open-nomad/command/agent/alloc_endpoint.go

package agent

import (
	"fmt"
	"net/http"
	"strings"

	"github.com/golang/snappy"
	"github.com/hashicorp/nomad/acl"
	"github.com/hashicorp/nomad/nomad/structs"
)

const (
	allocNotFoundErr    = "allocation not found"
	resourceNotFoundErr = "resource not found"
)

func (s *HTTPServer) AllocsRequest(resp http.ResponseWriter, req *http.Request) (interface{}, error) {
	if req.Method != "GET" {
		return nil, CodedError(405, ErrInvalidMethod)
	}

	args := structs.AllocListRequest{}
	if s.parse(resp, req, &args.Region, &args.QueryOptions) {
		return nil, nil
	}

	var out structs.AllocListResponse
	if err := s.agent.RPC("Alloc.List", &args, &out); err != nil {
		return nil, err
	}

	setMeta(resp, &out.QueryMeta)
	if out.Allocations == nil {
		out.Allocations = make([]*structs.AllocListStub, 0)
	}
	return out.Allocations, nil
}

func (s *HTTPServer) AllocSpecificRequest(resp http.ResponseWriter, req *http.Request) (interface{}, error) {
	allocID := strings.TrimPrefix(req.URL.Path, "/v1/allocation/")
	if req.Method != "GET" {
		return nil, CodedError(405, ErrInvalidMethod)
	}

	args := structs.AllocSpecificRequest{
		AllocID: allocID,
	}
	if s.parse(resp, req, &args.Region, &args.QueryOptions) {
		return nil, nil
	}

	var out structs.SingleAllocResponse
	if err := s.agent.RPC("Alloc.GetAlloc", &args, &out); err != nil {
		return nil, err
	}

	setMeta(resp, &out.QueryMeta)
	if out.Alloc == nil {
		return nil, CodedError(404, "alloc not found")
	}

	// Decode the payload if there is any
	alloc := out.Alloc
	if alloc.Job != nil && len(alloc.Job.Payload) != 0 {
		decoded, err := snappy.Decode(nil, alloc.Job.Payload)
		if err != nil {
			return nil, err
		}
		alloc = alloc.Copy()
		alloc.Job.Payload = decoded
	}

	return alloc, nil
}

func (s *HTTPServer) ClientAllocRequest(resp http.ResponseWriter, req *http.Request) (interface{}, error) {
	if s.agent.client == nil {
		return nil, clientNotRunning
	}

	reqSuffix := strings.TrimPrefix(req.URL.Path, "/v1/client/allocation/")

	// tokenize the suffix of the path to get the alloc id and find the action
	// invoked on the alloc id
	tokens := strings.Split(reqSuffix, "/")
	if len(tokens) != 2 {
		return nil, CodedError(404, resourceNotFoundErr)
	}
	allocID := tokens[0]
	switch tokens[1] {
	case "stats":
		return s.allocStats(allocID, resp, req)
	case "snapshot":
		return s.allocSnapshot(allocID, resp, req)
	case "gc":
		return s.allocGC(allocID, resp, req)
	}

	return nil, CodedError(404, resourceNotFoundErr)
}

func (s *HTTPServer) ClientGCRequest(resp http.ResponseWriter, req *http.Request) (interface{}, error) {
	if s.agent.client == nil {
		return nil, clientNotRunning
	}

	var secret string
	s.parseToken(req, &secret)

	// Check node write permissions
	if aclObj, err := s.agent.Client().ResolveToken(secret); err != nil {
		return nil, err
	} else if aclObj != nil && !aclObj.AllowNodeWrite() {
		return nil, structs.ErrPermissionDenied
	}

	s.agent.Client().CollectAllAllocs()
	return nil, nil
}

func (s *HTTPServer) allocGC(allocID string, resp http.ResponseWriter, req *http.Request) (interface{}, error) {
	var secret string
	s.parseToken(req, &secret)

	var namespace string
	parseNamespace(req, &namespace)

