Nomad Variables (feature branch) #13000
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Ember Asset Size actionAs of 8627000 Files that got Bigger 🚨:
Files that got Smaller 🎉:
|
Ember Test Audit comparison
|
The `Encrypt` method generates an appropriately-sized nonce and uses that buffer as the prefix for the ciphertext. This keeps the ciphertext and nonce together for decryption, and reuses the buffer as much as possible without presenting the temptation to reuse the cleartext buffer owned by the caller. We include the key ID as the "additional data" field that's used as an extra input to the authentication signature, to provide additional protection that a ciphertext originated with that key. Refactors the locking for the keyring so that the public methods are generally (with one commented exception) responsible for taking the lock and then inner methods are assumed locked.
Adds a new policy block inside namespaces to control access to secure variables on the basis of path, with support for globbing. Splits out VerifyClaim from ResolveClaim. The ServiceRegistration RPC only needs to be able to verify that a claim is valid for some allocation in the store; it doesn't care about implicit policies or capabilities. Split this out to its own method on the server so that the SecureVariables RPC can reuse it as a separate step from resolving policies (see next commit). Support implicit policies based on workload identity
The blocking query for `Keyring.List` appended the keys for each pass through the blocking query to the response. This results in mulitple copies of keys in the response. Overwrite the `reply.Keys` field on each pass through the blocking query to ensure we only get the expected page of responses.
* Add modified times and namespaces to layout * Undo typing change * Post-hoc accounting for new variable path routing
Move all the gossip keyring and key generation commands under `operator gossip keyring` subcommands to align with the new `operator secure-variables keyring` subcommands. Deprecate the `operator keyring` and `operator keygen` commands.
Extend the GC job to support periodic key rotation. Update the GC process to safely support signed workload identity. We can't GC any key used to sign a workload identity. Finding which key was used to sign every allocation will be expensive, but there are not that many keys. This lets us take a conservative approach: find the oldest live allocation and ensure that we don't GC any key older than that key.
…3424) * Error thrown if you have no KVs on save * Acceptance tests for flash messages and no-key-value adds * Post-hoc accounting for new variable path routing * Trim on key before validating it as existing
* Did-insert modifier to add an extra row when editing * Defensive logic on model existing * Defensive pattern on copy keyValues
…environment (#13438) * ui: add logic for create permission computed property * ui: update token factory and variable ability to simulate create permissions for dev env
* JSON view init * Overeager config history reverted * Set as query parameter * border added to copy button * More robust stringifyObject helper * Testing for stringify-object helper
Add fields for configuring root key garbage collection and automatic rotation. Fix the keystore path so that we write to a tempdir when in dev mode.
This changeset includes some additional unit tests for secure variables ACL policies, so that we have explicit coverage of edge cases we're discussing with the UI folks.
We need to track per-namespace storage usage for secure variables even in Nomad OSS so that a cluster can be seamlessly upgraded from OSS to ENT without having to re-calculate quota usage. Provide a hook in the upsert RPC for enforcement of quotas in ENT. This will be a no-op in Nomad OSS.
* SV: CAS
* Implement Check and Set for Delete and Upsert
* Reading the conflict from the state store
* Update endpoint for new error text
* Updated HTTP api tests
* Conflicts to the HTTP api
* SV: structs: Update SV time to UnixNanos
* update mock to UnixNano; refactor
* SV: encrypter: quote KeyID in error
* SV: mock: add mock for namespace w/ SV
* Toying with insert and update helpers before translation func * Working prototype that lets you switch between json and tabular * No longer add the bonus items row in json mode * Trimmed the ivy from the codemirror (#13503) * Trimmed the ivy from the codemirror * editedJSONItems removal * De-debugger * Replaced other instances of IvyCodeMirror throughout the app (#13528) * Replaced other instances of IvyCodeMirror throughout the app * PR requests for codemirror modifier * Screen reader setting as param * Trying a simpler codemirror test helper * Lint removal * Screen Reader Label added for a11y * JSONViewer cleanup * JSON editor added to /new and all variables stringified before save or translate * Give users a foothold when editing an empty item in JSON mode * Copy the empty KV * No duplicate keys in KV * Better handling of cursor snapping in json edit field * Catch formatting errors on the fly * Basic tests for JSON to Table and Table to JSON in form
* ui: inject router service into Variable ability to compute path * ui: test create secure variable ability * refact: update templates to properly check create ability * chore: update token factory to enable 1 path to have create ability * refact: remove router service injection for path variable * refact: update mirage factory for edit and delete perms on path for testing * ui: handle path matching (#13474) * test: write specifications for nearestPath computation * ui: write logic for getting all paths * ui: nearestPathMatching algorithm * test: nearestPathMatching algorithm test * ui: handle namespace filtering for capabilities check (#13475) * ui: add namespace handling * refact: add logical OR operator to handle unstructured object. * ui: acceptance test for create flow in secure variables (#13500) * test: write happy path test for creating variable * refact: add missing data-test attributes * test: sad path for disabled button * fix: move comment in file * test: acceptance test for editing a variable (#13529) * refact: add data-test variable * test: happy path and sad path for edit flow * refact: update test language to say disabled * ui: glob matching algorithm (#13533) * ui: compute length difference (#13542) * ui: compute length difference * refact: use glob matching and sorting algos in `nearestMatchingPath` (#13544) * refact: use const in compute * ui: smallest difference logic * refact: use glob matching and sorting algo in _nearestPathPath helper * ui: add can edit to variable capabilities (#13545) * ui: create edit capabilities getter * ui: add ember-can check for edit button * refact: update test to mock edit capabilities in policy * fix: remove unused var * Edit capabilities for variables depend on Create Co-authored-by: Phil Renaud <phil@riotindustries.com> Co-authored-by: Phil Renaud <phil@riotindustries.com> Co-authored-by: Phil Renaud <phil@riotindustries.com> * refact: update token factory (#13596) * refact: update rulesJSON in token factory to reflect schema update * refact: update capability names (#13597) * refact: update rules to match rulesJSON * refact: update create to write * ui: add `canDestroy` permissions (#13598) * refact: update rulesJSON in token factory to reflect schema update * refact: update rules to match rulesJSON * refact: update create to write * ui: add canDestroy capability * test: unit test for canDestroy * ui: add permission check to template * test: acceptance test for delete flow * refact: update test to use correct capability name * refact: update tests to reflect rulesJSON schema change * ui: update path matching logic to account for schema change (#13605) * refact: update path matching logic * refact: update tests to reflect rulesJSON change Co-authored-by: Phil Renaud <phil@riotindustries.com> Co-authored-by: Phil Renaud <phil@riotindustries.com>
…y contain nanoseconds (#13620)
* Related entities scaffolded * Added hint on edit * Re-classic'd * Dont create entities when path goes beyond task level * only show the related entities hint for new vars, not edited ones * Unit tests for pathLinkedEntities * Acceptance tests for linked entities * Add hint on creation * Will be vs Is on @new boolean flag * Link styles and namespaces on links * Unused component class * Delog * Defensive shouldShowLinked * Properly instantiating the accessibilty check test
When the `Full` flag is passed for key rotation, we kick off a core job to decrypt and re-encrypt all the secure variables so that they use the new key.
philrenaud
approved these changes
Jul 11, 2022
angrycub
approved these changes
Jul 11, 2022
tgross
changed the title
|
I'm going to lock this pull request because it has been closed for 120 days ⏳. This helps our maintainers find and focus on the active contributions. |
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This is our long-running feature branch for #12802. We'll integrate PRs here and keep this branch current with
mainas we go.