jobspec: support cluster field for Vault block (#18408)

This field supports the upcoming ENT-only multiple Vault clusters feature. The job validation and mutation hooks will come in a separate PR. Ref: https://github.com/hashicorp/team-nomad/issues/404
2026-01-01 16:05:42 +03:00 · 2023-09-07 10:15:28 -04:00
parent c145e8b30f
commit 7cdd592809
6 changed files with 20 additions and 0 deletions
--- a/api/tasks.go
+++ b/api/tasks.go
@@ -931,6 +931,7 @@ type Vault struct {
 	Policies     []string `hcl:"policies,optional"`
 	Role         string   `hcl:"role,optional"`
 	Namespace    *string  `mapstructure:"namespace" hcl:"namespace,optional"`
+	Cluster      string   `hcl:"cluster,optional"`
 	Env          *bool    `hcl:"env,optional"`
 	DisableFile  *bool    `mapstructure:"disable_file" hcl:"disable_file,optional"`
 	ChangeMode   *string  `mapstructure:"change_mode" hcl:"change_mode,optional"`
@@ -947,6 +948,9 @@ func (v *Vault) Canonicalize() {
 	if v.Namespace == nil {
 		v.Namespace = pointerOf("")
 	}
+	if v.Cluster == "" {
+		v.Cluster = "default"
+	}
 	if v.ChangeMode == nil {
 		v.ChangeMode = pointerOf("restart")
 	}
--- a/api/tasks_test.go
+++ b/api/tasks_test.go
@@ -462,6 +462,7 @@ func TestTask_Canonicalize_Vault(t *testing.T) {
 				Env:          pointerOf(true),
 				DisableFile:  pointerOf(false),
 				Namespace:    pointerOf(""),
+				Cluster:      "default",
 				ChangeMode:   pointerOf("restart"),
 				ChangeSignal: pointerOf("SIGHUP"),
 			},
--- a/command/agent/job_endpoint.go
+++ b/command/agent/job_endpoint.go
@@ -1292,6 +1292,7 @@ func ApiTaskToStructsTask(job *structs.Job, group *structs.TaskGroup,
 			Role:         apiTask.Vault.Role,
 			Policies:     apiTask.Vault.Policies,
 			Namespace:    *apiTask.Vault.Namespace,
+			Cluster:      apiTask.Vault.Cluster,
 			Env:          *apiTask.Vault.Env,
 			DisableFile:  *apiTask.Vault.DisableFile,
 			ChangeMode:   *apiTask.Vault.ChangeMode,
--- a/command/agent/job_endpoint_test.go
+++ b/command/agent/job_endpoint_test.go
@@ -3214,6 +3214,7 @@ func TestJobs_ApiJobToStructsJob(t *testing.T) {
 						Vault: &structs.Vault{
 							Role:         "nomad-task",
 							Namespace:    "ns1",
+							Cluster:      "default",
 							Policies:     []string{"a", "b", "c"},
 							Env:          true,
 							DisableFile:  false,
--- a/nomad/structs/diff_test.go
+++ b/nomad/structs/diff_test.go
@@ -7693,6 +7693,7 @@ func TestTaskDiff(t *testing.T) {
 				Vault: &Vault{
 					Role:         "nomad-task",
 					Namespace:    "ns1",
+					Cluster:      "default",
 					Policies:     []string{"foo", "bar"},
 					Env:          true,
 					DisableFile:  true,
@@ -7704,6 +7705,7 @@ func TestTaskDiff(t *testing.T) {
 				Vault: &Vault{
 					Role:         "nomad-task",
 					Namespace:    "ns1",
+					Cluster:      "default",
 					Policies:     []string{"bar", "baz"},
 					Env:          true,
 					DisableFile:  true,
@@ -7730,6 +7732,12 @@ func TestTaskDiff(t *testing.T) {
 								Old:  "SIGUSR1",
 								New:  "SIGUSR1",
 							},
+							{
+								Type: DiffTypeNone,
+								Name: "Cluster",
+								Old:  "default",
+								New:  "default",
+							},
 							{
 								Type: DiffTypeNone,
 								Name: "DisableFile",
--- a/nomad/structs/structs.go
+++ b/nomad/structs/structs.go
@@ -9858,6 +9858,9 @@ type Vault struct {
 	// Namespace is the vault namespace that should be used.
 	Namespace string

+	// Cluster (by name) to send API requests to
+	Cluster string
+
 	// Env marks whether the Vault Token should be exposed as an environment
 	// variable
 	Env bool
@@ -9886,6 +9889,8 @@ func (v *Vault) Equal(o *Vault) bool {
 		return false
 	case v.Namespace != o.Namespace:
 		return false
+	case v.Cluster != o.Cluster:
+		return false
 	case v.Env != o.Env:
 		return false
 	case v.DisableFile != o.DisableFile: