luxolus
/
open-nomad
2
0
Fork 0
Code Issues 1 Pull Requests Packages Releases Wiki Activity
open-nomad/nomad
History
Michael Schurter bd7b60712e
Accept Workload Identities for Client RPCs (#16254) 
This change resolves policies for workload identities when calling Client RPCs. Previously only ACL tokens could be used for Client RPCs.

Since the same cache is used for both bearer tokens (ACL and Workload ID), the token cache size was doubled.

---------

Co-authored-by: James Rasell <jrasell@users.noreply.github.com>
 		2023-02-27 10:17:47 -08:00
..
deploymentwatcher renamed stanza to block for consistency with other projects (#15941) 2023-01-30 15:48:43 +01:00
drainer cleanup: replace TypeToPtr helper methods with pointer.Of (#14151) 2022-08-17 18:26:34 +02:00
mock Accept Workload Identities for Client RPCs (#16254) 2023-02-27 10:17:47 -08:00
state CSI: fix potential state store corruptions (#16256) 2023-02-27 08:47:08 -05:00
stream eventstream: Handle missing policy documents in event streams (#15495) 2023-02-14 11:27:39 -05:00
structs Accept Workload Identities for Client RPCs (#16254) 2023-02-27 10:17:47 -08:00
volumewatcher volumewatcher: prevent panic on nil volume (#15101) 2022-11-01 16:53:10 -04:00
acl.go deps: upgrade to hashicorp/golang-lru/v2 (#16085) 2023-02-08 15:20:33 -06:00
acl_endpoint.go Accept Workload Identities for Client RPCs (#16254) 2023-02-27 10:17:47 -08:00
acl_endpoint_test.go acl: return 400 not 404 code when creating an invalid policy. (#16000) 2023-02-01 17:40:15 +01:00
acl_test.go acl: Fix panic when bogus token is passed (#15863) 2023-01-25 10:03:17 -05:00
alloc_endpoint.go metrics: Add RPC rate metrics to endpoints that validate TLS names (#15900) 2023-01-26 15:04:25 -05:00
alloc_endpoint_test.go WI: allow workloads to use RPCs associated with HTTP API (#15870) 2023-01-25 14:33:06 -05:00
autopilot.go autopilot: include only servers from the same region (#15290) 2022-11-17 12:09:36 -05:00
autopilot_oss.go migrate autopilot implementation to raft-autopilot (#14441) 2022-09-01 14:27:10 -04:00
autopilot_test.go autopilot: include only servers from the same region (#15290) 2022-11-17 12:09:36 -05:00
blocked_evals.go cleanup: remove more copies of min/max from helper 2022-08-24 09:56:15 -05:00
blocked_evals_stats.go metrics: even classless blocked evals get metrics 2022-07-15 14:12:44 -05:00
blocked_evals_stats_test.go metrics: even classless blocked evals get metrics 2022-07-15 14:12:44 -05:00
blocked_evals_system.go blocked_evals system evals indexed by job and node 2019-07-18 10:32:12 -04:00
blocked_evals_test.go ci: swap ci parallelization for unconstrained gomaxprocs 2022-03-15 12:58:52 -05:00
client_agent_endpoint.go metrics: measure rate of RPC requests that serve API (#15876) 2023-01-25 16:37:24 -05:00
client_agent_endpoint_test.go Data race fixes in tests and a new semgrep rule (#14594) 2022-09-15 10:35:08 -07:00
client_alloc_endpoint.go metrics: measure rate of RPC requests that serve API (#15876) 2023-01-25 16:37:24 -05:00
client_alloc_endpoint_test.go Data race fixes in tests and a new semgrep rule (#14594) 2022-09-15 10:35:08 -07:00
client_csi_endpoint.go metrics: Add rate metrics to Client CSI endpoints (#15905) 2023-01-26 16:40:58 -05:00
client_csi_endpoint_test.go metrics: Add rate metrics to Client CSI endpoints (#15905) 2023-01-26 16:40:58 -05:00
client_fs_endpoint.go metrics: measure rate of RPC requests that serve API (#15876) 2023-01-25 16:37:24 -05:00
client_fs_endpoint_test.go ci: swap ci parallelization for unconstrained gomaxprocs 2022-03-15 12:58:52 -05:00
client_meta_endpoint.go Dynamic Node Metadata (#15844) 2023-02-07 14:42:25 -08:00
client_rpc.go Dynamic Node Metadata (#15844) 2023-02-07 14:42:25 -08:00
client_rpc_test.go ci: swap ci parallelization for unconstrained gomaxprocs 2022-03-15 12:58:52 -05:00
