From 70fc8df787b1ea647411f41ff8806db9e963e88a Mon Sep 17 00:00:00 2001 From: Charlie Voiselle <464492+angrycub@users.noreply.github.com> Date: Thu, 21 Sep 2023 14:12:51 -0400 Subject: [PATCH] [sentinel] Add existing job to enforceSubmitJob (#18553) * Add existing job to enforceSubmitJob (CE) * Add changelog --- .changelog/18553.txt | 3 +++ nomad/job_endpoint.go | 34 ++++++++++++++++++---------------- nomad/job_endpoint_ce.go | 2 +- 3 files changed, 22 insertions(+), 17 deletions(-) create mode 100644 .changelog/18553.txt diff --git a/.changelog/18553.txt b/.changelog/18553.txt new file mode 100644 index 000000000..43e821b6b --- /dev/null +++ b/.changelog/18553.txt @@ -0,0 +1,3 @@ +```release-note:improvement +sentinel (Enterprise): Add existing job information to Sentinel when available. +``` diff --git a/nomad/job_endpoint.go b/nomad/job_endpoint.go index a5006582a..bfa597693 100644 --- a/nomad/job_endpoint.go +++ b/nomad/job_endpoint.go @@ -298,7 +298,8 @@ func (j *Job) Register(args *structs.JobRegisterRequest, reply *structs.JobRegis if err != nil { return err } - policyWarnings, err := j.enforceSubmitJob(args.PolicyOverride, args.Job.Copy(), nomadACLToken, ns) + + policyWarnings, err := j.enforceSubmitJob(args.PolicyOverride, args.Job.Copy(), existingJob, nomadACLToken, ns) if err != nil { return err } @@ -1780,7 +1781,15 @@ func (j *Job) Plan(args *structs.JobPlanRequest, reply *structs.JobPlanResponse) if err != nil { return err } - policyWarnings, err := j.enforceSubmitJob(args.PolicyOverride, args.Job, nomadACLToken, ns) + + // Get the original job + ws := memdb.NewWatchSet() + existingJob, err := snap.JobByID(ws, args.RequestNamespace(), args.Job.ID) + if err != nil { + return err + } + + policyWarnings, err := j.enforceSubmitJob(args.PolicyOverride, args.Job, existingJob, nomadACLToken, ns) if err != nil { return err } @@ -1795,34 +1804,27 @@ func (j *Job) Plan(args *structs.JobPlanRequest, reply *structs.JobPlanResponse) return err } - // Get the original job - ws := memdb.NewWatchSet() - oldJob, err := snap.JobByID(ws, args.RequestNamespace(), args.Job.ID) - if err != nil { - return err - } - // Ensure that all scaling policies have an appropriate ID - if err := propagateScalingPolicyIDs(oldJob, args.Job); err != nil { + if err := propagateScalingPolicyIDs(existingJob, args.Job); err != nil { return err } var index uint64 var updatedIndex uint64 - if oldJob != nil { - index = oldJob.JobModifyIndex + if existingJob != nil { + index = existingJob.JobModifyIndex // We want to reuse deployments where possible, so only insert the job if // it has changed or the job didn't exist - if oldJob.SpecChanged(args.Job) { + if existingJob.SpecChanged(args.Job) { // Insert the updated Job into the snapshot - updatedIndex = oldJob.JobModifyIndex + 1 + updatedIndex = existingJob.JobModifyIndex + 1 if err := snap.UpsertJob(structs.IgnoreUnknownTypeFlag, updatedIndex, nil, args.Job); err != nil { return err } } - } else if oldJob == nil { + } else if existingJob == nil { // Insert the updated Job into the snapshot err := snap.UpsertJob(structs.IgnoreUnknownTypeFlag, 100, nil, args.Job) if err != nil { @@ -1872,7 +1874,7 @@ func (j *Job) Plan(args *structs.JobPlanRequest, reply *structs.JobPlanResponse) } annotations := planner.Plans[0].Annotations if args.Diff { - jobDiff, err := oldJob.Diff(args.Job, true) + jobDiff, err := existingJob.Diff(args.Job, true) if err != nil { return fmt.Errorf("failed to create job diff: %v", err) } diff --git a/nomad/job_endpoint_ce.go b/nomad/job_endpoint_ce.go index 41e840f8b..025eb9b36 100644 --- a/nomad/job_endpoint_ce.go +++ b/nomad/job_endpoint_ce.go @@ -11,7 +11,7 @@ import ( ) // enforceSubmitJob is used to check any Sentinel policies for the submit-job scope -func (j *Job) enforceSubmitJob(override bool, job *structs.Job, nomadACLToken *structs.ACLToken, ns *structs.Namespace) (error, error) { +func (j *Job) enforceSubmitJob(override bool, job *structs.Job, existingJob *structs.Job, nomadACLToken *structs.ACLToken, ns *structs.Namespace) (error, error) { return nil, nil }