open-nomad/nomad/client_meta_endpoint.go

Ignoring revisions in .git-blame-ignore-revs. Click here to bypass and see the normal blame view.

81 lines
2.2 KiB
Go
Raw Normal View History

// Copyright (c) HashiCorp, Inc.
// SPDX-License-Identifier: MPL-2.0
package nomad
import (
"time"
metrics "github.com/armon/go-metrics"
log "github.com/hashicorp/go-hclog"
"github.com/hashicorp/nomad/nomad/structs"
nstructs "github.com/hashicorp/nomad/nomad/structs"
)
type NodeMeta struct {
srv *Server
logger log.Logger
}
func newNodeMetaEndpoint(srv *Server) *NodeMeta {
n := &NodeMeta{
srv: srv,
logger: srv.logger.Named("node_meta"),
}
return n
}
func (n *NodeMeta) Apply(args *structs.NodeMetaApplyRequest, reply *structs.NodeMetaResponse) error {
const method = "NodeMeta.Apply"
// Prevent infinite loop between leader and
// follower-with-the-target-node-connection.
args.QueryOptions.AllowStale = true
authErr := n.srv.Authenticate(nil, args)
if done, err := n.srv.forward(method, args, args, reply); done {
return err
}
n.srv.MeasureRPCRate("node_meta", nstructs.RateMetricRead, args)
if authErr != nil {
return nstructs.ErrPermissionDenied
}
defer metrics.MeasureSince([]string{"nomad", "client_meta", "apply"}, time.Now())
// Check node write permissions
if aclObj, err := n.srv.ResolveACL(args); err != nil {
return err
} else if aclObj != nil && !aclObj.AllowNodeWrite() {
return nstructs.ErrPermissionDenied
}
return n.srv.forwardClientRPC(method, args.NodeID, args, reply)
}
func (n *NodeMeta) Read(args *structs.NodeSpecificRequest, reply *structs.NodeMetaResponse) error {
const method = "NodeMeta.Read"
// Prevent infinite loop between leader and
// follower-with-the-target-node-connection.
args.QueryOptions.AllowStale = true
authErr := n.srv.Authenticate(nil, args)
if done, err := n.srv.forward(method, args, args, reply); done {
return err
}
n.srv.MeasureRPCRate("node_meta", nstructs.RateMetricRead, args)
if authErr != nil {
return nstructs.ErrPermissionDenied
}
defer metrics.MeasureSince([]string{"nomad", "client_meta", "read"}, time.Now())
// Check node read permissions
if aclObj, err := n.srv.ResolveACL(args); err != nil {
return err
} else if aclObj != nil && !aclObj.AllowNodeRead() {
return nstructs.ErrPermissionDenied
}
return n.srv.forwardClientRPC(method, args.NodeID, args, reply)
}