kemko/nomad
1
0
Fork 0
mirror of https://github.com/kemko/nomad.git synced 2026-01-07 10:55:42 +03:00
Code Issues Packages Projects Releases Wiki Activity

sentinel: copy jobs to prevent mutation

Browse Source 
It's unclear whether Sentinel code can mutate values passed to the eval,
so ensure it cannot by copying the job.
This commit is contained in:
Michael Schurter
2019-06-04 08:48:49 -07:00
committed by Mahmood Ali
parent ce3d58191d
commit 5dbccce4de
1 changed files with 3 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
nomad/job_endpoint.go
View File

@@ -242,8 +242,9 @@ func (j *Job) Register(args *structs.JobRegisterRequest, reply *structs.JobRegis
}
}
// Enforce Sentinel policies
policyWarnings, err := j.enforceSubmitJob(args.PolicyOverride, args.Job)
// Enforce Sentinel policies. Pass a copy of the job to prevent
// sentinel from altering it.
policyWarnings, err := j.enforceSubmitJob(args.PolicyOverride, args.Job.Copy())
if err != nil {
return err
}