kemko/nomad
1
0
Fork 0
mirror of https://github.com/kemko/nomad.git synced 2026-01-01 16:05:42 +03:00
Code Issues Packages Projects Releases Wiki Activity
Files
2f2a9eb4cec8c2596b1438cccebb2ce7cbaaf747
nomad/nomad
History
James Rasell e6a04e06d1 acl: Check for duplicate or invalid keys when writing new policies (#26836) 
ACL policies are parsed when creating, updating, or compiling the
resulting ACL object when used. This parsing was silently ignoring
duplicate singleton keys, or invalid keys which does not grant any
additional access, but is a poor UX and can be unexpected.

This change parses all new policy writes and updates, so that
duplicate or invalid keys return an error to the caller. This is
called strict parsing. In order to correctly handle upgrades of
clusters which have existing policies that would fall foul of the
change, a lenient parsing mode is also available. This allows
the policy to continue to be parsed and compiled after an upgrade
without the need for an operator to correct the policy document
prior to further use.

Co-authored-by: Tim Gross <tgross@hashicorp.com>
2025-09-30 08:16:59 +01:00
..
auth
node identity: Allow reconnect after GC of node state object. (#26475)
2025-08-08 16:07:59 +01:00
deploymentwatcher
deployment watcher: refactoring testing (#26284)
2025-07-16 08:46:24 -04:00
drainer
drainer: respect max parallel setting when draining (#26175)
2025-07-02 12:43:45 -07:00
lock
ci: Update golangci-lint to v2 and fix highlighted issues. (#26334)
2025-07-25 10:44:08 +01:00
mock
node pool: Allow specifying node identity ttl in HCL or JSON spec. (#26825)
2025-09-24 14:20:34 +01:00
reporting
reporting: Update server to accommodate new enterprise reporting. (#24919)
2025-01-24 08:00:07 +00:00
state
CSI: ensure only client-terminal allocs are treated as past claims (#26831)
2025-09-25 09:24:53 -04:00
stream
event stream: fix wildcard namespace bypass (#25089)
2025-02-11 11:06:29 -05:00
structs
acl: Check for duplicate or invalid keys when writing new policies (#26836)
2025-09-30 08:16:59 +01:00
volumewatcher
CSI: ensure only client-terminal allocs are treated as past claims (#26831)
2025-09-25 09:24:53 -04:00
acl_endpoint_test.go
ACL: allow workload identities to list/get their own policies (#26772)
2025-09-18 09:10:37 -04:00
acl_endpoint.go
acl: Check for duplicate or invalid keys when writing new policies (#26836)
2025-09-30 08:16:59 +01:00
acl_test.go
keyring in raft (#23977)
2024-09-19 13:56:42 -04:00
acl.go
rpc: Generate node identities with node RPC handlers when needed. (#26165)
2025-07-01 16:07:21 +01:00
alloc_endpoint_test.go
test: waitForKeyring in SignIdentities test (#26051)
2025-06-16 10:17:28 -07:00
alloc_endpoint.go
generic paginator (#25252)
2025-03-03 10:08:50 -05:00
autopilot_ce.go
autopilot: add Enterprise health information to API endpoint (#20153)
2024-03-18 11:38:17 -04:00
autopilot_test.go
autopilot: add Enterprise health information to API endpoint (#20153)
2024-03-18 11:38:17 -04:00
autopilot.go
Upgrade to using hashicorp/go-metrics@v0.5.4 (#24856)
2025-01-31 15:22:00 -05:00
blocked_evals_stats_test.go
Add node_pool to blockedEval metric (#26215)
2025-07-15 09:48:04 -07:00
blocked_evals_stats.go
Add node_pool to blockedEval metric (#26215)
