structs

package
Version: v1.5.6 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: May 19, 2023 License: MPL-2.0 Imports: 69 Imported by: 2,272

Documentation

Index

Constants

View Source
const (
	// ACLUpsertPoliciesRPCMethod is the RPC method for batch creating or
	// modifying ACL policies.
	//
	// Args: ACLPolicyUpsertRequest
	// Reply: GenericResponse
	ACLUpsertPoliciesRPCMethod = "ACL.UpsertPolicies"

	// ACLUpsertTokensRPCMethod is the RPC method for batch creating or
	// modifying ACL tokens.
	//
	// Args: ACLTokenUpsertRequest
	// Reply: ACLTokenUpsertResponse
	ACLUpsertTokensRPCMethod = "ACL.UpsertTokens"

	// ACLDeleteTokensRPCMethod is the RPC method for batch deleting ACL
	// tokens.
	//
	// Args: ACLTokenDeleteRequest
	// Reply: GenericResponse
	ACLDeleteTokensRPCMethod = "ACL.DeleteTokens"

	// ACLUpsertRolesRPCMethod is the RPC method for batch creating or
	// modifying ACL roles.
	//
	// Args: ACLRolesUpsertRequest
	// Reply: ACLRolesUpsertResponse
	ACLUpsertRolesRPCMethod = "ACL.UpsertRoles"

	// ACLDeleteRolesByIDRPCMethod the RPC method for batch deleting ACL
	// roles by their ID.
	//
	// Args: ACLRolesDeleteByIDRequest
	// Reply: ACLRolesDeleteByIDResponse
	ACLDeleteRolesByIDRPCMethod = "ACL.DeleteRolesByID"

	// ACLListRolesRPCMethod is the RPC method for listing ACL roles.
	//
	// Args: ACLRolesListRequest
	// Reply: ACLRolesListResponse
	ACLListRolesRPCMethod = "ACL.ListRoles"

	// ACLGetRolesByIDRPCMethod is the RPC method for detailing a number of ACL
	// roles using their ID. This is an internal only RPC endpoint and used by
	// the ACL Role replication process.
	//
	// Args: ACLRolesByIDRequest
	// Reply: ACLRolesByIDResponse
	ACLGetRolesByIDRPCMethod = "ACL.GetRolesByID"

	// ACLGetRoleByIDRPCMethod is the RPC method for detailing an individual
	// ACL role using its ID.
	//
	// Args: ACLRoleByIDRequest
	// Reply: ACLRoleByIDResponse
	ACLGetRoleByIDRPCMethod = "ACL.GetRoleByID"

	// ACLGetRoleByNameRPCMethod is the RPC method for detailing an individual
	// ACL role using its name.
	//
	// Args: ACLRoleByNameRequest
	// Reply: ACLRoleByNameResponse
	ACLGetRoleByNameRPCMethod = "ACL.GetRoleByName"

	// ACLUpsertAuthMethodsRPCMethod is the RPC method for batch creating or
	// modifying auth methods.
	//
	// Args: ACLAuthMethodsUpsertRequest
	// Reply: ACLAuthMethodUpsertResponse
	ACLUpsertAuthMethodsRPCMethod = "ACL.UpsertAuthMethods"

	// ACLDeleteAuthMethodsRPCMethod is the RPC method for batch deleting auth
	// methods.
	//
	// Args: ACLAuthMethodDeleteRequest
	// Reply: ACLAuthMethodDeleteResponse
	ACLDeleteAuthMethodsRPCMethod = "ACL.DeleteAuthMethods"

	// ACLListAuthMethodsRPCMethod is the RPC method for listing auth methods.
	//
	// Args: ACLAuthMethodListRequest
	// Reply: ACLAuthMethodListResponse
	ACLListAuthMethodsRPCMethod = "ACL.ListAuthMethods"

	// ACLGetAuthMethodRPCMethod is the RPC method for detailing an individual
	// auth method using its name.
	//
	// Args: ACLAuthMethodGetRequest
	// Reply: ACLAuthMethodGetResponse
	ACLGetAuthMethodRPCMethod = "ACL.GetAuthMethod"

	// ACLGetAuthMethodsRPCMethod is the RPC method for getting multiple auth
	// methods using their names.
	//
	// Args: ACLAuthMethodsGetRequest
	// Reply: ACLAuthMethodsGetResponse
	ACLGetAuthMethodsRPCMethod = "ACL.GetAuthMethods"

	// ACLUpsertBindingRulesRPCMethod is the RPC method for batch creating or
	// modifying binding rules.
	//
	// Args: ACLBindingRulesUpsertRequest
	// Reply: ACLBindingRulesUpsertResponse
	ACLUpsertBindingRulesRPCMethod = "ACL.UpsertBindingRules"

	// ACLDeleteBindingRulesRPCMethod is the RPC method for batch deleting
	// binding rules.
	//
	// Args: ACLBindingRulesDeleteRequest
	// Reply: ACLBindingRulesDeleteResponse
	ACLDeleteBindingRulesRPCMethod = "ACL.DeleteBindingRules"

