open-nomad/command/job_promote_test.go
Seth Hoenig ba728f8f97
api: enable support for setting original job source (#16763)
* api: enable support for setting original source alongside job

This PR adds support for setting job source material along with
the registration of a job.

This includes a new HTTP endpoint and a new RPC endpoint for
making queries for the original source of a job. The
HTTP endpoint is /v1/job/<id>/submission?version=<version> and
the RPC method is Job.GetJobSubmission.

The job source (if submitted, and doing so is always optional), is
stored in the job_submission memdb table, separately from the
actual job. This way we do not incur overhead of reading the large
string field throughout normal job operations.

The server config now includes job_max_source_size for configuring
the maximum size the job source may be, before the server simply
drops the source material. This should help prevent Bad Things from
happening when huge jobs are submitted. If the value is set to 0,
all job source material will be dropped.

* api: avoid writing var content to disk for parsing

* api: move submission validation into RPC layer

* api: return an error if updating a job submission without namespace or job id

* api: be exact about the job index we associate a submission with (modify)

* api: reword api docs scheduling

* api: prune all but the last 6 job submissions

* api: protect against nil job submission in job validation

* api: set max job source size in test server

* api: fixups from pr
2023-04-11 08:45:08 -05:00

189 lines
4.3 KiB
Go

// Copyright (c) HashiCorp, Inc.
// SPDX-License-Identifier: MPL-2.0
package command
import (
"strings"
"testing"
"github.com/hashicorp/nomad/api"
"github.com/hashicorp/nomad/ci"
"github.com/hashicorp/nomad/command/agent"
"github.com/hashicorp/nomad/nomad/structs"
"github.com/shoenig/test/must"
"github.com/hashicorp/nomad/nomad/mock"
"github.com/mitchellh/cli"
"github.com/posener/complete"
"github.com/stretchr/testify/assert"
)
func TestJobPromoteCommand_Implements(t *testing.T) {
ci.Parallel(t)
var _ cli.Command = &JobPromoteCommand{}
}
func TestJobPromoteCommand_Fails(t *testing.T) {
ci.Parallel(t)
ui := cli.NewMockUi()
cmd := &JobPromoteCommand{Meta: Meta{Ui: ui}}
// Fails on misuse
if code := cmd.Run([]string{"some", "bad", "args"}); code != 1 {
t.Fatalf("expected exit code 1, got: %d", code)
}
if out := ui.ErrorWriter.String(); !strings.Contains(out, commandErrorText(cmd)) {
t.Fatalf("expected help output, got: %s", out)
}
ui.ErrorWriter.Reset()
if code := cmd.Run([]string{"-address=nope", "12"}); code != 1 {
t.Fatalf("expected exit code 1, got: %d", code)
}
if out := ui.ErrorWriter.String(); !strings.Contains(out, "Error querying job prefix") {
t.Fatalf("expected failed to promote error, got: %s", out)
}
ui.ErrorWriter.Reset()
}
func TestJobPromoteCommand_AutocompleteArgs(t *testing.T) {
ci.Parallel(t)
assert := assert.New(t)
srv, _, url := testServer(t, true, nil)
defer srv.Shutdown()
ui := cli.NewMockUi()
cmd := &JobPromoteCommand{Meta: Meta{Ui: ui, flagAddress: url}}
// Create a fake job
state := srv.Agent.Server().State()
j := mock.Job()
assert.Nil(state.UpsertJob(structs.MsgTypeTestSetup, 1000, nil, j))
prefix := j.ID[:len(j.ID)-5]
args := complete.Args{Last: prefix}
predictor := cmd.AutocompleteArgs()
res := predictor.Predict(args)
assert.Equal(1, len(res))
assert.Equal(j.ID, res[0])
}
func TestJobPromoteCommand_ACL(t *testing.T) {
ci.Parallel(t)
// Start server with ACL enabled.
srv, _, url := testServer(t, true, func(c *agent.Config) {
c.ACL.Enabled = true
})
defer srv.Shutdown()
// Create a job.
job := mock.MinJob()
state := srv.Agent.Server().State()
err := state.UpsertJob(structs.MsgTypeTestSetup, 100, nil, job)
must.NoError(t, err)
testCases := []struct {
name string
jobPrefix bool
aclPolicy string
expectedErr string
}{
{
name: "no token",
aclPolicy: "",
expectedErr: api.PermissionDeniedErrorContent,
},
{
name: "missing submit-job",
aclPolicy: `
namespace "default" {
capabilities = ["read-job"]
}
`,
expectedErr: api.PermissionDeniedErrorContent,
},
{
name: "missing read-job",
aclPolicy: `
namespace "default" {
capabilities = ["submit-job"]
}
`,
expectedErr: api.PermissionDeniedErrorContent,
},
{
name: "read-job and submit-job allowed",
aclPolicy: `
namespace "default" {
capabilities = ["read-job", "submit-job"]
}
`,
},
{
name: "job prefix requires list-job",
jobPrefix: true,
aclPolicy: `
namespace "default" {
capabilities = ["read-job", "submit-job",]
}
`,
expectedErr: "no deployment to promote",
},
{
name: "job prefix works with list-job",
jobPrefix: true,
aclPolicy: `
namespace "default" {
capabilities = ["read-job", "submit-job", "list-jobs"]
}
`,
},
}
for i, tc := range testCases {
t.Run(tc.name, func(t *testing.T) {
ui := cli.NewMockUi()
cmd := &JobPromoteCommand{Meta: Meta{Ui: ui}}
args := []string{
"-address", url,
"-detach",
}
// Create deployment to promote.
d := mock.Deployment()
d.JobID = job.ID
d.JobCreateIndex = job.CreateIndex
err = state.UpsertDeployment(uint64(301+i), d)
must.NoError(t, err)
if tc.aclPolicy != "" {
// Create ACL token with test case policy and add it to the
// command.
policyName := nonAlphaNum.ReplaceAllString(tc.name, "-")
token := mock.CreatePolicyAndToken(t, state, uint64(302+i), policyName, tc.aclPolicy)
args = append(args, "-token", token.SecretID)
}
// Add job ID or job ID prefix to the command.
if tc.jobPrefix {
args = append(args, job.ID[:3])
} else {
args = append(args, job.ID)
}
// Run command.
code := cmd.Run(args)
if tc.expectedErr == "" {
must.Zero(t, code)
} else {
must.One(t, code)
must.StrContains(t, ui.ErrorWriter.String(), tc.expectedErr)
}
})
}
}