luxolus
/
open-nomad
2
0
Fork 0
Code Issues 1 Pull Requests Packages Releases Wiki Activity
open-nomad/api
History
grembo 7936c1e33f
Add `disable_file` parameter to job's `vault` stanza (#13343) 
This complements the `env` parameter, so that the operator can author
tasks that don't share their Vault token with the workload when using 
`image` filesystem isolation. As a result, more powerful tokens can be used 
in a job definition, allowing it to use template stanzas to issue all kinds of 
secrets (database secrets, Vault tokens with very specific policies, etc.), 
without sharing that issuing power with the task itself.

This is accomplished by creating a directory called `private` within
the task's working directory, which shares many properties of
the `secrets` directory (tmpfs where possible, not accessible by
`nomad alloc fs` or Nomad's web UI), but isn't mounted into/bound to the
container.

If the `disable_file` parameter is set to `false` (its default), the Vault token
is also written to the NOMAD_SECRETS_DIR, so the default behavior is
backwards compatible. Even if the operator never changes the default,
they will still benefit from the improved behavior of Nomad never reading
the token back in from that - potentially altered - location.
 		2023-06-23 15:15:04 -04:00
..
contexts node pools: implement CLI (#17388) 2023-06-02 15:49:57 -04:00
internal/testutil [api] Return a shapely error for unexpected response (#16743) 2023-05-22 11:45:31 -04:00
acl.go [COMPLIANCE] Add Copyright and License Headers 2023-04-10 15:36:59 +00:00
acl_test.go [COMPLIANCE] Add Copyright and License Headers 2023-04-10 15:36:59 +00:00
agent.go [COMPLIANCE] Add Copyright and License Headers 2023-04-10 15:36:59 +00:00
agent_test.go [COMPLIANCE] Add Copyright and License Headers 2023-04-10 15:36:59 +00:00
allocations.go node pools: implement support in scheduler (#17443) 2023-06-07 10:39:03 -04:00
allocations_exec.go [COMPLIANCE] Add Copyright and License Headers 2023-04-10 15:36:59 +00:00
allocations_test.go [COMPLIANCE] Add Copyright and License Headers 2023-04-10 15:36:59 +00:00
api.go [api] Return a shapely error for unexpected response (#16743) 2023-05-22 11:45:31 -04:00
api_test.go [COMPLIANCE] Add Copyright and License Headers 2023-04-10 15:36:59 +00:00
compose_test.go [COMPLIANCE] Add Copyright and License Headers 2023-04-10 15:36:59 +00:00
constraint.go [COMPLIANCE] Add Copyright and License Headers 2023-04-10 15:36:59 +00:00
constraint_test.go [COMPLIANCE] Add Copyright and License Headers 2023-04-10 15:36:59 +00:00
consul.go [COMPLIANCE] Add Copyright and License Headers 2023-04-10 15:36:59 +00:00
consul_test.go [COMPLIANCE] Add Copyright and License Headers 2023-04-10 15:36:59 +00:00
csi.go [COMPLIANCE] Add Copyright and License Headers 2023-04-10 15:36:59 +00:00
csi_test.go [COMPLIANCE] Add Copyright and License Headers 2023-04-10 15:36:59 +00:00
deployments.go [COMPLIANCE] Add Copyright and License Headers 2023-04-10 15:36:59 +00:00
error_unexpected_response.go compliance: add headers with fixed copywrite tool (#17353) 2023-05-30 09:20:32 -05:00
error_unexpected_response_test.go compliance: add headers with fixed copywrite tool (#17353) 2023-05-30 09:20:32 -05:00
evaluations.go [COMPLIANCE] Add Copyright and License Headers 2023-04-10 15:36:59 +00:00
evaluations_test.go [COMPLIANCE] Add Copyright and License Headers 2023-04-10 15:36:59 +00:00
event_stream.go node pools: add event stream support (#17412) 2023-06-06 10:14:47 -04:00
event_stream_test.go node pools: add event stream support (#17412) 2023-06-06 10:14:47 -04:00
fs.go [COMPLIANCE] Add Copyright and License Headers 2023-04-10 15:36:59 +00:00
fs_test.go [COMPLIANCE] Add Copyright and License Headers 2023-04-10 15:36:59 +00:00
go.mod [api] Return a shapely error for unexpected response (#16743) 2023-05-22 11:45:31 -04:00
go.sum [api] Return a shapely error for unexpected response (#16743) 2023-05-22 11:45:31 -04:00
ioutil.go [COMPLIANCE] Add Copyright and License Headers 2023-04-10 15:36:59 +00:00
ioutil_test.go [COMPLIANCE] Add Copyright and License Headers 2023-04-10 15:36:59 +00:00
