kemko/nomad
1
0
Fork 0
mirror of https://github.com/kemko/nomad.git synced 2026-01-01 16:05:42 +03:00
Code Issues Packages Projects Releases Wiki Activity
Files
377674f93e36dff9b2760cd3ea5dfdb01728004b
nomad/nomad
History
Tim Gross 3ef25e5867 ACL: allow workload identities to list/get their own policies (#26772) 
In most RPC endpoints we use the resolved ACL object to determine whether a
given auth token or identity has access to the object of interest to the
RPC. In #15870 we adjusted this across most of the RPCs to handle workload identity.

But in the ACL endpoints that read policies, we can't use the resolved ACL
object and have to go back to the original token and lookup the policies it has
access to. So we need to resolve any workload-associated policies during that
lookup as well.

Fixes: https://github.com/hashicorp/nomad/issues/26764
Ref: https://hashicorp.atlassian.net/browse/NMD-990
Ref: https://github.com/hashicorp/nomad/pull/15870
2025-09-18 09:10:37 -04:00
..
auth
node identity: Allow reconnect after GC of node state object. (#26475)
2025-08-08 16:07:59 +01:00
deploymentwatcher
deployment watcher: refactoring testing (#26284)
2025-07-16 08:46:24 -04:00
drainer
drainer: respect max parallel setting when draining (#26175)
2025-07-02 12:43:45 -07:00
lock
ci: Update golangci-lint to v2 and fix highlighted issues. (#26334)
2025-07-25 10:44:08 +01:00
mock
identity: Base server objects and mild rework of identity implementation to support node identities. (#26052)
2025-06-18 07:43:27 +01:00
reporting
reporting: Update server to accommodate new enterprise reporting. (#24919)
2025-01-24 08:00:07 +00:00
state
eliminate dead Vault-related code from nomad/structs (#26736)
2025-09-09 12:12:57 -04:00
stream
event stream: fix wildcard namespace bypass (#25089)
2025-02-11 11:06:29 -05:00
structs
metrics: reduce heap usage of eval broker metrics (#26737)
2025-09-12 08:29:46 -04:00
volumewatcher
test: Migrate volumewatcher to must and fix racy test. (#26686)
2025-09-03 14:21:10 +01:00
acl_endpoint_test.go
ACL: allow workload identities to list/get their own policies (#26772)
2025-09-18 09:10:37 -04:00
acl_endpoint.go
ACL: allow workload identities to list/get their own policies (#26772)
2025-09-18 09:10:37 -04:00
acl_test.go
keyring in raft (#23977)
2024-09-19 13:56:42 -04:00
acl.go
rpc: Generate node identities with node RPC handlers when needed. (#26165)
2025-07-01 16:07:21 +01:00
alloc_endpoint_test.go
test: waitForKeyring in SignIdentities test (#26051)
2025-06-16 10:17:28 -07:00
alloc_endpoint.go
generic paginator (#25252)
2025-03-03 10:08:50 -05:00
autopilot_ce.go
autopilot: add Enterprise health information to API endpoint (#20153)
2024-03-18 11:38:17 -04:00
autopilot_test.go
autopilot: add Enterprise health information to API endpoint (#20153)
2024-03-18 11:38:17 -04:00
autopilot.go
Upgrade to using hashicorp/go-metrics@v0.5.4 (#24856)
2025-01-31 15:22:00 -05:00
blocked_evals_stats_test.go
Add node_pool to blockedEval metric (#26215)
2025-07-15 09:48:04 -07:00
blocked_evals_stats.go
Add node_pool to blockedEval metric (#26215)
2025-07-15 09:48:04 -07:00
blocked_evals_system.go
Update copyright file headers to BUSL-1.1