	// ACLListBindingRulesRPCMethod is the RPC method listing binding rules.
	//
	// Args: ACLBindingRulesListRequest
	// Reply: ACLBindingRulesListResponse
	ACLListBindingRulesRPCMethod = "ACL.ListBindingRules"

	// ACLGetBindingRulesRPCMethod is the RPC method for getting multiple
	// binding rules using their IDs.
	//
	// Args: ACLBindingRulesRequest
	// Reply: ACLBindingRulesResponse
	ACLGetBindingRulesRPCMethod = "ACL.GetBindingRules"

	// ACLGetBindingRuleRPCMethod is the RPC method for detailing an individual
	// binding rule using its ID.
	//
	// Args: ACLBindingRuleRequest
	// Reply: ACLBindingRuleResponse
	ACLGetBindingRuleRPCMethod = "ACL.GetBindingRule"

	// ACLOIDCAuthURLRPCMethod is the RPC method for starting the OIDC login
	// workflow. It generates the OIDC provider URL which will be used for user
	// authentication.
	//
	// Args: ACLOIDCAuthURLRequest
	// Reply: ACLOIDCAuthURLResponse
	ACLOIDCAuthURLRPCMethod = "ACL.OIDCAuthURL"

	// ACLOIDCCompleteAuthRPCMethod is the RPC method for completing the OIDC
	// login workflow. It exchanges the OIDC provider token for a Nomad ACL
	// token with roles as defined within the remote provider.
	//
	// Args: ACLOIDCCompleteAuthRequest
	// Reply: ACLOIDCCompleteAuthResponse
	ACLOIDCCompleteAuthRPCMethod = "ACL.OIDCCompleteAuth"

	// ACLLoginRPCMethod is the RPC method for performing a non-OIDC login
	// workflow. It exchanges the provided token for a Nomad ACL token with
	// roles as defined within the remote provider.
	//
	// Args: ACLLoginRequest
	// Reply: ACLLoginResponse
	ACLLoginRPCMethod = "ACL.Login"
)
View Source
const (
	// ACLMaxExpiredBatchSize is the maximum number of expired ACL tokens that
	// will be garbage collected in a single trigger. This number helps limit
	// the replication pressure due to expired token deletion. If there are a
	// large number of expired tokens pending garbage collection, this value is
	// a potential limiting factor.
	ACLMaxExpiredBatchSize = 4096

	// ACLAuthMethodTokenLocalityLocal is the ACLAuthMethod.TokenLocality that
	// will generate ACL tokens which can only be used on the local cluster the
	// request was made.
	ACLAuthMethodTokenLocalityLocal = "local"

	// ACLAuthMethodTokenLocalityGlobal is the ACLAuthMethod.TokenLocality that
	// will generate ACL tokens which can be used on all federated clusters.
	ACLAuthMethodTokenLocalityGlobal = "global"

	// ACLAuthMethodTypeOIDC the ACLAuthMethod.Type and represents an
	// auth-method which uses the OIDC protocol.
	ACLAuthMethodTypeOIDC = "OIDC"

	// ACLAuthMethodTypeJWT the ACLAuthMethod.Type and represents an auth-method
	// which uses the JWT type.
	ACLAuthMethodTypeJWT = "JWT"
)
View Source
const (
	// ACLBindingRuleBindTypeRole is the ACL binding rule bind type that only
	// allows the binding rule to function if a role exists at login-time. The
	// role will be specified within the ACLBindingRule.BindName parameter, and
	// will identify whether this is an ID or Name.
	ACLBindingRuleBindTypeRole = "role"

	// ACLBindingRuleBindTypePolicy is the ACL binding rule bind type that
	// assigns a policy to the generate ACL token. The role will be specified
	// within the ACLBindingRule.BindName parameter, and will be the policy
	// name.
	ACLBindingRuleBindTypePolicy = "policy"

	// ACLBindingRuleBindTypeManagement is the ACL binding rule bind type that
	// will generate management ACL tokens when matched.
	ACLBindingRuleBindTypeManagement = "management"
)
View Source
const (

	// Prefix based errors that are used to check if the error is of a given
	// type. These errors should be created with the associated constructor.
	ErrUnknownAllocationPrefix = "Unknown allocation"
	ErrUnknownNodePrefix       = "Unknown node"
	ErrUnknownJobPrefix        = "Unknown job"
	ErrUnknownEvaluationPrefix = "Unknown evaluation"
	ErrUnknownDeploymentPrefix = "Unknown deployment"
)
View Source
const (
	TopicDeployment     Topic = "Deployment"
	TopicEvaluation     Topic = "Evaluation"
	TopicAllocation     Topic = "Allocation"
	TopicJob            Topic = "Job"
	TopicNode           Topic = "Node"
	TopicACLPolicy      Topic = "ACLPolicy"
	TopicACLToken       Topic = "ACLToken"
	TopicACLRole        Topic = "ACLRole"
	TopicACLAuthMethod  Topic = "ACLAuthMethod"
	TopicACLBindingRule Topic = "ACLBindingRule"
	TopicService        Topic = "Service"
	TopicAll            Topic = "*"

