2023-04-10 15:36:59 +00:00
|
|
|
// Copyright (c) HashiCorp, Inc.
|
|
|
|
// SPDX-License-Identifier: MPL-2.0
|
|
|
|
|
2019-08-09 19:18:53 +00:00
|
|
|
package jobspec
|
|
|
|
|
|
|
|
import (
|
|
|
|
"fmt"
|
2020-09-09 22:30:40 +00:00
|
|
|
"strings"
|
2019-08-09 19:18:53 +00:00
|
|
|
"time"
|
|
|
|
|
|
|
|
multierror "github.com/hashicorp/go-multierror"
|
|
|
|
"github.com/hashicorp/hcl"
|
|
|
|
"github.com/hashicorp/hcl/hcl/ast"
|
|
|
|
"github.com/hashicorp/nomad/api"
|
2022-11-04 17:23:01 +00:00
|
|
|
"github.com/hashicorp/nomad/helper/pointer"
|
2019-08-09 19:18:53 +00:00
|
|
|
"github.com/mitchellh/mapstructure"
|
|
|
|
)
|
|
|
|
|
2020-04-10 03:01:16 +00:00
|
|
|
var (
|
2020-04-10 15:49:19 +00:00
|
|
|
commonTaskKeys = []string{
|
|
|
|
"driver",
|
|
|
|
"user",
|
2020-04-10 03:01:16 +00:00
|
|
|
"config",
|
2020-04-10 15:49:19 +00:00
|
|
|
"env",
|
|
|
|
"resources",
|
|
|
|
"meta",
|
|
|
|
"logs",
|
|
|
|
"kill_timeout",
|
|
|
|
"shutdown_delay",
|
|
|
|
"kill_signal",
|
2020-09-09 22:30:40 +00:00
|
|
|
"scaling",
|
2020-04-10 15:49:19 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
normalTaskKeys = append(commonTaskKeys,
|
|
|
|
"artifact",
|
2020-04-10 03:01:16 +00:00
|
|
|
"constraint",
|
|
|
|
"affinity",
|
|
|
|
"dispatch_payload",
|
2023-02-02 18:59:14 +00:00
|
|
|
"identity",
|
2020-04-10 03:01:16 +00:00
|
|
|
"lifecycle",
|
|
|
|
"leader",
|
|
|
|
"restart",
|
|
|
|
"service",
|
|
|
|
"template",
|
|
|
|
"vault",
|
|
|
|
"kind",
|
|
|
|
"volume_mount",
|
|
|
|
"csi_plugin",
|
2020-04-10 15:49:19 +00:00
|
|
|
)
|
2020-04-10 03:01:16 +00:00
|
|
|
|
2020-04-10 15:49:19 +00:00
|
|
|
sidecarTaskKeys = append(commonTaskKeys,
|
2020-04-10 03:01:16 +00:00
|
|
|
"name",
|
2020-04-10 15:49:19 +00:00
|
|
|
)
|
2020-04-10 03:01:16 +00:00
|
|
|
)
|
|
|
|
|
2019-08-09 19:18:53 +00:00
|
|
|
func parseTasks(result *[]*api.Task, list *ast.ObjectList) error {
|
|
|
|
list = list.Children()
|
|
|
|
if len(list.Items) == 0 {
|
|
|
|
return nil
|
|
|
|
}
|
|
|
|
|
|
|
|
// Go through each object and turn it into an actual result.
|
|
|
|
seen := make(map[string]struct{})
|
|
|
|
for _, item := range list.Items {
|
|
|
|
n := item.Keys[0].Token.Value().(string)
|
|
|
|
|
|
|
|
// Make sure we haven't already found this
|
|
|
|
if _, ok := seen[n]; ok {
|
|
|
|
return fmt.Errorf("task '%s' defined more than once", n)
|
|
|
|
}
|
|
|
|
seen[n] = struct{}{}
|
|
|
|
|
2020-04-10 03:01:16 +00:00
|
|
|
t, err := parseTask(item, normalTaskKeys)
|
2019-08-09 19:18:53 +00:00
|
|
|
if err != nil {
|
|
|
|
return multierror.Prefix(err, fmt.Sprintf("'%s',", n))
|
|
|
|
}
|
|
|
|
|
|
|
|
t.Name = n
|
|
|
|
|
|
|
|
*result = append(*result, t)
|
|
|
|
}
|
|
|
|
|
|
|
|
return nil
|
|
|
|
}
|
|
|
|
|
2020-04-10 03:01:16 +00:00
|
|
|
func parseTask(item *ast.ObjectItem, keys []string) (*api.Task, error) {
|
2019-08-09 19:18:53 +00:00
|
|
|
// We need this later
|
|
|
|
var listVal *ast.ObjectList
|
|
|
|
if ot, ok := item.Val.(*ast.ObjectType); ok {
|
|
|
|
listVal = ot.List
|
|
|
|
} else {
|
|
|
|
return nil, fmt.Errorf("should be an object")
|
|
|
|
}
|
|
|
|
|
|
|
|
// Check for invalid keys
|
2020-09-03 11:34:04 +00:00
|
|
|
if err := checkHCLKeys(listVal, keys); err != nil {
|
2019-08-09 19:18:53 +00:00
|
|
|
return nil, err
|
|
|
|
}
|
|
|
|
|
|
|
|
var m map[string]interface{}
|
|
|
|
if err := hcl.DecodeObject(&m, item.Val); err != nil {
|
|
|
|
return nil, err
|
|
|
|
}
|
|
|
|
delete(m, "artifact")
|
|
|
|
delete(m, "config")
|
|
|
|
delete(m, "constraint")
|
|
|
|
delete(m, "affinity")
|
|
|
|
delete(m, "dispatch_payload")
|
2019-10-11 17:10:45 +00:00
|
|
|
delete(m, "lifecycle")
|
2019-08-09 19:18:53 +00:00
|
|
|
delete(m, "env")
