70 lines
1.8 KiB
Go
70 lines
1.8 KiB
Go
|
package nomad
|
||
|
|
||
|
import (
|
||
|
"time"
|
||
|
|
||
|
metrics "github.com/armon/go-metrics"
|
||
|
log "github.com/hashicorp/go-hclog"
|
||
|
"github.com/hashicorp/nomad/nomad/structs"
|
||
|
nstructs "github.com/hashicorp/nomad/nomad/structs"
|
||
|
)
|
||
|
|
||
|
type NodeMeta struct {
|
||
|
srv *Server
|
||
|
logger log.Logger
|
||
|
}
|
||
|
|
||
|
func newNodeMetaEndpoint(srv *Server) *NodeMeta {
|
||
|
n := &NodeMeta{
|
||
|
srv: srv,
|
||
|
logger: srv.logger.Named("node_meta"),
|
||
|
}
|
||
|
return n
|
||
|
}
|
||
|
|
||
|
func (n *NodeMeta) Apply(args *structs.NodeMetaApplyRequest, reply *structs.NodeMetaResponse) error {
|
||
|
const method = "NodeMeta.Apply"
|
||
|
|
||
|
authErr := n.srv.Authenticate(nil, args)
|
||
|
if done, err := n.srv.forward(method, args, args, reply); done {
|
||
|
return err
|
||
|
}
|
||
|
n.srv.MeasureRPCRate("node_meta", nstructs.RateMetricRead, args)
|
||
|
if authErr != nil {
|
||
|
return nstructs.ErrPermissionDenied
|
||
|
}
|
||
|
defer metrics.MeasureSince([]string{"nomad", "client_meta", "apply"}, time.Now())
|
||
|
|
||
|
// Check node write permissions
|
||
|
if aclObj, err := n.srv.ResolveACL(args); err != nil {
|
||
|
return err
|
||
|
} else if aclObj != nil && !aclObj.AllowNodeWrite() {
|
||
|
return nstructs.ErrPermissionDenied
|
||
|
}
|
||
|
|
||
|
return n.srv.forwardClientRPC(method, args.NodeID, args, reply)
|
||
|
}
|
||
|
|
||
|
func (n *NodeMeta) Read(args *structs.NodeSpecificRequest, reply *structs.NodeMetaResponse) error {
|
||
|
const method = "NodeMeta.Read"
|
||
|
|
||
|
authErr := n.srv.Authenticate(nil, args)
|
||
|
if done, err := n.srv.forward(method, args, args, reply); done {
|
||
|
return err
|
||
|
}
|
||
|
n.srv.MeasureRPCRate("node_meta", nstructs.RateMetricRead, args)
|
||
|
if authErr != nil {
|
||
|
return nstructs.ErrPermissionDenied
|
||
|
}
|
||
|
defer metrics.MeasureSince([]string{"nomad", "client_meta", "read"}, time.Now())
|
||
|
|
||
|
// Check node read permissions
|
||
|
if aclObj, err := n.srv.ResolveACL(args); err != nil {
|
||
|
return err
|
||
|
} else if aclObj != nil && !aclObj.AllowNodeRead() {
|
||
|
return nstructs.ErrPermissionDenied
|
||
|
}
|
||
|
|
||
|
return n.srv.forwardClientRPC(method, args.NodeID, args, reply)
|
||
|
}
|