kemko/nomad
1
0
Fork 0
mirror of https://github.com/kemko/nomad.git synced 2026-01-06 02:15:43 +03:00
Code Issues Packages Projects Releases Wiki Activity

dispatch-job capability to dispatch periodic jobs

Browse Source
This commit is contained in:
Mahmood Ali
2020-10-27 16:33:01 -04:00
parent bb75ea6568
commit 77bb2c51b8
2 changed files with 19 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
nomad/periodic_endpoint.go
View File

@@ -28,7 +28,7 @@ func (p *Periodic) Force(args *structs.PeriodicForceRequest, reply *structs.Peri
// Check for write-job permissions
if aclObj, err := p.srv.ResolveToken(args.AuthToken); err != nil {
return err
} else if aclObj != nil && !aclObj.AllowNsOp(args.RequestNamespace(), acl.NamespaceCapabilitySubmitJob) {
} else if aclObj != nil && !aclObj.AllowNsOp(args.RequestNamespace(), acl.NamespaceCapabilityDispatchJob) && !aclObj.AllowNsOp(args.RequestNamespace(), acl.NamespaceCapabilitySubmitJob) {
return structs.ErrPermissionDenied
}

18
nomad/periodic_endpoint_test.go
View File

@@ -127,6 +127,24 @@ func TestPeriodicEndpoint_Force_ACL(t *testing.T) {
}
}
// Fetch the response with a valid token having dispatch permission
{
policy := mock.NamespacePolicy(structs.DefaultNamespace, "", []string{acl.NamespaceCapabilityDispatchJob})
token := mock.CreatePolicyAndToken(t, state, 1005, "valid", policy)
req.AuthToken = token.SecretID
var resp structs.PeriodicForceResponse
assert.Nil(msgpackrpc.CallWithCodec(codec, "Periodic.Force", req, &resp))
assert.NotEqual(uint64(0), resp.Index)
// Lookup the evaluation
ws := memdb.NewWatchSet()
eval, err := state.EvalByID(ws, resp.EvalID)
assert.Nil(err)
if assert.NotNil(eval) {
assert.Equal(eval.CreateIndex, resp.EvalCreateIndex)
}
}
// Fetch the response with management token
{
req.AuthToken = root.SecretID