	TypeNodeRegistration              = "NodeRegistration"
	TypeNodeDeregistration            = "NodeDeregistration"
	TypeNodeEligibilityUpdate         = "NodeEligibility"
	TypeNodeDrain                     = "NodeDrain"
	TypeNodeEvent                     = "NodeStreamEvent"
	TypeDeploymentUpdate              = "DeploymentStatusUpdate"
	TypeDeploymentPromotion           = "DeploymentPromotion"
	TypeDeploymentAllocHealth         = "DeploymentAllocHealth"
	TypeAllocationCreated             = "AllocationCreated"
	TypeAllocationUpdated             = "AllocationUpdated"
	TypeAllocationUpdateDesiredStatus = "AllocationUpdateDesiredStatus"
	TypeEvalUpdated                   = "EvaluationUpdated"
	TypeJobRegistered                 = "JobRegistered"
	TypeJobDeregistered               = "JobDeregistered"
	TypeJobBatchDeregistered          = "JobBatchDeregistered"
	TypePlanResult                    = "PlanResult"
	TypeACLTokenDeleted               = "ACLTokenDeleted"
	TypeACLTokenUpserted              = "ACLTokenUpserted"
	TypeACLPolicyDeleted              = "ACLPolicyDeleted"
	TypeACLPolicyUpserted             = "ACLPolicyUpserted"
	TypeACLRoleDeleted                = "ACLRoleDeleted"
	TypeACLRoleUpserted               = "ACLRoleUpserted"
	TypeACLAuthMethodUpserted         = "ACLAuthMethodUpserted"
	TypeACLAuthMethodDeleted          = "ACLAuthMethodDeleted"
	TypeACLBindingRuleUpserted        = "ACLBindingRuleUpserted"
	TypeACLBindingRuleDeleted         = "ACLBindingRuleDeleted"
	TypeServiceRegistration           = "ServiceRegistration"
	TypeServiceDeregistration         = "ServiceDeregistration"
)
View Source
const (
	RootKeyStateInactive RootKeyState = "inactive"
	RootKeyStateActive                = "active"
	RootKeyStateRekeying              = "rekeying"

	// RootKeyStateDeprecated is, itself, deprecated and is no longer in
	// use. For backwards compatibility, any existing keys with this state will
	// be treated as RootKeyStateInactive
	RootKeyStateDeprecated = "deprecated"
)
View Source
const (
	// DefaultMinDynamicPort is the smallest dynamic port generated by
	// default
	DefaultMinDynamicPort = 20000

	// DefaultMaxDynamicPort is the largest dynamic port generated by
	// default
	DefaultMaxDynamicPort = 32000

	// MaxValidPort is the max valid port number
	MaxValidPort = 65536
)
View Source
const (
	// ServiceRegistrationUpsertRPCMethod is the RPC method for upserting
	// service registrations into Nomad state.
	//
	// Args: ServiceRegistrationUpsertRequest
	// Reply: ServiceRegistrationUpsertResponse
	ServiceRegistrationUpsertRPCMethod = "ServiceRegistration.Upsert"

	// ServiceRegistrationDeleteByIDRPCMethod is the RPC method for deleting
	// a service registration by its ID.
	//
	// Args: ServiceRegistrationDeleteByIDRequest
	// Reply: ServiceRegistrationDeleteByIDResponse
	ServiceRegistrationDeleteByIDRPCMethod = "ServiceRegistration.DeleteByID"

	// ServiceRegistrationListRPCMethod is the RPC method for listing service
	// registrations within Nomad.
	//
	// Args: ServiceRegistrationListRequest
	// Reply: ServiceRegistrationListResponse
	ServiceRegistrationListRPCMethod = "ServiceRegistration.List"

	// ServiceRegistrationGetServiceRPCMethod is the RPC method for detailing a
	// service and its registrations according to its name.
	//
	// Args: ServiceRegistrationByNameRequest
	// Reply: ServiceRegistrationByNameResponse
	ServiceRegistrationGetServiceRPCMethod = "ServiceRegistration.GetService"
)
View Source
const (
	EnvoyBootstrapPath = "${NOMAD_SECRETS_DIR}/envoy_bootstrap.json"

	ServiceCheckHTTP   = "http"
	ServiceCheckTCP    = "tcp"
	ServiceCheckScript = "script"
	ServiceCheckGRPC   = "grpc"

	OnUpdateRequireHealthy = "require_healthy"
	OnUpdateIgnoreWarn     = "ignore_warnings"
	OnUpdateIgnore         = "ignore"
)
View Source
const (
	AddressModeAuto   = "auto"
	AddressModeHost   = "host"
	AddressModeDriver = "driver"
	AddressModeAlloc  = "alloc"

