np: check for license on RPC endpoints (#17656)

This commit is contained in:
Luiz Aoqui 2023-06-22 12:52:20 -04:00 committed by GitHub
parent 53dd8835b8
commit 8f05eaaa68
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 37 additions and 0 deletions

View File

@ -49,6 +49,9 @@ func (n *NodePool) List(args *structs.NodePoolListRequest, reply *structs.NodePo
return err return err
} }
// Only warn for expiration of a read request.
_ = n.validateLicense(nil)
// Setup blocking query. // Setup blocking query.
sort := state.SortOption(args.Reverse) sort := state.SortOption(args.Reverse)
opts := blockingOptions{ opts := blockingOptions{
@ -134,6 +137,9 @@ func (n *NodePool) GetNodePool(args *structs.NodePoolSpecificRequest, reply *str
return structs.ErrPermissionDenied return structs.ErrPermissionDenied
} }
// Only warn for expiration of a read request.
_ = n.validateLicense(nil)
// Setup the blocking query. // Setup the blocking query.
opts := blockingOptions{ opts := blockingOptions{
queryOpts: &args.QueryOptions, queryOpts: &args.QueryOptions,
@ -186,6 +192,12 @@ func (n *NodePool) UpsertNodePools(args *structs.NodePoolUpsertRequest, reply *s
if !aclObj.AllowNodePoolOperation(pool.Name, acl.NodePoolCapabilityWrite) { if !aclObj.AllowNodePoolOperation(pool.Name, acl.NodePoolCapabilityWrite) {
return structs.ErrPermissionDenied return structs.ErrPermissionDenied
} }
// Strict enforcement for write requests.
// If not licensed then requests will be denied.
if err := n.validateLicense(pool); err != nil {
return err
}
} }
if !ServersMeetMinimumVersion( if !ServersMeetMinimumVersion(
@ -243,6 +255,10 @@ func (n *NodePool) DeleteNodePools(args *structs.NodePoolDeleteRequest, reply *s
} }
} }
// Only warn for expiration on delete because just parts of node pools are
// licensed, so they are allowed to be deleted.
_ = n.validateLicense(nil)
if !ServersMeetMinimumVersion( if !ServersMeetMinimumVersion(
n.srv.serf.Members(), n.srv.Region(), minNodePoolsVersion, true) { n.srv.serf.Members(), n.srv.Region(), minNodePoolsVersion, true) {
return fmt.Errorf("all servers must be running version %v or later to delete node pools", minNodePoolsVersion) return fmt.Errorf("all servers must be running version %v or later to delete node pools", minNodePoolsVersion)

View File

@ -0,0 +1,21 @@
// Copyright (c) HashiCorp, Inc.
// SPDX-License-Identifier: MPL-2.0
//go:build !ent
// +build !ent
package nomad
import (
"errors"
"github.com/hashicorp/nomad/nomad/structs"
)
func (n *NodePool) validateLicense(pool *structs.NodePool) error {
if pool != nil && pool.SchedulerConfiguration != nil {
return errors.New(`Feature "Node Pools Governance" is unlicensed`)
}
return nil
}