luxolus/open-nomad
2
0
Fork 0
Code Issues 1 Pull requests Packages Releases Wiki Activity
open-nomad/nomad
History
James Rasell 9e3f1581fb
core: add ACL role functionality to ACL tokens. 
ACL tokens can now utilize ACL roles in order to provide API
authorization. Each ACL token can be created and linked to an
array of policies as well as an array of ACL role links. The link
can be provided via the role name or ID, but internally, is always
resolved to the ID as this is immutable whereas the name can be
changed by operators.

When resolving an ACL token, the policies linked from an ACL role
are unpacked and combined with the policy array to form the
complete auth set for the token.

The ACL token creation endpoint handles deduplicating ACL role
links as well as ensuring they exist within state.

When reading a token, Nomad will also ensure the ACL role link is
current. This handles ACL roles being deleted from under a token
from a UX standpoint.
2022-08-17 14:45:01 +01:00
..
deploymentwatcher ci: swap ci parallelization for unconstrained gomaxprocs 2022-03-15 12:58:52 -05:00
drainer CSI: node drain should end once only plugins remain (#12846) 2022-05-03 10:20:22 -04:00
mock core: add ACL role state schema and functionality. (#13955) 2022-08-09 09:33:41 +02:00
state core: add ACL role functionality to ACL tokens. 2022-08-17 14:45:01 +01:00
stream events: fixup service events and rename topic to service. 2022-04-05 08:25:22 +01:00
structs core: add ACL role functionality to ACL tokens. 2022-08-17 14:45:01 +01:00
volumewatcher core: allow deleting of evaluations (#13492) 2022-07-06 16:30:11 +02:00
acl.go core: add ACL role functionality to ACL tokens. 2022-08-17 14:45:01 +01:00
acl_endpoint.go core: add ACL role functionality to ACL tokens. 2022-08-17 14:45:01 +01:00
acl_endpoint_test.go core: add ACL role functionality to ACL tokens. 2022-08-17 14:45:01 +01:00
acl_test.go core: add ACL role functionality to ACL tokens. 2022-08-17 14:45:01 +01:00
alloc_endpoint.go api: apply new ACL check for wildcard namespace (#13608) 2022-07-06 16:17:16 -04:00
alloc_endpoint_test.go api: apply new ACL check for wildcard namespace (#13608) 2022-07-06 16:17:16 -04:00
autopilot.go
autopilot_test.go ci: swap ci parallelization for unconstrained gomaxprocs 2022-03-15 12:58:52 -05:00
blocked_evals.go metrics: even classless blocked evals get metrics 2022-07-15 14:12:44 -05:00
blocked_evals_stats.go metrics: even classless blocked evals get metrics 2022-07-15 14:12:44 -05:00
blocked_evals_stats_test.go metrics: even classless blocked evals get metrics 2022-07-15 14:12:44 -05:00
blocked_evals_system.go
blocked_evals_test.go ci: swap ci parallelization for unconstrained gomaxprocs 2022-03-15 12:58:52 -05:00
client_agent_endpoint.go
client_agent_endpoint_test.go ci: swap ci parallelization for unconstrained gomaxprocs 2022-03-15 12:58:52 -05:00
client_alloc_endpoint.go client: add support for checks in nomad services 2022-07-12 17:09:50 -05:00
client_alloc_endpoint_test.go ci: swap ci parallelization for unconstrained gomaxprocs 2022-03-15 12:58:52 -05:00
client_csi_endpoint.go
client_csi_endpoint_test.go ci: swap ci parallelization for unconstrained gomaxprocs 2022-03-15 12:58:52 -05:00
client_fs_endpoint.go
client_fs_endpoint_test.go ci: swap ci parallelization for unconstrained gomaxprocs 2022-03-15 12:58:52 -05:00
client_rpc.go core: remove all traces of unused protocol version 2022-02-18 16:12:36 -08:00
