diff --git a/CHANGELOG.md b/CHANGELOG.md index 9653f766ea2..f693ee08f5c 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -3,6 +3,7 @@ IMPROVEMENTS: * cli: Added success confirmation message for `nomad volume delete` and `nomad volume deregister`. [[GH-10591](https://github.com/hashicorp/nomad/issues/10591)] * cli: Cross-namespace `nomad job` commands will now select exact matches if the selection is unambiguous. [[GH-10648](https://github.com/hashicorp/nomad/issues/10648)] +* csi: Validate that `volume` blocks for CSI volumes include the required `attachment_mode` and `access_mode` fields. [[GH-10651](https://github.com/hashicorp/nomad/issues/10651)] BUG FIXES: * api: Fixed event stream connection initialization when there are no events to send [[GH-10637](https://github.com/hashicorp/nomad/issues/10637)] diff --git a/nomad/job_endpoint_test.go b/nomad/job_endpoint_test.go index 2221771a504..010b0578425 100644 --- a/nomad/job_endpoint_test.go +++ b/nomad/job_endpoint_test.go @@ -811,8 +811,10 @@ func TestJobEndpoint_Register_ACL(t *testing.T) { ReadOnly: readonlyVolume, }, "csi": { - Type: structs.VolumeTypeCSI, - Source: "prod-db", + Type: structs.VolumeTypeCSI, + Source: "prod-db", + AttachmentMode: structs.CSIVolumeAttachmentModeBlockDevice, + AccessMode: structs.CSIVolumeAccessModeSingleNodeWriter, }, } diff --git a/nomad/structs/structs_test.go b/nomad/structs/structs_test.go index cd1f08fcc8d..0a4cedee379 100644 --- a/nomad/structs/structs_test.go +++ b/nomad/structs/structs_test.go @@ -1127,6 +1127,8 @@ func TestTaskGroup_Validate(t *testing.T) { err = tg.Validate(&Job{}) require.Contains(t, err.Error(), `volume has an empty source`) require.Contains(t, err.Error(), `volume cannot be per_alloc when canaries are in use`) + require.Contains(t, err.Error(), `CSI volumes must have an attachment mode`) + require.Contains(t, err.Error(), `CSI volumes must have an access mode`) tg = &TaskGroup{ Volumes: map[string]*VolumeRequest{ diff --git a/nomad/structs/volumes.go b/nomad/structs/volumes.go index a663c3515e7..5fe5238732d 100644 --- a/nomad/structs/volumes.go +++ b/nomad/structs/volumes.go @@ -117,6 +117,18 @@ func (v *VolumeRequest) Validate(canaries int) error { mErr.Errors = append(mErr.Errors, fmt.Errorf("host volumes cannot have an access mode")) } + if v.Type == VolumeTypeHost && v.MountOptions != nil { + mErr.Errors = append(mErr.Errors, + fmt.Errorf("host volumes cannot have mount options")) + } + if v.Type == VolumeTypeCSI && v.AttachmentMode == CSIVolumeAttachmentModeUnknown { + mErr.Errors = append(mErr.Errors, + fmt.Errorf("CSI volumes must have an attachment mode")) + } + if v.Type == VolumeTypeCSI && v.AccessMode == CSIVolumeAccessModeUnknown { + mErr.Errors = append(mErr.Errors, + fmt.Errorf("CSI volumes must have an access mode")) + } if v.AccessMode == CSIVolumeAccessModeSingleNodeReader || v.AccessMode == CSIVolumeAccessModeMultiNodeReader { if !v.ReadOnly {