|
2023-02-02 18:59:14 +00:00
|
|
|
delete(m, "identity")
|
2019-08-09 19:18:53 +00:00
|
|
|
delete(m, "logs")
|
|
|
|
delete(m, "meta")
|
|
|
|
delete(m, "resources")
|
2020-03-07 02:52:58 +00:00
|
|
|
delete(m, "restart")
|
2019-08-09 19:18:53 +00:00
|
|
|
delete(m, "service")
|
|
|
|
delete(m, "template")
|
|
|
|
delete(m, "vault")
|
2019-07-25 14:42:11 +00:00
|
|
|
delete(m, "volume_mount")
|
2019-10-22 13:20:26 +00:00
|
|
|
delete(m, "csi_plugin")
|
2020-09-09 22:30:40 +00:00
|
|
|
delete(m, "scaling")
|
2019-08-09 19:18:53 +00:00
|
|
|
|
|
|
|
// Build the task
|
|
|
|
var t api.Task
|
|
|
|
dec, err := mapstructure.NewDecoder(&mapstructure.DecoderConfig{
|
|
|
|
DecodeHook: mapstructure.StringToTimeDurationHookFunc(),
|
|
|
|
WeaklyTypedInput: true,
|
|
|
|
Result: &t,
|
|
|
|
})
|
|
|
|
|
|
|
|
if err != nil {
|
|
|
|
return nil, err
|
|
|
|
}
|
|
|
|
if err := dec.Decode(m); err != nil {
|
|
|
|
return nil, err
|
|
|
|
}
|
|
|
|
|
|
|
|
// If we have env, then parse them
|
|
|
|
if o := listVal.Filter("env"); len(o.Items) > 0 {
|
|
|
|
for _, o := range o.Elem().Items {
|
|
|
|
var m map[string]interface{}
|
|
|
|
if err := hcl.DecodeObject(&m, o.Val); err != nil {
|
|
|
|
return nil, err
|
|
|
|
}
|
|
|
|
if err := mapstructure.WeakDecode(m, &t.Env); err != nil {
|
|
|
|
return nil, err
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
if o := listVal.Filter("service"); len(o.Items) > 0 {
|
|
|
|
services, err := parseServices(o)
|
|
|
|
if err != nil {
|
|
|
|
return nil, err
|
|
|
|
}
|
|
|
|
|
|
|
|
t.Services = services
|
|
|
|
}
|
|
|
|
|
2019-10-22 13:20:26 +00:00
|
|
|
if o := listVal.Filter("csi_plugin"); len(o.Items) > 0 {
|
|
|
|
if len(o.Items) != 1 {
|
2023-01-30 14:48:43 +00:00
|
|
|
return nil, fmt.Errorf("csi_plugin -> Expected single block, got %d", len(o.Items))
|
2019-10-22 13:20:26 +00:00
|
|
|
}
|
|
|
|
i := o.Elem().Items[0]
|
|
|
|
|
|
|
|
var m map[string]interface{}
|
2022-06-14 14:04:16 +00:00
|
|
|
var cfg api.TaskCSIPluginConfig
|
2019-10-22 13:20:26 +00:00
|
|
|
if err := hcl.DecodeObject(&m, i.Val); err != nil {
|
|
|
|
return nil, err
|
|
|
|
}
|
|
|
|
|
2022-06-14 14:04:16 +00:00
|
|
|
dec, err := mapstructure.NewDecoder(&mapstructure.DecoderConfig{
|
|
|
|
DecodeHook: mapstructure.StringToTimeDurationHookFunc(),
|
|
|
|
WeaklyTypedInput: true,
|
|
|
|
Result: &cfg,
|
|
|
|
})
|
|
|
|
if err != nil {
|
|
|
|
return nil, err
|
|
|
|
}
|
|
|
|
if err := dec.Decode(m); err != nil {
|
2019-10-22 13:20:26 +00:00
|
|
|
return nil, err
|
|
|
|
}
|
|
|
|
|
|
|
|
t.CSIPluginConfig = &cfg
|
|
|
|
}
|
|
|
|
|
2019-08-09 19:18:53 +00:00
|
|
|
// If we have config, then parse that
|
|
|
|
if o := listVal.Filter("config"); len(o.Items) > 0 {
|
|
|
|
for _, o := range o.Elem().Items {
|
|
|
|
var m map[string]interface{}
|
|
|
|
if err := hcl.DecodeObject(&m, o.Val); err != nil {
|
|
|
|
return nil, err
|
|
|
|
}
|
|
|
|
|
|
|
|
if err := mapstructure.WeakDecode(m, &t.Config); err != nil {
|
|
|
|
return nil, err
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
// Parse constraints
|
|
|
|
if o := listVal.Filter("constraint"); len(o.Items) > 0 {
|
|
|
|
if err := parseConstraints(&t.Constraints, o); err != nil {
|
|
|
|
return nil, multierror.Prefix(err, "constraint ->")
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
// Parse affinities
|
|
|
|
if o := listVal.Filter("affinity"); len(o.Items) > 0 {
|
|
|
|
if err := parseAffinities(&t.Affinities, o); err != nil {
|
|
|
|
return nil, multierror.Prefix(err, "affinity ->")
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
// Parse out meta fields. These are in HCL as a list so we need
|
|
|
|
// to iterate over them and merge them.