	// ServiceProviderConsul is the default service provider and the way Nomad
	// worked before native service discovery.
	ServiceProviderConsul = "consul"

	// ServiceProviderNomad is the native service discovery provider. At the
	// time of writing, there are a number of restrictions around its
	// functionality and use.
	ServiceProviderNomad = "nomad"
)
View Source
const (
	// IgnoreUnknownTypeFlag is set along with a MessageType
	// to indicate that the message type can be safely ignored
	// if it is not recognized. This is for future proofing, so
	// that new commands can be added in a way that won't cause
	// old servers to crash when the FSM attempts to process them.
	IgnoreUnknownTypeFlag MessageType = 128

	// MsgTypeTestSetup is used during testing when calling state store
	// methods directly that require an FSM MessageType
	MsgTypeTestSetup MessageType = IgnoreUnknownTypeFlag

	GetterModeAny  = "any"
	GetterModeFile = "file"
	GetterModeDir  = "dir"

	// ACLClientToken and ACLManagementToken are the only types of tokens
	ACLClientToken     = "client"
	ACLManagementToken = "management"

	// DefaultNamespace is the default namespace.
	DefaultNamespace            = "default"
	DefaultNamespaceDescription = "Default shared namespace"

	// AllNamespacesSentinel is the value used as a namespace RPC value
	// to indicate that endpoints must search in all namespaces
	//
	// Also defined in acl/acl.go to avoid circular dependencies. If modified
	// it should be updated there as well.
	AllNamespacesSentinel = "*"

	// JitterFraction is a the limit to the amount of jitter we apply
	// to a user specified MaxQueryTime. We divide the specified time by
	// the fraction. So 16 == 6.25% limit of jitter. This jitter is also
	// applied to RPCHoldTimeout.
	JitterFraction = 16

	// MaxRetainedNodeEvents is the maximum number of node events that will be
	// retained for a single node
	MaxRetainedNodeEvents = 10

	// MaxRetainedNodeScores is the number of top scoring nodes for which we
	// retain scoring metadata
	MaxRetainedNodeScores = 5

	// Normalized scorer name
	NormScorerName = "normalized-score"

	// MaxBlockingRPCQueryTime is used to bound the limit of a blocking query
	MaxBlockingRPCQueryTime = 300 * time.Second

	// DefaultBlockingRPCQueryTime is the amount of time we block waiting for a change
	// if no time is specified. Previously we would wait the MaxBlockingRPCQueryTime.
	DefaultBlockingRPCQueryTime = 300 * time.Second

	// RateMetric constants are used as labels in RPC rate metrics
	RateMetricRead  = "read"
	RateMetricList  = "list"
	RateMetricWrite = "write"
)
View Source
const (
	NodeEventSubsystemDrain     = "Drain"
	NodeEventSubsystemDriver    = "Driver"
	NodeEventSubsystemHeartbeat = "Heartbeat"
	NodeEventSubsystemCluster   = "Cluster"
	NodeEventSubsystemScheduler = "Scheduler"
	NodeEventSubsystemStorage   = "Storage"
)
View Source
const (
	NodeStatusInit         = "initializing"
	NodeStatusReady        = "ready"
	NodeStatusDown         = "down"
	NodeStatusDisconnected = "disconnected"
)
View Source
const (
	// NodeSchedulingEligible and Ineligible marks the node as eligible or not,
	// respectively, for receiving allocations. This is orthogonal to the node
	// status being ready.
	NodeSchedulingEligible   = "eligible"
	NodeSchedulingIneligible = "ineligible"
)
View Source
const (
	// JobTypeCore is reserved for internal system tasks and is
	// always handled by the CoreScheduler.
	JobTypeCore     = "_core"
	JobTypeService  = "service"
	JobTypeBatch    = "batch"
	JobTypeSystem   = "system"
	JobTypeSysBatch = "sysbatch"
)
View Source
const (
	JobStatusPending = "pending" // Pending means the job is waiting on scheduling
	JobStatusRunning = "running" // Running means the job has non-terminal allocations
	JobStatusDead    = "dead"    // Dead means all evaluation's and allocations are terminal
)
View Source
const (
	// JobMinPriority is the minimum allowed priority
	JobMinPriority = 1

	// JobDefaultPriority is the default priority if not specified.
	JobDefaultPriority = 50

	// JobDefaultMaxPriority is the default maximum allowed priority
	JobDefaultMaxPriority = 100

	// JobMaxPriority is the maximum allowed configuration value for maximum job priority
	JobMaxPriority = math.MaxInt16 - 1

	// CoreJobPriority should be higher than any user
	// specified job so that it gets priority. This is important
	// for the system to remain healthy.
	CoreJobPriority = math.MaxInt16

	// JobTrackedVersions is the number of historic job versions that are
	// kept.
	JobTrackedVersions = 6

	// JobTrackedScalingEvents is the number of scaling events that are
	// kept for a single task group.
	JobTrackedScalingEvents = 20
)
View Source
const (
	// Checks uses any registered health check state in combination with task
	// states to determine if an allocation is healthy.
	UpdateStrategyHealthCheck_Checks = "checks"

