github.com/zoomfoo/nomad@v0.8.5-0.20180907175415-f28fd3a1a056/nomad/search_endpoint_oss.go (about) 1 // +build !pro,!ent 2 3 package nomad 4 5 import ( 6 "fmt" 7 8 memdb "github.com/hashicorp/go-memdb" 9 "github.com/hashicorp/nomad/acl" 10 "github.com/hashicorp/nomad/nomad/state" 11 "github.com/hashicorp/nomad/nomad/structs" 12 ) 13 14 var ( 15 // allContexts are the available contexts which are searched to find matches 16 // for a given prefix 17 allContexts = ossContexts 18 ) 19 20 // contextToIndex returns the index name to lookup in the state store. 21 func contextToIndex(ctx structs.Context) string { 22 return string(ctx) 23 } 24 25 // getEnterpriseMatch is a no-op in oss since there are no enterprise objects. 26 func getEnterpriseMatch(match interface{}) (id string, ok bool) { 27 return "", false 28 } 29 30 // getEnterpriseResourceIter is used to retrieve an iterator over an enterprise 31 // only table. 32 func getEnterpriseResourceIter(context structs.Context, _ *acl.ACL, namespace, prefix string, ws memdb.WatchSet, state *state.StateStore) (memdb.ResultIterator, error) { 33 // If we have made it here then it is an error since we have exhausted all 34 // open source contexts. 35 return nil, fmt.Errorf("context must be one of %v or 'all' for all contexts; got %q", allContexts, context) 36 } 37 38 // anySearchPerms returns true if the provided ACL has access to any 39 // capabilities required for prefix searching. Returns true if aclObj is nil. 40 func anySearchPerms(aclObj *acl.ACL, namespace string, context structs.Context) bool { 41 if aclObj == nil { 42 return true 43 } 44 45 nodeRead := aclObj.AllowNodeRead() 46 jobRead := aclObj.AllowNsOp(namespace, acl.NamespaceCapabilityReadJob) 47 if !nodeRead && !jobRead { 48 return false 49 } 50 51 // Reject requests that explicitly specify a disallowed context. This 52 // should give the user better feedback then simply filtering out all 53 // results and returning an empty list. 54 if !nodeRead && context == structs.Nodes { 55 return false 56 } 57 if !jobRead { 58 switch context { 59 case structs.Allocs, structs.Deployments, structs.Evals, structs.Jobs: 60 return false 61 } 62 } 63 64 return true 65 } 66 67 // searchContexts returns the contexts the aclObj is valid for. If aclObj is 68 // nil all contexts are returned. 69 func searchContexts(aclObj *acl.ACL, namespace string, context structs.Context) []structs.Context { 70 var all []structs.Context 71 72 switch context { 73 case structs.All: 74 all = make([]structs.Context, len(allContexts)) 75 copy(all, allContexts) 76 default: 77 all = []structs.Context{context} 78 } 79 80 // If ACLs aren't enabled return all contexts 81 if aclObj == nil { 82 return all 83 } 84 85 jobRead := aclObj.AllowNsOp(namespace, acl.NamespaceCapabilityReadJob) 86 87 // Filter contexts down to those the ACL grants access to 88 available := make([]structs.Context, 0, len(all)) 89 for _, c := range all { 90 switch c { 91 case structs.Allocs, structs.Jobs, structs.Evals, structs.Deployments: 92 if jobRead { 93 available = append(available, c) 94 } 95 case structs.Nodes: 96 if aclObj.AllowNodeRead() { 97 available = append(available, c) 98 } 99 } 100 } 101 return available 102 }