2023-08-10 17:27:09 -05:00
blocked_evals_test.go
scheduler: appropriately unblock evals with quotas (#18838)
2023-10-24 11:22:24 -05:00
blocked_evals.go
Add node_pool to blockedEval metric (#26215)
2025-07-15 09:48:04 -07:00
client_agent_endpoint_test.go
test: Deflake client agent endpoint test. (#26563)
2025-08-19 08:57:55 +01:00
client_agent_endpoint.go
Add nomad monitor export command (#26178)
2025-08-01 10:26:59 -07:00
client_alloc_endpoint_test.go
rpc: Generate node identities with node RPC handlers when needed. (#26165)
2025-07-01 16:07:21 +01:00
client_alloc_endpoint.go
Upgrade to using hashicorp/go-metrics@v0.5.4 (#24856)
2025-01-31 15:22:00 -05:00
client_csi_endpoint_test.go
rpc: Generate node identities with node RPC handlers when needed. (#26165)
2025-07-01 16:07:21 +01:00
client_csi_endpoint.go
csi: Correctly sort IDs when listing controller plugin clients. (#26640)
2025-08-28 08:05:58 +01:00
client_fs_endpoint_test.go
tests: fixes a few data races in tests (#25455)
2025-03-20 10:56:17 -07:00
client_fs_endpoint.go
Upgrade to using hashicorp/go-metrics@v0.5.4 (#24856)
2025-01-31 15:22:00 -05:00
client_host_volume_endpoint.go
Upgrade to using hashicorp/go-metrics@v0.5.4 (#24856)
2025-01-31 15:22:00 -05:00
client_identity_endpoint_test.go
client: Add client identity API, CLI, and RPC workflow. (#26543)
2025-08-19 08:25:51 +01:00
client_identity_endpoint.go
client: Add client identity API, CLI, and RPC workflow. (#26543)
2025-08-19 08:25:51 +01:00
client_meta_endpoint_test.go
Update copyright file headers to BUSL-1.1
2023-08-10 17:27:09 -05:00
client_meta_endpoint.go
Upgrade to using hashicorp/go-metrics@v0.5.4 (#24856)
2025-01-31 15:22:00 -05:00
client_rpc_test.go
Update copyright file headers to BUSL-1.1
2023-08-10 17:27:09 -05:00
client_rpc.go
Upgrade go-msgpack to v2 (#20173)
2024-03-21 11:44:23 -07:00
client_stats_endpoint_test.go
rpc: Generate node identities with node RPC handlers when needed. (#26165)
2025-07-01 16:07:21 +01:00
client_stats_endpoint.go
Upgrade to using hashicorp/go-metrics@v0.5.4 (#24856)
2025-01-31 15:22:00 -05:00
config.go
Merge branch 'main' into f-NMD-763-introduction
2025-08-05 08:56:51 +01:00
consul_test.go
consul: Remove legacy token based authentication workflow (#25217)
2025-03-05 15:38:11 -05:00
consul.go
consul: Remove legacy token based authentication workflow (#25217)
2025-03-05 15:38:11 -05:00
core_sched_test.go
CSI: prevent extraneous GC attempts for plugins (#25432)
2025-03-19 09:14:42 -04:00
core_sched.go
scheduler: isolate feasibility (#26031)
2025-06-11 20:11:04 +02:00
csi_endpoint_ce.go
Add CSI Volume Sentinel Policy scaffolding (#26438)
2025-08-07 12:03:18 -07:00
csi_endpoint_test.go
Add CSI Volume Sentinel Policy scaffolding (#26438)
2025-08-07 12:03:18 -07:00
csi_endpoint.go
csi: fix volume registration error (#26642)
2025-08-27 15:00:16 -04:00
deployment_endpoint_test.go
Upgrade go-msgpack to v2 (#20173)
2024-03-21 11:44:23 -07:00
deployment_endpoint.go
generic paginator (#25252)
2025-03-03 10:08:50 -05:00
deployment_watcher_shims.go
Update copyright file headers to BUSL-1.1
2023-08-10 17:27:09 -05:00
drainer_int_test.go