client_stats_endpoint.go Dynamic Node Metadata (#15844) 2023-02-07 14:42:25 -08:00
client_stats_endpoint_test.go ci: swap ci parallelization for unconstrained gomaxprocs 2022-03-15 12:58:52 -05:00
config.go build/cli: Add BuildDate (#16216) 2023-02-27 11:27:40 -06:00
consul.go consul: Removed unused ConsulUsage.Kinds. (#11303) 2022-09-22 10:07:14 -05:00
consul_oss_test.go consul: Removed unused ConsulUsage.Kinds. (#11303) 2022-09-22 10:07:14 -05:00
consul_policy.go consul: check for acceptable service identity on consul tokens (#15928) 2023-01-27 18:15:51 -06:00
consul_policy_oss_test.go consul: check for acceptable service identity on consul tokens (#15928) 2023-01-27 18:15:51 -06:00
consul_policy_test.go build: run gofmt on all go source files 2022-08-16 11:14:11 -05:00
consul_test.go ci: swap ci parallelization for unconstrained gomaxprocs 2022-03-15 12:58:52 -05:00
core_sched.go CSI: fix potential state store corruptions (#16256) 2023-02-27 08:47:08 -05:00
core_sched_test.go CSI: fix potential state store corruptions (#16256) 2023-02-27 08:47:08 -05:00
csi_endpoint.go metrics: measure rate of RPC requests that serve API (#15876) 2023-01-25 16:37:24 -05:00
csi_endpoint_test.go remove most static RPC handlers (#15451) 2022-12-02 10:12:05 -05:00
deployment_endpoint.go metrics: Add RPC rate metrics to endpoints that validate TLS names (#15900) 2023-01-26 15:04:25 -05:00
deployment_endpoint_test.go cleanup: replace TypeToPtr helper methods with pointer.Of (#14151) 2022-08-17 18:26:34 +02:00
deployment_watcher_shims.go consul: plubming for specifying consul namespace in job/group 2021-04-05 10:03:19 -06:00
drainer_int_test.go cleanup: replace TypeToPtr helper methods with pointer.Of (#14151) 2022-08-17 18:26:34 +02:00
drainer_shims.go set node.StatusUpdatedAt in raft 2019-05-21 16:13:32 -04:00
encrypter.go keyring: update handle to state inside replication loop (#15227) 2022-11-17 08:40:12 -05:00
encrypter_test.go keyring: update handle to state inside replication loop (#15227) 2022-11-17 08:40:12 -05:00
endpoints_oss.go provide `RPCContext` to all RPC handlers (#15430) 2022-12-01 10:05:15 -05:00
eval_broker.go eval broker: use write lock when reaping cancelable evals (#16112) 2023-02-10 10:40:41 -05:00
eval_broker_test.go eval broker: use write lock when reaping cancelable evals (#16112) 2023-02-10 10:40:41 -05:00
eval_endpoint.go metrics: Add RPC rate metrics to endpoints that validate TLS names (#15900) 2023-01-26 15:04:25 -05:00
eval_endpoint_test.go eval delete: move batching of deletes into RPC handler and state (#15117) 2022-11-14 14:08:13 -05:00
event_endpoint.go metrics: measure rate of RPC requests that serve API (#15876) 2023-01-25 16:37:24 -05:00
event_endpoint_test.go event stream: ensure token expiry is correctly checked for subs. 2022-10-27 13:08:05 -04:00
fsm.go renamed stanza to block for consistency with other projects (#15941) 2023-01-30 15:48:43 +01:00
fsm_oss.go chore: ensure consistent file naming for non-enterprise files. 2022-01-13 11:32:16 +01:00
fsm_registry_oss.go gofmt all the files 2021-10-01 10:14:28 -04:00
fsm_test.go core: enforce strict steps for clients reconnect (#15808) 2023-01-25 15:53:59 -05:00
heartbeat.go remove most static RPC handlers (#15451) 2022-12-02 10:12:05 -05:00
heartbeat_test.go cleanup: replace TypeToPtr helper methods with pointer.Of (#14151) 2022-08-17 18:26:34 +02:00
job_endpoint.go Allow configurable range of Job priorities (#16084) 2023-02-17 09:23:13 -05:00
job_endpoint_hook_connect.go renamed stanza to block for consistency with other projects (#15941) 2023-01-30 15:48:43 +01:00
job_endpoint_hook_connect_test.go provide `RPCContext` to all RPC handlers (#15430) 2022-12-01 10:05:15 -05:00
job_endpoint_hook_expose_check.go build: run gofmt on all go source files 2022-08-16 11:14:11 -05:00
