kemko/nomad
1
0
Fork 0
mirror of https://github.com/kemko/nomad.git synced 2026-01-04 17:35:43 +03:00
Code Issues Packages Projects Releases Wiki Activity
23,760 Commits 1 Branch 0 Tags
87ee2cbc2ef921ce01e8a0d2dc1083bec178fd99
Commit Graph

180 Commits

Author SHA1 Message Date
dependabot[bot]
87ee2cbc2e build(deps): bump github.com/containerd/go-cni from 1.1.6 to 1.1.7 (#14684) 
Bumps [github.com/containerd/go-cni](https://github.com/containerd/go-cni) from 1.1.6 to 1.1.7.
- [Release notes](https://github.com/containerd/go-cni/releases)
- [Commits](https://github.com/containerd/go-cni/compare/v1.1.6...v1.1.7)

---
updated-dependencies:
- dependency-name: github.com/containerd/go-cni
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2022-09-26 09:32:31 -05:00
dependabot[bot]
4967abeb09 build(deps): bump github.com/docker/go-units from 0.4.0 to 0.5.0 in /api (#14430) 
* build(deps): bump github.com/docker/go-units from 0.4.0 to 0.5.0 in /api

Bumps [github.com/docker/go-units](https://github.com/docker/go-units) from 0.4.0 to 0.5.0.
- [Release notes](https://github.com/docker/go-units/releases)
- [Commits](https://github.com/docker/go-units/compare/v0.4.0...v0.5.0)

---
updated-dependencies:
- dependency-name: github.com/docker/go-units
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

* deps: also update go-units in nomad

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Seth Hoenig <shoenig@duck.com>
 2022-09-26 09:30:17 -05:00
dependabot[bot]
586d9d0c10 build(deps): bump github.com/hashicorp/serf from 0.9.7 to 0.10.0 (#14365) 
Bumps [github.com/hashicorp/serf](https://github.com/hashicorp/serf) from 0.9.7 to 0.10.0.
- [Release notes](https://github.com/hashicorp/serf/releases)
- [Changelog](https://github.com/hashicorp/serf/blob/master/CHANGELOG.md)
- [Commits](https://github.com/hashicorp/serf/compare/v0.9.7...v0.10.0)

---
updated-dependencies:
- dependency-name: github.com/hashicorp/serf
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2022-09-26 09:11:56 -05:00
dependabot[bot]
ce4a52567b build(deps): bump github.com/zclconf/go-cty from 1.8.0 to 1.11.0 (#14363) 
Bumps [github.com/zclconf/go-cty](https://github.com/zclconf/go-cty) from 1.8.0 to 1.11.0.
- [Release notes](https://github.com/zclconf/go-cty/releases)
- [Changelog](https://github.com/zclconf/go-cty/blob/main/CHANGELOG.md)
- [Commits](https://github.com/zclconf/go-cty/compare/v1.8.0...v1.11.0)

---
updated-dependencies:
- dependency-name: github.com/zclconf/go-cty
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2022-09-26 09:06:39 -05:00
dependabot[bot]
cea88c3afe build(deps): bump github.com/hashicorp/go-getter from 1.6.1 to 1.6.2 (#14459) 
Bumps [github.com/hashicorp/go-getter](https://github.com/hashicorp/go-getter) from 1.6.1 to 1.6.2.
- [Release notes](https://github.com/hashicorp/go-getter/releases)
- [Changelog](https://github.com/hashicorp/go-getter/blob/main/.goreleaser.yml)
- [Commits](https://github.com/hashicorp/go-getter/compare/v1.6.1...v1.6.2)

---
updated-dependencies:
- dependency-name: github.com/hashicorp/go-getter
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2022-09-26 08:54:36 -05:00
dependabot[bot]
d6c4984f2c build(deps): bump github.com/golang-jwt/jwt/v4 from 4.4.1 to 4.4.2 (#14406) 
Bumps [github.com/golang-jwt/jwt/v4](https://github.com/golang-jwt/jwt) from 4.4.1 to 4.4.2.
- [Release notes](https://github.com/golang-jwt/jwt/releases)
- [Changelog](https://github.com/golang-jwt/jwt/blob/main/VERSION_HISTORY.md)
- [Commits](https://github.com/golang-jwt/jwt/compare/v4.4.1...v4.4.2)