rpc: Generate node identities with node RPC handlers when needed. (#26165)
2025-07-01 16:07:21 +01:00
drainer_shims.go
Update copyright file headers to BUSL-1.1
2023-08-10 17:27:09 -05:00
encrypter_ce.go
lint: Enable and fix SA9004 constant type lint errors. (#26678)
2025-09-03 07:45:29 +01:00
encrypter_test.go
identity: Base server objects and mild rework of identity implementation to support node identities. (#26052)
2025-06-18 07:43:27 +01:00
encrypter.go
lint: Enable and fix SA9004 constant type lint errors. (#26678)
2025-09-03 07:45:29 +01:00
endpoints_ce.go
admin: rename _oss files to _ce (#18209)
2023-08-18 07:47:24 +01:00
eval_broker_test.go
rpc: Generate node identities with node RPC handlers when needed. (#26165)
2025-07-01 16:07:21 +01:00
eval_broker.go
metrics: reduce heap usage of eval broker metrics (#26737)
2025-09-12 08:29:46 -04:00
eval_endpoint_test.go
deps: update to go-set/v3 and refactor to use custom iterators (#23971)
2024-09-16 13:40:10 -05:00
eval_endpoint.go
generic paginator (#25252)
2025-03-03 10:08:50 -05:00
event_endpoint_test.go
event stream: fix wildcard namespace bypass (#25089)
2025-02-11 11:06:29 -05:00
event_endpoint.go
offline license utilization reporting (#25844)
2025-05-14 09:51:13 -04:00
fsm_ce.go
Update nomad operator snapshot inspect with more detail (#20062)
2024-06-06 06:57:10 +01:00
fsm_registry_ce.go
Upgrade go-msgpack to v2 (#20173)
2024-03-21 11:44:23 -07:00
fsm_test.go
identity: Base server objects and mild rework of identity implementation to support node identities. (#26052)
2025-06-18 07:43:27 +01:00
fsm.go
dispatch: write evaluation atomically with dispatch registration (#26710)
2025-09-05 14:53:08 -04:00
heartbeat_test.go
tests: fixes a few data races in tests (#25455)
2025-03-20 10:56:17 -07:00
heartbeat.go
Upgrade to using hashicorp/go-metrics@v0.5.4 (#24856)
2025-01-31 15:22:00 -05:00
host_volume_endpoint_ce.go
dynamic host volumes: move node pool governance to placement filter (CE) (#24867)
2025-01-15 14:04:18 -05:00
host_volume_endpoint_test.go
rpc: Generate node identities with node RPC handlers when needed. (#26165)
2025-07-01 16:07:21 +01:00
host_volume_endpoint.go
scheduler: isolate feasibility (#26031)
2025-06-11 20:11:04 +02:00
job_endpoint_ce_test.go
consul: Remove legacy token based authentication workflow (#25217)
2025-03-05 15:38:11 -05:00
job_endpoint_ce.go
[sentinel] Add existing job to enforceSubmitJob (#18553)
2023-09-21 14:12:51 -04:00
job_endpoint_hook_connect_test.go
consul connect: allow "cni/*" network mode (#26449)
2025-09-04 12:29:50 -04:00
job_endpoint_hook_connect.go
consul connect: allow "cni/*" network mode (#26449)
2025-09-04 12:29:50 -04:00
job_endpoint_hook_consul_ce_test.go
consul: support admin partitions (#19665)
2024-01-10 10:41:29 -05:00
job_endpoint_hook_consul_ce.go
ci: Update golangci-lint to v2 and fix highlighted issues. (#26334)
2025-07-25 10:44:08 +01:00
job_endpoint_hook_consul.go
consul: refactor job mutation hook (#19699)
2024-01-10 16:29:05 -05:00
job_endpoint_hook_expose_check_test.go
consul connect: allow "cni/*" network mode (#26449)
2025-09-04 12:29:50 -04:00
job_endpoint_hook_expose_check.go
consul connect: allow "cni/*" network mode (#26449)
