np: check for license on RPC endpoints (#17656)
This commit is contained in:
parent
53dd8835b8
commit
8f05eaaa68
|
@ -49,6 +49,9 @@ func (n *NodePool) List(args *structs.NodePoolListRequest, reply *structs.NodePo
|
||||||
return err
|
return err
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// Only warn for expiration of a read request.
|
||||||
|
_ = n.validateLicense(nil)
|
||||||
|
|
||||||
// Setup blocking query.
|
// Setup blocking query.
|
||||||
sort := state.SortOption(args.Reverse)
|
sort := state.SortOption(args.Reverse)
|
||||||
opts := blockingOptions{
|
opts := blockingOptions{
|
||||||
|
@ -134,6 +137,9 @@ func (n *NodePool) GetNodePool(args *structs.NodePoolSpecificRequest, reply *str
|
||||||
return structs.ErrPermissionDenied
|
return structs.ErrPermissionDenied
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// Only warn for expiration of a read request.
|
||||||
|
_ = n.validateLicense(nil)
|
||||||
|
|
||||||
// Setup the blocking query.
|
// Setup the blocking query.
|
||||||
opts := blockingOptions{
|
opts := blockingOptions{
|
||||||
queryOpts: &args.QueryOptions,
|
queryOpts: &args.QueryOptions,
|
||||||
|
@ -186,6 +192,12 @@ func (n *NodePool) UpsertNodePools(args *structs.NodePoolUpsertRequest, reply *s
|
||||||
if !aclObj.AllowNodePoolOperation(pool.Name, acl.NodePoolCapabilityWrite) {
|
if !aclObj.AllowNodePoolOperation(pool.Name, acl.NodePoolCapabilityWrite) {
|
||||||
return structs.ErrPermissionDenied
|
return structs.ErrPermissionDenied
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// Strict enforcement for write requests.
|
||||||
|
// If not licensed then requests will be denied.
|
||||||
|
if err := n.validateLicense(pool); err != nil {
|
||||||
|
return err
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
if !ServersMeetMinimumVersion(
|
if !ServersMeetMinimumVersion(
|
||||||
|
@ -243,6 +255,10 @@ func (n *NodePool) DeleteNodePools(args *structs.NodePoolDeleteRequest, reply *s
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// Only warn for expiration on delete because just parts of node pools are
|
||||||
|
// licensed, so they are allowed to be deleted.
|
||||||
|
_ = n.validateLicense(nil)
|
||||||
|
|
||||||
if !ServersMeetMinimumVersion(
|
if !ServersMeetMinimumVersion(
|
||||||
n.srv.serf.Members(), n.srv.Region(), minNodePoolsVersion, true) {
|
n.srv.serf.Members(), n.srv.Region(), minNodePoolsVersion, true) {
|
||||||
return fmt.Errorf("all servers must be running version %v or later to delete node pools", minNodePoolsVersion)
|
return fmt.Errorf("all servers must be running version %v or later to delete node pools", minNodePoolsVersion)
|
||||||
|
|
|
@ -0,0 +1,21 @@
|
||||||
|
// Copyright (c) HashiCorp, Inc.
|
||||||
|
// SPDX-License-Identifier: MPL-2.0
|
||||||
|
|
||||||
|
//go:build !ent
|
||||||
|
// +build !ent
|
||||||
|
|
||||||
|
package nomad
|
||||||
|
|
||||||
|
import (
|
||||||
|
"errors"
|
||||||
|
|
||||||
|
"github.com/hashicorp/nomad/nomad/structs"
|
||||||
|
)
|
||||||
|
|
||||||
|
func (n *NodePool) validateLicense(pool *structs.NodePool) error {
|
||||||
|
if pool != nil && pool.SchedulerConfiguration != nil {
|
||||||
|
return errors.New(`Feature "Node Pools Governance" is unlicensed`)
|
||||||
|
}
|
||||||
|
|
||||||
|
return nil
|
||||||
|
}
|
Loading…
Reference in New Issue