---
updated-dependencies:
- dependency-name: github.com/golang-jwt/jwt/v4
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2022-09-26 08:52:16 -05:00
Seth Hoenig
211ac8ec23 deps: update set and test (#14680) 
This PR updates go-set and shoenig/test, which introduced some breaking
API changes.
 2022-09-26 08:28:03 -05:00
Charlie Voiselle
9c3ea13585 [vars] Update Consul Template dependency (#14667) 
* Bump CT dependency
* go mod tidied
 2022-09-22 16:44:48 -04:00
Seth Hoenig
b9dc95cc83 mods: move require statement with the rest (#14652) 2022-09-22 09:36:02 -05:00
Seth Hoenig
ff1a30fe8d cleanup more helper updates (#14638) 
* cleanup: refactor MapStringStringSliceValueSet to be cleaner

* cleanup: replace SliceStringToSet with actual set

* cleanup: replace SliceStringSubset with real set

* cleanup: replace SliceStringContains with slices.Contains

* cleanup: remove unused function SliceStringHasPrefix

* cleanup: fixup StringHasPrefixInSlice doc string

* cleanup: refactor SliceSetDisjoint to use real set

* cleanup: replace CompareSliceSetString with SliceSetEq

* cleanup: replace CompareMapStringString with maps.Equal

* cleanup: replace CopyMapStringString with CopyMap

* cleanup: replace CopyMapStringInterface with CopyMap

* cleanup: fixup more CopyMapStringString and CopyMapStringInt

* cleanup: replace CopySliceString with slices.Clone

* cleanup: remove unused CopySliceInt

* cleanup: refactor CopyMapStringSliceString to be generic as CopyMapOfSlice

* cleanup: replace CopyMap with maps.Clone

* cleanup: run go mod tidy
 2022-09-21 14:53:25 -05:00
James Rasell
ac5f63f21e deps: update armon/go-metrics to v0.4.1 (#14493) 2022-09-09 09:20:55 +02:00
Tim Gross
1815517a19 migrate autopilot implementation to raft-autopilot (#14441) 
Nomad's original autopilot was importing from a private package in Consul. It
has been moved out to a shared library. Switch Nomad to use this library so that
we can eliminate the import of Consul, which is necessary to build Nomad ENT
with the current version of the Consul SDK. This also will let us pick up
autopilot improvements shared with Consul more easily.
 2022-09-01 14:27:10 -04:00
dependabot[bot]
1a59a0f5fc build(deps): bump github.com/hashicorp/go-version from 1.4.0 to 1.6.0 (#14364) 
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: James Rasell <jrasell@hashicorp.com>
 2022-09-01 11:55:42 +02:00
Charlie Voiselle
015e4617b2 Vars: Update CT dependency to support variables. (#14399) 
* Update Consul Template dep to support Nomad vars

* Remove `Peering` config for Consul Testservers
Upgrading to the 1.14 Consul SDK introduces and additional default
configuration—`Peering`—that is not compatible with versions of Consul
before v1.13.0. because Nomad tests against Consul v1.11.1, this
configuration has to be nil'ed out before passing it to the Consul
binary.
 2022-08-30 15:26:01 -04:00
Tim Gross
b7fea76f7f keyring: wrap root key in key encryption key (#14388) 
Update the on-disk format for the root key so that it's wrapped with a unique
per-key/per-server key encryption key. This is a bit of security theatre for the
current implementation, but it uses `go-kms-wrapping` as the interface for
wrapping the key. This provides a shim for future support of external KMS such
as cloud provider APIs or Vault transit encryption.

* Removes the JSON serialization extension we had on the `RootKey` struct; this
  struct is now only used for key replication and not for disk serialization, so
  we don't need this helper.

* Creates a helper for generating cryptographically random slices of bytes that
  properly accounts for short reads from the source.