	// Check namespace submit-job permissions
	if aclObj, err := s.agent.Client().ResolveToken(secret); err != nil {
		return nil, err
	} else if aclObj != nil && !aclObj.AllowNsOp(namespace, acl.NamespaceCapabilitySubmitJob) {
		return nil, structs.ErrPermissionDenied
	}

	if !s.agent.Client().CollectAllocation(allocID) {
		// Could not find alloc
		return nil, fmt.Errorf("unable to collect allocation: not present")
	}
	return nil, nil
}

func (s *HTTPServer) allocSnapshot(allocID string, resp http.ResponseWriter, req *http.Request) (interface{}, error) {
	var secret string
	s.parseToken(req, &secret)
	if !s.agent.Client().ValidateMigrateToken(allocID, secret) {
		return nil, structs.ErrPermissionDenied
	}

	allocFS, err := s.agent.Client().GetAllocFS(allocID)
	if err != nil {
		return nil, fmt.Errorf(allocNotFoundErr)
	}
	if err := allocFS.Snapshot(resp); err != nil {
		return nil, fmt.Errorf("error making snapshot: %v", err)
	}
	return nil, nil
}

func (s *HTTPServer) allocStats(allocID string, resp http.ResponseWriter, req *http.Request) (interface{}, error) {
	var secret string
	s.parseToken(req, &secret)

	var namespace string
	parseNamespace(req, &namespace)

	// Check namespace read-job permissions
	if aclObj, err := s.agent.Client().ResolveToken(secret); err != nil {
		return nil, err
	} else if aclObj != nil && !aclObj.AllowNsOp(namespace, acl.NamespaceCapabilityReadJob) {
		return nil, structs.ErrPermissionDenied
	}

	clientStats := s.agent.client.StatsReporter()
	aStats, err := clientStats.GetAllocStats(allocID)
	if err != nil {
		return nil, err
	}

	task := req.URL.Query().Get("task")
	return aStats.LatestAllocStats(task)
}
http: adding allocs list endpoint 2015-09-06 22:37:21 +00:00			`package agent`

			`import (`
Adding a snapshot endpoint on the client (#1730) 2016-09-22 04:28:12 +00:00			`"fmt"`
http: adding allocs list endpoint 2015-09-06 22:37:21 +00:00			`"net/http"`
			`"strings"`

Decompress 2016-11-29 00:05:56 +00:00			`"github.com/golang/snappy"`
/v1/client/allocation/./{stats,gc} ACL enforcement 2017-10-06 00:33:05 +00:00			`"github.com/hashicorp/nomad/acl"`
http: adding allocs list endpoint 2015-09-06 22:37:21 +00:00			`"github.com/hashicorp/nomad/nomad/structs"`
			`)`

Added a test for alloc stats api endpoint 2016-05-28 00:28:17 +00:00			`const (`
Adding a snapshot endpoint on the client (#1730) 2016-09-22 04:28:12 +00:00			`allocNotFoundErr = "allocation not found"`
			`resourceNotFoundErr = "resource not found"`
Added a test for alloc stats api endpoint 2016-05-28 00:28:17 +00:00			`)`

http: adding allocs list endpoint 2015-09-06 22:37:21 +00:00			`func (s HTTPServer) AllocsRequest(resp http.ResponseWriter, req http.Request) (interface{}, error) {`
			`if req.Method != "GET" {`
			`return nil, CodedError(405, ErrInvalidMethod)`
			`}`

			`args := structs.AllocListRequest{}`
			`if s.parse(resp, req, &args.Region, &args.QueryOptions) {`
			`return nil, nil`
			`}`

			`var out structs.AllocListResponse`
			`if err := s.agent.RPC("Alloc.List", &args, &out); err != nil {`
			`return nil, err`
			`}`

			`setMeta(resp, &out.QueryMeta)`
http: list results are never null 2015-09-07 17:03:10 +00:00			`if out.Allocations == nil {`
			`out.Allocations = make([]*structs.AllocListStub, 0)`
			`}`
http: adding allocs list endpoint 2015-09-06 22:37:21 +00:00			`return out.Allocations, nil`
			`}`

			`func (s HTTPServer) AllocSpecificRequest(resp http.ResponseWriter, req http.Request) (interface{}, error) {`
			`allocID := strings.TrimPrefix(req.URL.Path, "/v1/allocation/")`
http: adding alloc lookup endpoint 2015-09-06 22:49:44 +00:00			`if req.Method != "GET" {`
http: adding allocs list endpoint 2015-09-06 22:37:21 +00:00			`return nil, CodedError(405, ErrInvalidMethod)`
			`}`

http: adding alloc lookup endpoint 2015-09-06 22:49:44 +00:00			`args := structs.AllocSpecificRequest{`
			`AllocID: allocID,`
			`}`
			`if s.parse(resp, req, &args.Region, &args.QueryOptions) {`
			`return nil, nil`
			`}`

