kemko/nomad
1
0
Fork 0
mirror of https://github.com/kemko/nomad.git synced 2026-01-04 17:35:43 +03:00
Code Issues Packages Projects Releases Wiki Activity
Files
c0cfeb3ecdcf8fdeed40c9fc3a68db35d2da5f7a
nomad/client/structs/allochook.go
Tim Gross c7c3b3ae33 revoke Consul tokens obtained via WI when alloc stops (#19034) 
Add a `Postrun` and `Destroy` hook to the allocrunner's `consul_hook` to ensure
that Consul tokens we've created via WI get revoked via the logout API when
we're done with them. Also add the logout to the `Prerun` hook if we've hit an
error.
2023-11-09 10:08:09 -05:00

70 lines
2.0 KiB
Go
Raw Blame History

// Copyright (c) HashiCorp, Inc.
// SPDX-License-Identifier: BUSL-1.1
package structs
import (
"sync"
consulapi "github.com/hashicorp/consul/api"
"github.com/hashicorp/nomad/client/pluginmanager/csimanager"
"github.com/hashicorp/nomad/helper"
)
// AllocHookResources contains data that is provided by AllocRunner Hooks for
// consumption by TaskRunners. This should be instantiated once in the
// AllocRunner and then only accessed via getters and setters that hold the
// lock.
type AllocHookResources struct {
csiMounts map[string]*csimanager.MountInfo
consulTokens map[string]map[string]*consulapi.ACLToken // Consul cluster -> service identity -> token
mu sync.RWMutex
}
func NewAllocHookResources() *AllocHookResources {
return &AllocHookResources{
csiMounts: map[string]*csimanager.MountInfo{},
consulTokens: map[string]map[string]*consulapi.ACLToken{},
}
}
// GetCSIMounts returns a copy of the CSI mount info previously written by the
// CSI allocrunner hook
func (a *AllocHookResources) GetCSIMounts() map[string]*csimanager.MountInfo {
a.mu.RLock()
defer a.mu.RUnlock()
return helper.DeepCopyMap(a.csiMounts)
}
// SetCSIMounts stores the CSI mount info for later use by the volume taskrunner
// hook
func (a *AllocHookResources) SetCSIMounts(m map[string]*csimanager.MountInfo) {
a.mu.Lock()
defer a.mu.Unlock()
a.csiMounts = m
}
// GetConsulTokens returns all the Consul tokens previously written by the
// consul allocrunner hook
func (a *AllocHookResources) GetConsulTokens() map[string]map[string]*consulapi.ACLToken {
a.mu.RLock()
defer a.mu.RUnlock()
return a.consulTokens
}
// SetConsulTokens merges a given map of Consul cluster names to task
// identities to Consul tokens with previously written data. This method is
// called by the allocrunner consul hook.
func (a *AllocHookResources) SetConsulTokens(m map[string]map[string]*consulapi.ACLToken) {
a.mu.Lock()
defer a.mu.Unlock()
for k, v := range m {
a.consulTokens[k] = v
}
}
Reference in New Issue View Git Blame Copy Permalink