Patch 2 #2
Closed
Patch 2 #2
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
…es/api/github.com/stretchr/testify-1.8.0 build(deps): bump github.com/stretchr/testify from 1.7.5 to 1.8.0 in /api
build: update to go1.18.3
This PR adds 2 helper functions to the helpers/bbolt package - Iterate: iterate every key in a bucket. Automatically decodes the msg pack value into the provided value argument. - DeletePrefix: deletes every key in a bucket starting with a given prefix. Manages the wrapper's hash values accordingly. Uses a cursor & sync to operate efficiently.
boltdd: add iterate and prefix deletion helpers
Got an email from Circle about removing the version we are currently using; bump to the latest stable version
…clude namespace (hashicorp#13588) * Job editing and planning handles namespace as part of ID instead of queryParam * Changelog added * Tests updated to reflect new namespace redirects
…p#13045) * core: allow pause/un-pause of eval broker on region leader. * agent: add ability to pause eval broker via scheduler config. * cli: add operator scheduler commands to interact with config. * api: add ability to pause eval broker via scheduler config * e2e: add operator scheduler test for eval broker pause. * docs: include new opertor scheduler CLI and pause eval API info.
ref: kadalu/kadalu#817 Signed-off-by: Leela Venkaiah G <leelavg@thoughtexpo.com>
* core: add eval delete RPC and core functionality. * agent: add eval delete HTTP endpoint. * api: add eval delete API functionality. * cli: add eval delete command. * docs: add eval delete website documentation.
The `operator debug` command doesn't output the leader anywhere in the output, which adds extra burden to offline debugging (away from an ongoing incident where you can simply check manually). Query the `/v1/status/leader` API but degrade gracefully.
…-macos build: bump circleci macos version
Improve how the all namespaces wildcard (`*`) is handled when checking ACL permissions. When using the wildcard namespace the `AllowNsOp` would return false since it looks for a namespace called `*` to match. This commit changes this behavior to return `true` when the queried namespace is `*` and the token allows the operation in _any_ namespace. Actual permission must be checked per object. The helper function `AllowNsOpFunc` returns a function that can be used to make this verification.
api: apply new ACL check for wildcard namespace In hashicorp#13606 the ACL check was refactored to better support the all namespaces wildcard (`*`). This commit applies the changes to the jobs and alloc list endpoints.
This PR fixes a bug where client configuration max_kill_timeout was not being enforced. The feature was introduced in 9f44780 but seems to have been removed during the major drivers refactoring. We can make sure the value is enforced by pluming it through the DriverHandler, which now uses the lesser of the task.killTimeout or client.maxKillTimeout. Also updates Event.SetKillTimeout to require both the task.killTimeout and client.maxKillTimeout so that we don't make the mistake of using the wrong value - as it was being given only the task.killTimeout before.
Whenever a node joins the cluster, either for the first time or after being `down`, we emit a evaluation for every system job to ensure all applicable system jobs are running on the node. This patch adds an optimization to skip creating evaluations for system jobs not in the current node's DC. While the scheduler performs the same feasability check, skipping the creation of the evaluation altogether saves disk, network, and memory.
This PR adds a section to template docs for simple load balancing with nomad servicse.
docs: add docs for simple load balancing nomad services
Co-authored-by: James Rasell <jrasell@hashicorp.com>
Use the same output format when listing multiple evals in the `eval list` command and when `eval status <prefix>` matches more than one eval. Include the eval namespace in all output formats and always include the job ID in `eval status` since, even `node-update` evals are related to a job. Add Node ID to the evals table output to help differentiate `node-update` evals. Co-authored-by: James Rasell <jrasell@hashicorp.com>
…imeout client: enforce max_kill_timeout client configuration
The QEMU driver can take an optional `graceful_shutdown` configuration which will create a Unix socket to send ACPI shutdown signal to the VM. Unix sockets have a hard length limit and the driver implementation assumed that QEMU versions 2.10.1 were able to handle longer paths. This is not correct, the linked QEMU fix only changed the behaviour from silently truncating longer socket paths to throwing an error. By validating the socket path before starting the QEMU machine we can provide users a more actionable and meaningful error message, and by using a shorter socket file name we leave a bit more room for user-defined values in the path, such as the task name. The maximum length allowed is also platform-dependant, so validation needs to be different for each OS.
This PR adds support for settings check.body in checks of services making use of Nomad's service provider.
nsd: add support for setting request body in http checks
…-v1.1.3 deps: update runc to v1.1.3
Bumps [github.com/hashicorp/consul/api](https://github.com/hashicorp/consul) from 1.13.0 to 1.13.1. - [Release notes](https://github.com/hashicorp/consul/releases) - [Changelog](https://github.com/hashicorp/consul/blob/main/CHANGELOG.md) - [Commits](hashicorp/consul@api/v1.13.0...api/v1.13.1) --- updated-dependencies: - dependency-name: github.com/hashicorp/consul/api dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>
- Remove Circle CI badge (pretty much always misleadingly red) - Add MPL license badge - Remove link to deprecated google groups
* Check against all your policies' namespaces' secvars' paths' capabilities to see if you can list vars * Changelog and lintfix * Unit tests for list-vars * Removed unused computed dep * Changelog removed
…ashicorp#14027) * api: use errors.New not fmt.Errorf when error doesn't have format. * semgrep: add rule to catch fmt.Errorf use without formatting.
Bumps [tmpl](https://github.com/daaku/nodejs-tmpl) from 1.0.4 to 1.0.5. - [Release notes](https://github.com/daaku/nodejs-tmpl/releases) - [Commits](https://github.com/daaku/nodejs-tmpl/commits/v1.0.5) --- updated-dependencies: - dependency-name: tmpl dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* refact: allow namespace glob matching * test: namespace glob matching
docs: minor readme tweaks
core: automatically plumb task name into task-level services and checks
Introduces the post publish website event
Signed-off-by: Abirdcfly <fp544037857@gmail.com>
…ashicorp#14048) * refact: add conditional logic to variables.index * refact: add conditional logic to variables.path * refact: update query selectors in assertions
fix minor unreachable code caused by t.Fatal
…es/github.com/hashicorp/consul/api-1.13.1 chore(deps): bump github.com/hashicorp/consul/api from 1.13.0 to 1.13.1
* Changelog and lintfix * Changelog removed * Forbidden state on individual variables * CanRead checked on variable path links * Mirage fixture with lesser secure variables access, temporary fix for * namespaces * Read flow acceptance tests * Unit tests for variable.canRead * lintfix * TODO squashed, thanks Jai * explicitly link mirage fixture vars to jobs via namespace * Typofix; delete to read * Linking the original alloc * Percy snapshots uniquely named * Guarantee that the alloc we depend on has tasks within it * Logging variables * Trying to skip delete * Now without create flow either * Dedicated cluster fixture for testing variables * Disambiguate percy calls
…p#14067) * Fixes a bug for first-time SecVars users on namespaces * Namespace computed dep * Namespace computed dep
* Generate files for 1.3.3 release * Prepare for next release * Merge release 1.3.3 files Co-authored-by: hc-github-team-nomad-core <github-team-nomad-core@hashicorp.com>
docker and podman don't suck 🤣
|
I'm going to lock this pull request because it has been closed for 120 days ⏳. This helps our maintainers find and focus on the active contributions. |
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
No description provided.