2025-07-15 09:48:04 -07:00
blocked_evals_system.go
Update copyright file headers to BUSL-1.1
2023-08-10 17:27:09 -05:00
blocked_evals_test.go
scheduler: appropriately unblock evals with quotas (#18838)
2023-10-24 11:22:24 -05:00
blocked_evals.go
Add node_pool to blockedEval metric (#26215)
2025-07-15 09:48:04 -07:00
client_agent_endpoint_test.go
test: Deflake client agent endpoint test. (#26563)
2025-08-19 08:57:55 +01:00
client_agent_endpoint.go
Add nomad monitor export command (#26178)
2025-08-01 10:26:59 -07:00
client_alloc_endpoint_test.go
rpc: Generate node identities with node RPC handlers when needed. (#26165)
2025-07-01 16:07:21 +01:00
client_alloc_endpoint.go
Upgrade to using hashicorp/go-metrics@v0.5.4 (#24856)
2025-01-31 15:22:00 -05:00
client_csi_endpoint_test.go
rpc: Generate node identities with node RPC handlers when needed. (#26165)
2025-07-01 16:07:21 +01:00
client_csi_endpoint.go
csi: Correctly sort IDs when listing controller plugin clients. (#26640)
2025-08-28 08:05:58 +01:00
client_fs_endpoint_test.go
tests: fixes a few data races in tests (#25455)
2025-03-20 10:56:17 -07:00
client_fs_endpoint.go
Upgrade to using hashicorp/go-metrics@v0.5.4 (#24856)
2025-01-31 15:22:00 -05:00
client_host_volume_endpoint.go
Upgrade to using hashicorp/go-metrics@v0.5.4 (#24856)
2025-01-31 15:22:00 -05:00
client_identity_endpoint_test.go
client: Add client identity API, CLI, and RPC workflow. (#26543)
2025-08-19 08:25:51 +01:00
client_identity_endpoint.go
client: Add client identity API, CLI, and RPC workflow. (#26543)
2025-08-19 08:25:51 +01:00
client_meta_endpoint_test.go
Update copyright file headers to BUSL-1.1
2023-08-10 17:27:09 -05:00
client_meta_endpoint.go
Upgrade to using hashicorp/go-metrics@v0.5.4 (#24856)
2025-01-31 15:22:00 -05:00
client_rpc_test.go
Update copyright file headers to BUSL-1.1
2023-08-10 17:27:09 -05:00
client_rpc.go
Upgrade go-msgpack to v2 (#20173)
2024-03-21 11:44:23 -07:00
client_stats_endpoint_test.go
rpc: Generate node identities with node RPC handlers when needed. (#26165)
2025-07-01 16:07:21 +01:00
client_stats_endpoint.go
Upgrade to using hashicorp/go-metrics@v0.5.4 (#24856)
2025-01-31 15:22:00 -05:00
config.go
Merge branch 'main' into f-NMD-763-introduction
2025-08-05 08:56:51 +01:00
consul_test.go
consul: Remove legacy token based authentication workflow (#25217)
2025-03-05 15:38:11 -05:00
consul.go
consul: Remove legacy token based authentication workflow (#25217)
2025-03-05 15:38:11 -05:00
core_sched_test.go
CSI: prevent extraneous GC attempts for plugins (#25432)
2025-03-19 09:14:42 -04:00
core_sched.go
scheduler: isolate feasibility (#26031)
2025-06-11 20:11:04 +02:00
csi_endpoint_ce.go
Add CSI Volume Sentinel Policy scaffolding (#26438)
2025-08-07 12:03:18 -07:00
csi_endpoint_test.go
Add CSI Volume Sentinel Policy scaffolding (#26438)
2025-08-07 12:03:18 -07:00
csi_endpoint.go
csi: fix volume registration error (#26642)
2025-08-27 15:00:16 -04:00
deployment_endpoint_test.go
Upgrade go-msgpack to v2 (#20173)
2024-03-21 11:44:23 -07:00
deployment_endpoint.go
generic paginator (#25252)
2025-03-03 10:08:50 -05:00
deployment_watcher_shims.go
Update copyright file headers to BUSL-1.1
2023-08-10 17:27:09 -05:00