			`var out structs.SingleAllocResponse`
			`if err := s.agent.RPC("Alloc.GetAlloc", &args, &out); err != nil {`
			`return nil, err`
			`}`
http: adding allocs list endpoint 2015-09-06 22:37:21 +00:00
http: adding alloc lookup endpoint 2015-09-06 22:49:44 +00:00			`setMeta(resp, &out.QueryMeta)`
			`if out.Alloc == nil {`
			`return nil, CodedError(404, "alloc not found")`
			`}`
Decompress 2016-11-29 00:05:56 +00:00
Rename structs 2016-12-14 20:50:08 +00:00			`// Decode the payload if there is any`
Decompress 2016-11-29 00:05:56 +00:00			`alloc := out.Alloc`
Rename structs 2016-12-14 20:50:08 +00:00			`if alloc.Job != nil && len(alloc.Job.Payload) != 0 {`
			`decoded, err := snappy.Decode(nil, alloc.Job.Payload)`
Decompress 2016-11-29 00:05:56 +00:00			`if err != nil {`
			`return nil, err`
			`}`
			`alloc = alloc.Copy()`
Rename structs 2016-12-14 20:50:08 +00:00			`alloc.Job.Payload = decoded`
Decompress 2016-11-29 00:05:56 +00:00			`}`

			`return alloc, nil`
http: adding allocs list endpoint 2015-09-06 22:37:21 +00:00			`}`
Changed the stats endpoints 2016-05-24 23:41:35 +00:00
			`func (s HTTPServer) ClientAllocRequest(resp http.ResponseWriter, req http.Request) (interface{}, error) {`
			`if s.agent.client == nil {`
			`return nil, clientNotRunning`
			`}`

			`reqSuffix := strings.TrimPrefix(req.URL.Path, "/v1/client/allocation/")`

			`// tokenize the suffix of the path to get the alloc id and find the action`
			`// invoked on the alloc id`
			`tokens := strings.Split(reqSuffix, "/")`
Adding a snapshot endpoint on the client (#1730) 2016-09-22 04:28:12 +00:00			`if len(tokens) != 2 {`
			`return nil, CodedError(404, resourceNotFoundErr)`
Changed the stats endpoints 2016-05-24 23:41:35 +00:00			`}`
			`allocID := tokens[0]`
Adding a snapshot endpoint on the client (#1730) 2016-09-22 04:28:12 +00:00			`switch tokens[1] {`
			`case "stats":`
			`return s.allocStats(allocID, resp, req)`
			`case "snapshot":`
fixing up code review comments 2017-10-07 00:54:09 +00:00			`return s.allocSnapshot(allocID, resp, req)`
Added a garbage collector for allocations 2016-12-12 06:33:12 +00:00			`case "gc":`
			`return s.allocGC(allocID, resp, req)`
Adding a snapshot endpoint on the client (#1730) 2016-09-22 04:28:12 +00:00			`}`

			`return nil, CodedError(404, resourceNotFoundErr)`
			`}`

Added a garbage collector for allocations 2016-12-12 06:33:12 +00:00			`func (s HTTPServer) ClientGCRequest(resp http.ResponseWriter, req http.Request) (interface{}, error) {`
			`if s.agent.client == nil {`
			`return nil, clientNotRunning`
			`}`
/v1/client/gc ACL enforcement 2017-10-04 22:08:58 +00:00
			`var secret string`
			`s.parseToken(req, &secret)`

			`// Check node write permissions`
			`if aclObj, err := s.agent.Client().ResolveToken(secret); err != nil {`
			`return nil, err`
			`} else if aclObj != nil && !aclObj.AllowNodeWrite() {`
			`return nil, structs.ErrPermissionDenied`
			`}`

Fix GC'd alloc tracking The Client.allocs map now contains all AllocRunners again, not just un-GC'd AllocRunners. Client.allocs is only pruned when the server GCs allocs. Also stops logging "marked for GC" twice. 2017-10-19 00:06:46 +00:00			`s.agent.Client().CollectAllAllocs()`
			`return nil, nil`
Added a garbage collector for allocations 2016-12-12 06:33:12 +00:00			`}`