|
|
|
|
if metaO := listVal.Filter("meta"); len(metaO.Items) > 0 {
|
|
|
|
for _, o := range metaO.Elem().Items {
|
|
|
|
var m map[string]interface{}
|
|
|
|
if err := hcl.DecodeObject(&m, o.Val); err != nil {
|
|
|
|
return nil, err
|
|
|
|
}
|
|
|
|
if err := mapstructure.WeakDecode(m, &t.Meta); err != nil {
|
|
|
|
return nil, err
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2019-07-25 14:42:11 +00:00
|
|
|
// Parse volume mounts
|
|
|
|
if o := listVal.Filter("volume_mount"); len(o.Items) > 0 {
|
|
|
|
if err := parseVolumeMounts(&t.VolumeMounts, o); err != nil {
|
2019-08-12 13:41:14 +00:00
|
|
|
return nil, multierror.Prefix(err, "volume_mount ->")
|
2019-07-25 14:42:11 +00:00
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2019-08-09 19:18:53 +00:00
|
|
|
// If we have resources, then parse that
|
|
|
|
if o := listVal.Filter("resources"); len(o.Items) > 0 {
|
|
|
|
var r api.Resources
|
|
|
|
if err := parseResources(&r, o); err != nil {
|
|
|
|
return nil, multierror.Prefix(err, "resources ->")
|
|
|
|
}
|
|
|
|
|
|
|
|
t.Resources = &r
|
|
|
|
}
|
|
|
|
|
2020-03-07 02:52:58 +00:00
|
|
|
// Parse restart policy
|
|
|
|
if o := listVal.Filter("restart"); len(o.Items) > 0 {
|
|
|
|
if err := parseRestartPolicy(&t.RestartPolicy, o); err != nil {
|
|
|
|
return nil, multierror.Prefix(err, "restart ->")
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2019-08-09 19:18:53 +00:00
|
|
|
// If we have logs then parse that
|
|
|
|
if o := listVal.Filter("logs"); len(o.Items) > 0 {
|
|
|
|
if len(o.Items) > 1 {
|
|
|
|
return nil, fmt.Errorf("only one logs block is allowed in a Task. Number of logs block found: %d", len(o.Items))
|
|
|
|
}
|
|
|
|
var m map[string]interface{}
|
|
|
|
logsBlock := o.Items[0]
|
|
|
|
|
|
|
|
// Check for invalid keys
|
|
|
|
valid := []string{
|
|
|
|
"max_files",
|
|
|
|
"max_file_size",
|
2023-04-24 14:00:27 +00:00
|
|
|
"enabled",
|
2019-08-09 19:18:53 +00:00
|
|
|
}
|
2020-09-03 11:34:04 +00:00
|
|
|
if err := checkHCLKeys(logsBlock.Val, valid); err != nil {
|
2019-08-09 19:18:53 +00:00
|
|
|
return nil, multierror.Prefix(err, "logs ->")
|
|
|
|
}
|
|
|
|
|
|
|
|
if err := hcl.DecodeObject(&m, logsBlock.Val); err != nil {
|
|
|
|
return nil, err
|
|
|
|
}
|
|
|
|
|
|
|
|
var log api.LogConfig
|
|
|
|
if err := mapstructure.WeakDecode(m, &log); err != nil {
|
|
|
|
return nil, err
|
|
|
|
}
|
|
|
|
|
|
|
|
t.LogConfig = &log
|
|
|
|
}
|
|
|
|
|
|
|
|
// Parse artifacts
|
|
|
|
if o := listVal.Filter("artifact"); len(o.Items) > 0 {
|
|
|
|
if err := parseArtifacts(&t.Artifacts, o); err != nil {
|
|
|
|
return nil, multierror.Prefix(err, "artifact ->")
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2023-02-02 18:59:14 +00:00
|
|
|
// Parse identity
|
|
|
|
if o := listVal.Filter("identity"); len(o.Items) > 0 {
|
|
|
|
v := &api.WorkloadIdentity{}
|
|
|
|
if err := parseIdentity(v, o); err != nil {
|
|
|
|
return nil, multierror.Prefix(err, "identity ->")
|
|
|
|
}
|
|
|
|
t.Identity = v
|
|
|
|
}
|
|
|
|
|
2019-08-09 19:18:53 +00:00
|
|
|
// Parse templates
|
|
|
|
