node pool: Allow specifying node identity ttl in HCL or JSON spec. (#26825)

The node identity TTL defaults to 24hr but can be altered by
setting the node identity TTL parameter. In order to allow setting
and viewing the value, the field is now plumbed through the CLI
and HTTP API.

In order to parse the HCL, a new helper package has been created
which contains generic parsing and decoding functionality for
dealing with HCL that contains time durations. hclsimple can be
used when this functionality is not needed. In order to parse the
JSON, custom marshal and unmarshal functions have been created as
used in many other places.

The node pool init command has been updated to include this new
parameter, although commented out, so reference. The info command
now includes the TTL in its output too.

command/asset/pool.nomad.hcl

@@ -9,6 +9,12 @@ node_pool "example" {
     owner       = "sre"
   }
 
+  # node identity TTL is an optional parameter that sets the TTL for all node
+  # identities issued to nodes in this node pool. The value must be a valid
+  # duration string (e.g. "30m", "1h", "24h"). If not set, the default value is
+  # "24h".
+  # node_identity_ttl = "24h"
+
   # The scheduler configuration options specific to this node pool. This block
   # supports a subset of the fields supported in the global scheduler
   # configuration as described at:

command/asset/pool.nomad.json

@@ -5,6 +5,7 @@
     "environment": "prod",
     "owner": "sre"
   },
+  "NodeIdentityTTL": "24h",
   "SchedulerConfiguration": {
     "SchedulerAlgorithm": "spread",
     "MemoryOversubscriptionEnabled": true

command/node_pool_apply.go

@@ -10,8 +10,8 @@ import (
 	"os"
 	"strings"
 
-	"github.com/hashicorp/hcl/v2/hclsimple"
 	"github.com/hashicorp/nomad/api"
+	"github.com/hashicorp/nomad/helper/hcl"
 	"github.com/posener/complete"
 )
 
@@ -112,7 +112,11 @@ func (c *NodePoolApplyCommand) Run(args []string) int {
 	if jsonInput {
 		err = json.Unmarshal(content, &poolSpec.NodePool)
 	} else {
-		err = hclsimple.Decode(path, content, nil, &poolSpec)
+		hclParser := hcl.NewParser()
+
+		if hclDiags := hclParser.Parse(content, &poolSpec, path); hclDiags.HasErrors() {
+			err = hclDiags
+		}
 	}
 	if err != nil {
 		c.Ui.Error(fmt.Sprintf("Failed to parse input content: %v", err))

command/node_pool_apply_test.go

@@ -9,6 +9,7 @@ import (
 	"path/filepath"
 	"strings"
 	"testing"
+	"time"
 
 	"github.com/hashicorp/cli"
 	"github.com/hashicorp/nomad/ci"
@@ -59,7 +60,8 @@ node_pool "dev" {
 	file.Seek(0, 0)
 	hclTestFile = `
 node_pool "dev" {
-  description = "dev node pool"
+  description       = "dev node pool"
+  node_identity_ttl = "720h"
 
   meta {
     test = "true"
@@ -78,12 +80,14 @@ node_pool "dev" {
 	must.NotNil(t, got)
 	must.NotNil(t, got.Meta)
 	must.Eq(t, "true", got.Meta["test"])
+	must.Eq(t, 720*time.Hour, got.NodeIdentityTTL)
 
 	// Create node pool with JSON file.
 	jsonTestFile := `
 {
   "Name": "prod",
-  "Description": "prod node pool"
+  "Description": "prod node pool",
+  "NodeIdentityTTL": "720h"
 }`
 
 	file, err = os.CreateTemp(t.TempDir(), "node-pool-test-*.json")

command/node_pool_info.go

@@ -110,11 +110,17 @@ func (c *NodePoolInfoCommand) Run(args []string) int {
 		return 0
 	}
 
-	// Print node pool information.
+	// Print node pool information and conditionally handle the node identity
+	// ttl, so we don't print <nil> if we are not talking to a version of Nomad
+	// that supports it.
 	basic := []string{
 		fmt.Sprintf("Name|%s", pool.Name),
 		fmt.Sprintf("Description|%s", pool.Description),
 	}
+
+	if pool.NodeIdentityTTL > 0 {
+		basic = append(basic, fmt.Sprintf("Node Identity TTL|%s", pool.NodeIdentityTTL))
+	}
 	c.Ui.Output(formatKV(basic))
 
 	c.Ui.Output(c.Colorize().Color("\n[bold]Metadata[reset]"))

command/node_pool_info_test.go

@@ -6,6 +6,7 @@ package command
 import (
 	"strings"
 	"testing"
+	"time"
 
 	"github.com/hashicorp/cli"
 	"github.com/hashicorp/nomad/api"
@@ -35,13 +36,15 @@ func TestNodePoolInfoCommand_Run(t *testing.T) {
 		Meta: map[string]string{
 			"env": "test",
 		},
+		NodeIdentityTTL: 720 * time.Hour,
 	}
 	_, err := client.NodePools().Register(dev1, nil)
 	must.NoError(t, err)
 
 	dev1Output := `
-Name        = dev-1
-Description = Test pool
+Name              = dev-1
+Description       = Test pool
+Node Identity TTL = 720h0m0s
 
 Metadata
 env = test
@@ -50,14 +53,7 @@ Scheduler Configuration
 No scheduler configuration`
 
 	dev1JsonOutput := `
-{
-    "Description": "Test pool",
-    "Meta": {
-        "env": "test"
-    },
-    "Name": "dev-1",
-    "SchedulerConfiguration": null
-}`
+"NodeIdentityTTL":"720h0m0s","Name":"dev-1","Description":"Test pool","Meta":{"env":"test"},"SchedulerConfiguration":null`
 
 	// These two node pools are used to test exact prefix match.
 	prod1 := &api.NodePool{Name: "prod-1"}
@@ -91,8 +87,9 @@ No scheduler configuration`
 			name: "exact prefix match",
 			args: []string{"prod-1"},
 			expectedOut: `
-Name        = prod-1
-Description = <none>
+Name              = prod-1
+Description       = <none>
+Node Identity TTL = 24h0m0s
 
 Metadata
 No metadata

command/node_pool_list_test.go

@@ -101,14 +101,7 @@ prod-1  <none>`,
 				"-filter", `Name == "prod-1"`,
 			},
 			expectedOut: `
-[
-    {
-        "Description": "",
-        "Meta": null,
-        "Name": "prod-1",
-        "SchedulerConfiguration": null
-    }
-]`,
+"NodeIdentityTTL":"24h0m0s","Name":"prod-1","Description":"","Meta":null,"SchedulerConfiguration":null`,
 			expectedCode: 0,
 		},
 		{