open-nomad/nomad/search_endpoint.go
2020-10-22 15:26:32 -07:00

227 lines
6 KiB
Go

package nomad
import (
"fmt"
"strings"
"time"
metrics "github.com/armon/go-metrics"
log "github.com/hashicorp/go-hclog"
memdb "github.com/hashicorp/go-memdb"
"github.com/hashicorp/nomad/acl"
"github.com/hashicorp/nomad/nomad/state"
"github.com/hashicorp/nomad/nomad/structs"
)
const (
// truncateLimit is the maximum number of matches that will be returned for a
// prefix for a specific context
truncateLimit = 20
)
var (
// ossContexts are the oss contexts which are searched to find matches
// for a given prefix
ossContexts = []structs.Context{
structs.Allocs,
structs.Jobs,
structs.Nodes,
structs.Evals,
structs.Deployments,
structs.Plugins,
structs.Volumes,
structs.Namespaces,
}
)
// Search endpoint is used to look up matches for a given prefix and context
type Search struct {
srv *Server
logger log.Logger
}
// getMatches extracts matches for an iterator, and returns a list of ids for
// these matches.
func (s *Search) getMatches(iter memdb.ResultIterator, prefix string) ([]string, bool) {
var matches []string
for i := 0; i < truncateLimit; i++ {
raw := iter.Next()
if raw == nil {
break
}
var id string
switch t := raw.(type) {
case *structs.Job:
id = t.ID
case *structs.Evaluation:
id = t.ID
case *structs.Allocation:
id = t.ID
case *structs.Node:
id = t.ID
case *structs.Deployment:
id = t.ID
case *structs.CSIPlugin:
id = t.ID
case *structs.CSIVolume:
id = t.ID
case *structs.Namespace:
id = t.Name
default:
matchID, ok := getEnterpriseMatch(raw)
if !ok {
s.logger.Error("unexpected type for resources context", "type", fmt.Sprintf("%T", t))
continue
}
id = matchID
}
if !strings.HasPrefix(id, prefix) {
continue
}
matches = append(matches, id)
}
return matches, iter.Next() != nil
}
// getResourceIter takes a context and returns a memdb iterator specific to
// that context
func getResourceIter(context structs.Context, aclObj *acl.ACL, namespace, prefix string, ws memdb.WatchSet, state *state.StateStore) (memdb.ResultIterator, error) {
switch context {
case structs.Jobs:
return state.JobsByIDPrefix(ws, namespace, prefix)
case structs.Evals:
return state.EvalsByIDPrefix(ws, namespace, prefix)
case structs.Allocs:
return state.AllocsByIDPrefix(ws, namespace, prefix)
case structs.Nodes:
return state.NodesByIDPrefix(ws, prefix)
case structs.Deployments:
return state.DeploymentsByIDPrefix(ws, namespace, prefix)
case structs.Plugins:
return state.CSIPluginsByIDPrefix(ws, prefix)
case structs.Volumes:
return state.CSIVolumesByIDPrefix(ws, namespace, prefix)
case structs.Namespaces:
iter, err := state.NamespacesByNamePrefix(ws, prefix)
if err != nil {
return nil, err
}
if aclObj == nil {
return iter, nil
}
return memdb.NewFilterIterator(iter, namespaceFilter(aclObj)), nil
default:
return getEnterpriseResourceIter(context, aclObj, namespace, prefix, ws, state)
}
}
// namespaceFilter wraps a namespace iterator with a filter for removing
// namespaces the ACL can't access.
func namespaceFilter(aclObj *acl.ACL) memdb.FilterFunc {
return func(v interface{}) bool {
return !aclObj.AllowNamespace(v.(*structs.Namespace).Name)
}
}
// If the length of a prefix is odd, return a subset to the last even character
// This only applies to UUIDs, jobs are excluded
func roundUUIDDownIfOdd(prefix string, context structs.Context) string {
if context == structs.Jobs {
return prefix
}
// We ignore the count of hyphens when calculating if the prefix is even:
// E.g "e3671fa4-21"
numHyphens := strings.Count(prefix, "-")
l := len(prefix) - numHyphens
if l%2 == 0 {
return prefix
}
return prefix[:len(prefix)-1]
}
// PrefixSearch is used to list matches for a given prefix, and returns
// matching jobs, evaluations, allocations, and/or nodes.
func (s *Search) PrefixSearch(args *structs.SearchRequest, reply *structs.SearchResponse) error {
if done, err := s.srv.forward("Search.PrefixSearch", args, args, reply); done {
return err
}
defer metrics.MeasureSince([]string{"nomad", "search", "prefix_search"}, time.Now())
aclObj, err := s.srv.ResolveToken(args.AuthToken)
if err != nil {
return err
}
namespace := args.RequestNamespace()
// Require either node:read or namespace:read-job
if !anySearchPerms(aclObj, namespace, args.Context) {
return structs.ErrPermissionDenied
}
reply.Matches = make(map[structs.Context][]string)
reply.Truncations = make(map[structs.Context]bool)
// Setup the blocking query
opts := blockingOptions{
queryMeta: &reply.QueryMeta,
queryOpts: &structs.QueryOptions{},
run: func(ws memdb.WatchSet, state *state.StateStore) error {
iters := make(map[structs.Context]memdb.ResultIterator)
contexts := searchContexts(aclObj, namespace, args.Context)
for _, ctx := range contexts {
iter, err := getResourceIter(ctx, aclObj, namespace, roundUUIDDownIfOdd(args.Prefix, args.Context), ws, state)
if err != nil {
e := err.Error()
switch {
// Searching other contexts with job names raises an error, which in
// this case we want to ignore.
case strings.Contains(e, "Invalid UUID: encoding/hex"):
case strings.Contains(e, "UUID have 36 characters"):
case strings.Contains(e, "must be even length"):
case strings.Contains(e, "UUID should have maximum of 4"):
default:
return err
}
} else {
iters[ctx] = iter
}
}
// Return matches for the given prefix
for k, v := range iters {
res, isTrunc := s.getMatches(v, args.Prefix)
reply.Matches[k] = res
reply.Truncations[k] = isTrunc
}
// Set the index for the context. If the context has been specified, it
// will be used as the index of the response. Otherwise, the
// maximum index from all resources will be used.
for _, ctx := range contexts {
index, err := state.Index(contextToIndex(ctx))
if err != nil {
return err
}
if index > reply.Index {
reply.Index = index
}
}
s.srv.setQueryMeta(&reply.QueryMeta)
return nil
}}
return s.srv.blockingRPC(&opts)
}