node pools: validate pool exists on job registration (#17386)
Add a new job admission hook for node pools that enforces the pool exists on registration. Also provide the skeleton function we need for Enterprise enforcement functions we'll implement later.
This commit is contained in:
parent
f755b9469f
commit
56e9b944e8
|
@ -72,12 +72,14 @@ func NewJobEndpoints(s *Server, ctx *RPCContext) *Job {
|
||||||
jobConnectHook{},
|
jobConnectHook{},
|
||||||
jobExposeCheckHook{},
|
jobExposeCheckHook{},
|
||||||
jobImpliedConstraints{},
|
jobImpliedConstraints{},
|
||||||
|
jobNodePoolMutatingHook{srv: s},
|
||||||
},
|
},
|
||||||
validators: []jobValidator{
|
validators: []jobValidator{
|
||||||
jobConnectHook{},
|
jobConnectHook{},
|
||||||
jobExposeCheckHook{},
|
jobExposeCheckHook{},
|
||||||
jobVaultHook{srv: s},
|
jobVaultHook{srv: s},
|
||||||
jobNamespaceConstraintCheckHook{srv: s},
|
jobNamespaceConstraintCheckHook{srv: s},
|
||||||
|
jobNodePoolValidatingHook{srv: s},
|
||||||
&jobValidate{srv: s},
|
&jobValidate{srv: s},
|
||||||
&memoryOversubscriptionValidate{srv: s},
|
&memoryOversubscriptionValidate{srv: s},
|
||||||
},
|
},
|
||||||
|
|
|
@ -0,0 +1,34 @@
|
||||||
|
// Copyright (c) HashiCorp, Inc.
|
||||||
|
// SPDX-License-Identifier: MPL-2.0
|
||||||
|
|
||||||
|
package nomad
|
||||||
|
|
||||||
|
import (
|
||||||
|
"fmt"
|
||||||
|
|
||||||
|
"github.com/hashicorp/nomad/nomad/structs"
|
||||||
|
)
|
||||||
|
|
||||||
|
// jobNodePoolValidatingHook is an admission hook that ensures the job has valid
|
||||||
|
// node pool configuration.
|
||||||
|
type jobNodePoolValidatingHook struct {
|
||||||
|
srv *Server
|
||||||
|
}
|
||||||
|
|
||||||
|
func (j jobNodePoolValidatingHook) Name() string {
|
||||||
|
return "node-pool-validation"
|
||||||
|
}
|
||||||
|
|
||||||
|
func (j jobNodePoolValidatingHook) Validate(job *structs.Job) ([]error, error) {
|
||||||
|
poolName := job.NodePool
|
||||||
|
|
||||||
|
pool, err := j.srv.State().NodePoolByName(nil, poolName)
|
||||||
|
if err != nil {
|
||||||
|
return nil, err
|
||||||
|
}
|
||||||
|
if pool == nil {
|
||||||
|
return nil, fmt.Errorf("job %q is in nonexistent node pool %q", job.ID, poolName)
|
||||||
|
}
|
||||||
|
|
||||||
|
return j.enterpriseValidation(job, pool)
|
||||||
|
}
|
|
@ -0,0 +1,28 @@
|
||||||
|
// Copyright (c) HashiCorp, Inc.
|
||||||
|
// SPDX-License-Identifier: MPL-2.0
|
||||||
|
|
||||||
|
//go:build !ent
|
||||||
|
// +build !ent
|
||||||
|
|
||||||
|
package nomad
|
||||||
|
|
||||||
|
import "github.com/hashicorp/nomad/nomad/structs"
|
||||||
|
|
||||||
|
// enterpriseValidation implements any admission hooks for node pools for Nomad
|
||||||
|
// Enterprise.
|
||||||
|
func (j jobNodePoolValidatingHook) enterpriseValidation(_ *structs.Job, _ *structs.NodePool) ([]error, error) {
|
||||||
|
return nil, nil
|
||||||
|
}
|
||||||
|
|
||||||
|
// jobNodePoolMutatingHook mutates the job on Nomad Enterprise only.
|
||||||
|
type jobNodePoolMutatingHook struct {
|
||||||
|
srv *Server
|
||||||
|
}
|
||||||
|
|
||||||
|
func (c jobNodePoolMutatingHook) Name() string {
|
||||||
|
return "node-pool-mutation"
|
||||||
|
}
|
||||||
|
|
||||||
|
func (c jobNodePoolMutatingHook) Mutate(job *structs.Job) (*structs.Job, []error, error) {
|
||||||
|
return job, nil, nil
|
||||||
|
}
|
Loading…
Reference in New Issue