Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

api: apply new ACL check for wildcard namespace #13608

Merged
merged 2 commits into from
Jul 6, 2022
Merged

api: apply new ACL check for wildcard namespace #13608

merged 2 commits into from
Jul 6, 2022

Conversation

lgfa29
Copy link
Contributor

@lgfa29 lgfa29 commented Jul 6, 2022

In #13606 the ACL check was refactored to better support the all
namespaces wildcard (*). This commit applies the changes to the jobs
and alloc list endpoints.

lgfa29
lgfa29 commented Jul 6, 2022
View reviewed changes
nomad/alloc_endpoint_test.go
Comment on lines 1285 to +1289
Label: "all namespaces with insufficient token",
Namespace: "*",
Allocs: []*structs.Allocation{},
Token: ns1tokenInsufficient.SecretID,
Error: true,
Message: structs.ErrPermissionDenied.Error(),
Copy link
Contributor Author

@lgfa29 lgfa29 Jul 6, 2022
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This was the only test the failed after the refactoring, but I think returning a 403 is the correct result in this case since the test token doesn't have the read-job capability?

Looking through the documentation I couldn't find any expected output.

@lgfa29 lgfa29 mentioned this pull request Jul 6, 2022
Merged
lgfa29 added a commit that referenced this pull request Jul 6, 2022
@lgfa29
changelog: add entry for #13608
54f3d21
@lgfa29 lgfa29 added the backport/1.3.x backport to 1.3.x release line label Jul 6, 2022
@lgfa29 lgfa29 mentioned this pull request Jul 6, 2022
Merged
@lgfa29 lgfa29 requested review from tgross and shoenig July 6, 2022 01:06
tgross
tgross approved these changes Jul 6, 2022
View reviewed changes
Copy link
Member

@tgross tgross left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

Base automatically changed from refactor-wildcard-ns-acl-check to main July 6, 2022 19:22
This was referenced Jul 6, 2022
Merged
Merged
Merged
@lgfa29
api: apply new ACL check for wildcard namespace
5a218cf 
In #13606 the ACL check was refactored to better support the all
namespaces wildcard (`*`). This commit applies the changes to the jobs
and alloc list endpoints.
@lgfa29
changelog: add entry for #13608
98d8fee
@lgfa29 lgfa29 force-pushed the refactor-wildcard-ns-acl-check-job-alloc branch from 54f3d21 to 98d8fee Compare July 6, 2022 19:25
@lgfa29 lgfa29 merged commit f587868 into main Jul 6, 2022
@lgfa29 lgfa29 deleted the refactor-wildcard-ns-acl-check-job-alloc branch July 6, 2022 20:17
@lgfa29 lgfa29 added this to the 1.3.2 milestone Jul 6, 2022
@hc-github-team-nomad-core hc-github-team-nomad-core mentioned this pull request Jul 6, 2022
Merged
@github-actions
Copy link

github-actions bot commented Nov 4, 2022

I'm going to lock this pull request because it has been closed for 120 days ⏳. This helps our maintainers find and focus on the active contributions.
If you have found a problem that seems related to this change, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.

@github-actions github-actions bot locked as resolved and limited conversation to collaborators Nov 4, 2022
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@shoenig shoenig shoenig approved these changes

@tgross tgross tgross approved these changes

Assignees
No one assigned
Labels
backport/1.3.x backport to 1.3.x release line
Projects
None yet
Milestone
1.3.2
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@lgfa29 @shoenig @tgross