client_rpc_test.go ci: swap ci parallelization for unconstrained gomaxprocs 2022-03-15 12:58:52 -05:00
client_stats_endpoint.go
client_stats_endpoint_test.go ci: swap ci parallelization for unconstrained gomaxprocs 2022-03-15 12:58:52 -05:00
config.go Merge branch 'main' into f-gh-13120-sso-umbrella 2022-08-02 08:30:03 +01:00
consul.go adding support for customized ingress tls (#13184) 2022-06-02 18:43:58 -04:00
consul_oss_test.go ci: swap ci parallelization for unconstrained gomaxprocs 2022-03-15 12:58:52 -05:00
consul_policy.go cleanup: purge github.com/pkg/errors 2022-04-01 19:24:02 -05:00
consul_policy_oss_test.go ci: swap ci parallelization for unconstrained gomaxprocs 2022-03-15 12:58:52 -05:00
consul_policy_test.go ci: swap ci parallelization for unconstrained gomaxprocs 2022-03-15 12:58:52 -05:00
consul_test.go ci: swap ci parallelization for unconstrained gomaxprocs 2022-03-15 12:58:52 -05:00
core_sched.go Merge branch 'main' into f-gh-13120-sso-umbrella 2022-08-02 08:30:03 +01:00
core_sched_test.go Merge branch 'main' into f-gh-13120-sso-umbrella 2022-08-02 08:30:03 +01:00
csi_endpoint.go CSI: skip node unpublish on GC'd or down nodes (#13301) 2022-06-09 11:33:22 -04:00
csi_endpoint_test.go CSI: skip node unpublish on GC'd or down nodes (#13301) 2022-06-09 11:33:22 -04:00
deployment_endpoint.go api: apply consistent behaviour of the reverse query parameter (#12244) 2022-03-11 19:44:52 -05:00
deployment_endpoint_test.go ci: swap ci parallelization for unconstrained gomaxprocs 2022-03-15 12:58:52 -05:00
deployment_watcher_shims.go
drainer_int_test.go ci: swap ci parallelization for unconstrained gomaxprocs 2022-03-15 12:58:52 -05:00
drainer_shims.go
encrypter.go core job for secure variables re-key (#13440) 2022-07-11 13:34:06 -04:00
encrypter_test.go workload identity: use parent ID for dispatch/periodic jobs (#13748) 2022-07-21 09:05:54 -04:00
endpoints_oss.go
eval_broker.go core: allow pausing and un-pausing of leader broker routine (#13045) 2022-07-06 16:13:48 +02:00
eval_broker_test.go ci: swap ci parallelization for unconstrained gomaxprocs 2022-03-15 12:58:52 -05:00
eval_endpoint.go Allow wildcard for Evaluations API (#13530) 2022-07-11 16:42:17 -04:00
eval_endpoint_test.go Allow wildcard for Evaluations API (#13530) 2022-07-11 16:42:17 -04:00
event_endpoint.go
event_endpoint_test.go ci: swap ci parallelization for unconstrained gomaxprocs 2022-03-15 12:58:52 -05:00
fsm.go core: add ACL role state schema and functionality. (#13955) 2022-08-09 09:33:41 +02:00
fsm_oss.go chore: ensure consistent file naming for non-enterprise files. 2022-01-13 11:32:16 +01:00
fsm_registry_oss.go
fsm_test.go core: add ACL role state schema and functionality. (#13955) 2022-08-09 09:33:41 +02:00
heartbeat.go reconciler: Handle canaries when client disconnects (#12539) 2022-04-21 10:05:58 -04:00
heartbeat_test.go heartbeat: Handle transitioning from disconnected to down (#12559) 2022-04-15 09:47:45 -04:00
job_endpoint.go api: apply new ACL check for wildcard namespace (#13608) 2022-07-06 16:17:16 -04:00
job_endpoint_hook_connect.go adding support for customized ingress tls (#13184) 2022-06-02 18:43:58 -04:00
job_endpoint_hook_connect_test.go adding support for customized ingress tls (#13184) 2022-06-02 18:43:58 -04:00
job_endpoint_hook_expose_check.go cleanup: purge github.com/pkg/errors 2022-04-01 19:24:02 -05:00
job_endpoint_hook_expose_check_test.go ci: swap ci parallelization for unconstrained gomaxprocs 2022-03-15 12:58:52 -05:00
