/
job_endpoint_validators.go
68 lines (60 loc) · 1.55 KB
/
job_endpoint_validators.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
package nomad
import (
"fmt"
"github.com/hashicorp/nomad/nomad/structs"
)
type jobNamespaceConstraintCheckHook struct {
srv *Server
}
func (jobNamespaceConstraintCheckHook) Name() string {
return "namespace-constraint-check"
}
func (c jobNamespaceConstraintCheckHook) Validate(job *structs.Job) (warnings []error, err error) {
// This was validated before and matches the WriteRequest namespace
ns, err := c.srv.State().NamespaceByName(nil, job.Namespace)
if err != nil {
return nil, err
}
if ns == nil {
return nil, fmt.Errorf("job %q is in nonexistent namespace %q", job.ID, job.Namespace)
}
var disallowedDrivers []string
for _, tg := range job.TaskGroups {
for _, t := range tg.Tasks {
if !taskValidateDriver(t, ns) {
disallowedDrivers = append(disallowedDrivers, t.Driver)
}
}
}
if len(disallowedDrivers) > 0 {
if len(disallowedDrivers) == 1 {
return nil, fmt.Errorf(
"used task driver %q is not allowed in namespace %q", disallowedDrivers[0], ns.Name,
)
} else {
return nil, fmt.Errorf(
"used task drivers %q are not allowed in namespace %q", disallowedDrivers, ns.Name,
)
}
}
return nil, nil
}
func taskValidateDriver(task *structs.Task, ns *structs.Namespace) bool {
if ns.Capabilities == nil {
return true
}
allow := len(ns.Capabilities.EnabledTaskDrivers) == 0
for _, d := range ns.Capabilities.EnabledTaskDrivers {
if task.Driver == d {
allow = true
break
}
}
for _, d := range ns.Capabilities.DisabledTaskDrivers {
if task.Driver == d {
allow = false
break
}
}
return allow
}