on
specific paths in the iterator.
2022-07-21 08:39:36 -04:00