* No observable functional changes outside of the on-disk format, so there are
  no test updates.
 2022-08-30 10:59:25 -04:00
Seth Hoenig
5faa4e08e8 cleanup: cleanup more slice-set comparisons 2022-08-29 12:04:21 -05:00
dependabot[bot]
ececd19808 build(deps): bump github.com/hashicorp/go-memdb from 1.3.2 to 1.3.3 (#14206) 
Bumps [github.com/hashicorp/go-memdb](https://github.com/hashicorp/go-memdb) from 1.3.2 to 1.3.3.
- [Release notes](https://github.com/hashicorp/go-memdb/releases)
- [Changelog](https://github.com/hashicorp/go-memdb/blob/main/changes.go)
- [Commits](https://github.com/hashicorp/go-memdb/compare/v1.3.2...v1.3.3)

---
updated-dependencies:
- dependency-name: github.com/hashicorp/go-memdb
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2022-08-26 10:07:41 -04:00
dependabot[bot]
adafab0b9a build(deps): bump github.com/hashicorp/go-hclog from 1.2.0 to 1.2.2 (#14208) 
Bumps [github.com/hashicorp/go-hclog](https://github.com/hashicorp/go-hclog) from 1.2.0 to 1.2.2.
- [Release notes](https://github.com/hashicorp/go-hclog/releases)
- [Commits](https://github.com/hashicorp/go-hclog/compare/v1.2.0...v1.2.2)

---
updated-dependencies:
- dependency-name: github.com/hashicorp/go-hclog
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2022-08-26 09:31:54 -04:00
dependabot[bot]
5a7279292a build(deps): bump github.com/aws/aws-sdk-go from 1.42.27 to 1.44.84 (#14326) 
Bumps [github.com/aws/aws-sdk-go](https://github.com/aws/aws-sdk-go) from 1.42.27 to 1.44.84.
- [Release notes](https://github.com/aws/aws-sdk-go/releases)
- [Changelog](https://github.com/aws/aws-sdk-go/blob/main/CHANGELOG.md)
- [Commits](https://github.com/aws/aws-sdk-go/compare/v1.42.27...v1.44.84)

---
updated-dependencies:
- dependency-name: github.com/aws/aws-sdk-go
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2022-08-26 09:13:37 -04:00
dependabot[bot]
aa74aa0f14 build(deps): bump github.com/shirou/gopsutil/v3 from 3.21.12 to 3.22.7 (#14209) 
* build(deps): bump github.com/shirou/gopsutil/v3 from 3.21.12 to 3.22.7

Bumps [github.com/shirou/gopsutil/v3](https://github.com/shirou/gopsutil) from 3.21.12 to 3.22.7.
- [Release notes](https://github.com/shirou/gopsutil/releases)
- [Commits](https://github.com/shirou/gopsutil/compare/v3.21.12...v3.22.7)

---
updated-dependencies:
- dependency-name: github.com/shirou/gopsutil/v3
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

* changelog entry

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Tim Gross <tgross@hashicorp.com>
 2022-08-25 14:15:41 -04:00
Luiz Aoqui
abeeecbe71 deps: sync versions of go-discover in go.mod (#14269) 
In #13491 the version of `go-discover` was updated in `go.mod` but the
comment above it mentions that it also needs to be updated in the
`replace` directive.
 2022-08-24 10:32:13 -04:00
Seth Hoenig
21a2afd464 build: go.mod should require go1.19 
Since we started using atomic.Pointer, we should specify the go1.19
requirement in our go.mod files.
 2022-08-21 20:41:49 -05:00
Seth Hoenig
6baf6a1f8f cleanup: first pass at fixing command package warnings 
This PR is the first of several for cleaning up warnings, and refactoring
bits of code in the command package. First pass is over acl_ files and
gets some helpers in place.
 2022-08-17 15:33:37 -05:00
Charlie Voiselle
22194d437a SV CLI: var init (#13820) 
* Nomad dep: add museli/reflow
* SV CLI: var init
 2022-08-15 13:43:29 -04:00
Seth Hoenig
ed26be5179 Merge pull request #14114 from hashicorp/dependabot/go_modules/oss.indeed.com/go/libtime-1.6.0 
build(deps): bump oss.indeed.com/go/libtime from 1.5.0 to 1.6.0
 2022-08-15 10:17:44 -05:00
dependabot[bot]
59872f48af build(deps): bump oss.indeed.com/go/libtime from 1.5.0 to 1.6.0 
Bumps [oss.indeed.com/go/libtime](https://github.com/indeedeng/libtime) from 1.5.0 to 1.6.0.
- [Release notes](https://github.com/indeedeng/libtime/releases)
- [Commits](https://github.com/indeedeng/libtime/compare/v1.5.0...v1.6.0)

