open-nomad/nomad/system_endpoint.go
Michael Schurter 4e005d4753 System ACL enforcement
Enforce ACL for System.GarbageCollect and System.ReconcileJobSummaries
RPC endpoints.
2017-10-10 10:53:10 -07:00

59 lines
1.6 KiB
Go

package nomad
import (
"fmt"
"github.com/hashicorp/nomad/nomad/structs"
)
// System endpoint is used to call invoke system tasks.
type System struct {
srv *Server
}
// GarbageCollect is used to trigger the system to immediately garbage collect nodes, evals
// and jobs.
func (s *System) GarbageCollect(args *structs.GenericRequest, reply *structs.GenericResponse) error {
if done, err := s.srv.forward("System.GarbageCollect", args, args, reply); done {
return err
}
// Check management level permissions
if acl, err := s.srv.ResolveToken(args.SecretID); err != nil {
return err
} else if acl != nil && !acl.IsManagement() {
return structs.ErrPermissionDenied
}
// Get the states current index
snapshotIndex, err := s.srv.fsm.State().LatestIndex()
if err != nil {
return fmt.Errorf("failed to determine state store's index: %v", err)
}
s.srv.evalBroker.Enqueue(s.srv.coreJobEval(structs.CoreJobForceGC, snapshotIndex))
return nil
}
// ReconcileSummaries reconciles the summaries of all the jobs in the state
// store
func (s *System) ReconcileJobSummaries(args *structs.GenericRequest, reply *structs.GenericResponse) error {
if done, err := s.srv.forward("System.ReconcileJobSummaries", args, args, reply); done {
return err
}
// Check management level permissions
if acl, err := s.srv.ResolveToken(args.SecretID); err != nil {
return err
} else if acl != nil && !acl.IsManagement() {
return structs.ErrPermissionDenied
}
_, index, err := s.srv.raftApply(structs.ReconcileJobSummariesRequestType, args)
if err != nil {
return fmt.Errorf("reconciliation of job summaries failed: %v", err)
}
reply.Index = index
return nil
}