	// TaskStates uses the task states of an allocation to determine if the
	// allocation is healthy.
	UpdateStrategyHealthCheck_TaskStates = "task_states"

	// Manual allows the operator to manually signal to Nomad when an
	// allocations is healthy. This allows more advanced health checking that is
	// outside of the scope of Nomad.
	UpdateStrategyHealthCheck_Manual = "manual"
)
View Source
const (
	// PeriodicSpecCron is used for a cron spec.
	PeriodicSpecCron = "cron"

	// PeriodicSpecTest is only used by unit tests. It is a sorted, comma
	// separated list of unix timestamps at which to launch.
	PeriodicSpecTest = "_internal_test"
)
View Source
const (
	DispatchPayloadForbidden = "forbidden"
	DispatchPayloadOptional  = "optional"
	DispatchPayloadRequired  = "required"

	// DispatchLaunchSuffix is the string appended to the parameterized job's ID
	// when dispatching instances of it.
	DispatchLaunchSuffix = "/dispatch-"
)
View Source
const (
	TaskLifecycleHookPrestart  = "prestart"
	TaskLifecycleHookPoststart = "poststart"
	TaskLifecycleHookPoststop  = "poststop"
)
View Source
const (
	// RestartPolicyModeDelay causes an artificial delay till the next interval is
	// reached when the specified attempts have been reached in the interval.
	RestartPolicyModeDelay = "delay"

	// RestartPolicyModeFail causes a job to fail if the specified number of
	// attempts are reached within an interval.
	RestartPolicyModeFail = "fail"

	// RestartPolicyMinInterval is the minimum interval that is accepted for a
	// restart policy.
	RestartPolicyMinInterval = 5 * time.Second

	// ReasonWithinPolicy describes restart events that are within policy
	ReasonWithinPolicy = "Restart within policy"
)
View Source
const (
	ScalingTargetNamespace = "Namespace"
	ScalingTargetJob       = "Job"
	ScalingTargetGroup     = "Group"
	ScalingTargetTask      = "Task"

	ScalingPolicyTypeHorizontal = "horizontal"
)
View Source
const (
	MigrateStrategyHealthChecks = "checks"
	MigrateStrategyHealthStates = "task_states"
)
View Source
const (
	// ConnectProxyPrefix is the prefix used for fields referencing a Consul Connect
	// Proxy
	ConnectProxyPrefix = "connect-proxy"

	// ConnectNativePrefix is the prefix used for fields referencing a Connect
	// Native Task
	ConnectNativePrefix = "connect-native"

	// ConnectIngressPrefix is the prefix used for fields referencing a Consul
	// Connect Ingress Gateway Proxy.
	ConnectIngressPrefix = "connect-ingress"

	// ConnectTerminatingPrefix is the prefix used for fields referencing a Consul
	// Connect Terminating Gateway Proxy.
	ConnectTerminatingPrefix = "connect-terminating"

	// ConnectMeshPrefix is the prefix used for fields referencing a Consul Connect
	// Mesh Gateway Proxy.
	ConnectMeshPrefix = "connect-mesh"
)
View Source
const (
	// TemplateChangeModeNoop marks that no action should be taken if the
	// template is re-rendered
	TemplateChangeModeNoop = "noop"

	// TemplateChangeModeSignal marks that the task should be signaled if the
	// template is re-rendered
	TemplateChangeModeSignal = "signal"

	// TemplateChangeModeRestart marks that the task should be restarted if the
	// template is re-rendered
	TemplateChangeModeRestart = "restart"

	// TemplateChangeModeScript marks that the task should trigger a script if
	// the template is re-rendered
	TemplateChangeModeScript = "script"
)
View Source
const (
	TaskStatePending = "pending" // The task is waiting to be run.
	TaskStateRunning = "running" // The task is currently running.
	TaskStateDead    = "dead"    // Terminal state of task.
)

Set of possible states for a task.

View Source
const (
	// TaskSetupFailure indicates that the task could not be started due to a
	// a setup failure.
	TaskSetupFailure = "Setup Failure"

	// TaskDriveFailure indicates that the task could not be started due to a
	// failure in the driver. TaskDriverFailure is considered Recoverable.
	TaskDriverFailure = "Driver Failure"

	// TaskReceived signals that the task has been pulled by the client at the
	// given timestamp.
	TaskReceived = "Received"

	// TaskFailedValidation indicates the task was invalid and as such was not run.
	// TaskFailedValidation is not considered Recoverable.
	TaskFailedValidation = "Failed Validation"

	// TaskStarted signals that the task was started and its timestamp can be
	// used to determine the running length of the task.
	TaskStarted = "Started"

	// TaskTerminated indicates that the task was started and exited.
	TaskTerminated = "Terminated"

	// TaskKilling indicates a kill signal has been sent to the task.
	TaskKilling = "Killing"

	// TaskKilled indicates a user has killed the task.
	TaskKilled = "Killed"

