open-nomad/client/allocrunner
Tim Gross 1fb1c9c5d4
artifact/template: make destination path absolute inside taskdir (#9149)
Prior to Nomad 0.12.5, you could use `${NOMAD_SECRETS_DIR}/mysecret.txt` as
the `artifact.destination` and `template.destination` because we would always
append the destination to the task working directory. In the recent security
patch we treated the `destination` absolute path as valid if it didn't escape
the working directory, but this breaks backwards compatibility and
interpolation of `destination` fields.

This changeset partially reverts the behavior so that we always append the
destination, but we also perform the escape check on that new destination
after interpolation so the security hole is closed.

Also, ConsulTemplate test should exercise interpolation
2020-10-22 15:47:49 -04:00
..
interfaces client: add NetworkStatus to Allocation (#8657) 2020-10-12 13:43:04 -04:00
state client: add NetworkStatus to Allocation (#8657) 2020-10-12 13:43:04 -04:00
taskrunner artifact/template: make destination path absolute inside taskdir (#9149) 2020-10-22 15:47:49 -04:00
alloc_runner.go Implement 'batch mode' for persisting allocations on the client. (#9093) 2020-10-20 16:15:37 -04:00
alloc_runner_hooks.go Consul with CNI and host_network addresses (#9095) 2020-10-15 15:32:21 -04:00
alloc_runner_test.go task lifecycle poststart: code review fixes 2020-08-31 13:22:41 -07:00
alloc_runner_unix_test.go tests: restart restartpolicy for all tasks in tests 2020-03-24 21:52:48 -04:00
allocdir_hook.go client: cleanup and document context uses 2019-03-12 15:03:54 -07:00
config.go consul/connect: dynamically select envoy sidecar at runtime 2020-10-13 09:14:12 -05:00
consul_grpc_sock_hook.go consul/connect: add initial support for ingress gateways 2020-08-21 16:21:54 -05:00
consul_grpc_sock_hook_test.go consul/connect: add support for bridge networks with connect native tasks 2020-07-29 09:26:01 -05:00
consul_http_sock_hook.go consul/connect: fixup some spelling, comments, consts 2020-07-29 09:26:01 -05:00
consul_http_sock_hook_test.go consul/connect: add support for bridge networks with connect native tasks 2020-07-29 09:26:01 -05:00
csi_hook.go csi: fix incorrect comment on csi_hook context lifetime 2020-10-09 11:03:51 -04:00
groupservice_hook.go Consul with CNI and host_network addresses (#9095) 2020-10-15 15:32:21 -04:00
groupservice_hook_test.go consul/connect: fixup tests to use new consul sdk 2020-08-24 12:02:41 -05:00
health_hook.go add default update stanza and max_parallel=0 disables deployments (#6191) 2019-09-02 10:30:09 -07:00
health_hook_test.go health: fail health if any task is pending 2020-03-22 11:13:41 -04:00
migrate_hook.go client: cleanup and document context uses 2019-03-12 15:03:54 -07:00
network_hook.go client: add NetworkStatus to Allocation (#8657) 2020-10-12 13:43:04 -04:00
network_hook_test.go client: add NetworkStatus to Allocation (#8657) 2020-10-12 13:43:04 -04:00
network_manager_linux.go ar: support opting into binding host ports to default network IP (#8321) 2020-07-06 18:51:46 -04:00
network_manager_linux_test.go ar: rearrange network hook to support building on windows 2019-07-31 01:03:19 -04:00
network_manager_nonlinux.go ar: refactor network bridge config to use go-cni lib (#6255) 2019-09-04 16:33:25 -04:00
networking.go client: add NetworkStatus to Allocation (#8657) 2020-10-12 13:43:04 -04:00
networking_bridge_linux.go client: add NetworkStatus to Allocation (#8657) 2020-10-12 13:43:04 -04:00
networking_cni.go client: add NetworkStatus to Allocation (#8657) 2020-10-12 13:43:04 -04:00
task_hook_coordinator.go client: remove shortcircuit preventing poststart hooks from running 2020-08-11 09:48:24 -07:00
task_hook_coordinator_test.go test: add allocrunner test for poststart hooks 2020-08-12 09:54:14 -07:00
testing.go client: enable nomad client to request and set SI tokens for tasks 2020-01-31 19:03:38 -06:00
upstream_allocs_hook.go client: cleanup and document context uses 2019-03-12 15:03:54 -07:00
util.go allocrunnerv2 -> allocrunner 2018-10-16 16:56:56 -07:00