2025-09-04 12:29:50 -04:00
job_endpoint_hook_implicit_identities_test.go
consul: Remove implicit workload identity when task has a template. (#25298)
2025-03-10 13:49:50 +00:00
job_endpoint_hook_implicit_identities.go
consul: Remove implicit workload identity when task has a template. (#25298)
2025-03-10 13:49:50 +00:00
job_endpoint_hook_node_pool_ce.go
admin: rename _oss files to _ce (#18209)
2023-08-18 07:47:24 +01:00
job_endpoint_hook_node_pool.go
Update copyright file headers to BUSL-1.1
2023-08-10 17:27:09 -05:00
job_endpoint_hook_numa_ce_test.go
core: plumbing to support numa aware scheduling (#18681)
2023-10-19 15:09:30 -05:00
job_endpoint_hook_numa_ce.go
core: plumbing to support numa aware scheduling (#18681)
2023-10-19 15:09:30 -05:00
job_endpoint_hook_numa.go
core: plumbing to support numa aware scheduling (#18681)
2023-10-19 15:09:30 -05:00
job_endpoint_hook_sched_ce.go
jobspec: time based task execution (#22201)
2024-05-22 15:40:25 -05:00
job_endpoint_hook_sched.go
jobspec: time based task execution (#22201)
2024-05-22 15:40:25 -05:00
job_endpoint_hook_vault_ce_test.go
vault: Remove legacy token based authentication workflow. (#25155)
2025-02-28 07:40:02 +00:00
job_endpoint_hook_vault_ce.go
ci: Update golangci-lint to v2 and fix highlighted issues. (#26334)
2025-07-25 10:44:08 +01:00
job_endpoint_hook_vault.go
vault: Remove legacy token based authentication workflow. (#25155)
2025-02-28 07:40:02 +00:00
job_endpoint_hooks_test.go
adds implied secrets constraint to job hook (#26328)
2025-09-05 16:08:23 -04:00
job_endpoint_hooks.go
adds implied secrets constraint to job hook (#26328)
2025-09-05 16:08:23 -04:00
job_endpoint_statuses_test.go
job statuses: fix filtering for namespace parameter (#23456)
2024-06-27 16:19:36 -04:00
job_endpoint_statuses.go
generic paginator (#25252)
2025-03-03 10:08:50 -05:00
job_endpoint_test.go
dispatch: write evaluation atomically with dispatch registration (#26710)
2025-09-05 14:53:08 -04:00
job_endpoint_validators_test.go
namespaces: add allowed network modes to capabilities. (#23813)
2024-08-16 09:47:19 -04:00
job_endpoint_validators.go
namespaces: add allowed network modes to capabilities. (#23813)
2024-08-16 09:47:19 -04:00
job_endpoint.go
dispatch: write evaluation atomically with dispatch registration (#26710)
2025-09-05 14:53:08 -04:00
keyring_endpoint_test.go
keyring: warn if removing a key that was used for encrypting variables (#24766)
2025-01-07 10:15:02 +01:00
keyring_endpoint.go
Upgrade to using hashicorp/go-metrics@v0.5.4 (#24856)
2025-01-31 15:22:00 -05:00
leader_ce.go
[f-gh-1106-reporting] Use full cluster metadata for reporting (#18660)
2023-10-05 09:32:54 +02:00
leader_test.go
tests: fixes a few data races in tests (#25455)
2025-03-20 10:56:17 -07:00
leader.go
agent: Fix misaligned contextual k/v logging arguments. (#25629)
2025-04-10 14:40:21 +01:00
license_config_ce.go
admin: rename _oss files to _ce (#18209)
2023-08-18 07:47:24 +01:00
license_config.go
all: swap exp packages for maps, slices (#18311)
2023-08-23 15:42:13 -05:00
locks_test.go
identity: default to RS256 for new workload ids (#18882)
2023-10-31 11:25:20 -07:00
locks.go