	// TaskRestarting indicates that task terminated and is being restarted.
	TaskRestarting = "Restarting"

	// TaskNotRestarting indicates that the task has failed and is not being
	// restarted because it has exceeded its restart policy.
	TaskNotRestarting = "Not Restarting"

	// TaskRestartSignal indicates that the task has been signaled to be
	// restarted
	TaskRestartSignal = "Restart Signaled"

	// TaskSignaling indicates that the task is being signalled.
	TaskSignaling = "Signaling"

	// TaskDownloadingArtifacts means the task is downloading the artifacts
	// specified in the task.
	TaskDownloadingArtifacts = "Downloading Artifacts"

	// TaskArtifactDownloadFailed indicates that downloading the artifacts
	// failed.
	TaskArtifactDownloadFailed = "Failed Artifact Download"

	// TaskBuildingTaskDir indicates that the task directory/chroot is being
	// built.
	TaskBuildingTaskDir = "Building Task Directory"

	// TaskSetup indicates the task runner is setting up the task environment
	TaskSetup = "Task Setup"

	// TaskDiskExceeded indicates that one of the tasks in a taskgroup has
	// exceeded the requested disk resources.
	TaskDiskExceeded = "Disk Resources Exceeded"

	// TaskSiblingFailed indicates that a sibling task in the task group has
	// failed.
	TaskSiblingFailed = "Sibling Task Failed"

	// TaskDriverMessage is an informational event message emitted by
	// drivers such as when they're performing a long running action like
	// downloading an image.
	TaskDriverMessage = "Driver"

	// TaskLeaderDead indicates that the leader task within the has finished.
	TaskLeaderDead = "Leader Task Dead"

	// TaskMainDead indicates that the main tasks have dead
	TaskMainDead = "Main Tasks Dead"

	// TaskHookFailed indicates that one of the hooks for a task failed.
	TaskHookFailed = "Task hook failed"

	// TaskHookMessage indicates that one of the hooks for a task emitted a
	// message.
	TaskHookMessage = "Task hook message"

	// TaskRestoreFailed indicates Nomad was unable to reattach to a
	// restored task.
	TaskRestoreFailed = "Failed Restoring Task"

	// TaskPluginUnhealthy indicates that a plugin managed by Nomad became unhealthy
	TaskPluginUnhealthy = "Plugin became unhealthy"

	// TaskPluginHealthy indicates that a plugin managed by Nomad became healthy
	TaskPluginHealthy = "Plugin became healthy"

	// TaskClientReconnected indicates that the client running the task disconnected.
	TaskClientReconnected = "Reconnected"

	// TaskWaitingShuttingDownDelay indicates that the task is waiting for
	// shutdown delay before being TaskKilled
	TaskWaitingShuttingDownDelay = "Waiting for shutdown delay"

	// TaskSkippingShutdownDelay indicates that the task operation was
	// configured to ignore the shutdown delay value set for the tas.
	TaskSkippingShutdownDelay = "Skipping shutdown delay"
)
View Source
const (
	ConstraintDistinctProperty  = "distinct_property"
	ConstraintDistinctHosts     = "distinct_hosts"
	ConstraintRegex             = "regexp"
	ConstraintVersion           = "version"
	ConstraintSemver            = "semver"
	ConstraintSetContains       = "set_contains"
	ConstraintSetContainsAll    = "set_contains_all"
	ConstraintSetContainsAny    = "set_contains_any"
	ConstraintAttributeIsSet    = "is_set"
	ConstraintAttributeIsNotSet = "is_not_set"
)
View Source
const (
	// VaultChangeModeNoop takes no action when a new token is retrieved.
	VaultChangeModeNoop = "noop"

	// VaultChangeModeSignal signals the task when a new token is retrieved.
	VaultChangeModeSignal = "signal"

	// VaultChangeModeRestart restarts the task when a new token is retrieved.
	VaultChangeModeRestart = "restart"
)
View Source
const (
	// DeploymentStatuses are the various states a deployment can be be in
	DeploymentStatusRunning      = "running"
	DeploymentStatusPaused       = "paused"
	DeploymentStatusFailed       = "failed"
	DeploymentStatusSuccessful   = "successful"
	DeploymentStatusCancelled    = "cancelled"
	DeploymentStatusInitializing = "initializing"
	DeploymentStatusPending      = "pending"
	DeploymentStatusBlocked      = "blocked"
	DeploymentStatusUnblocking   = "unblocking"

	// DeploymentStatusDescriptions are the various descriptions of the states a
	// deployment can be in.
	DeploymentStatusDescriptionRunning               = "Deployment is running"
	DeploymentStatusDescriptionRunningNeedsPromotion = "Deployment is running but requires manual promotion"
	DeploymentStatusDescriptionRunningAutoPromotion  = "Deployment is running pending automatic promotion"
	DeploymentStatusDescriptionPaused                = "Deployment is paused"
	DeploymentStatusDescriptionSuccessful            = "Deployment completed successfully"
	DeploymentStatusDescriptionStoppedJob            = "Cancelled because job is stopped"
	DeploymentStatusDescriptionNewerJob              = "Cancelled due to newer version of job"
	DeploymentStatusDescriptionFailedAllocations     = "Failed due to unhealthy allocations"
	DeploymentStatusDescriptionProgressDeadline      = "Failed due to progress deadline"
	DeploymentStatusDescriptionFailedByUser          = "Deployment marked as failed"

