exec2: add a client.users configuration block (#20093)

* exec: add a client.users configuration block

For now just add min/max dynamic user values; soon we can also absorb
the "user.denylist" and "user.checked_drivers" options from the
deprecated client.options map.

* give the no-op pool implementation a better name

* use explicit error types to make referencing them cleaner in tests

* use import alias to not shadow package name

command/agent/agent.go

@@ -902,6 +902,8 @@ func convertClientConfig(agentConfig *Config) (*clientconfig.Config, error) {
 	}
 	conf.Drain = drainConfig
 
+	conf.Users = clientconfig.UsersConfigFromAgent(agentConfig.Client.Users)
+
 	return conf, nil
 }
 

command/agent/config.go

@@ -380,6 +380,9 @@ type ClientConfig struct {
 	// Drain specifies whether to drain the client on shutdown; ignored in dev mode.
 	Drain *config.DrainConfig `hcl:"drain_on_shutdown"`
 
+	// Users is used to configure parameters around operating system users.
+	Users *config.UsersConfig `hcl:"users"`
+
 	// ExtraKeysHCL is used by hcl to surface unexpected keys
 	ExtraKeysHCL []string `hcl:",unusedKeys" json:"-"`
 }
@@ -403,6 +406,7 @@ func (c *ClientConfig) Copy() *ClientConfig {
 	nc.NomadServiceDiscovery = pointer.Copy(c.NomadServiceDiscovery)
 	nc.Artifact = c.Artifact.Copy()
 	nc.Drain = c.Drain.Copy()
+	nc.Users = c.Users.Copy()
 	nc.ExtraKeysHCL = slices.Clone(c.ExtraKeysHCL)
 	return &nc
 }
@@ -1356,6 +1360,7 @@ func DefaultConfig() *Config {
 			NomadServiceDiscovery:          pointer.Of(true),
 			Artifact:                       config.DefaultArtifactConfig(),
 			Drain:                          nil,
+			Users:                          config.DefaultUsersConfig(),
 		},
 		Server: &ServerConfig{
 			Enabled:           false,
@@ -2361,6 +2366,7 @@ func (a *ClientConfig) Merge(b *ClientConfig) *ClientConfig {
 
 	result.Artifact = a.Artifact.Merge(b.Artifact)
 	result.Drain = a.Drain.Merge(b.Drain)
+	result.Users = a.Users.Merge(b.Users)
 
 	return &result
 }