mirror of
https://github.com/kemko/nomad.git
synced 2026-01-03 17:05:43 +03:00
d5f0db8a5e
* taskapi: return Forbidden on bad credentials Prior to this change a "Server error" would be returned when ACLs are enabled which did not match when ACLs are disabled. * e2e: love love love datacenter wildcard default * e2e: skip windows nodes on linux only test The Logfs are a bit weird because they're most useful when converted to Printfs to make debugging the test much faster, but that makes CI noisy. In a perfect world Go would expose how many tests are being run and we could stream output live if there's only 1. For now I left these helpful lines in as basically glorified comments.
99 lines
1.9 KiB
HCL
99 lines
1.9 KiB
HCL
job "api-auth" {
|
|
type = "batch"
|
|
|
|
constraint {
|
|
attribute = "${attr.kernel.name}"
|
|
value = "linux"
|
|
}
|
|
|
|
group "api-auth" {
|
|
|
|
# none task should get a 401 response
|
|
task "none" {
|
|
driver = "docker"
|
|
config {
|
|
image = "curlimages/curl:7.87.0"
|
|
args = [
|
|
"--unix-socket", "${NOMAD_SECRETS_DIR}/api.sock",
|
|
"-v",
|
|
"localhost/v1/agent/health",
|
|
]
|
|
}
|
|
resources {
|
|
cpu = 16
|
|
memory = 32
|
|
disk = 64
|
|
}
|
|
}
|
|
|
|
# bad task should get a 403 response
|
|
task "bad" {
|
|
driver = "docker"
|
|
config {
|
|
image = "curlimages/curl:7.87.0"
|
|
args = [
|
|
"--unix-socket", "${NOMAD_SECRETS_DIR}/api.sock",
|
|
"-H", "X-Nomad-Token: 37297754-3b87-41da-9ac7-d98fd934deed",
|
|
"-v",
|
|
"localhost/v1/agent/health",
|
|
]
|
|
}
|
|
resources {
|
|
cpu = 16
|
|
memory = 32
|
|
disk = 64
|
|
}
|
|
}
|
|
|
|
# docker-wid task should succeed due to using workload identity
|
|
task "docker-wid" {
|
|
driver = "docker"
|
|
|
|
config {
|
|
image = "curlimages/curl:7.87.0"
|
|
args = [
|
|
"--unix-socket", "${NOMAD_SECRETS_DIR}/api.sock",
|
|
"-H", "Authorization: Bearer ${NOMAD_TOKEN}",
|
|
"-v",
|
|
"localhost/v1/agent/health",
|
|
]
|
|
}
|
|
|
|
identity {
|
|
env = true
|
|
}
|
|
|
|
resources {
|
|
cpu = 16
|
|
memory = 32
|
|
disk = 64
|
|
}
|
|
}
|
|
|
|
# exec-wid task should succeed due to using workload identity
|
|
task "exec-wid" {
|
|
driver = "exec"
|
|
|
|
config {
|
|
command = "curl"
|
|
args = [
|
|
"-H", "Authorization: Bearer ${NOMAD_TOKEN}",
|
|
"--unix-socket", "${NOMAD_SECRETS_DIR}/api.sock",
|
|
"-v",
|
|
"localhost/v1/agent/health",
|
|
]
|
|
}
|
|
|
|
identity {
|
|
env = true
|
|
}
|
|
|
|
resources {
|
|
cpu = 16
|
|
memory = 32
|
|
disk = 64
|
|
}
|
|
}
|
|
}
|
|
}
|