diff --git a/client/client.go b/client/client.go index 2ecedb390..6e207c414 100644 --- a/client/client.go +++ b/client/client.go @@ -786,9 +786,11 @@ func (c *Client) fingerprintPeriodic(name string, f fingerprint.Fingerprint, d t // setupDrivers is used to find the available drivers func (c *Client) setupDrivers() error { - // Build the whitelist of drivers. + // Build the white/blacklists of drivers. whitelist := c.config.ReadStringListToMap("driver.whitelist") whitelistEnabled := len(whitelist) > 0 + blacklist := c.config.ReadStringListToMap("driver.blacklist") + blacklistEnabled := len(blacklist) > 0 var avail []string var skipped []string @@ -800,6 +802,11 @@ func (c *Client) setupDrivers() error { skipped = append(skipped, name) continue } + // Skip fingerprinting drivers that are in the blacklist if it is enabled. + if _, ok := blacklist[name]; blacklistEnabled && ok { + skipped = append(skipped, name) + continue + } d, err := driver.NewDriver(name, driverCtx) if err != nil { @@ -825,7 +832,7 @@ func (c *Client) setupDrivers() error { c.logger.Printf("[DEBUG] client: available drivers %v", avail) if len(skipped) != 0 { - c.logger.Printf("[DEBUG] client: drivers skipped due to whitelist: %v", skipped) + c.logger.Printf("[DEBUG] client: drivers skipped due to white/blacklist: %v", skipped) } return nil diff --git a/client/client_test.go b/client/client_test.go index 3032e2d08..549f77e7a 100644 --- a/client/client_test.go +++ b/client/client_test.go @@ -313,6 +313,27 @@ func TestClient_Drivers_InWhitelist(t *testing.T) { } } +func TestClient_Drivers_InBlacklist(t *testing.T) { + c := testClient(t, func(c *config.Config) { + if c.Options == nil { + c.Options = make(map[string]string) + } + + // Weird spacing to test trimming + c.Options["driver.blacklist"] = " exec , foo " + }) + defer c.Shutdown() + + node := c.Node() + if node.Attributes["driver.exec"] != "" { + if v, ok := osExecDriverSupport[runtime.GOOS]; !v && ok { + t.Fatalf("exec driver loaded despite blacklist") + } else { + t.Skipf("missing exec driver, no OS support") + } + } +} + func TestClient_Drivers_OutOfWhitelist(t *testing.T) { c := testClient(t, func(c *config.Config) { if c.Options == nil { @@ -329,6 +350,29 @@ func TestClient_Drivers_OutOfWhitelist(t *testing.T) { } } +func TestClient_Drivers_WhitelistBlacklistCombination(t *testing.T) { + c := testClient(t, func(c *config.Config) { + if c.Options == nil { + c.Options = make(map[string]string) + } + + // Expected output is set difference (raw_exec) + c.Options["driver.whitelist"] = "raw_exec,exec" + c.Options["driver.blacklist"] = "exec" + }) + defer c.Shutdown() + + node := c.Node() + // Check expected present + if node.Attributes["driver.raw_exec"] == "" { + t.Fatalf("missing raw_exec driver") + } + // Check expected absent + if node.Attributes["driver.exec"] != "" { + t.Fatalf("exec driver loaded despite blacklist") + } +} + func TestClient_Register(t *testing.T) { s1, _ := testServer(t, nil) defer s1.Shutdown() diff --git a/website/source/docs/agent/configuration/client.html.md b/website/source/docs/agent/configuration/client.html.md index 8d9d863cd..4dcc7b056 100644 --- a/website/source/docs/agent/configuration/client.html.md +++ b/website/source/docs/agent/configuration/client.html.md @@ -133,6 +133,19 @@ see the [drivers documentation](/docs/drivers/index.html). } ``` +- `"driver.blacklist"` `(string: "")` - Specifies a comma-separated list of + blacklisted drivers . If specified, drivers in the blacklist will be + disabled. If the blacklist is empty, all drivers are fingerprinted and enabled + where applicable. + + ```hcl + client { + options = { + "driver.blacklist" = "docker,qemu" + } + } + ``` + - `"env.blacklist"` `(string: see below)` - Specifies a comma-separated list of environment variable keys not to pass to these tasks. Nomad passes the host environment variables to `exec`, `raw_exec` and `java` tasks. If specified,