	// used only in multiregion deployments
	DeploymentStatusDescriptionFailedByPeer   = "Failed because of an error in peer region"
	DeploymentStatusDescriptionBlocked        = "Deployment is complete but waiting for peer region"
	DeploymentStatusDescriptionUnblocking     = "Deployment is unblocking remaining regions"
	DeploymentStatusDescriptionPendingForPeer = "Deployment is pending, waiting for peer region"
)
View Source
const (
	AllocDesiredStatusRun   = "run"   // Allocation should run
	AllocDesiredStatusStop  = "stop"  // Allocation should stop
	AllocDesiredStatusEvict = "evict" // Allocation should stop, and was evicted
)
View Source
const (
	AllocClientStatusPending  = "pending"
	AllocClientStatusRunning  = "running"
	AllocClientStatusComplete = "complete"
	AllocClientStatusFailed   = "failed"
	AllocClientStatusLost     = "lost"
	AllocClientStatusUnknown  = "unknown"
)
View Source
const (
	EvalStatusBlocked   = "blocked"
	EvalStatusPending   = "pending"
	EvalStatusComplete  = "complete"
	EvalStatusFailed    = "failed"
	EvalStatusCancelled = "canceled"
)
View Source
const (
	EvalTriggerJobRegister          = "job-register"
	EvalTriggerJobDeregister        = "job-deregister"
	EvalTriggerPeriodicJob          = "periodic-job"
	EvalTriggerNodeDrain            = "node-drain"
	EvalTriggerNodeUpdate           = "node-update"
	EvalTriggerAllocStop            = "alloc-stop"
	EvalTriggerScheduled            = "scheduled"
	EvalTriggerRollingUpdate        = "rolling-update"
	EvalTriggerDeploymentWatcher    = "deployment-watcher"
	EvalTriggerFailedFollowUp       = "failed-follow-up"
	EvalTriggerMaxPlans             = "max-plan-attempts"
	EvalTriggerRetryFailedAlloc     = "alloc-failure"
	EvalTriggerQueuedAllocs         = "queued-allocs"
	EvalTriggerPreemption           = "preemption"
	EvalTriggerScaling              = "job-scaling"
	EvalTriggerMaxDisconnectTimeout = "max-disconnect-timeout"
	EvalTriggerReconnect            = "reconnect"
)
View Source
const (
	// CoreJobEvalGC is used for the garbage collection of evaluations
	// and allocations. We periodically scan evaluations in a terminal state,
	// in which all the corresponding allocations are also terminal. We
	// delete these out of the system to bound the state.
	CoreJobEvalGC = "eval-gc"

	// CoreJobNodeGC is used for the garbage collection of failed nodes.
	// We periodically scan nodes in a terminal state, and if they have no
	// corresponding allocations we delete these out of the system.
	CoreJobNodeGC = "node-gc"

	// CoreJobJobGC is used for the garbage collection of eligible jobs. We
	// periodically scan garbage collectible jobs and check if both their
	// evaluations and allocations are terminal. If so, we delete these out of
	// the system.
	CoreJobJobGC = "job-gc"

	// CoreJobDeploymentGC is used for the garbage collection of eligible
	// deployments. We periodically scan garbage collectible deployments and
	// check if they are terminal. If so, we delete these out of the system.
	CoreJobDeploymentGC = "deployment-gc"

	// CoreJobCSIVolumeClaimGC is use for the garbage collection of CSI
	// volume claims. We periodically scan volumes to see if no allocs are
	// claiming them. If so, we unclaim the volume.
	CoreJobCSIVolumeClaimGC = "csi-volume-claim-gc"

	// CoreJobCSIPluginGC is use for the garbage collection of CSI plugins.
	// We periodically scan plugins to see if they have no associated volumes
	// or allocs running them. If so, we delete the plugin.
	CoreJobCSIPluginGC = "csi-plugin-gc"

	// CoreJobOneTimeTokenGC is use for the garbage collection of one-time
	// tokens. We periodically scan for expired tokens and delete them.
	CoreJobOneTimeTokenGC = "one-time-token-gc"

	// CoreJobLocalTokenExpiredGC is used for the garbage collection of
	// expired local ACL tokens. We periodically scan for expired tokens and
	// delete them.
	CoreJobLocalTokenExpiredGC = "local-token-expired-gc"

	// CoreJobGlobalTokenExpiredGC is used for the garbage collection of
	// expired global ACL tokens. We periodically scan for expired tokens and
	// delete them.
	CoreJobGlobalTokenExpiredGC = "global-token-expired-gc"

