kemko/nomad
1
0
Fork 0
mirror of https://github.com/kemko/nomad.git synced 2026-01-01 16:05:42 +03:00
Code Issues Packages Projects Releases Wiki Activity
Files
9c2ecbf1d3297216ff0f448f7b60550aca726f2b
nomad/ci/test-core.json
Tim Gross 9c2ecbf1d3 auth: refactor Authenticate into its own package (#18703) 
The RPC handlers expect to see `nil` ACL objects whenever ACLs are disabled. By
using `nil` as a sentinel value, we have the risk of nil pointer exceptions and
improper handling of `nil` when returned from our various auth methods that can
lead to privilege escalation bugs.

This patchset is the first in a series to eliminate the use of `nil` ACLs as a
sentinel value for when ACLs are disabled. This one is entirely refactoring to
reduce the burden of reviewing the final patchsets that have the functional
changes:

* Move RPC auth into a new `nomad/auth` package, injecting the dependencies
  required from the server. Expose only those public methods on `nomad/auth`
  that are intended for use in the RPC handlers.
* Keep the existing large authentication test as an integration test.
* Add unit tests covering the methods of `nomad/auth` we intend on keeping. The
  assertions for many of these will change once we have no `nil` sentinels and
  can make safe assertions about permissions on the resulting `ACL` objects.
2023-10-10 11:01:24 -04:00

51 lines
1.1 KiB
JSON
Raw Blame History

{
"nomad": ["nomad"],
"client": [
"client",
"client/allocrunner/..."
],
"command": ["command"],
"drivers": ["drivers/..."],
"quick": [
"acl/...",
"client/allocdir/...",
"client/allochealth/...",
"client/allocwatcher/...",
"client/config/...",
"client/consul/...",
"client/devicemanager/...",
"client/dynamicplugins/...",
"client/fingerprint/...",
"client/interfaces/...",
"client/lib/...",
"client/logmon/...",
"client/pluginmanager/...",
"client/servers/...",
"client/serviceregistration/...",
"client/state/...",
"client/hoststats/...",
"client/structs/...",
"client/taskenv/...",
"client/widmgr/...",
"command/agent/...",
"command/raft_tools/...",
"command/ui/...",
"helper/...",
"internal/...",
"jobspec/...",
"lib/...",
"nomad/auth/...",
"nomad/deploymentwatcher/...",
"nomad/drainer/...",
"nomad/reporting/...",
"nomad/lock/...",
"nomad/state/...",
"nomad/stream/...",
"nomad/structs/...",
"nomad/volumewatcher/...",
"plugins/...",
"scheduler/...",
"testutil/..."
]
}
Reference in New Issue View Git Blame Copy Permalink