jobs.go node pools: namespace integration (#17562) 2023-06-16 16:30:22 -04:00
jobs_test.go node pools: namespace integration (#17562) 2023-06-16 16:30:22 -04:00
keyring.go [COMPLIANCE] Add Copyright and License Headers 2023-04-10 15:36:59 +00:00
keyring_test.go [COMPLIANCE] Add Copyright and License Headers 2023-04-10 15:36:59 +00:00
namespace.go node pools: namespace integration (#17562) 2023-06-16 16:30:22 -04:00
namespace_test.go [api] Return a shapely error for unexpected response (#16743) 2023-05-22 11:45:31 -04:00
node_meta.go [COMPLIANCE] Add Copyright and License Headers 2023-04-10 15:36:59 +00:00
node_meta_test.go [COMPLIANCE] Add Copyright and License Headers 2023-04-10 15:36:59 +00:00
node_pools.go np: scheduler configuration updates (#17575) 2023-06-19 11:41:46 -04:00
node_pools_test.go node pools: implement CLI (#17388) 2023-06-02 15:49:57 -04:00
nodes.go node pools: register a node in a node pool (#17405) 2023-06-02 17:50:50 -04:00
nodes_test.go node pools: register a node in a node pool (#17405) 2023-06-02 17:50:50 -04:00
operator.go [api] Return a shapely error for unexpected response (#16743) 2023-05-22 11:45:31 -04:00
operator_autopilot.go [COMPLIANCE] Add Copyright and License Headers 2023-04-10 15:36:59 +00:00
operator_ent_test.go [COMPLIANCE] Add Copyright and License Headers 2023-04-10 15:36:59 +00:00
operator_metrics.go [COMPLIANCE] Add Copyright and License Headers 2023-04-10 15:36:59 +00:00
operator_metrics_test.go [COMPLIANCE] Add Copyright and License Headers 2023-04-10 15:36:59 +00:00
operator_test.go [COMPLIANCE] Add Copyright and License Headers 2023-04-10 15:36:59 +00:00
quota.go [COMPLIANCE] Add Copyright and License Headers 2023-04-10 15:36:59 +00:00
quota_test.go [COMPLIANCE] Add Copyright and License Headers 2023-04-10 15:36:59 +00:00
raw.go [COMPLIANCE] Add Copyright and License Headers 2023-04-10 15:36:59 +00:00
recommendations.go [COMPLIANCE] Add Copyright and License Headers 2023-04-10 15:36:59 +00:00
regions.go [COMPLIANCE] Add Copyright and License Headers 2023-04-10 15:36:59 +00:00
regions_test.go [COMPLIANCE] Add Copyright and License Headers 2023-04-10 15:36:59 +00:00
resources.go [COMPLIANCE] Add Copyright and License Headers 2023-04-10 15:36:59 +00:00
resources_test.go [COMPLIANCE] Add Copyright and License Headers 2023-04-10 15:36:59 +00:00
scaling.go [COMPLIANCE] Add Copyright and License Headers 2023-04-10 15:36:59 +00:00
scaling_test.go [COMPLIANCE] Add Copyright and License Headers 2023-04-10 15:36:59 +00:00
search.go [COMPLIANCE] Add Copyright and License Headers 2023-04-10 15:36:59 +00:00
search_test.go [COMPLIANCE] Add Copyright and License Headers 2023-04-10 15:36:59 +00:00
sentinel.go [COMPLIANCE] Add Copyright and License Headers 2023-04-10 15:36:59 +00:00
sentinel_test.go [COMPLIANCE] Add Copyright and License Headers 2023-04-10 15:36:59 +00:00
services.go check: Add support for Consul field tls_server_name (#17334) 2023-06-02 10:19:12 -04:00
services_test.go [COMPLIANCE] Add Copyright and License Headers 2023-04-10 15:36:59 +00:00
status.go [COMPLIANCE] Add Copyright and License Headers 2023-04-10 15:36:59 +00:00
status_test.go [COMPLIANCE] Add Copyright and License Headers 2023-04-10 15:36:59 +00:00
system.go [COMPLIANCE] Add Copyright and License Headers 2023-04-10 15:36:59 +00:00
system_test.go [COMPLIANCE] Add Copyright and License Headers 2023-04-10 15:36:59 +00:00
tasks.go Add `disable_file` parameter to job's `vault` stanza (#13343) 2023-06-23 15:15:04 -04:00
tasks_test.go Add `disable_file` parameter to job's `vault` stanza (#13343) 2023-06-23 15:15:04 -04:00
util_test.go api: enable support for setting original job source (#16763) 2023-04-11 08:45:08 -05:00
utils.go [COMPLIANCE] Add Copyright and License Headers 2023-04-10 15:36:59 +00:00
utils_test.go [COMPLIANCE] Add Copyright and License Headers 2023-04-10 15:36:59 +00:00
variables.go [api] Return a shapely error for unexpected response (#16743) 2023-05-22 11:45:31 -04:00
variables_test.go [COMPLIANCE] Add Copyright and License Headers 2023-04-10 15:36:59 +00:00