if o := listVal.Filter("template"); len(o.Items) > 0 {
|
|
|
|
if err := parseTemplates(&t.Templates, o); err != nil {
|
|
|
|
return nil, multierror.Prefix(err, "template ->")
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2020-09-09 22:30:40 +00:00
|
|
|
// Parse scaling policies
|
|
|
|
if o := listVal.Filter("scaling"); len(o.Items) > 0 {
|
|
|
|
if err := parseTaskScalingPolicies(&t.ScalingPolicies, o); err != nil {
|
|
|
|
return nil, err
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2019-08-09 19:18:53 +00:00
|
|
|
// If we have a vault block, then parse that
|
|
|
|
if o := listVal.Filter("vault"); len(o.Items) > 0 {
|
|
|
|
v := &api.Vault{
|
2020-09-03 11:34:04 +00:00
|
|
|
Env: boolToPtr(true),
|
|
|
|
ChangeMode: stringToPtr("restart"),
|
2019-08-09 19:18:53 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
if err := parseVault(v, o); err != nil {
|
|
|
|
return nil, multierror.Prefix(err, "vault ->")
|
|
|
|
}
|
|
|
|
|
|
|
|
t.Vault = v
|
|
|
|
}
|
|
|
|
|
|
|
|
// If we have a dispatch_payload block parse that
|
|
|
|
if o := listVal.Filter("dispatch_payload"); len(o.Items) > 0 {
|
|
|
|
if len(o.Items) > 1 {
|
|
|
|
return nil, fmt.Errorf("only one dispatch_payload block is allowed in a task. Number of dispatch_payload blocks found: %d", len(o.Items))
|
|
|
|
}
|
|
|
|
var m map[string]interface{}
|
|
|
|
dispatchBlock := o.Items[0]
|
|
|
|
|
|
|
|
// Check for invalid keys
|
|
|
|
valid := []string{
|
|
|
|
"file",
|
|
|
|
}
|
2020-09-03 11:34:04 +00:00
|
|
|
if err := checkHCLKeys(dispatchBlock.Val, valid); err != nil {
|
2019-08-09 19:18:53 +00:00
|
|
|
return nil, multierror.Prefix(err, "dispatch_payload ->")
|
|
|
|
}
|
|
|
|
|
|
|
|
if err := hcl.DecodeObject(&m, dispatchBlock.Val); err != nil {
|
|
|
|
return nil, err
|
|
|
|
}
|
|
|
|
|
|
|
|
t.DispatchPayload = &api.DispatchPayloadConfig{}
|
|
|
|
if err := mapstructure.WeakDecode(m, t.DispatchPayload); err != nil {
|
|
|
|
return nil, err
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2019-10-11 17:10:45 +00:00
|
|
|
// If we have a lifecycle block parse that
|
|
|
|
if o := listVal.Filter("lifecycle"); len(o.Items) > 0 {
|
|
|
|
if len(o.Items) > 1 {
|
|
|
|
return nil, fmt.Errorf("only one lifecycle block is allowed in a task. Number of lifecycle blocks found: %d", len(o.Items))
|
|
|
|
}
|
|
|
|
|
|
|
|
var m map[string]interface{}
|
|
|
|
lifecycleBlock := o.Items[0]
|
|
|
|
|
|
|
|
// Check for invalid keys
|
|
|
|
valid := []string{
|
2019-12-02 20:45:33 +00:00
|
|
|
"hook",
|
2020-03-02 19:12:16 +00:00
|
|
|
"sidecar",
|
2019-10-11 17:10:45 +00:00
|
|
|
}
|
2020-09-03 11:34:04 +00:00
|
|
|
if err := checkHCLKeys(lifecycleBlock.Val, valid); err != nil {
|
2019-10-11 17:10:45 +00:00
|
|
|
return nil, multierror.Prefix(err, "lifecycle ->")
|
|
|
|
}
|
|
|
|
|
|
|
|
if err := hcl.DecodeObject(&m, lifecycleBlock.Val); err != nil {
|
|
|
|
return nil, err
|
|
|
|
}
|
|
|
|
|
|
|
|
t.Lifecycle = &api.TaskLifecycle{}
|
2020-01-30 20:05:07 +00:00
|
|
|
if err := mapstructure.WeakDecode(m, t.Lifecycle); err != nil {
|
2019-10-11 17:10:45 +00:00
