This project is mirrored from https://gitee.com/mirrors/nomad.git.
Pull mirroring failed .
Repository mirroring has been paused due to too many failed attempts. It can be resumed by a project maintainer.
Repository mirroring has been paused due to too many failed attempts. It can be resumed by a project maintainer.
- 25 May, 2022 32 commits
-
-
Charlie Voiselle authored
-
Charlie Voiselle authored
-
Charlie Voiselle authored
- remove unneeded ctx - remove mixed authentication - simplify acl checking, add stub checks, add FIXME comments - fix comments
-
Charlie Voiselle authored
-
Charlie Voiselle authored
-
Charlie Voiselle authored
-
Charlie Voiselle authored
Co-authored-by:
Tim Gross <tgross@hashicorp.com>
-
Charlie Voiselle authored
-
Charlie Voiselle authored
-
Charlie Voiselle authored
-
Charlie Voiselle authored
-
Charlie Voiselle authored
-
Charlie Voiselle authored
-
Charlie Voiselle authored
-
Charlie Voiselle authored
-
Charlie Voiselle authored
-
Tim Gross authored
This changeset implements the keystore serialization/deserialization: * Adds a JSON serialization extension for the `RootKey` struct, along with a metadata stub. When we serialize RootKey to the on-disk keystore, we want to base64 encode the key material but also exclude any frequently-changing fields which are stored in raft. * Implements methods for loading/saving keys to the keystore. * Implements methods for restoring the whole keystore from disk. * Wires it all up with the `Keyring` RPC handlers and fixes up any fallout on tests.
-
Tim Gross authored
-
Tim Gross authored
Implement the upsert, list, delete, and rotate RPC handlers for the secure variables keyring. Operations on the keyring itself are still stubbed out.
-
Tim Gross authored
Implement the basic upsert, list, and delete operations for `RootKeyMeta` needed by the Keyring RPCs. This changeset also implements two convenience methods `RootKeyMetaByID` and `GetActiveRootKeyMeta` which are useful for testing but also will be needed to implement the rest of the RPCs.
-
Phil Renaud authored
* Route init * Bones of a mirage-mocked secure variables policy * Functinoing policy for list vars * Delog and transition on route * Basic guard test * Page guard tests for secure variables * Cleanup and unit tests for variables ability * Linter cleanup * Set expectations for test assertions * PR feedback addressed * Read label changed to View per suggestion
-
Charlie Voiselle authored
* Add SecureVariable mock * Add SecureVariableStub * Add SecureVariable Copy and Stub funcs
-
Tim Gross authored
Implement the core SecureVariable and RootKey structs in memdb, provide the minimal skeleton for FSM, and a dummy storage and keyring RPC endpoint.
-
Seth Hoenig authored
build: update golang version to 1.18.2
-
Seth Hoenig authored
-
Seth Hoenig authored
This PR update to Go 1.18.2. Also update the versions of hclfmt and go-hclogfmt which includes newer dependencies necessary for dealing with go1.18. The hcl v2 branch is now 'nomad-v2.9.1+tweaks2', to include a fix for newer macOS versions: https://github.com/hashicorp/hcl/commit/8927e75e82c19370aabaf06b7dca91c2c9e73e3c
-
Luiz Aoqui authored
Merge release 1.3.1 branch
-
Seth Hoenig authored
tests: minor fixes for some docker tests
-
Seth Hoenig authored
-
Seth Hoenig authored
-
Seth Hoenig authored
ci: switch to 22.04 for GHA Core CI tests
-
Seth Hoenig authored
-
- 24 May, 2022 8 commits
-
-
Seth Hoenig authored
core: fix blocked eval math
-
Luiz Aoqui authored
-
hc-github-team-nomad-core authored
-
hc-github-team-nomad-core authored
-
Luiz Aoqui authored
-
Michael Schurter authored
Fix numerous go-getter security issues: - Add timeouts to http, git, and hg operations to prevent DoS - Add size limit to http to prevent resource exhaustion - Disable following symlinks in both artifacts and `job run` - Stop performing initial HEAD request to avoid file corruption on retries and DoS opportunities. **Approach** Since Nomad has no ability to differentiate a DoS-via-large-artifact vs a legitimate workload, all of the new limits are configurable at the client agent level. The max size of HTTP downloads is also exposed as a node attribute so that if some workloads have large artifacts they can specify a high limit in their jobspecs. In the future all of this plumbing could be extended to enable/disable specific getters or artifact downloading entirely on a per-node basis.
-
Luiz Aoqui authored
In the original test, the eval generator would use a random value for the job ID, resulting in an unxercised code path for duplicate blocked evals.
-
Seth Hoenig authored
drivers/docker: do not set cgroup parent in v1 mode
-