node pools: validate pool exists on job registration (#17386)

Add a new job admission hook for node pools that enforces the pool exists on registration. Also provide the skeleton function we need for Enterprise enforcement functions we'll implement later.
hashicorp · Jun 2, 2023 · 16156b3 · 16156b3
1 parent 1664796
commit 16156b3
Show file tree

Hide file tree

Showing 3 changed files with 64 additions and 0 deletions.
diff --git a/nomad/job_endpoint.go b/nomad/job_endpoint.go
@@ -72,12 +72,14 @@ func NewJobEndpoints(s *Server, ctx *RPCContext) *Job {
 			jobConnectHook{},
 			jobExposeCheckHook{},
 			jobImpliedConstraints{},
+			jobNodePoolMutatingHook{srv: s},
 		},
 		validators: []jobValidator{
 			jobConnectHook{},
 			jobExposeCheckHook{},
 			jobVaultHook{srv: s},
 			jobNamespaceConstraintCheckHook{srv: s},
+			jobNodePoolValidatingHook{srv: s},
 			&jobValidate{srv: s},
 			&memoryOversubscriptionValidate{srv: s},
 		},

diff --git a/nomad/job_endpoint_hook_node_pool.go b/nomad/job_endpoint_hook_node_pool.go
@@ -0,0 +1,34 @@
+// Copyright (c) HashiCorp, Inc.
+// SPDX-License-Identifier: MPL-2.0
+
+package nomad
+
+import (
+	"fmt"
+
+	"github.com/hashicorp/nomad/nomad/structs"
+)
+
+// jobNodePoolValidatingHook is an admission hook that ensures the job has valid
+// node pool configuration.
+type jobNodePoolValidatingHook struct {
+	srv *Server
+}
+
+func (j jobNodePoolValidatingHook) Name() string {
+	return "node-pool-validation"
+}
+
+func (j jobNodePoolValidatingHook) Validate(job *structs.Job) ([]error, error) {
+	poolName := job.NodePool
+
+	pool, err := j.srv.State().NodePoolByName(nil, poolName)
+	if err != nil {
+		return nil, err
+	}
+	if pool == nil {
+		return nil, fmt.Errorf("job %q is in nonexistent node pool %q", job.ID, poolName)
+	}
+
+	return j.enterpriseValidation(job, pool)
+}
diff --git a/nomad/job_endpoint_hook_node_pool_oss.go b/nomad/job_endpoint_hook_node_pool_oss.go
@@ -0,0 +1,28 @@
+// Copyright (c) HashiCorp, Inc.
+// SPDX-License-Identifier: MPL-2.0
+
+//go:build !ent
+// +build !ent
+
+package nomad
+
+import "github.com/hashicorp/nomad/nomad/structs"
+
+// enterpriseValidation implements any admission hooks for node pools for Nomad
+// Enterprise.
+func (j jobNodePoolValidatingHook) enterpriseValidation(_ *structs.Job, _ *structs.NodePool) ([]error, error) {
+	return nil, nil
+}
+
+// jobNodePoolMutatingHook mutates the job on Nomad Enterprise only.
+type jobNodePoolMutatingHook struct {
+	srv *Server
+}
+
+func (c jobNodePoolMutatingHook) Name() string {
+	return "node-pool-mutation"
+}
+
+func (c jobNodePoolMutatingHook) Mutate(job *structs.Job) (*structs.Job, []error, error) {
+	return job, nil, nil
+}