|
|
|
return nil, err
|
|
|
|
}
|
|
|
|
}
|
2019-08-09 19:18:53 +00:00
|
|
|
return &t, nil
|
|
|
|
}
|
|
|
|
|
|
|
|
func parseArtifacts(result *[]*api.TaskArtifact, list *ast.ObjectList) error {
|
|
|
|
for _, o := range list.Elem().Items {
|
|
|
|
// Check for invalid keys
|
|
|
|
valid := []string{
|
|
|
|
"source",
|
|
|
|
"options",
|
2022-09-27 16:18:49 +00:00
|
|
|
"headers",
|
2019-08-09 19:18:53 +00:00
|
|
|
"mode",
|
|
|
|
"destination",
|
|
|
|
}
|
2020-09-03 11:34:04 +00:00
|
|
|
if err := checkHCLKeys(o.Val, valid); err != nil {
|
2019-08-09 19:18:53 +00:00
|
|
|
return err
|
|
|
|
}
|
|
|
|
|
|
|
|
var m map[string]interface{}
|
|
|
|
if err := hcl.DecodeObject(&m, o.Val); err != nil {
|
|
|
|
return err
|
|
|
|
}
|
|
|
|
|
|
|
|
delete(m, "options")
|
|
|
|
|
|
|
|
var ta api.TaskArtifact
|
|
|
|
if err := mapstructure.WeakDecode(m, &ta); err != nil {
|
|
|
|
return err
|
|
|
|
}
|
|
|
|
|
|
|
|
var optionList *ast.ObjectList
|
|
|
|
if ot, ok := o.Val.(*ast.ObjectType); ok {
|
|
|
|
optionList = ot.List
|
|
|
|
} else {
|
|
|
|
return fmt.Errorf("artifact should be an object")
|
|
|
|
}
|
|
|
|
|
|
|
|
if oo := optionList.Filter("options"); len(oo.Items) > 0 {
|
|
|
|
options := make(map[string]string)
|
|
|
|
if err := parseArtifactOption(options, oo); err != nil {
|
|
|
|
return multierror.Prefix(err, "options: ")
|
|
|
|
}
|
|
|
|
ta.GetterOptions = options
|
|
|
|
}
|
|
|
|
|
|
|
|
*result = append(*result, &ta)
|
|
|
|
}
|
|
|
|
|
|
|
|
return nil
|
|
|
|
}
|
|
|
|
|
|
|
|
func parseArtifactOption(result map[string]string, list *ast.ObjectList) error {
|
|
|
|
list = list.Elem()
|
|
|
|
if len(list.Items) > 1 {
|
|
|
|
return fmt.Errorf("only one 'options' block allowed per artifact")
|
|
|
|
}
|
|
|
|
|
|
|
|
// Get our resource object
|
|
|
|
o := list.Items[0]
|
|
|
|
|
|
|
|
var m map[string]interface{}
|
|
|
|
if err := hcl.DecodeObject(&m, o.Val); err != nil {
|
|
|
|
return err
|
|
|
|
}
|
|
|
|
|
|
|
|
if err := mapstructure.WeakDecode(m, &result); err != nil {
|
|
|
|
return err
|
|
|
|
}
|
|
|
|
|
|
|
|
return nil
|
|
|
|
}
|
|
|
|
|
|
|
|
func parseTemplates(result *[]*api.Template, list *ast.ObjectList) error {
|
|
|
|
for _, o := range list.Elem().Items {
|
2022-08-24 15:43:01 +00:00
|
|
|
// we'll need a list of all ast objects for later
|
|
|
|
var listVal *ast.ObjectList
|
|
|
|
if ot, ok := o.Val.(*ast.ObjectType); ok {
|
|
|
|
listVal = ot.List
|
|
|
|
} else {
|
|
|
|
return fmt.Errorf("should be an object")
|
|
|
|
}
|
|
|
|
|
2019-08-09 19:18:53 +00:00
|
|
|
// Check for invalid keys
|
|
|
|
valid := []string{
|
|
|
|
"change_mode",
|
|
|
|
"change_signal",
|
2022-08-24 15:43:01 +00:00
|
|
|
"change_script",
|
2019-08-09 19:18:53 +00:00
|
|
|
"data",
|
|
|
|
"destination",
|
|
|
|
"left_delimiter",
|
|
|
|
"perms",
|
2022-08-02 20:15:38 +00:00
|
|
|
"uid",
|
|
|
|
"gid",
|
2019-08-09 19:18:53 +00:00
|
|
|
"right_delimiter",
|
|
|
|
"source",
|
|
|
|
"splay",
|
|
|
|
"env",
|
2020-02-17 17:39:47 +00:00
|
|
|
"vault_grace", //COMPAT(0.12) not used; emits warning in 0.11.