agent: Fix misaligned contextual k/v logging arguments. (#25629)
2025-04-10 14:40:21 +01:00
merge.go
Update copyright file headers to BUSL-1.1
2023-08-10 17:27:09 -05:00
namespace_endpoint_test.go
namespace: Avoid potential panic when logging namespace name. (#26565)
2025-08-19 13:51:12 +01:00
namespace_endpoint.go
namespace: Avoid potential panic when logging namespace name. (#26565)
2025-08-19 13:51:12 +01:00
node_endpoint_test.go
node identity: Allow reconnect after GC of node state object. (#26475)
2025-08-08 16:07:59 +01:00
node_endpoint.go
node identity: Allow reconnect after GC of node state object. (#26475)
2025-08-08 16:07:59 +01:00
node_pool_endpoint_ce.go
admin: rename _oss files to _ce (#18209)
2023-08-18 07:47:24 +01:00
node_pool_endpoint_test.go
identity: Base server objects and mild rework of identity implementation to support node identities. (#26052)
2025-06-18 07:43:27 +01:00
node_pool_endpoint.go
identity: Base server objects and mild rework of identity implementation to support node identities. (#26052)
2025-06-18 07:43:27 +01:00
operator_endpoint_test.go
api: make attempting to remove peer by address a no-op (#25599)
2025-04-10 09:19:25 -04:00
operator_endpoint.go
ci: Update golangci-lint to v2 and fix highlighted issues. (#26334)
2025-07-25 10:44:08 +01:00
periodic_endpoint_test.go
Upgrade go-msgpack to v2 (#20173)
2024-03-21 11:44:23 -07:00
periodic_endpoint.go
Upgrade to using hashicorp/go-metrics@v0.5.4 (#24856)
2025-01-31 15:22:00 -05:00
periodic_test.go
test: fix panic from concurrent writes in periodic dispatch test (#24602)
2024-12-04 09:57:38 -05:00
periodic.go
state: enable more reverse sorting (#20410)
2024-04-16 15:10:11 -05:00
plan_apply_ce.go
admin: rename _oss files to _ce (#18209)
2023-08-18 07:47:24 +01:00
plan_apply_node_tracker_test.go
Update copyright file headers to BUSL-1.1
2023-08-10 17:27:09 -05:00
plan_apply_node_tracker.go
Upgrade to using hashicorp/go-metrics@v0.5.4 (#24856)
2025-01-31 15:22:00 -05:00
plan_apply_pool_test.go
Update copyright file headers to BUSL-1.1
2023-08-10 17:27:09 -05:00
plan_apply_pool.go
Update copyright file headers to BUSL-1.1
2023-08-10 17:27:09 -05:00
plan_apply_test.go
state: remove TimeTable and rely on objects' modify times instead (#24112)
2024-11-01 19:38:04 +01:00
plan_apply.go
disconnected: removes deprecated disconnect fields (#25284)
2025-03-05 14:46:02 -05:00
plan_endpoint_test.go
test: wait for keyring for plan apply tests (#24021)
2024-09-20 10:33:40 -04:00
plan_endpoint.go
Upgrade to using hashicorp/go-metrics@v0.5.4 (#24856)
2025-01-31 15:22:00 -05:00
plan_normalization_test.go
Port and AllocatedPortMapping msgpack omitempty (#23980)
2024-09-17 14:21:54 -05:00
plan_queue_test.go
Update copyright file headers to BUSL-1.1
2023-08-10 17:27:09 -05:00
plan_queue.go
Upgrade to using hashicorp/go-metrics@v0.5.4 (#24856)
2025-01-31 15:22:00 -05:00
raft_rpc.go
Update copyright file headers to BUSL-1.1
2023-08-10 17:27:09 -05:00
regions_endpoint_test.go
Upgrade go-msgpack to v2 (#20173)
2024-03-21 11:44:23 -07:00
regions_endpoint.go
Update copyright file headers to BUSL-1.1
2023-08-10 17:27:09 -05:00
rpc_rate_metrics.go