drainer_int_test.go
rpc: Generate node identities with node RPC handlers when needed. (#26165)
2025-07-01 16:07:21 +01:00
drainer_shims.go
Update copyright file headers to BUSL-1.1
2023-08-10 17:27:09 -05:00
encrypter_ce.go
lint: Enable and fix SA9004 constant type lint errors. (#26678)
2025-09-03 07:45:29 +01:00
encrypter_test.go
identity: Base server objects and mild rework of identity implementation to support node identities. (#26052)
2025-06-18 07:43:27 +01:00
encrypter.go
lint: Enable and fix SA9004 constant type lint errors. (#26678)
2025-09-03 07:45:29 +01:00
endpoints_ce.go
admin: rename _oss files to _ce (#18209)
2023-08-18 07:47:24 +01:00
eval_broker_test.go
rpc: Generate node identities with node RPC handlers when needed. (#26165)
2025-07-01 16:07:21 +01:00
eval_broker.go
metrics: reduce heap usage of eval broker metrics (#26737)
2025-09-12 08:29:46 -04:00
eval_endpoint_test.go
deps: update to go-set/v3 and refactor to use custom iterators (#23971)
2024-09-16 13:40:10 -05:00
eval_endpoint.go
generic paginator (#25252)
2025-03-03 10:08:50 -05:00
event_endpoint_test.go
acl: Check for duplicate or invalid keys when writing new policies (#26836)
2025-09-30 08:16:59 +01:00
event_endpoint.go
offline license utilization reporting (#25844)
2025-05-14 09:51:13 -04:00
fsm_ce.go
Update nomad operator snapshot inspect with more detail (#20062)
2024-06-06 06:57:10 +01:00
fsm_registry_ce.go
Upgrade go-msgpack to v2 (#20173)
2024-03-21 11:44:23 -07:00
fsm_test.go
identity: Base server objects and mild rework of identity implementation to support node identities. (#26052)
2025-06-18 07:43:27 +01:00
fsm.go
dispatch: write evaluation atomically with dispatch registration (#26710)
2025-09-05 14:53:08 -04:00
heartbeat_test.go
tests: fixes a few data races in tests (#25455)
2025-03-20 10:56:17 -07:00
heartbeat.go
Upgrade to using hashicorp/go-metrics@v0.5.4 (#24856)
2025-01-31 15:22:00 -05:00
host_volume_endpoint_ce.go
dynamic host volumes: move node pool governance to placement filter (CE) (#24867)
2025-01-15 14:04:18 -05:00
host_volume_endpoint_test.go
rpc: Generate node identities with node RPC handlers when needed. (#26165)
2025-07-01 16:07:21 +01:00
host_volume_endpoint.go
scheduler: isolate feasibility (#26031)
2025-06-11 20:11:04 +02:00
job_endpoint_ce_test.go
consul: Remove legacy token based authentication workflow (#25217)
2025-03-05 15:38:11 -05:00
job_endpoint_ce.go
[sentinel] Add existing job to enforceSubmitJob (#18553)
2023-09-21 14:12:51 -04:00
job_endpoint_hook_connect_test.go
consul connect: allow "cni/*" network mode (#26449)
2025-09-04 12:29:50 -04:00
job_endpoint_hook_connect.go
consul connect: allow "cni/*" network mode (#26449)
2025-09-04 12:29:50 -04:00
job_endpoint_hook_consul_ce_test.go
consul: support admin partitions (#19665)
2024-01-10 10:41:29 -05:00
job_endpoint_hook_consul_ce.go
ci: Update golangci-lint to v2 and fix highlighted issues. (#26334)
2025-07-25 10:44:08 +01:00
job_endpoint_hook_consul.go
consul: refactor job mutation hook (#19699)
2024-01-10 16:29:05 -05:00
job_endpoint_hook_expose_check_test.go
consul connect: allow "cni/*" network mode (#26449)
2025-09-04 12:29:50 -04:00
job_endpoint_hook_expose_check.go