|
2022-11-04 17:23:01 +00:00
|
|
|
"wait",
|
|
|
|
"error_on_missing_key",
|
2019-08-09 19:18:53 +00:00
|
|
|
}
|
2020-09-03 11:34:04 +00:00
|
|
|
if err := checkHCLKeys(o.Val, valid); err != nil {
|
2019-08-09 19:18:53 +00:00
|
|
|
return err
|
|
|
|
}
|
|
|
|
|
|
|
|
var m map[string]interface{}
|
|
|
|
if err := hcl.DecodeObject(&m, o.Val); err != nil {
|
|
|
|
return err
|
|
|
|
}
|
2022-08-24 15:43:01 +00:00
|
|
|
delete(m, "change_script") // change_script is its own object
|
2019-08-09 19:18:53 +00:00
|
|
|
|
|
|
|
templ := &api.Template{
|
2022-11-04 17:23:01 +00:00
|
|
|
ChangeMode: stringToPtr("restart"),
|
|
|
|
Splay: timeToPtr(5 * time.Second),
|
|
|
|
Perms: stringToPtr("0644"),
|
|
|
|
Uid: pointer.Of(-1),
|
|
|
|
Gid: pointer.Of(-1),
|
|
|
|
ErrMissingKey: pointer.Of(false),
|
2019-08-09 19:18:53 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
dec, err := mapstructure.NewDecoder(&mapstructure.DecoderConfig{
|
|
|
|
DecodeHook: mapstructure.StringToTimeDurationHookFunc(),
|
|
|
|
WeaklyTypedInput: true,
|
|
|
|
Result: templ,
|
|
|
|
})
|
|
|
|
if err != nil {
|
|
|
|
return err
|
|
|
|
}
|
|
|
|
if err := dec.Decode(m); err != nil {
|
|
|
|
return err
|
|
|
|
}
|
|
|
|
|
2022-08-24 15:43:01 +00:00
|
|
|
// If we have change_script, parse it
|
|
|
|
if o := listVal.Filter("change_script"); len(o.Items) > 0 {
|
|
|
|
if len(o.Items) != 1 {
|
|
|
|
return fmt.Errorf(
|
2023-01-30 14:48:43 +00:00
|
|
|
"change_script -> expected single block, got %d", len(o.Items),
|
2022-08-24 15:43:01 +00:00
|
|
|
)
|
|
|
|
}
|
|
|
|
var m map[string]interface{}
|
|
|
|
changeScriptBlock := o.Items[0]
|
|
|
|
|
|
|
|
// check for invalid fields
|
|
|
|
valid := []string{"command", "args", "timeout", "fail_on_error"}
|
|
|
|
if err := checkHCLKeys(changeScriptBlock.Val, valid); err != nil {
|
|
|
|
return multierror.Prefix(err, "change_script ->")
|
|
|
|
}
|
|
|
|
|
|
|
|
if err := hcl.DecodeObject(&m, changeScriptBlock.Val); err != nil {
|
|
|
|
return err
|
|
|
|
}
|
|
|
|
|
|
|
|
templ.ChangeScript = &api.ChangeScript{}
|
|
|
|
dec, err := mapstructure.NewDecoder(&mapstructure.DecoderConfig{
|
|
|
|
DecodeHook: mapstructure.StringToTimeDurationHookFunc(),
|
|
|
|
WeaklyTypedInput: true,
|
|
|
|
Result: templ.ChangeScript,
|
|
|
|
})
|
|
|
|
if err != nil {
|
|
|
|
return err
|
|
|
|
}
|
|
|
|
if err := dec.Decode(m); err != nil {
|
|
|
|
return err
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2019-08-09 19:18:53 +00:00
|
|
|
*result = append(*result, templ)
|
|
|
|
}
|
|
|
|
|
|
|
|
return nil
|
|
|
|
}
|
|
|
|
|
2020-09-09 22:30:40 +00:00
|
|
|
func parseTaskScalingPolicies(result *[]*api.ScalingPolicy, list *ast.ObjectList) error {
|
|
|
|
if len(list.Items) == 0 {
|
|
|
|
return nil
|
|
|
|
}
|
|
|
|
|
|
|
|
errPrefix := "scaling ->"
|
|
|
|
// Go through each object and turn it into an actual result.
|
|
|
|
seen := make(map[string]bool)
|
|
|
|
for _, item := range list.Items {
|
|
|
|
if l := len(item.Keys); l == 0 {
|
|
|
|
return multierror.Prefix(fmt.Errorf("task scaling policy missing name"), errPrefix)
|
|
|
|
} else if l > 1 {
|
|
|
|
return multierror.Prefix(fmt.Errorf("task scaling policy should only have one name"), errPrefix)
|
|
|
|
}
|
|
|
|
n := item.Keys[0].Token.Value().(string)
|
|
|
|
errPrefix = fmt.Sprintf("scaling[%v] ->", n)
|
|
|
|
|
|
|
|
var policyType string
|
|
|
|
switch strings.ToLower(n) {
|
|
|
|
case "cpu":
|
|
|
|
policyType = "vertical_cpu"
|
|
|
|
case "mem":
|
|
|
|
policyType = "vertical_mem"
|
|
|
|
default:
|
|
|
|
return multierror.Prefix(fmt.Errorf(`scaling policy name must be "cpu" or "mem"`), errPrefix)
|
|
|
|
}
|
|
|
|
|
|
|
|
// Make sure we haven't already found this
|
|
|
|
if seen[n] {
|
|
|
|
return multierror.Prefix(fmt.Errorf("scaling policy cannot be defined more than once"), errPrefix)
|
|
|
|
}
|
|
|
|
seen[n] = true
|
|
|
|
|
|
|
|
p, err := parseScalingPolicy(item)
|
|
|
|
if err != nil {
|
|
|
|
return multierror.Prefix(err, errPrefix)
|
|
|
|
}
|
|
|
|
|
|
|
|
if p.Type == "" {
|
|
|
|
p.Type = policyType
|
|
|
|
} else if p.Type != policyType {
|
|
|
|
return multierror.Prefix(fmt.Errorf("policy had invalid 'type': %q", p.Type), errPrefix)
|
|
|
|
}
|
|
|
|
|
|
|
|
*result = append(*result, p)
|
|
|
|
}
|
|
|
|
|
|
|
|
return nil
|
|
|
|
}
|
|
|
|
|
2019-08-09 19:18:53 +00:00
|
|
|
func parseResources(result *api.Resources, list *ast.ObjectList) error {
|
|
|
|