---
updated-dependencies:
- dependency-name: oss.indeed.com/go/libtime
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2022-08-15 15:12:03 +00:00
dependabot[bot]
8783430e02 build(deps): bump github.com/fsouza/go-dockerclient from 1.6.5 to 1.8.2 
Bumps [github.com/fsouza/go-dockerclient](https://github.com/fsouza/go-dockerclient) from 1.6.5 to 1.8.2.
- [Release notes](https://github.com/fsouza/go-dockerclient/releases)
- [Changelog](https://github.com/fsouza/go-dockerclient/blob/main/container_changes_test.go)
- [Commits](https://github.com/fsouza/go-dockerclient/compare/v1.6.5...v1.8.2)

---
updated-dependencies:
- dependency-name: github.com/fsouza/go-dockerclient
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2022-08-15 14:53:54 +00:00
Seth Hoenig
dadb0a2c97 Merge pull request #14111 from hashicorp/dependabot/go_modules/github.com/armon/go-metrics-0.4.0 
build(deps): bump github.com/armon/go-metrics from 0.3.10 to 0.4.0
 2022-08-15 09:52:51 -05:00
Seth Hoenig
64f16dd0d3 deps: fixup dependabot go.mod formatting 2022-08-15 09:50:15 -05:00
dependabot[bot]
8d9b264697 build(deps): bump github.com/armon/go-metrics from 0.3.10 to 0.4.0 
Bumps [github.com/armon/go-metrics](https://github.com/armon/go-metrics) from 0.3.10 to 0.4.0.
- [Release notes](https://github.com/armon/go-metrics/releases)
- [Commits](https://github.com/armon/go-metrics/compare/v0.3.10...v0.4.0)

---
updated-dependencies:
- dependency-name: github.com/armon/go-metrics
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2022-08-15 14:49:29 +00:00
dependabot[bot]
c8fe8cf822 build(deps): bump github.com/mitchellh/cli from 1.1.2 to 1.1.4 
Bumps [github.com/mitchellh/cli](https://github.com/mitchellh/cli) from 1.1.2 to 1.1.4.
- [Release notes](https://github.com/mitchellh/cli/releases)
- [Commits](https://github.com/mitchellh/cli/compare/v1.1.2...v1.1.4)

---
updated-dependencies:
- dependency-name: github.com/mitchellh/cli
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2022-08-15 14:25:31 +00:00
Seth Hoenig
4338ed4e69 Merge pull request #14025 from hashicorp/dependabot/go_modules/go.etcd.io/bbolt-1.3.6 
build(deps): bump go.etcd.io/bbolt from 1.3.5 to 1.3.6
 2022-08-15 09:13:48 -05:00
dependabot[bot]
9e91c7ded8 build(deps): bump google.golang.org/grpc from 1.45.0 to 1.48.0 
Bumps [google.golang.org/grpc](https://github.com/grpc/grpc-go) from 1.45.0 to 1.48.0.
- [Release notes](https://github.com/grpc/grpc-go/releases)
- [Commits](https://github.com/grpc/grpc-go/compare/v1.45.0...v1.48.0)

---
updated-dependencies:
- dependency-name: google.golang.org/grpc
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2022-08-14 09:09:31 +00:00
dependabot[bot]
1034546bdd build(deps): bump go.etcd.io/bbolt from 1.3.5 to 1.3.6 
Bumps [go.etcd.io/bbolt](https://github.com/etcd-io/bbolt) from 1.3.5 to 1.3.6.
- [Release notes](https://github.com/etcd-io/bbolt/releases)
- [Commits](https://github.com/etcd-io/bbolt/compare/v1.3.5...v1.3.6)

