-
Notifications
You must be signed in to change notification settings - Fork 2k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Added the purge API on node endpoints #3447
Changes from all commits
File filter
Filter by extension
Conversations
Jump to
Diff view
Diff view
There are no files selected for viewing
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -42,6 +42,9 @@ func (s *HTTPServer) NodeSpecificRequest(resp http.ResponseWriter, req *http.Req | |
case strings.HasSuffix(path, "/drain"): | ||
nodeName := strings.TrimSuffix(path, "/drain") | ||
return s.nodeToggleDrain(resp, req, nodeName) | ||
case strings.HasSuffix(path, "/purge"): | ||
nodeName := strings.TrimSuffix(path, "/purge") | ||
return s.nodePurge(resp, req, nodeName) | ||
default: | ||
return s.nodeQuery(resp, req, path) | ||
} | ||
|
@@ -142,3 +145,19 @@ func (s *HTTPServer) nodeQuery(resp http.ResponseWriter, req *http.Request, | |
} | ||
return out.Node, nil | ||
} | ||
|
||
func (s *HTTPServer) nodePurge(resp http.ResponseWriter, req *http.Request, nodeID string) (interface{}, error) { | ||
if req.Method != "POST" { | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. I am going to merge and also allow PUT |
||
return nil, CodedError(405, ErrInvalidMethod) | ||
} | ||
args := structs.NodeDeregisterRequest{ | ||
NodeID: nodeID, | ||
} | ||
s.parseWriteRequest(req, &args.WriteRequest) | ||
var out structs.NodeUpdateResponse | ||
if err := s.agent.RPC("Node.Deregister", &args, &out); err != nil { | ||
return nil, err | ||
} | ||
setIndex(resp, out.Index) | ||
return out, nil | ||
} |
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -209,10 +209,31 @@ func (n *Node) Deregister(args *structs.NodeDeregisterRequest, reply *structs.No | |
} | ||
defer metrics.MeasureSince([]string{"nomad", "client", "deregister"}, time.Now()) | ||
|
||
// Check node permissions | ||
if aclObj, err := n.srv.ResolveToken(args.AuthToken); err != nil { | ||
return err | ||
} else if aclObj != nil && !aclObj.AllowNodeWrite() { | ||
return structs.ErrPermissionDenied | ||
} | ||
|
||
// Verify the arguments | ||
if args.NodeID == "" { | ||
return fmt.Errorf("missing node ID for client deregistration") | ||
} | ||
// Look for the node | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Before the
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. We will need to add a test similar to this: https://github.com/hashicorp/nomad/blob/master/nomad/node_endpoint_test.go#L613 What you need to test is that an ACL with node write/management token work and that another token does not. |
||
snap, err := n.srv.fsm.State().Snapshot() | ||
if err != nil { | ||
return err | ||
} | ||
|
||
ws := memdb.NewWatchSet() | ||
node, err := snap.NodeByID(ws, args.NodeID) | ||
if err != nil { | ||
return err | ||
} | ||
if node == nil { | ||
return fmt.Errorf("node not found") | ||
} | ||
|
||
// Commit this update via Raft | ||
_, index, err := n.srv.raftApply(structs.NodeDeregisterRequestType, args) | ||
|
@@ -232,8 +253,7 @@ func (n *Node) Deregister(args *structs.NodeDeregisterRequest, reply *structs.No | |
} | ||
|
||
// Determine if there are any Vault accessors on the node | ||
ws := memdb.NewWatchSet() | ||
accessors, err := n.srv.State().VaultAccessorsByNode(ws, args.NodeID) | ||
accessors, err := snap.VaultAccessorsByNode(ws, args.NodeID) | ||
if err != nil { | ||
n.srv.logger.Printf("[ERR] nomad.client: looking up accessors for node %q failed: %v", args.NodeID, err) | ||
return err | ||
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
HTTP Documentation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Done