consul connect: allow "cni/*" network mode (#26449)
2025-09-04 12:29:50 -04:00
job_endpoint_hook_implicit_identities_test.go
consul: Remove implicit workload identity when task has a template. (#25298)
2025-03-10 13:49:50 +00:00
job_endpoint_hook_implicit_identities.go
consul: Remove implicit workload identity when task has a template. (#25298)
2025-03-10 13:49:50 +00:00
job_endpoint_hook_node_pool_ce.go
admin: rename _oss files to _ce (#18209)
2023-08-18 07:47:24 +01:00
job_endpoint_hook_node_pool.go
Update copyright file headers to BUSL-1.1
2023-08-10 17:27:09 -05:00
job_endpoint_hook_numa_ce_test.go
core: plumbing to support numa aware scheduling (#18681)
2023-10-19 15:09:30 -05:00
job_endpoint_hook_numa_ce.go
core: plumbing to support numa aware scheduling (#18681)
2023-10-19 15:09:30 -05:00
job_endpoint_hook_numa.go
core: plumbing to support numa aware scheduling (#18681)
2023-10-19 15:09:30 -05:00
job_endpoint_hook_sched_ce.go
jobspec: time based task execution (#22201)
2024-05-22 15:40:25 -05:00
job_endpoint_hook_sched.go
jobspec: time based task execution (#22201)
2024-05-22 15:40:25 -05:00
job_endpoint_hook_vault_ce_test.go
vault: Remove legacy token based authentication workflow. (#25155)
2025-02-28 07:40:02 +00:00
job_endpoint_hook_vault_ce.go
ci: Update golangci-lint to v2 and fix highlighted issues. (#26334)
2025-07-25 10:44:08 +01:00
job_endpoint_hook_vault.go
vault: Remove legacy token based authentication workflow. (#25155)
2025-02-28 07:40:02 +00:00
job_endpoint_hooks_test.go
adds implied secrets constraint to job hook (#26328)
2025-09-05 16:08:23 -04:00
job_endpoint_hooks.go
adds implied secrets constraint to job hook (#26328)
2025-09-05 16:08:23 -04:00
job_endpoint_statuses_test.go
job statuses: fix filtering for namespace parameter (#23456)
2024-06-27 16:19:36 -04:00
job_endpoint_statuses.go
generic paginator (#25252)
2025-03-03 10:08:50 -05:00
job_endpoint_test.go
dispatch: write evaluation atomically with dispatch registration (#26710)
2025-09-05 14:53:08 -04:00
job_endpoint_validators_test.go
namespaces: add allowed network modes to capabilities. (#23813)
2024-08-16 09:47:19 -04:00
job_endpoint_validators.go
namespaces: add allowed network modes to capabilities. (#23813)
2024-08-16 09:47:19 -04:00
job_endpoint.go
dispatch: write evaluation atomically with dispatch registration (#26710)
2025-09-05 14:53:08 -04:00
keyring_endpoint_test.go
keyring: warn if removing a key that was used for encrypting variables (#24766)
2025-01-07 10:15:02 +01:00
keyring_endpoint.go
Upgrade to using hashicorp/go-metrics@v0.5.4 (#24856)
2025-01-31 15:22:00 -05:00
leader_ce.go
[f-gh-1106-reporting] Use full cluster metadata for reporting (#18660)
2023-10-05 09:32:54 +02:00
leader_test.go
tests: fixes a few data races in tests (#25455)
2025-03-20 10:56:17 -07:00
leader.go
server: Gate node identity generation on server min version. (#26847)
2025-09-29 15:17:00 +01:00
license_config_ce.go
admin: rename _oss files to _ce (#18209)
2023-08-18 07:47:24 +01:00
license_config.go
all: swap exp packages for maps, slices (#18311)
2023-08-23 15:42:13 -05:00
locks_test.go
identity: default to RS256 for new workload ids (#18882)
2023-10-31 11:25:20 -07:00
locks.go
agent: Fix misaligned contextual k/v logging arguments. (#25629)