list = list.Elem()
|
|
|
|
if len(list.Items) == 0 {
|
|
|
|
return nil
|
|
|
|
}
|
|
|
|
if len(list.Items) > 1 {
|
|
|
|
return fmt.Errorf("only one 'resource' block allowed per task")
|
|
|
|
}
|
|
|
|
|
|
|
|
// Get our resource object
|
|
|
|
o := list.Items[0]
|
|
|
|
|
|
|
|
// We need this later
|
|
|
|
var listVal *ast.ObjectList
|
|
|
|
if ot, ok := o.Val.(*ast.ObjectType); ok {
|
|
|
|
listVal = ot.List
|
|
|
|
} else {
|
|
|
|
return fmt.Errorf("resource: should be an object")
|
|
|
|
}
|
|
|
|
|
|
|
|
// Check for invalid keys
|
|
|
|
valid := []string{
|
|
|
|
"cpu",
|
|
|
|
"iops", // COMPAT(0.10): Remove after one release to allow it to be removed from jobspecs
|
|
|
|
"disk",
|
|
|
|
"memory",
|
2021-03-26 20:11:26 +00:00
|
|
|
"memory_max",
|
2019-08-09 19:18:53 +00:00
|
|
|
"network",
|
|
|
|
"device",
|
2021-07-26 15:25:28 +00:00
|
|
|
"cores",
|
2019-08-09 19:18:53 +00:00
|
|
|
}
|
2020-09-03 11:34:04 +00:00
|
|
|
if err := checkHCLKeys(listVal, valid); err != nil {
|
2019-08-09 19:18:53 +00:00
|
|
|
return multierror.Prefix(err, "resources ->")
|
|
|
|
}
|
|
|
|
|
|
|
|
var m map[string]interface{}
|
|
|
|
if err := hcl.DecodeObject(&m, o.Val); err != nil {
|
|
|
|
return err
|
|
|
|
}
|
|
|
|
delete(m, "network")
|
|
|
|
delete(m, "device")
|
|
|
|
|
|
|
|
if err := mapstructure.WeakDecode(m, result); err != nil {
|
|
|
|
return err
|
|
|
|
}
|
|
|
|
|
|
|
|
// Parse the network resources
|
|
|
|
if o := listVal.Filter("network"); len(o.Items) > 0 {
|
2019-10-24 14:41:54 +00:00
|
|
|
r, err := ParseNetwork(o)
|
2019-08-09 19:18:53 +00:00
|
|
|
if err != nil {
|
|
|
|
return fmt.Errorf("resource, %v", err)
|
|
|
|
}
|
|
|
|
result.Networks = []*api.NetworkResource{r}
|
|
|
|
}
|
|
|
|
|
|
|
|
// Parse the device resources
|
|
|
|
if o := listVal.Filter("device"); len(o.Items) > 0 {
|
|
|
|
result.Devices = make([]*api.RequestedDevice, len(o.Items))
|
|
|
|
for idx, do := range o.Items {
|
|
|
|
if l := len(do.Keys); l == 0 {
|
|
|
|
return multierror.Prefix(fmt.Errorf("missing device name"), fmt.Sprintf("resources, device[%d]->", idx))
|
|
|
|
} else if l > 1 {
|
|
|
|
return multierror.Prefix(fmt.Errorf("only one name may be specified"), fmt.Sprintf("resources, device[%d]->", idx))
|
|
|
|
}
|
|
|
|
name := do.Keys[0].Token.Value().(string)
|
|
|
|
|
|
|
|
// Value should be an object
|
|
|
|
var listVal *ast.ObjectList
|
|
|
|
if ot, ok := do.Val.(*ast.ObjectType); ok {
|
|
|
|
listVal = ot.List
|
|
|
|
} else {
|
|
|
|
return fmt.Errorf("device should be an object")
|
|
|
|
}
|
|
|
|
|
|
|
|
// Check for invalid keys
|
|
|
|
valid := []string{
|
|
|
|
"name",
|
|
|
|
"count",
|
|
|
|
"affinity",
|
|
|
|
"constraint",
|
|
|
|
}
|
2020-09-03 11:34:04 +00:00
|
|
|
if err := checkHCLKeys(do.Val, valid); err != nil {
|
2019-08-09 19:18:53 +00:00
|
|
|
return multierror.Prefix(err, fmt.Sprintf("resources, device[%d]->", idx))
|
|
|
|
}
|
|
|
|
|
|
|
|
// Set the name
|
|
|
|
var r api.RequestedDevice
|
|
|
|
r.Name = name
|
|
|
|
|
|
|
|
var m map[string]interface{}
|
|
|
|
if err := hcl.DecodeObject(&m, do.Val); err != nil {
|
|
|
|
return err
|
|
|
|
}
|
|
|
|
|
|
|
|
delete(m, "constraint")
|
|
|
|
delete(m, "affinity")
|
|
|
|
|
|
|
|
if err := mapstructure.WeakDecode(m, &r); err != nil {
|
|
|
|
return err
|
|
|
|
}
|
|
|
|
|
|
|
|
// Parse constraints
|
|
|
|
if o := listVal.Filter("constraint"); len(o.Items) > 0 {
|
|
|
|
if err := parseConstraints(&r.Constraints, o); err != nil {
|
|
|
|
return multierror.Prefix(err, "constraint ->")
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
// Parse affinities
|
|
|
|
if o := listVal.Filter("affinity"); len(o.Items) > 0 {
|
|
|
|
if err := parseAffinities(&r.Affinities, o); err != nil {
|
|
|
|
return multierror.Prefix(err, "affinity ->")
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
result.Devices[idx] = &r
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
return nil
|
|
|
|
}
|
2019-07-25 14:42:11 +00:00
|
|
|
|
|
|
|
func parseVolumeMounts(out *[]*api.VolumeMount, list *ast.ObjectList) error {
|
|
|
|
mounts := make([]*api.VolumeMount, len(list.Items))
|
|
|
|
|
|
|
|
for i, item := range list.Items {
|
|
|
|
valid := []string{
|
|
|
|
"volume",
|
|
|
|
"read_only",
|
|
|
|
"destination",
|
volumes: Add support for mount propagation
This commit introduces support for configuring mount propagation when
mounting volumes with the `volume_mount` stanza on Linux targets.