			`func (s HTTPServer) allocGC(allocID string, resp http.ResponseWriter, req http.Request) (interface{}, error) {`
/v1/client/allocation/./{stats,gc} ACL enforcement 2017-10-06 00:33:05 +00:00			`var secret string`
			`s.parseToken(req, &secret)`

			`var namespace string`
			`parseNamespace(req, &namespace)`

			`// Check namespace submit-job permissions`
			`if aclObj, err := s.agent.Client().ResolveToken(secret); err != nil {`
			`return nil, err`
			`} else if aclObj != nil && !aclObj.AllowNsOp(namespace, acl.NamespaceCapabilitySubmitJob) {`
			`return nil, structs.ErrPermissionDenied`
			`}`
Fix GC'd alloc tracking The Client.allocs map now contains all AllocRunners again, not just un-GC'd AllocRunners. Client.allocs is only pruned when the server GCs allocs. Also stops logging "marked for GC" twice. 2017-10-19 00:06:46 +00:00
Fix regression by returning error on unknown alloc 2017-10-28 00:00:11 +00:00			`if !s.agent.Client().CollectAllocation(allocID) {`
			`// Could not find alloc`
			`return nil, fmt.Errorf("unable to collect allocation: not present")`
			`}`
Fix GC'd alloc tracking The Client.allocs map now contains all AllocRunners again, not just un-GC'd AllocRunners. Client.allocs is only pruned when the server GCs allocs. Also stops logging "marked for GC" twice. 2017-10-19 00:06:46 +00:00			`return nil, nil`
Added a garbage collector for allocations 2016-12-12 06:33:12 +00:00			`}`

fixing up code review comments 2017-10-07 00:54:09 +00:00			`func (s HTTPServer) allocSnapshot(allocID string, resp http.ResponseWriter, req http.Request) (interface{}, error) {`
			`var secret string`
			`s.parseToken(req, &secret)`
			`if !s.agent.Client().ValidateMigrateToken(allocID, secret) {`
fixups from code review change creation of a migrate token to be for a previous allocation 2017-10-10 00:23:26 +00:00			`return nil, structs.ErrPermissionDenied`
Add functionality for authenticated volumes 2017-10-03 17:53:32 +00:00			`}`

Adding a snapshot endpoint on the client (#1730) 2016-09-22 04:28:12 +00:00			`allocFS, err := s.agent.Client().GetAllocFS(allocID)`
			`if err != nil {`
			`return nil, fmt.Errorf(allocNotFoundErr)`
			`}`
			`if err := allocFS.Snapshot(resp); err != nil {`
			`return nil, fmt.Errorf("error making snapshot: %v", err)`
			`}`
			`return nil, nil`
			`}`
Changed the stats endpoints 2016-05-24 23:41:35 +00:00
Adding a snapshot endpoint on the client (#1730) 2016-09-22 04:28:12 +00:00			`func (s HTTPServer) allocStats(allocID string, resp http.ResponseWriter, req http.Request) (interface{}, error) {`
/v1/client/allocation/./{stats,gc} ACL enforcement 2017-10-06 00:33:05 +00:00			`var secret string`
			`s.parseToken(req, &secret)`

			`var namespace string`
			`parseNamespace(req, &namespace)`

			`// Check namespace read-job permissions`
			`if aclObj, err := s.agent.Client().ResolveToken(secret); err != nil {`
			`return nil, err`
			`} else if aclObj != nil && !aclObj.AllowNsOp(namespace, acl.NamespaceCapabilityReadJob) {`
			`return nil, structs.ErrPermissionDenied`
			`}`

Changed the stats endpoints 2016-05-24 23:41:35 +00:00			`clientStats := s.agent.client.StatsReporter()`
only support latest and remove ring buffer 2016-06-12 16:32:38 +00:00			`aStats, err := clientStats.GetAllocStats(allocID)`
			`if err != nil {`
			`return nil, err`
Changing the api of the stats endpoints 2016-05-27 21:15:51 +00:00			`}`

only support latest and remove ring buffer 2016-06-12 16:32:38 +00:00			`task := req.URL.Query().Get("task")`
			`return aStats.LatestAllocStats(task)`
Changed the stats endpoints 2016-05-24 23:41:35 +00:00			`}`