kemko/nomad
1
0
Fork 0
mirror of https://github.com/kemko/nomad.git synced 2026-01-01 16:05:42 +03:00
Code Issues Packages Projects Releases Wiki Activity

secrets: validate name and update client config (#26447)

Browse Source
This commit is contained in:
Michael Smithhisler
2025-08-08 15:08:04 -04:00
parent 68167254e8
commit 9950ef515c
4 changed files with 32 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
client/fingerprint/secrets.go
View File

@@ -68,6 +68,10 @@ func (s *SecretsPluginFingerprint) Fingerprint(request *FingerprintRequest, resp
continue
}
if *fprint.Type != "secrets" {
continue
}
plugins[name] = fprint.Version.Original()
}

3
command/agent/config.go
View File

@@ -251,6 +251,9 @@ type ClientConfig struct {
// It can be passed as a command line argument to the agent, set via an
// environment variable, or placed in a file at "${data_dir}/intro_token".
IntroToken string `hcl:"-"`
// CommonPluginDir is the root directory for plugins that implement
// the common plugin interface
CommonPluginDir string `hcl:"common_plugin_dir"`
// Servers is a list of known server addresses. These are as "host:port"
Servers []string `hcl:"servers"`

13
nomad/structs/structs.go
View File

@@ -224,6 +224,9 @@ const (
var (
// validNamespaceName is used to validate a namespace name
validNamespaceName = regexp.MustCompile("^[a-zA-Z0-9-]{1,128}$")
// validSecretName is used to validate a secret name
validSecretName = regexp.MustCompile("^[a-zA-Z0-9_]{1,128}$")
)
// NamespacedID is a tuple of an ID and a namespace
@@ -10482,15 +10485,19 @@ func (s *Secret) Validate() error {
var mErr multierror.Error
if s.Name == "" {
_ = multierror.Append(&mErr, fmt.Errorf("Secret name cannot be empty"))
_ = multierror.Append(&mErr, errors.New("secret name cannot be empty"))
}
if !validSecretName.MatchString(s.Name) {
_ = multierror.Append(&mErr, fmt.Errorf("secret name must match regex %s", validSecretName))
}
if s.Provider == "" {
_ = multierror.Append(&mErr, fmt.Errorf("Secret provider cannot be empty"))
_ = multierror.Append(&mErr, errors.New("secret provider cannot be empty"))
}
if s.Path == "" {
_ = multierror.Append(&mErr, fmt.Errorf("Secret path cannot be empty"))
_ = multierror.Append(&mErr, errors.New("secret path cannot be empty"))
}
return mErr.ErrorOrNil()

21
nomad/structs/structs_test.go
View File

@@ -6494,7 +6494,7 @@ func TestSecrets_Validate(t *testing.T) {
{
name: "valid secret",
secret: &Secret{
Name: "test-secret",
Name: "testsecret",
Provider: "test-provier",
Path: "test-path",
},
@@ -6506,23 +6506,32 @@ func TestSecrets_Validate(t *testing.T) {
Path: "test-path",
Provider: "test-provider",
},
expectErr: fmt.Errorf("Secret name cannot be empty"),
expectErr: fmt.Errorf("secret name cannot be empty"),
},
{
name: "invalid name",
secret: &Secret{
Name: "bad-name@",
Path: "test-path",
Provider: "test-provider",
},
expectErr: fmt.Errorf("secret name must match regex %s", validSecretName),
},
{
name: "missing provider",
secret: &Secret{
Name: "test-secret",
Name: "testsecret",
Path: "test-path",
},
expectErr: fmt.Errorf("Secret provider cannot be empty"),
expectErr: fmt.Errorf("secret provider cannot be empty"),
},
{
name: "missing path",
secret: &Secret{
Name: "test-secret",
Name: "testsecret",
Provider: "test-provier",
},
expectErr: fmt.Errorf("Secret path cannot be empty"),
expectErr: fmt.Errorf("secret path cannot be empty"),
},
}