2025-04-10 14:40:21 +01:00
merge.go
Update copyright file headers to BUSL-1.1
2023-08-10 17:27:09 -05:00
namespace_endpoint_test.go
namespace: Avoid potential panic when logging namespace name. (#26565)
2025-08-19 13:51:12 +01:00
namespace_endpoint.go
namespace: Avoid potential panic when logging namespace name. (#26565)
2025-08-19 13:51:12 +01:00
node_endpoint_test.go
server: Only generate identities for nodes that meet min version. (#26842)
2025-09-26 14:38:39 +01:00
node_endpoint.go
server: Gate node identity generation on server min version. (#26847)
2025-09-29 15:17:00 +01:00
node_pool_endpoint_ce.go
admin: rename _oss files to _ce (#18209)
2023-08-18 07:47:24 +01:00
node_pool_endpoint_test.go
identity: Base server objects and mild rework of identity implementation to support node identities. (#26052)
2025-06-18 07:43:27 +01:00
node_pool_endpoint.go
identity: Base server objects and mild rework of identity implementation to support node identities. (#26052)
2025-06-18 07:43:27 +01:00
operator_endpoint_test.go
api: make attempting to remove peer by address a no-op (#25599)
2025-04-10 09:19:25 -04:00
operator_endpoint.go
ci: Update golangci-lint to v2 and fix highlighted issues. (#26334)
2025-07-25 10:44:08 +01:00
periodic_endpoint_test.go
Upgrade go-msgpack to v2 (#20173)
2024-03-21 11:44:23 -07:00
periodic_endpoint.go
Upgrade to using hashicorp/go-metrics@v0.5.4 (#24856)
2025-01-31 15:22:00 -05:00
periodic_test.go
test: fix panic from concurrent writes in periodic dispatch test (#24602)
2024-12-04 09:57:38 -05:00
periodic.go
state: enable more reverse sorting (#20410)
2024-04-16 15:10:11 -05:00
plan_apply_ce.go
admin: rename _oss files to _ce (#18209)
2023-08-18 07:47:24 +01:00
plan_apply_node_tracker_test.go
Update copyright file headers to BUSL-1.1
2023-08-10 17:27:09 -05:00
plan_apply_node_tracker.go
Upgrade to using hashicorp/go-metrics@v0.5.4 (#24856)
2025-01-31 15:22:00 -05:00
plan_apply_pool_test.go
Update copyright file headers to BUSL-1.1
2023-08-10 17:27:09 -05:00
plan_apply_pool.go
Update copyright file headers to BUSL-1.1
2023-08-10 17:27:09 -05:00
plan_apply_test.go
state: remove TimeTable and rely on objects' modify times instead (#24112)
2024-11-01 19:38:04 +01:00
plan_apply.go
disconnected: removes deprecated disconnect fields (#25284)
2025-03-05 14:46:02 -05:00
plan_endpoint_test.go
test: wait for keyring for plan apply tests (#24021)
2024-09-20 10:33:40 -04:00
plan_endpoint.go
Upgrade to using hashicorp/go-metrics@v0.5.4 (#24856)
2025-01-31 15:22:00 -05:00
plan_normalization_test.go
Port and AllocatedPortMapping msgpack omitempty (#23980)
2024-09-17 14:21:54 -05:00
plan_queue_test.go
Update copyright file headers to BUSL-1.1
2023-08-10 17:27:09 -05:00
plan_queue.go
Upgrade to using hashicorp/go-metrics@v0.5.4 (#24856)
2025-01-31 15:22:00 -05:00
raft_rpc.go
Update copyright file headers to BUSL-1.1
2023-08-10 17:27:09 -05:00
regions_endpoint_test.go
Upgrade go-msgpack to v2 (#20173)
2024-03-21 11:44:23 -07:00
regions_endpoint.go
Update copyright file headers to BUSL-1.1
2023-08-10 17:27:09 -05:00
rpc_rate_metrics.go
Upgrade to using hashicorp/go-metrics@v0.5.4 (#24856)
2025-01-31 15:22:00 -05:00
rpc_test.go
