luxolus
/
open-nomad
2
0
Fork 0
Code Issues 1 Pull Requests Packages Releases Wiki Activity

Struct/api/parsing

This commit is contained in:
Alex Dadgar 2016-10-11 15:25:49 -07:00
parent 53eeec9bc1
commit af036be754
6 changed files with 82 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
api/tasks.go
View File

@ -177,8 +177,10 @@ type Template struct {
} }
type Vault struct { type Vault struct {
Policies []string Policies []string
Env bool Env bool
TokenChangeMode string
TokenChangeSignal string
} }
// NewTask creates and initializes a new Task. // NewTask creates and initializes a new Task.

6
jobspec/parse.go
View File

@ -1177,6 +1177,8 @@ func parseVault(result *structs.Vault, list *ast.ObjectList) error {
valid := []string{ valid := []string{
"policies", "policies",
"env", "env",
"change_mode",
"change_signal",
} }
if err := checkHCLKeys(listVal, valid); err != nil { if err := checkHCLKeys(listVal, valid); err != nil {
return multierror.Prefix(err, "vault ->") return multierror.Prefix(err, "vault ->")
@ -1192,6 +1194,10 @@ func parseVault(result *structs.Vault, list *ast.ObjectList) error {
m["env"] = true m["env"] = true
} }
if _, ok := m["change_mode"]; !ok {
m["change_mode"] = structs.VaultChangeModeRestart
}
if err := mapstructure.WeakDecode(m, result); err != nil { if err := mapstructure.WeakDecode(m, result); err != nil {
return err return err
} }

26
jobspec/parse_test.go
View File

@ -159,8 +159,9 @@ func TestParse(t *testing.T) {
}, },
}, },
Vault: &structs.Vault{ Vault: &structs.Vault{
Policies: []string{"foo", "bar"}, Policies: []string{"foo", "bar"},
Env: true, Env: true,
ChangeMode: structs.VaultChangeModeRestart,
}, },
Templates: []*structs.Template{ Templates: []*structs.Template{
{ {
@ -199,6 +200,12 @@ func TestParse(t *testing.T) {
}, },
}, },
LogConfig: structs.DefaultLogConfig(), LogConfig: structs.DefaultLogConfig(),
Vault: &structs.Vault{
Policies: []string{"foo", "bar"},
Env: false,
ChangeMode: structs.VaultChangeModeSignal,
ChangeSignal: "SIGUSR1",
},
}, },
}, },
}, },
@ -475,16 +482,18 @@ func TestParse(t *testing.T) {
Name: "redis", Name: "redis",
LogConfig: structs.DefaultLogConfig(), LogConfig: structs.DefaultLogConfig(),
Vault: &structs.Vault{ Vault: &structs.Vault{
Policies: []string{"group"}, Policies: []string{"group"},
Env: true, Env: true,
ChangeMode: structs.VaultChangeModeRestart,
}, },
}, },
&structs.Task{ &structs.Task{
Name: "redis2", Name: "redis2",
LogConfig: structs.DefaultLogConfig(), LogConfig: structs.DefaultLogConfig(),
Vault: &structs.Vault{ Vault: &structs.Vault{
Policies: []string{"task"}, Policies: []string{"task"},
Env: false, Env: false,
ChangeMode: structs.VaultChangeModeRestart,
}, },
}, },
}, },
@ -498,8 +507,9 @@ func TestParse(t *testing.T) {
Name: "redis", Name: "redis",
LogConfig: structs.DefaultLogConfig(), LogConfig: structs.DefaultLogConfig(),
Vault: &structs.Vault{ Vault: &structs.Vault{
Policies: []string{"job"}, Policies: []string{"job"},
Env: true, Env: true,
ChangeMode: structs.VaultChangeModeRestart,
}, },
}, },
}, },

7
jobspec/test-fixtures/basic.hcl
View File

@ -165,6 +165,13 @@ job "binstore-storagelocker" {
attribute = "kernel.arch" attribute = "kernel.arch"
value = "amd64" value = "amd64"
} }
vault {
policies = ["foo", "bar"]
env = false
change_mode = "signal"
change_signal = "SIGUSR1"
}
} }
constraint { constraint {

29
nomad/structs/structs.go
View File

@ -2818,6 +2818,17 @@ func (d *EphemeralDisk) Copy() *EphemeralDisk {
return ld return ld
} }
const (
// VaultChangeModeNoop takes no action when a new token is retrieved.
VaultChangeModeNoop = "noop"
// VaultChangeModeSignal signals the task when a new token is retrieved.
VaultChangeModeSignal = "signal"
// VaultChangeModeRestart restarts the task when a new token is retrieved.
VaultChangeModeRestart = "restart"
)
// Vault stores the set of premissions a task needs access to from Vault. // Vault stores the set of premissions a task needs access to from Vault.
type Vault struct { type Vault struct {
// Policies is the set of policies that the task needs access to // Policies is the set of policies that the task needs access to
@ -2826,6 +2837,14 @@ type Vault struct {
// Env marks whether the Vault Token should be exposed as an environment // Env marks whether the Vault Token should be exposed as an environment
// variable // variable
Env bool Env bool
// ChangeMode is used to configure the task's behavior when the Vault
// token changes because the original token could not be renewed in time.
ChangeMode string `mapstructure:"change_mode"`
// ChangeSignal is the signal sent to the task when a new token is
// retrieved. This is only valid when using the signal change mode.
ChangeSignal string `mapstructure:"change_signal"`
} }
// Copy returns a copy of this Vault block. // Copy returns a copy of this Vault block.
@ -2849,6 +2868,16 @@ func (v *Vault) Validate() error {
return fmt.Errorf("Policy list can not be empty") return fmt.Errorf("Policy list can not be empty")
} }
switch v.ChangeMode {
case VaultChangeModeSignal:
if v.ChangeSignal == "" {
return fmt.Errorf("Signal must be specified when using change mode %q", VaultChangeModeSignal)
}
case VaultChangeModeNoop, VaultChangeModeRestart:
default:
return fmt.Errorf("Unknown change mode %q", v.ChangeMode)
}
return nil return nil
} }

18
nomad/structs/structs_test.go
View File

@ -1307,3 +1307,21 @@ func TestAllocation_Terminated(t *testing.T) {
} }
} }
} }
func TestVault_Validate(t *testing.T) {
v := &Vault{
Env: true,
ChangeMode: VaultChangeModeNoop,
}
if err := v.Validate(); err == nil || !strings.Contains(err.Error(), "Policy list") {
t.Fatalf("Expected policy list empty error")
}
v.Policies = []string{"foo"}
v.ChangeMode = VaultChangeModeSignal
if err := v.Validate(); err == nil || !strings.Contains(err.Error(), "Signal must") {
t.Fatalf("Expected signal empty error")
}
}