---
updated-dependencies:
- dependency-name: go.etcd.io/bbolt
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2022-08-08 20:48:49 +00:00
dependabot[bot]
6d36878f2e build(deps): bump github.com/containernetworking/cni from 1.0.1 to 1.1.2 
Bumps [github.com/containernetworking/cni](https://github.com/containernetworking/cni) from 1.0.1 to 1.1.2.
- [Release notes](https://github.com/containernetworking/cni/releases)
- [Commits](https://github.com/containernetworking/cni/compare/v1.0.1...v1.1.2)

---
updated-dependencies:
- dependency-name: github.com/containernetworking/cni
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2022-08-08 20:48:29 +00:00
dependabot[bot]
1a6880e05e chore(deps): bump github.com/hashicorp/consul/api from 1.13.0 to 1.13.1 
Bumps [github.com/hashicorp/consul/api](https://github.com/hashicorp/consul) from 1.13.0 to 1.13.1.
- [Release notes](https://github.com/hashicorp/consul/releases)
- [Changelog](https://github.com/hashicorp/consul/blob/main/CHANGELOG.md)
- [Commits](https://github.com/hashicorp/consul/compare/api/v1.13.0...api/v1.13.1)

---
updated-dependencies:
- dependency-name: github.com/hashicorp/consul/api
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2022-08-05 12:37:18 +00:00
Seth Hoenig
9a61243656 Merge pull request #14019 from hashicorp/deps-update-runc-to-v1.1.3 
deps: update runc to v1.1.3
 2022-08-05 07:34:16 -05:00
Seth Hoenig
6d9e179338 deps: update opencontainers/runc to v1.1.3 2022-08-04 12:56:49 -05:00
Luiz Aoqui
e1ae7bf7d1 qemu: reduce monitor socket path (#13971) 
The QEMU driver can take an optional `graceful_shutdown` configuration
which will create a Unix socket to send ACPI shutdown signal to the VM.

Unix sockets have a hard length limit and the driver implementation
assumed that QEMU versions 2.10.1 were able to handle longer paths. This
is not correct, the linked QEMU fix only changed the behaviour from
silently truncating longer socket paths to throwing an error.

By validating the socket path before starting the QEMU machine we can
provide users a more actionable and meaningful error message, and by
using a shorter socket file name we leave a bit more room for
user-defined values in the path, such as the task name.

The maximum length allowed is also platform-dependant, so validation
needs to be different for each OS.
 2022-08-04 12:10:35 -04:00
Derek Strickland
696deb9600 Add Nomad RetryConfig to agent template config (#13907) 
* add Nomad RetryConfig to agent template config
 2022-08-03 16:56:30 -04:00
Seth Hoenig
ed7f9b596d Merge pull request #13944 from hashicorp/deps-update-raft 
deps: update raft library
 2022-08-01 10:35:17 -05:00
Seth Hoenig
867380b412 deps: update raft library 
Another attempt at resolving the flakey TestNomad_BootstrapExpect_NonVoter
 2022-08-01 09:56:08 -05:00
Seth Hoenig
d4a231bc3c deps: update test package 
Upgrading to v0.3.0 gives us the ability to add more context to test
case failures.

https://github.com/shoenig/test/pull/23
 2022-08-01 08:53:00 -05:00
Tim Gross
ce14fc6e6b deps: remove deprecated net/context (#13932) 
The `golang.org/x/net/context` package was merged into the stdlib as of go
1.7. Update the imports to use the identical stdlib version. Clean up import
blocks for the impacted files to remove unnecessary package aliasing.
 2022-07-28 14:46:56 -04:00
Seth Hoenig
b8a7ee9c2a cleanup: example refactoring out map[string]struct{} using set.Set 
This PR is a little demo of using github.com/hashicorp/go-set to
replace the use of map[T]struct{} as a make-shift set.
 2022-07-19 22:50:49 -05:00
dependabot[bot]
b75beae852 chore(deps): bump github.com/mitchellh/mapstructure from 1.4.3 to 1.5.0 in /api (#12725) 
* chore(deps): bump github.com/mitchellh/mapstructure in /api