job_endpoint_hook_expose_check_test.go build: run gofmt on all go source files 2022-08-16 11:14:11 -05:00
job_endpoint_hook_vault.go cleanup more helper updates (#14638) 2022-09-21 14:53:25 -05:00
job_endpoint_hook_vault_oss.go Support Vault entity aliases (#12449) 2022-04-05 14:18:10 -04:00
job_endpoint_hooks.go Allow configurable range of Job priorities (#16084) 2023-02-17 09:23:13 -05:00
job_endpoint_hooks_test.go Allow configurable range of Job priorities (#16084) 2023-02-17 09:23:13 -05:00
job_endpoint_oss.go scheduler: create placements for non-register MRD (#15325) 2022-11-25 12:45:34 -05:00
job_endpoint_oss_test.go cleanup: replace TypeToPtr helper methods with pointer.Of (#14151) 2022-08-17 18:26:34 +02:00
job_endpoint_test.go Allow configurable range of Job priorities (#16084) 2023-02-17 09:23:13 -05:00
job_endpoint_validators.go cleanup: purge github.com/pkg/errors 2022-04-01 19:24:02 -05:00
job_endpoint_validators_test.go allocrunner: refactor task coordinator (#14009) 2022-08-22 18:38:49 -04:00
keyring_endpoint.go metrics: Add RPC rate metrics to endpoints that validate TLS names (#15900) 2023-01-26 15:04:25 -05:00
keyring_endpoint_test.go keyring: use nanos for `CreateTime` in key metadata (#13849) 2022-07-20 14:46:57 -04:00
leader.go eval broker: use write lock when reaping cancelable evals (#16112) 2023-02-10 10:40:41 -05:00
leader_oss.go gofmt all the files 2021-10-01 10:14:28 -04:00
leader_test.go cleanup: remove usage of consul/sdk/testutil/retry (#15609) 2023-01-02 08:06:20 -06:00
merge.go
namespace_endpoint.go metrics: measure rate of RPC requests that serve API (#15876) 2023-01-25 16:37:24 -05:00
namespace_endpoint_test.go acl: Fix panic when bogus token is passed (#15863) 2023-01-25 10:03:17 -05:00
node_endpoint.go Allow wildcard datacenters to be specified in job file (#11170) 2023-02-02 09:57:45 -05:00
node_endpoint_test.go core: enforce strict steps for clients reconnect (#15808) 2023-01-25 15:53:59 -05:00
operator_endpoint.go metrics: measure rate of RPC requests that serve API (#15876) 2023-01-25 16:37:24 -05:00
operator_endpoint_test.go WI: allow workloads to use RPCs associated with HTTP API (#15870) 2023-01-25 14:33:06 -05:00
periodic.go make version checks specific to region (1.4.x) (#14912) 2022-10-17 16:23:51 -04:00
periodic_endpoint.go metrics: measure rate of RPC requests that serve API (#15876) 2023-01-25 16:37:24 -05:00
periodic_endpoint_test.go ci: swap ci parallelization for unconstrained gomaxprocs 2022-03-15 12:58:52 -05:00
periodic_test.go main: remove deprecated uses of rand.Seed (#16074) 2023-02-07 09:19:38 -06:00
plan_apply.go keyring: safely handle missing keys and restore GC (#15092) 2022-11-01 15:00:50 -04:00
plan_apply_node_tracker.go deps: upgrade to hashicorp/golang-lru/v2 (#16085) 2023-02-08 15:20:33 -06:00
plan_apply_node_tracker_test.go deps: upgrade to hashicorp/golang-lru/v2 (#16085) 2023-02-08 15:20:33 -06:00
plan_apply_oss.go chore: ensure consistent file naming for non-enterprise files. 2022-01-13 11:32:16 +01:00
plan_apply_pool.go
plan_apply_pool_test.go ci: swap ci parallelization for unconstrained gomaxprocs 2022-03-15 12:58:52 -05:00
plan_apply_test.go fix panic from keyring raft entries being written during upgrade (#14821) 2022-10-06 12:47:02 -04:00
plan_endpoint.go metrics: Add RPC rate metrics to endpoints that validate TLS names (#15900) 2023-01-26 15:04:25 -05:00
plan_endpoint_test.go fix deadlock in plan_apply (#13407) 2022-06-23 12:06:27 -04:00
plan_normalization_test.go ci: swap ci parallelization for unconstrained gomaxprocs 2022-03-15 12:58:52 -05:00
plan_queue.go Add missing timer reset (#15134) 2022-11-03 18:57:57 -04:00
plan_queue_test.go ci: swap ci parallelization for unconstrained gomaxprocs 2022-03-15 12:58:52 -05:00
raft_rpc.go
regions_endpoint.go metrics: Add metrics to unauthenticated endpoints (#15899) 2023-01-26 15:05:51 -05:00
