From 7b4652440a76c2a89d9efb9bd3084717fb5097e6 Mon Sep 17 00:00:00 2001 From: Seth Hoenig Date: Tue, 9 Aug 2022 14:13:00 -0500 Subject: [PATCH] cli: forward request for job validation to nomad leader This PR changes the behavior of 'nomad job validate' to forward the request to the nomad leader, rather than responding from any server. This is because we need the leader when validating Vault tokens, since the leader is the only server with an active vault client. --- .changelog/14065.txt | 3 +++ nomad/job_endpoint.go | 14 +++++++++----- website/content/api-docs/validate.mdx | 2 +- 3 files changed, 13 insertions(+), 6 deletions(-) create mode 100644 .changelog/14065.txt diff --git a/.changelog/14065.txt b/.changelog/14065.txt new file mode 100644 index 000000000..eef7084ee --- /dev/null +++ b/.changelog/14065.txt @@ -0,0 +1,3 @@ +```release-note:bug +cli: Fixed a bug where job validation requeset was not sent to leader +``` diff --git a/nomad/job_endpoint.go b/nomad/job_endpoint.go index 5c1e62a62..a066e82d5 100644 --- a/nomad/job_endpoint.go +++ b/nomad/job_endpoint.go @@ -464,10 +464,8 @@ func getSignalConstraint(signals []string) *structs.Constraint { } } -// Summary retrieves the summary of a job -func (j *Job) Summary(args *structs.JobSummaryRequest, - reply *structs.JobSummaryResponse) error { - +// Summary retrieves the summary of a job. +func (j *Job) Summary(args *structs.JobSummaryRequest, reply *structs.JobSummaryResponse) error { if done, err := j.srv.forward("Job.Summary", args, args, reply); done { return err } @@ -511,8 +509,14 @@ func (j *Job) Summary(args *structs.JobSummaryRequest, return j.srv.blockingRPC(&opts) } -// Validate validates a job +// Validate validates a job. +// +// Must forward to the leader, because only the leader will have a live Vault +// client with which to validate vault tokens. func (j *Job) Validate(args *structs.JobValidateRequest, reply *structs.JobValidateResponse) error { + if done, err := j.srv.forward("Job.Validate", args, args, reply); done { + return err + } defer metrics.MeasureSince([]string{"nomad", "job", "validate"}, time.Now()) // defensive check; http layer and RPC requester should ensure namespaces are set consistently diff --git a/website/content/api-docs/validate.mdx b/website/content/api-docs/validate.mdx index d01eef268..e5e5b839e 100644 --- a/website/content/api-docs/validate.mdx +++ b/website/content/api-docs/validate.mdx @@ -14,7 +14,7 @@ types. ## Validate Job This endpoint validates a Nomad job file. The local Nomad agent forwards the -request to a server. In the event a server can't be reached the agent verifies +request to the leader. In the event the leader cannot be reached the agent verifies the job file locally but skips validating driver configurations. ~> This endpoint accepts a **JSON job file**, not an HCL job file.