123 lines
3.1 KiB
Go
123 lines
3.1 KiB
Go
// Copyright (c) HashiCorp, Inc.
|
|
// SPDX-License-Identifier: MPL-2.0
|
|
|
|
package nomad
|
|
|
|
import (
|
|
"testing"
|
|
|
|
"github.com/hashicorp/nomad/ci"
|
|
"github.com/hashicorp/nomad/nomad/mock"
|
|
"github.com/hashicorp/nomad/nomad/structs"
|
|
"github.com/hashicorp/nomad/testutil"
|
|
"github.com/stretchr/testify/require"
|
|
)
|
|
|
|
func TestJobNamespaceConstraintCheckHook_Name(t *testing.T) {
|
|
ci.Parallel(t)
|
|
|
|
require.Equal(t, "namespace-constraint-check", new(jobNamespaceConstraintCheckHook).Name())
|
|
}
|
|
|
|
func TestJobNamespaceConstraintCheckHook_taskValidateDriver(t *testing.T) {
|
|
ci.Parallel(t)
|
|
|
|
cases := []struct {
|
|
description string
|
|
driver string
|
|
ns *structs.Namespace
|
|
result bool
|
|
}{
|
|
{
|
|
"No drivers enabled/disabled, allow all",
|
|
"docker",
|
|
&structs.Namespace{},
|
|
true,
|
|
},
|
|
{
|
|
"Only exec and docker are allowed 1/2",
|
|
"docker",
|
|
&structs.Namespace{
|
|
Capabilities: &structs.NamespaceCapabilities{
|
|
EnabledTaskDrivers: []string{"docker", "exec"}},
|
|
},
|
|
true,
|
|
},
|
|
{
|
|
"Only exec and docker are allowed 2/2",
|
|
"raw_exec",
|
|
&structs.Namespace{
|
|
Capabilities: &structs.NamespaceCapabilities{
|
|
EnabledTaskDrivers: []string{"docker", "exec"}},
|
|
},
|
|
false,
|
|
},
|
|
{
|
|
"disable takes precedence over enable",
|
|
"docker",
|
|
&structs.Namespace{
|
|
Capabilities: &structs.NamespaceCapabilities{
|
|
EnabledTaskDrivers: []string{"docker"},
|
|
DisabledTaskDrivers: []string{"docker"}},
|
|
},
|
|
false,
|
|
},
|
|
{
|
|
"All drivers but docker are allowed 1/2",
|
|
"docker",
|
|
&structs.Namespace{
|
|
Capabilities: &structs.NamespaceCapabilities{
|
|
DisabledTaskDrivers: []string{"docker"}},
|
|
},
|
|
false,
|
|
},
|
|
{
|
|
"All drivers but docker are allowed 2/2",
|
|
"raw_exec",
|
|
&structs.Namespace{
|
|
Capabilities: &structs.NamespaceCapabilities{
|
|
DisabledTaskDrivers: []string{"docker"}},
|
|
},
|
|
true,
|
|
},
|
|
}
|
|
|
|
for _, c := range cases {
|
|
var task = &structs.Task{Driver: c.driver}
|
|
require.Equal(t, c.result, taskValidateDriver(task, c.ns), c.description)
|
|
}
|
|
}
|
|
|
|
func TestJobNamespaceConstraintCheckHook_validate(t *testing.T) {
|
|
ci.Parallel(t)
|
|
s1, cleanupS1 := TestServer(t, nil)
|
|
defer cleanupS1()
|
|
testutil.WaitForLeader(t, s1.RPC)
|
|
|
|
// Create a namespace
|
|
ns := mock.Namespace()
|
|
ns.Name = "default" // fix the name
|
|
ns.Capabilities = &structs.NamespaceCapabilities{
|
|
EnabledTaskDrivers: []string{"docker", "qemu"},
|
|
DisabledTaskDrivers: []string{"exec", "raw_exec"},
|
|
}
|
|
s1.fsm.State().UpsertNamespaces(1000, []*structs.Namespace{ns})
|
|
|
|
hook := jobNamespaceConstraintCheckHook{srv: s1}
|
|
job := mock.LifecycleJob()
|
|
job.TaskGroups[0].Tasks[0].Driver = "docker"
|
|
job.TaskGroups[0].Tasks[1].Driver = "qemu"
|
|
job.TaskGroups[0].Tasks[2].Driver = "docker"
|
|
job.TaskGroups[0].Tasks[3].Driver = "qemu"
|
|
_, err := hook.Validate(job)
|
|
require.Nil(t, err)
|
|
|
|
job.TaskGroups[0].Tasks[2].Driver = "raw_exec"
|
|
_, err = hook.Validate(job)
|
|
require.Equal(t, err.Error(), "used task driver \"raw_exec\" is not allowed in namespace \"default\"")
|
|
|
|
job.TaskGroups[0].Tasks[1].Driver = "exec"
|
|
_, err = hook.Validate(job)
|
|
require.Equal(t, err.Error(), "used task drivers [\"exec\" \"raw_exec\"] are not allowed in namespace \"default\"")
|
|
}
|