Upgrade to using hashicorp/go-metrics@v0.5.4 (#24856)
2025-01-31 15:22:00 -05:00
rpc_test.go
rpc: Generate node identities with node RPC handlers when needed. (#26165)
2025-07-01 16:07:21 +01:00
rpc.go
rpc: Fix data race in yamux config modification for conn handling. (#25978)
2025-06-05 08:05:46 +01:00
scaling_endpoint_test.go
scaling policy: use request namespace as target if unset in jobspec (#24065)
2024-10-01 11:41:40 -04:00
scaling_endpoint.go
Upgrade to using hashicorp/go-metrics@v0.5.4 (#24856)
2025-01-31 15:22:00 -05:00
search_endpoint_ce.go
admin: rename _oss files to _ce (#18209)
2023-08-18 07:47:24 +01:00
search_endpoint_test.go
dynamic host volumes: Enterprise stubs and refactor API (#24545)
2024-12-19 09:25:54 -05:00
search_endpoint.go
Upgrade to using hashicorp/go-metrics@v0.5.4 (#24856)
2025-01-31 15:22:00 -05:00
serf_test.go
tests: fixes a few data races in tests (#25455)
2025-03-20 10:56:17 -07:00
serf.go
Update copyright file headers to BUSL-1.1
2023-08-10 17:27:09 -05:00
server_setup_ce.go
vault: Remove legacy token based authentication workflow. (#25155)
2025-02-28 07:40:02 +00:00
server_test.go
rpc: Generate node identities with node RPC handlers when needed. (#26165)
2025-07-01 16:07:21 +01:00
server.go
Update UI, code comment, and README links to docs, tutorials (#26429)
2025-08-06 09:40:23 -05:00
service_registration_endpoint_test.go
services: reject node secret for Read/List RPC (#23910)
2024-09-05 13:52:32 -04:00
service_registration_endpoint.go
generic paginator (#25252)
2025-03-03 10:08:50 -05:00
stats_fetcher_test.go
tests: fixes a few data races in tests (#25455)
2025-03-20 10:56:17 -07:00
stats_fetcher.go
Update copyright file headers to BUSL-1.1
2023-08-10 17:27:09 -05:00
status_endpoint_test.go
Upgrade go-msgpack to v2 (#20173)
2024-03-21 11:44:23 -07:00
status_endpoint.go
auth: use ACLsDisabledACL when ACLs are disabled (#18754)
2023-10-16 09:30:24 -04:00
system_endpoint_test.go
state store: fix logic for evaluating job status (#24974)
2025-02-07 15:34:14 -05:00
system_endpoint.go
auth: use ACLsDisabledACL when ACLs are disabled (#18754)
2023-10-16 09:30:24 -04:00
task_group_host_volume_claim_endpoint_test.go
stateful deployments: task group host volume claims API (#25114)
2025-02-25 15:51:59 +01:00
task_group_host_volume_claim_endpoint.go
generic paginator (#25252)
2025-03-03 10:08:50 -05:00
testing_ce.go
admin: rename _oss files to _ce (#18209)
2023-08-18 07:47:24 +01:00
testing.go
test: Remove use of "mitchellh/go-testing-interface" for stdlib. (#25640)
2025-04-14 07:43:49 +01:00
util_test.go
test: use correct parallel test setup func (#18326)
2023-08-25 13:51:36 +01:00
util.go
auth: add client-only ACL (#18730)
2023-10-12 12:21:48 -04:00
variables_endpoint_test.go
deps: remove gofakeit (#25073)
2025-02-10 11:53:05 -05:00
variables_endpoint.go
generic paginator (#25252)
2025-03-03 10:08:50 -05:00
worker_string_schedulerworkerstatus.go
worker_string_workerstatus.go
worker_test.go
rpc: Generate node identities with node RPC handlers when needed. (#26165)
2025-07-01 16:07:21 +01:00
worker.go
ci: Update golangci-lint to v2 and fix highlighted issues. (#26334)
2025-07-25 10:44:08 +01:00