job_endpoint_hook_vault.go cli: correctly use and validate job with vault token set 2022-05-19 12:13:34 -05:00
job_endpoint_hook_vault_oss.go Support Vault entity aliases (#12449) 2022-04-05 14:18:10 -04:00
job_endpoint_hooks.go job_hooks: add implicit constraint when using Consul for services. (#12602) 2022-04-20 14:09:13 +02:00
job_endpoint_hooks_test.go job_hooks: add implicit constraint when using Consul for services. (#12602) 2022-04-20 14:09:13 +02:00
job_endpoint_oss.go Support Vault entity aliases (#12449) 2022-04-05 14:18:10 -04:00
job_endpoint_oss_test.go ci: swap ci parallelization for unconstrained gomaxprocs 2022-03-15 12:58:52 -05:00
job_endpoint_test.go vault: revert support for entity aliases (#12723) 2022-04-22 10:46:34 -04:00
job_endpoint_validators.go cleanup: purge github.com/pkg/errors 2022-04-01 19:24:02 -05:00
job_endpoint_validators_test.go ci: swap ci parallelization for unconstrained gomaxprocs 2022-03-15 12:58:52 -05:00
keyring_endpoint.go core job for secure variables re-key (#13440) 2022-07-11 13:34:06 -04:00
keyring_endpoint_test.go keyring: use nanos for CreateTime in key metadata (#13849) 2022-07-20 14:46:57 -04:00
leader.go Merge branch 'main' into f-gh-13120-sso-umbrella 2022-08-02 08:30:03 +01:00
leader_oss.go
leader_test.go core: add expired token garbage collection periodic jobs. (#13805) 2022-07-19 15:37:46 +02:00
merge.go
namespace_endpoint.go
namespace_endpoint_test.go ci: swap ci parallelization for unconstrained gomaxprocs 2022-03-15 12:58:52 -05:00
node_endpoint.go core: emit node evals only for sys jobs in dc (#12955) 2022-07-06 14:35:18 -07:00
node_endpoint_test.go core: emit node evals only for sys jobs in dc (#12955) 2022-07-06 14:35:18 -07:00
operator_endpoint.go core: allow pausing and un-pausing of leader broker routine (#13045) 2022-07-06 16:13:48 +02:00
operator_endpoint_test.go core: allow pausing and un-pausing of leader broker routine (#13045) 2022-07-06 16:13:48 +02:00
periodic.go
periodic_endpoint.go
periodic_endpoint_test.go ci: swap ci parallelization for unconstrained gomaxprocs 2022-03-15 12:58:52 -05:00
periodic_test.go ci: swap ci parallelization for unconstrained gomaxprocs 2022-03-15 12:58:52 -05:00
plan_apply.go workload identity: use parent ID for dispatch/periodic jobs (#13748) 2022-07-21 09:05:54 -04:00
plan_apply_node_tracker.go Track plan rejection history and automatically mark clients as ineligible (#13421) 2022-07-12 18:40:20 -04:00
plan_apply_node_tracker_test.go Track plan rejection history and automatically mark clients as ineligible (#13421) 2022-07-12 18:40:20 -04:00
plan_apply_oss.go chore: ensure consistent file naming for non-enterprise files. 2022-01-13 11:32:16 +01:00
plan_apply_pool.go
plan_apply_pool_test.go ci: swap ci parallelization for unconstrained gomaxprocs 2022-03-15 12:58:52 -05:00
plan_apply_test.go plan_apply: Add missing unit test for validating plans for disconnected clients (#12495) 2022-04-07 09:58:09 -04:00
plan_endpoint.go fix mTLS certificate check on agent to agent RPCs (#11998) 2022-02-04 20:35:20 -05:00
plan_endpoint_test.go fix deadlock in plan_apply (#13407) 2022-06-23 12:06:27 -04:00
plan_normalization_test.go ci: swap ci parallelization for unconstrained gomaxprocs 2022-03-15 12:58:52 -05:00
plan_queue.go cleanup: prevent leaks from time.After 2022-02-02 14:32:26 -06:00