Similar to Kubernetes, we expose 3 options for configuring mount
propagation:
- private, which is equivalent to `rprivate` on Linux, which does not allow the
container to see any new nested mounts after the chroot was created.
- host-to-task, which is equivalent to `rslave` on Linux, which allows new mounts
that have been created _outside of the container_ to be visible
inside the container after the chroot is created.
- bidirectional, which is equivalent to `rshared` on Linux, which allows both
the container to see new mounts created on the host, but
importantly _allows the container to create mounts that are
visible in other containers an don the host_
private and host-to-task are safe, but bidirectional mounts can be
dangerous, as if the code inside a container creates a mount, and does
not clean it up before tearing down the container, it can cause bad
things to happen inside the kernel.
To add a layer of safety here, we require that the user has ReadWrite
permissions on the volume before allowing bidirectional mounts, as a
defense in depth / validation case, although creating mounts should also require
a priviliged execution environment inside the container.
2019-09-13 21:13:20 +00:00
|
|
|
"propagation_mode",
|
2019-07-25 14:42:11 +00:00
|
|
|
}
|
2020-09-03 11:34:04 +00:00
|
|
|
if err := checkHCLKeys(item.Val, valid); err != nil {
|
2019-07-25 14:42:11 +00:00
|
|
|
return err
|
|
|
|
}
|
|
|
|
|
|
|
|
var m map[string]interface{}
|
|
|
|
if err := hcl.DecodeObject(&m, item.Val); err != nil {
|
|
|
|
return err
|
|
|
|
}
|
|
|
|
|
|
|
|
var result api.VolumeMount
|
|
|
|
dec, err := mapstructure.NewDecoder(&mapstructure.DecoderConfig{
|
|
|
|
WeaklyTypedInput: true,
|
|
|
|
Result: &result,
|
|
|
|
})
|
|
|
|
if err != nil {
|
|
|
|
return err
|
|
|
|
}
|
|
|
|
if err := dec.Decode(m); err != nil {
|
|
|
|
return err
|
|
|
|
}
|
|
|
|
|
|
|
|
mounts[i] = &result
|
|
|
|
}
|
|
|
|
|
|
|
|
*out = mounts
|
|
|
|
return nil
|
|
|
|
}
|
2023-02-02 18:59:14 +00:00
|
|
|
|
|
|
|
func parseIdentity(out *api.WorkloadIdentity, list *ast.ObjectList) error {
|
|
|
|
list = list.Elem()
|
|
|
|
if len(list.Items) == 0 {
|
|
|
|
return nil
|
|
|
|
}
|
|
|
|
if len(list.Items) > 1 {
|
|
|
|
return fmt.Errorf("only one 'identity' block allowed per task")
|
|
|
|
}
|
|
|
|
|
|
|
|
o := list.Items[0]
|
|
|
|
var listVal *ast.ObjectList
|
|
|
|
if ot, ok := o.Val.(*ast.ObjectType); ok {
|
|
|
|
listVal = ot.List
|
|
|
|
} else {
|
|
|
|
return fmt.Errorf("identity: should be an object")
|
|
|
|
}
|
|
|
|
|
|
|
|
valid := []string{
|
|
|
|
"env",
|
|
|
|
"file",
|
|
|
|
}
|
|
|
|
|
|
|
|
if err := checkHCLKeys(listVal, valid); err != nil {
|
|
|
|
return multierror.Prefix(err, "identity ->")
|
|
|
|
}
|
|
|
|
|
|
|
|
var m map[string]interface{}
|
|
|
|
if err := hcl.DecodeObject(&m, o.Val); err != nil {
|
|
|
|
return err
|
|
|
|
}
|
|
|
|
|
|
|
|
if err := mapstructure.WeakDecode(m, out); err != nil {
|
|
|
|
return err
|
|
|
|
}
|
|
|
|
|
|
|
|
return nil
|
|
|
|
}
|