kemko/nomad
1
0
Fork 0
mirror of https://github.com/kemko/nomad.git synced 2026-01-01 16:05:42 +03:00
Code Issues Packages Projects Releases Wiki Activity
Files
9c2ecbf1d3297216ff0f448f7b60550aca726f2b
nomad/ci
History
Tim Gross 9c2ecbf1d3 auth: refactor Authenticate into its own package (#18703) 
The RPC handlers expect to see `nil` ACL objects whenever ACLs are disabled. By
using `nil` as a sentinel value, we have the risk of nil pointer exceptions and
improper handling of `nil` when returned from our various auth methods that can
lead to privilege escalation bugs.

This patchset is the first in a series to eliminate the use of `nil` ACLs as a
sentinel value for when ACLs are disabled. This one is entirely refactoring to
reduce the burden of reviewing the final patchsets that have the functional
changes:

* Move RPC auth into a new `nomad/auth` package, injecting the dependencies
  required from the server. Expose only those public methods on `nomad/auth`
  that are intended for use in the RPC handlers.
* Keep the existing large authentication test as an integration test.
* Add unit tests covering the methods of `nomad/auth` we intend on keeping. The
  assertions for many of these will change once we have no `nil` sentinels and
  can make safe assertions about permissions on the resulting `ACL` objects.
2023-10-10 11:01:24 -04:00
..
ports.go
Update copyright file headers to BUSL-1.1
2023-08-10 17:27:29 -05:00
README.md
ci: use groups of tests in gha (#15018)
2022-10-27 09:02:58 -05:00
skip_non_root.go
Update copyright file headers to BUSL-1.1
2023-08-10 17:27:29 -05:00
slow.go
Update copyright file headers to BUSL-1.1
2023-08-10 17:27:29 -05:00
test-core.json
auth: refactor Authenticate into its own package (#18703)
2023-10-10 11:01:24 -04:00

README.md

CI (unit testing)

This README describes how the Core CI Tests Github Actions works, which provides Nomad with continuous integration unit testing.

Steps

  1. When a branch is pushed, GHA triggers .github/workflows/test-core.yaml.

  2. The first job is mods which creates a pre-cache of Go modules.

  • Only useful for the followup jobs on Linux runners
  • Is keyed on hash(go.sum), so a cache is re-used until deps are modified.
  1. The checks, test-api, test-* jobs are started.
  • The checks job runs make check
  • The test job runs groups of tests, see below

3i. The check step also runs make missing

  • Invokes tools/missing to scan ci/test-cores.json && nomad source.
  • Fails the build if any packages in Nomad are not covered.

4a. The test-* jobs are run.

  • Configured as a matrix of "groups"; each group is a set of packages.
  • The GHA invokes test-nomad with $GOTEST_GROUP for each group.
  • The makefile uses tools/missing to translate the group into packages
  • Package groups are configured in ci/test-core.json

4b. The test-api job is run.

  • Because api is a submodule, invokation of test command is special.
  • The GHA invokes test-nomad-module with the name of the submodule.
  1. The compile jobs are run
  • Waits on checks to complete first
  • Runs on each of linux, macos, windows
Reference in New Issue View Git Blame Copy Permalink