rpc: Generate node identities with node RPC handlers when needed. (#26165)
2025-07-01 16:07:21 +01:00
rpc.go
rpc: Fix data race in yamux config modification for conn handling. (#25978)
2025-06-05 08:05:46 +01:00
scaling_endpoint_test.go
scaling policy: use request namespace as target if unset in jobspec (#24065)
2024-10-01 11:41:40 -04:00
scaling_endpoint.go
Upgrade to using hashicorp/go-metrics@v0.5.4 (#24856)
2025-01-31 15:22:00 -05:00
search_endpoint_ce.go
admin: rename _oss files to _ce (#18209)
2023-08-18 07:47:24 +01:00
search_endpoint_test.go
dynamic host volumes: Enterprise stubs and refactor API (#24545)
2024-12-19 09:25:54 -05:00
search_endpoint.go
Upgrade to using hashicorp/go-metrics@v0.5.4 (#24856)
2025-01-31 15:22:00 -05:00
serf_test.go
tests: fixes a few data races in tests (#25455)
2025-03-20 10:56:17 -07:00
serf.go
Update copyright file headers to BUSL-1.1
2023-08-10 17:27:09 -05:00
server_setup_ce.go
vault: Remove legacy token based authentication workflow. (#25155)
2025-02-28 07:40:02 +00:00
server_test.go
rpc: Generate node identities with node RPC handlers when needed. (#26165)
2025-07-01 16:07:21 +01:00
server.go
Update UI, code comment, and README links to docs, tutorials (#26429)
2025-08-06 09:40:23 -05:00
service_registration_endpoint_test.go
services: reject node secret for Read/List RPC (#23910)
2024-09-05 13:52:32 -04:00
service_registration_endpoint.go
generic paginator (#25252)
2025-03-03 10:08:50 -05:00
stats_fetcher_test.go
tests: fixes a few data races in tests (#25455)
2025-03-20 10:56:17 -07:00
stats_fetcher.go
Update copyright file headers to BUSL-1.1
2023-08-10 17:27:09 -05:00
status_endpoint_test.go
Upgrade go-msgpack to v2 (#20173)
2024-03-21 11:44:23 -07:00
status_endpoint.go
auth: use ACLsDisabledACL when ACLs are disabled (#18754)
2023-10-16 09:30:24 -04:00
system_endpoint_test.go
state store: fix logic for evaluating job status (#24974)
2025-02-07 15:34:14 -05:00
system_endpoint.go
auth: use ACLsDisabledACL when ACLs are disabled (#18754)
2023-10-16 09:30:24 -04:00
task_group_host_volume_claim_endpoint_test.go
stateful deployments: task group host volume claims API (#25114)
2025-02-25 15:51:59 +01:00
task_group_host_volume_claim_endpoint.go
generic paginator (#25252)
2025-03-03 10:08:50 -05:00
testing_ce.go
admin: rename _oss files to _ce (#18209)
2023-08-18 07:47:24 +01:00
testing.go
test: Remove use of "mitchellh/go-testing-interface" for stdlib. (#25640)
2025-04-14 07:43:49 +01:00
util_test.go
test: use correct parallel test setup func (#18326)
2023-08-25 13:51:36 +01:00
util.go
auth: add client-only ACL (#18730)
2023-10-12 12:21:48 -04:00
variables_endpoint_test.go
deps: remove gofakeit (#25073)
2025-02-10 11:53:05 -05:00
variables_endpoint.go
generic paginator (#25252)
2025-03-03 10:08:50 -05:00
worker_string_schedulerworkerstatus.go
Make number of scheduler workers reloadable (#11593)
2022-01-06 11:56:13 -05:00
worker_string_workerstatus.go
Make number of scheduler workers reloadable (#11593)
2022-01-06 11:56:13 -05:00
worker_test.go
rpc: Generate node identities with node RPC handlers when needed. (#26165)
2025-07-01 16:07:21 +01:00
worker.go
ci: Update golangci-lint to v2 and fix highlighted issues. (#26334)
2025-07-25 10:44:08 +01:00