From 0fae6f16f2eac4751d258aec749241fb37676a8f Mon Sep 17 00:00:00 2001 From: Buck Doyle Date: Thu, 25 Jul 2019 10:43:57 -0500 Subject: [PATCH 01/10] Add parsed rules to policy response --- nomad/acl_endpoint.go | 9 +++++++++ nomad/structs/structs.go | 1 + 2 files changed, 10 insertions(+) diff --git a/nomad/acl_endpoint.go b/nomad/acl_endpoint.go index 7c382e4dcb9..b3f2acf29c0 100644 --- a/nomad/acl_endpoint.go +++ b/nomad/acl_endpoint.go @@ -11,6 +11,7 @@ import ( metrics "github.com/armon/go-metrics" log "github.com/hashicorp/go-hclog" memdb "github.com/hashicorp/go-memdb" + policy "github.com/hashicorp/nomad/acl" "github.com/hashicorp/nomad/helper/uuid" "github.com/hashicorp/nomad/nomad/state" "github.com/hashicorp/nomad/nomad/structs" @@ -263,6 +264,14 @@ func (a *ACL) GetPolicy(args *structs.ACLPolicySpecificRequest, reply *structs.S reply.Policy = out if out != nil { reply.Index = out.ModifyIndex + + rules, err := policy.Parse(out.Rules) + + if err != nil { + // FIXME what to do? should be impossible? + } else { + reply.Policy.RulesJSON = rules + } } else { // Use the last index that affected the policy table index, err := state.Index("acl_policy") diff --git a/nomad/structs/structs.go b/nomad/structs/structs.go index 8abb1a32564..39c109d3477 100644 --- a/nomad/structs/structs.go +++ b/nomad/structs/structs.go @@ -8974,6 +8974,7 @@ type ACLPolicy struct { Name string // Unique name Description string // Human readable Rules string // HCL or JSON format + RulesJSON *acl.Policy Hash []byte CreateIndex uint64 ModifyIndex uint64 From 837d484b0219b244fba127ffc93e33a78e20bb69 Mon Sep 17 00:00:00 2001 From: Buck Doyle Date: Thu, 29 Aug 2019 11:12:02 -0500 Subject: [PATCH 02/10] Add standard error-handling for parse failure --- nomad/acl_endpoint.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/nomad/acl_endpoint.go b/nomad/acl_endpoint.go index b3f2acf29c0..e51c8356a38 100644 --- a/nomad/acl_endpoint.go +++ b/nomad/acl_endpoint.go @@ -268,7 +268,7 @@ func (a *ACL) GetPolicy(args *structs.ACLPolicySpecificRequest, reply *structs.S rules, err := policy.Parse(out.Rules) if err != nil { - // FIXME what to do? should be impossible? + return err } else { reply.Policy.RulesJSON = rules } From 0d4275bb3959f3cbf02582aaff3ce130ce25da16 Mon Sep 17 00:00:00 2001 From: Buck Doyle Date: Thu, 29 Aug 2019 11:16:14 -0500 Subject: [PATCH 03/10] Add changelog entry --- CHANGELOG.md | 1 + 1 file changed, 1 insertion(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index fc080376fb7..6dfed1e86f1 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -3,6 +3,7 @@ IMPROVEMENTS: * agent: allow the job GC interval to be configured [[GH-5978](https://github.com/hashicorp/nomad/issues/5978)] * agent: add `-dev=connect` parameter to support running in dev mode with Consul Connect [[GH-6126](https://github.com/hashicorp/nomad/issues/6126)] + * api: Added JSON representation of rules to policy endpoint response [[GH-6017](https://github.com/hashicorp/nomad/pull/6017)] * api: add follow parameter to file streaming endpoint to support older browsers [[GH-6049](https://github.com/hashicorp/nomad/issues/6049)] * metrics: Add job status (pending, running, dead) metrics [[GH-6003](https://github.com/hashicorp/nomad/issues/6003)] * ui: Add creation time to evaluations table [[GH-6050](https://github.com/hashicorp/nomad/pull/6050)] From ffb10e6facb72b19ce74fd3f6cde2b619cde431c Mon Sep 17 00:00:00 2001 From: Buck Doyle Date: Thu, 29 Aug 2019 15:50:34 -0500 Subject: [PATCH 04/10] Change parsing error to set rules to nil --- nomad/acl_endpoint.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/nomad/acl_endpoint.go b/nomad/acl_endpoint.go index e51c8356a38..0ceafcabbd3 100644 --- a/nomad/acl_endpoint.go +++ b/nomad/acl_endpoint.go @@ -268,7 +268,7 @@ func (a *ACL) GetPolicy(args *structs.ACLPolicySpecificRequest, reply *structs.S rules, err := policy.Parse(out.Rules) if err != nil { - return err + reply.Policy.RulesJSON = nil } else { reply.Policy.RulesJSON = rules } From 3206229957ace73096cebf202ad1ac36adc24747 Mon Sep 17 00:00:00 2001 From: Buck Doyle Date: Thu, 29 Aug 2019 16:09:02 -0500 Subject: [PATCH 05/10] Change test to use valid HCL for rules --- command/acl_policy_info_test.go | 3 +-- nomad/acl_endpoint.go | 2 +- 2 files changed, 2 insertions(+), 3 deletions(-) diff --git a/command/acl_policy_info_test.go b/command/acl_policy_info_test.go index 19bf13088a6..4147f0e6744 100644 --- a/command/acl_policy_info_test.go +++ b/command/acl_policy_info_test.go @@ -5,7 +5,6 @@ import ( "strings" "testing" - "github.com/hashicorp/nomad/acl" "github.com/hashicorp/nomad/command/agent" "github.com/hashicorp/nomad/nomad/mock" "github.com/hashicorp/nomad/nomad/structs" @@ -31,7 +30,7 @@ func TestACLPolicyInfoCommand(t *testing.T) { // Create a test ACLPolicy policy := &structs.ACLPolicy{ Name: "testPolicy", - Rules: acl.PolicyWrite, + Rules: "node { policy = \"read\" }", } policy.SetHash() assert.Nil(state.UpsertACLPolicies(1000, []*structs.ACLPolicy{policy})) diff --git a/nomad/acl_endpoint.go b/nomad/acl_endpoint.go index 0ceafcabbd3..e51c8356a38 100644 --- a/nomad/acl_endpoint.go +++ b/nomad/acl_endpoint.go @@ -268,7 +268,7 @@ func (a *ACL) GetPolicy(args *structs.ACLPolicySpecificRequest, reply *structs.S rules, err := policy.Parse(out.Rules) if err != nil { - reply.Policy.RulesJSON = nil + return err } else { reply.Policy.RulesJSON = rules } From 7c7637c379061cc8e7c3763bb3eda8a963ef25a9 Mon Sep 17 00:00:00 2001 From: Buck Doyle Date: Wed, 20 Nov 2019 11:21:36 -0600 Subject: [PATCH 06/10] Remove merge error --- CHANGELOG.md | 1 - 1 file changed, 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 1e98f383fd2..49bafe439bc 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -62,7 +62,6 @@ FEATURES: IMPROVEMENTS: * core: Added rolling deployments for service jobs by default and max_parallel=0 disables deployments [[GH-6191](https://github.com/hashicorp/nomad/pull/6100)] * agent: Allowed the job GC interval to be configured [[GH-5978](https://github.com/hashicorp/nomad/issues/5978)] - * agent: Added `-dev=connect` parameter to support running in dev mode with Consul Connect [[GH-6126](https://github.com/hashicorp/nomad/issues/6126)] * agent: Added `log_level` to be reloaded on SIGHUP [[GH-5996](https://github.com/hashicorp/nomad/pull/5996)] * api: Added follow parameter to file streaming endpoint to support older browsers [[GH-6049](https://github.com/hashicorp/nomad/issues/6049)] * client: Upgraded `go-getter` to support GCP links [[GH-6215](https://github.com/hashicorp/nomad/pull/6215)] From 241ed987ecd0bab35fde8baa52801a5db6521a20 Mon Sep 17 00:00:00 2001 From: Buck Doyle Date: Wed, 20 Nov 2019 11:37:01 -0600 Subject: [PATCH 07/10] Remove extraneous whitespace --- nomad/acl_endpoint.go | 1 - 1 file changed, 1 deletion(-) diff --git a/nomad/acl_endpoint.go b/nomad/acl_endpoint.go index 78189cdac1d..54f790c7648 100644 --- a/nomad/acl_endpoint.go +++ b/nomad/acl_endpoint.go @@ -264,7 +264,6 @@ func (a *ACL) GetPolicy(args *structs.ACLPolicySpecificRequest, reply *structs.S reply.Policy = out if out != nil { reply.Index = out.ModifyIndex - rules, err := policy.Parse(out.Rules) if err != nil { From e5a2d13512b96af3162822079d74869299dfa762 Mon Sep 17 00:00:00 2001 From: Buck Doyle Date: Wed, 20 Nov 2019 11:37:45 -0600 Subject: [PATCH 08/10] Remove extraneous else block --- nomad/acl_endpoint.go | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/nomad/acl_endpoint.go b/nomad/acl_endpoint.go index 54f790c7648..7b160c73fc1 100644 --- a/nomad/acl_endpoint.go +++ b/nomad/acl_endpoint.go @@ -268,9 +268,8 @@ func (a *ACL) GetPolicy(args *structs.ACLPolicySpecificRequest, reply *structs.S if err != nil { return err - } else { - reply.Policy.RulesJSON = rules } + reply.Policy.RulesJSON = rules } else { // Use the last index that affected the policy table index, err := state.Index("acl_policy") From 4f1dbc38f84ad098fdf6bd2d130c8fb06cbcb909 Mon Sep 17 00:00:00 2001 From: Buck Doyle Date: Wed, 20 Nov 2019 11:45:44 -0600 Subject: [PATCH 09/10] Add explanatory comment --- nomad/structs/structs.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/nomad/structs/structs.go b/nomad/structs/structs.go index 280c09c5394..0d9c04fb7a2 100644 --- a/nomad/structs/structs.go +++ b/nomad/structs/structs.go @@ -9065,7 +9065,7 @@ type ACLPolicy struct { Name string // Unique name Description string // Human readable Rules string // HCL or JSON format - RulesJSON *acl.Policy + RulesJSON *acl.Policy // Generated from Rules on read Hash []byte CreateIndex uint64 ModifyIndex uint64 From 8b1839678c63ca3dd82a952679891d4d4989777e Mon Sep 17 00:00:00 2001 From: Buck Doyle Date: Wed, 20 Nov 2019 12:47:01 -0600 Subject: [PATCH 10/10] Add gofmt changes --- nomad/structs/structs.go | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/nomad/structs/structs.go b/nomad/structs/structs.go index 0d9c04fb7a2..cf3bb544383 100644 --- a/nomad/structs/structs.go +++ b/nomad/structs/structs.go @@ -9062,9 +9062,9 @@ func IsServerSide(e error) bool { // ACLPolicy is used to represent an ACL policy type ACLPolicy struct { - Name string // Unique name - Description string // Human readable - Rules string // HCL or JSON format + Name string // Unique name + Description string // Human readable + Rules string // HCL or JSON format RulesJSON *acl.Policy // Generated from Rules on read Hash []byte CreateIndex uint64