Bumps [github.com/mitchellh/mapstructure](https://github.com/mitchellh/mapstructure) from 1.4.3 to 1.5.0.
- [Release notes](https://github.com/mitchellh/mapstructure/releases)
- [Changelog](https://github.com/mitchellh/mapstructure/blob/master/CHANGELOG.md)
- [Commits](https://github.com/mitchellh/mapstructure/compare/v1.4.3...v1.5.0)

---
updated-dependencies:
- dependency-name: github.com/mitchellh/mapstructure
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

* Also bump mapstructure in main go.mod

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Michael Schurter <mschurter@hashicorp.com>
 2022-07-13 11:57:16 -07:00
dependabot[bot]
6e0eb786f9 build(deps): bump github.com/gorilla/websocket from 1.4.2 to 1.5.0 in /api (#12075) 
* build(deps): bump github.com/gorilla/websocket in /api

Bumps [github.com/gorilla/websocket](https://github.com/gorilla/websocket) from 1.4.2 to 1.5.0.
- [Release notes](https://github.com/gorilla/websocket/releases)
- [Commits](https://github.com/gorilla/websocket/compare/v1.4.2...v1.5.0)

---
updated-dependencies:
- dependency-name: github.com/gorilla/websocket
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

* deps: also bump websocket dep in main binary

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Michael Schurter <mschurter@hashicorp.com>
 2022-07-12 16:49:31 -07:00
dependabot[bot]
1b6f9170c3 build(deps): bump github.com/docker/distribution (#12246) 
Bumps [github.com/docker/distribution](https://github.com/docker/distribution) from 2.7.1+incompatible to 2.8.1+incompatible.
- [Release notes](https://github.com/docker/distribution/releases)
- [Commits](https://github.com/docker/distribution/compare/v2.7.1...v2.8.1)

---
updated-dependencies:
- dependency-name: github.com/docker/distribution
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2022-07-12 16:31:56 -07:00
dependabot[bot]
7b55f7a8d0 build(deps): bump github.com/hashicorp/consul/sdk from 0.8.0 to 0.9.0 (#12007) 
Bumps [github.com/hashicorp/consul/sdk](https://github.com/hashicorp/consul) from 0.8.0 to 0.9.0.
- [Release notes](https://github.com/hashicorp/consul/releases)
- [Changelog](https://github.com/hashicorp/consul/blob/main/CHANGELOG.md)
- [Commits](https://github.com/hashicorp/consul/compare/v0.8.0...v0.9.0)

---
updated-dependencies:
- dependency-name: github.com/hashicorp/consul/sdk
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2022-07-12 12:58:34 -07:00
Tim Gross
d3e9b9ac7e workload identity (#13223) 
In order to support implicit ACL policies for tasks to get their own
secrets, each task would need to have its own ACL token. This would
add extra raft overhead as well as new garbage collection jobs for
cleaning up task-specific ACL tokens. Instead, Nomad will create a
workload Identity Claim for each task.

An Identity Claim is a JSON Web Token (JWT) signed by the server’s
private key and attached to an Allocation at the time a plan is
applied. The encoded JWT can be submitted as the X-Nomad-Token header
to replace ACL token secret IDs for the RPCs that support identity
claims.

Whenever a key is is added to a server’s keyring, it will use the key
as the seed for a Ed25519 public-private private keypair. That keypair
will be used for signing the JWT and for verifying the JWT.

This implementation is a ruthlessly minimal approach to support the
secure variables feature. When a JWT is verified, the allocation ID
will be checked against the Nomad state store, and non-existent or
terminal allocation IDs will cause the validation to be rejected. This
is sufficient to support the secure variables feature at launch
without requiring implementation of a background process to renew
soon-to-expire tokens.
 2022-07-11 13:34:05 -04:00