regions_endpoint_test.go ci: swap ci parallelization for unconstrained gomaxprocs 2022-03-15 12:58:52 -05:00
rpc.go feat: remove dependency to consul/lib 2022-04-09 13:22:44 +02:00
rpc_rate_metrics.go add metric for count of RPC requests (#15515) 2023-01-24 11:54:20 -05:00
rpc_test.go fix test flake for RPC TLS enforcement test (#16199) 2023-02-16 11:50:40 -05:00
scaling_endpoint.go metrics: measure rate of RPC requests that serve API (#15876) 2023-01-25 16:37:24 -05:00
scaling_endpoint_test.go ci: swap ci parallelization for unconstrained gomaxprocs 2022-03-15 12:58:52 -05:00
search_endpoint.go metrics: measure rate of RPC requests that serve API (#15876) 2023-01-25 16:37:24 -05:00
search_endpoint_oss.go rename SecureVariables to Variables throughout 2022-08-26 16:06:24 -04:00
search_endpoint_test.go ci: swap ci parallelization for unconstrained gomaxprocs 2022-03-15 12:58:52 -05:00
serf.go migrate autopilot implementation to raft-autopilot (#14441) 2022-09-01 14:27:10 -04:00
serf_test.go ci: fix TestNomad_BootstrapExpect_NonVoter test (#14407) 2022-08-30 16:32:54 -04:00
server.go deps: upgrade to hashicorp/golang-lru/v2 (#16085) 2023-02-08 15:20:33 -06:00
server_setup.go build/cli: Add BuildDate (#16216) 2023-02-27 11:27:40 -06:00
server_setup_oss.go migrate autopilot implementation to raft-autopilot (#14441) 2022-09-01 14:27:10 -04:00
server_test.go implement pre-forwarding auth on select RPCs (#15513) 2023-01-24 10:52:07 -05:00
service_registration_endpoint.go metrics: Add RPC rate metrics to endpoints that validate TLS names (#15900) 2023-01-26 15:04:25 -05:00
service_registration_endpoint_test.go deps: update set and test (#14680) 2022-09-26 08:28:03 -05:00
stats_fetcher.go metrics: Add metrics to unauthenticated endpoints (#15899) 2023-01-26 15:05:51 -05:00
stats_fetcher_test.go test: fix concurrent map access in `TestStatsFetcher` (#14496) 2022-09-08 10:41:15 -04:00
status_endpoint.go metrics: Add metrics to unauthenticated endpoints (#15899) 2023-01-26 15:05:51 -05:00
status_endpoint_test.go implement pre-forwarding auth on select RPCs (#15513) 2023-01-24 10:52:07 -05:00
system_endpoint.go metrics: measure rate of RPC requests that serve API (#15876) 2023-01-25 16:37:24 -05:00
system_endpoint_test.go ci: swap ci parallelization for unconstrained gomaxprocs 2022-03-15 12:58:52 -05:00
testing.go [core] Do not start the plugin loader on non-clients (#16111) 2023-02-10 15:33:16 -05:00
testing_oss.go gofmt all the files 2021-10-01 10:14:28 -04:00
timetable.go vendor: explicit use of hashicorp/go-msgpack 2020-03-31 09:45:21 -04:00
timetable_test.go ci: swap ci parallelization for unconstrained gomaxprocs 2022-03-15 12:58:52 -05:00
util.go make version checks specific to region (1.4.x) (#14912) 2022-10-17 16:23:51 -04:00
util_test.go make version checks specific to region (1.4.x) (#14912) 2022-10-17 16:23:51 -04:00
variables_endpoint.go Minor post-1.5-beta1 API, code, and docs cleanups (#16193) 2023-02-16 10:32:21 -08:00
variables_endpoint_test.go implement pre-forwarding auth on select RPCs (#15513) 2023-01-24 10:52:07 -05:00
vault.go vault: configure user agent on Nomad vault clients (#15745) 2023-01-10 10:39:45 -06:00
vault_test.go cleanup: replace TypeToPtr helper methods with pointer.Of (#14151) 2022-08-17 18:26:34 +02:00
vault_testing.go vault: detect namespace change in config reload (#14298) 2022-08-24 17:03:29 -04:00
worker.go core: backoff considerably when worker is behind raft (#15523) 2023-01-24 08:56:35 -05:00
worker_string_schedulerworkerstatus.go Make number of scheduler workers reloadable (#11593) 2022-01-06 11:56:13 -05:00
worker_string_workerstatus.go Make number of scheduler workers reloadable (#11593) 2022-01-06 11:56:13 -05:00
worker_test.go core: backoff considerably when worker is behind raft (#15523) 2023-01-24 08:56:35 -05:00