plan_queue_test.go ci: swap ci parallelization for unconstrained gomaxprocs 2022-03-15 12:58:52 -05:00
raft_rpc.go
regions_endpoint.go
regions_endpoint_test.go ci: swap ci parallelization for unconstrained gomaxprocs 2022-03-15 12:58:52 -05:00
rpc.go feat: remove dependency to consul/lib 2022-04-09 13:22:44 +02:00
rpc_test.go core: allow deleting of evaluations (#13492) 2022-07-06 16:30:11 +02:00
scaling_endpoint.go
scaling_endpoint_test.go ci: swap ci parallelization for unconstrained gomaxprocs 2022-03-15 12:58:52 -05:00
search_endpoint.go search: use secure vars ACL policy for secure vars context (#13788) 2022-07-21 08:39:36 -04:00
search_endpoint_oss.go search: refactor OSS/ENT split for ACL checks (#13760) 2022-07-14 11:31:08 -04:00
search_endpoint_test.go ci: swap ci parallelization for unconstrained gomaxprocs 2022-03-15 12:58:52 -05:00
secure_variables_endpoint.go workload identity: use parent ID for dispatch/periodic jobs (#13748) 2022-07-21 09:05:54 -04:00
secure_variables_endpoint_oss.go implement quota tracking for secure variablees (#13453) 2022-07-11 13:34:06 -04:00
secure_variables_endpoint_test.go workload identity: use parent ID for dispatch/periodic jobs (#13748) 2022-07-21 09:05:54 -04:00
serf.go core: remove all traces of unused protocol version 2022-02-18 16:12:36 -08:00
serf_test.go test: use T.TempDir to create temporary test directory (#12853) 2022-05-12 11:42:40 -04:00
server.go Track plan rejection history and automatically mark clients as ineligible (#13421) 2022-07-12 18:40:20 -04:00
server_setup_oss.go
server_test.go test: use T.TempDir to create temporary test directory (#12853) 2022-05-12 11:42:40 -04:00
service_registration_endpoint.go cleanup: tweaks from cr feedback 2022-07-20 10:42:35 -05:00
service_registration_endpoint_test.go workload identity (#13223) 2022-07-11 13:34:05 -04:00
stats_fetcher.go core: remove all traces of unused protocol version 2022-02-18 16:12:36 -08:00
stats_fetcher_test.go ci: swap ci parallelization for unconstrained gomaxprocs 2022-03-15 12:58:52 -05:00
status_endpoint.go core: remove all traces of unused protocol version 2022-02-18 16:12:36 -08:00
status_endpoint_test.go ci: swap ci parallelization for unconstrained gomaxprocs 2022-03-15 12:58:52 -05:00
system_endpoint.go
system_endpoint_test.go ci: swap ci parallelization for unconstrained gomaxprocs 2022-03-15 12:58:52 -05:00
testing.go keystore serialization (#13106) 2022-07-11 13:34:04 -04:00
testing_oss.go
timetable.go
timetable_test.go ci: swap ci parallelization for unconstrained gomaxprocs 2022-03-15 12:58:52 -05:00
util.go core: add deprecated mvn tag to serf (#12327) 2022-03-24 14:44:21 -04:00
util_test.go disconnected clients: ensure servers meet minimum required version (#12202) 2022-04-05 17:12:23 -04:00
vault.go vault: revert support for entity aliases (#12723) 2022-04-22 10:46:34 -04:00
vault_test.go vault: revert support for entity aliases (#12723) 2022-04-22 10:46:34 -04:00
vault_testing.go vault: revert support for entity aliases (#12723) 2022-04-22 10:46:34 -04:00
worker.go disconnected clients: ensure servers meet minimum required version (#12202) 2022-04-05 17:12:23 -04:00
worker_string_schedulerworkerstatus.go Make number of scheduler workers reloadable (#11593) 2022-01-06 11:56:13 -05:00
worker_string_workerstatus.go Make number of scheduler workers reloadable (#11593) 2022-01-06 11:56:13 -05:00
worker_test.go ci: swap ci parallelization for unconstrained gomaxprocs 2022-03-15 12:58:52 -05:00