Nomad Actions

.changelog/18794.txt

@@ -0,0 +1,3 @@
+```release-note:improvement
+actions: introduces the action concept to jobspecs, the web UI, CLI and API
+```

api/allocations_exec.go

@@ -28,6 +28,7 @@ type execSession struct {
 	task    string
 	tty     bool
 	command []string
+	action  string
 
 	stdin  io.Reader
 	stdout io.Writer
@@ -94,9 +95,15 @@ func (s *execSession) startConnection() (*websocket.Conn, error) {
 	q.Params["tty"] = strconv.FormatBool(s.tty)
 	q.Params["task"] = s.task
 	q.Params["command"] = string(commandBytes)
-
 	reqPath := fmt.Sprintf("/v1/client/allocation/%s/exec", s.alloc.ID)
 
+	if s.action != "" {
+		q.Params["action"] = s.action
+		q.Params["allocID"] = s.alloc.ID
+		q.Params["group"] = s.alloc.TaskGroup
+		reqPath = fmt.Sprintf("/v1/job/%s/action", s.alloc.JobID)
+	}
+
 	var conn *websocket.Conn
 
 	if nodeClient != nil {

api/jobs.go

@@ -4,8 +4,10 @@
 package api
 
 import (
+	"context"
 	"errors"
 	"fmt"
+	"io"
 	"net/url"
 	"sort"
 	"strconv"
@@ -1514,3 +1516,30 @@ type JobEvaluateRequest struct {
 type EvalOptions struct {
 	ForceReschedule bool
 }
+
+// ActionExec is used to run a pre-defined command inside a running task.
+// The call blocks until command terminates (or an error occurs), and returns the exit code.
+func (j *Jobs) ActionExec(ctx context.Context,
+	alloc *Allocation, task string, tty bool, command []string,
+	action string,
+	stdin io.Reader, stdout, stderr io.Writer,
+	terminalSizeCh <-chan TerminalSize, q *QueryOptions) (exitCode int, err error) {
+
+	s := &execSession{
+		client:  j.client,
+		alloc:   alloc,
+		task:    task,
+		tty:     tty,
+		command: command,
+		action:  action,
+
+		stdin:  stdin,
+		stdout: stdout,
+		stderr: stderr,
+
+		terminalSizeCh: terminalSizeCh,
+		q:              q,
+	}
+
+	return s.run(ctx)
+}

api/tasks.go

@@ -731,6 +731,8 @@ type Task struct {
 
 	// Workload Identities
 	Identities []*WorkloadIdentity `hcl:"identity,block"`
+
+	Actions []*Action `hcl:"action,block"`
 }
 
 func (t *Task) Canonicalize(tg *TaskGroup, job *Job) {
@@ -1167,3 +1169,9 @@ type WorkloadIdentity struct {
 	ServiceName string        `hcl:"service_name,optional"`
 	TTL         time.Duration `mapstructure:"ttl" hcl:"ttl,optional"`
 }
+
+type Action struct {
+	Name    string   `hcl:"name,label"`
+	Command string   `mapstructure:"command" hcl:"command"`
+	Args    []string `mapstructure:"args" hcl:"args,optional"`
+}

client/alloc_endpoint.go

@@ -177,7 +177,6 @@ func (a *Allocations) exec(conn io.ReadWriteCloser) {
 		handleStreamResultError(err, code, encoder)
 		return
 	}
-
 	a.c.logger.Info("task exec session ended", "exec_id", execID)
 }
 
@@ -216,6 +215,7 @@ func (a *Allocations) execImpl(encoder *codec.Encoder, decoder *codec.Decoder, e
 			"task", req.Task,
 			"command", req.Cmd,
 			"tty", req.Tty,
+			"action", req.Action,
 		}
 		if ident != nil {
 			if ident.ACLToken != nil {
@@ -238,7 +238,7 @@ func (a *Allocations) execImpl(encoder *codec.Encoder, decoder *codec.Decoder, e
 
 	// Check alloc-exec permission.
 	if err != nil {
-		return nil, err
+		return pointer.Of(int64(400)), err
 	} else if !aclObj.AllowNsOp(alloc.Namespace, acl.NamespaceCapabilityAllocExec) {
 		return nil, nstructs.ErrPermissionDenied
 	}
@@ -247,6 +247,20 @@ func (a *Allocations) execImpl(encoder *codec.Encoder, decoder *codec.Decoder, e
 	if req.Task == "" {
 		return pointer.Of(int64(400)), taskNotPresentErr
 	}
+
+	// If an action is present, go find the command and args
+	if req.Action != "" {
+		alloc, _ := a.c.GetAlloc(req.AllocID)
+		jobAction, err := validateActionExists(req.Action, req.Task, alloc)
+		if err != nil {
+			return pointer.Of(int64(400)), err
+		}
+		if jobAction != nil {
+			// append both Command and Args
+			req.Cmd = append([]string{jobAction.Command}, jobAction.Args...)
+		}
+	}
+
 	if len(req.Cmd) == 0 {
 		return pointer.Of(int64(400)), errors.New("command is not present")
 	}
@@ -343,3 +357,14 @@ func (s *execStream) Recv() (*drivers.ExecTaskStreamingRequestMsg, error) {
 	err := s.decoder.Decode(&req)
 	return &req, err
 }
+
+func validateActionExists(actionName string, taskName string, alloc *nstructs.Allocation) (*nstructs.Action, error) {
+	t := alloc.LookupTask(taskName)
+
+	for _, action := range t.Actions {
+		if action.Name == actionName {
+			return action, nil
+		}
+	}
+	return nil, fmt.Errorf("action %s not found", actionName)
+}

client/structs/structs.go

@@ -182,6 +182,9 @@ type AllocExecRequest struct {
 	// Cmd is the command to be executed
 	Cmd []string
 
+	// The name of a predefined command to be executed (optional)
+	Action string
+
 	structs.QueryOptions
 }