	// CoreJobRootKeyRotateGC is used for periodic key rotation and
	// garbage collection of unused encryption keys.
	CoreJobRootKeyRotateOrGC = "root-key-rotate-gc"

	// CoreJobVariablesRekey is used to fully rotate the encryption keys for
	// variables by decrypting all variables and re-encrypting them with the
	// active key
	CoreJobVariablesRekey = "variables-rekey"

	// CoreJobForceGC is used to force garbage collection of all GCable objects.
	CoreJobForceGC = "force-gc"
)
View Source
const (
	// VariablesApplyRPCMethod is the RPC method for upserting or deleting a
	// variable by its namespace and path, with optional conflict detection.
	//
	// Args: VariablesApplyRequest
	// Reply: VariablesApplyResponse
	VariablesApplyRPCMethod = "Variables.Apply"

	// VariablesListRPCMethod is the RPC method for listing variables within
	// Nomad.
	//
	// Args: VariablesListRequest
	// Reply: VariablesListResponse
	VariablesListRPCMethod = "Variables.List"

	// VariablesReadRPCMethod is the RPC method for fetching a variable
	// according to its namepace and path.
	//
	// Args: VariablesByNameRequest
	// Reply: VariablesByNameResponse
	VariablesReadRPCMethod = "Variables.Read"
)
View Source
const (
	VolumeMountPropagationPrivate       = "private"
	VolumeMountPropagationHostToTask    = "host-to-task"
	VolumeMountPropagationBidirectional = "bidirectional"
)
View Source
const (
	// AllocServiceRegistrationsRPCMethod is the RPC method for listing all
	// service registrations assigned to a specific allocation.
	//
	// Args: AllocServiceRegistrationsRequest
	// Reply: AllocServiceRegistrationsResponse
	AllocServiceRegistrationsRPCMethod = "Alloc.GetServiceRegistrations"
)
View Source
const (
	BytesInMegabyte = 1024 * 1024
)
View Source
const CSIIntermediaryDirname = "volumes"

CSIIntermediaryDirname is the name of the directory inside the PluginMountDir where Nomad will expect plugins to create intermediary mounts for volumes.

View Source
const CSISocketName = "csi.sock"

CSISocketName is the filename that Nomad expects plugins to create inside the PluginMountDir.

View Source
const (
	// DefaultKillTimeout is the default timeout between signaling a task it
	// will be killed and killing it.
	DefaultKillTimeout = 5 * time.Second
)
View Source
const (
	// EvalDeleteRPCMethod is the RPC method for batch deleting evaluations
	// using their IDs.
	//
	// Args: EvalDeleteRequest
	// Reply: EvalDeleteResponse
	EvalDeleteRPCMethod = "Eval.Delete"
)
View Source
const (
	// JobServiceRegistrationsRPCMethod is the RPC method for listing all
	// service registrations assigned to a specific namespaced job.
	//
	// Args: JobServiceRegistrationsRequest
	// Reply: JobServiceRegistrationsResponse
	JobServiceRegistrationsRPCMethod = "Job.GetServiceRegistrations"
)
View Source
const MaxUUIDsPerWriteRequest = 7281 // (1024 * 256) / 36

MaxUUIDsPerWriteRequest is the maximum number of UUIDs that can be included within a single write request. This is to ensure that the Raft message does not become too large. The resulting value corresponds to 0.25MB of IDs or 7281 UUID strings.

View Source
const (
	// NodeUniqueNamespace is a prefix that can be appended to node meta or
	// attribute keys to mark them for exclusion in computed node class.
	NodeUniqueNamespace = "unique."
)
View Source
const (
	// PeriodicLaunchSuffix is the string appended to the periodic jobs ID
	// when launching derived instances of it.
	PeriodicLaunchSuffix = "/periodic-"
)
View Source
const ReschedulePolicyMinDelay = 5 * time.Second
View Source
const ReschedulePolicyMinInterval = 15 * time.Second
View Source
const VolumeTypeCSI = "csi"

VolumeTypeCSI is the type in the volume block of a TaskGroup

View Source
const (
	VolumeTypeHost = "host"
)

Variables

View Source
var (
	// ValidACLRoleName is used to validate an ACL role name.
	ValidACLRoleName = regexp.MustCompile("^[a-zA-Z0-9-]{1,128}$")

	// ValidACLAuthMethod is used to validate an ACL auth method name.
	ValidACLAuthMethod = regexp.MustCompile("^[a-zA-Z0-9-]{1,128}$")

	// ValitACLAuthMethodTypes lists supported auth method types.
	ValidACLAuthMethodTypes = []string{ACLAuthMethodTypeOIDC, ACLAuthMethodTypeJWT}
)
View Source
var (
	ErrNoLeader                   = errors.New(errNoLeader)
	ErrNotReadyForConsistentReads = errors.New(errNotReadyForConsistentReads)
	ErrNoRegionPath               = errors.New(errNoRegionPath)
	ErrTokenNotFound              = errors.New(errTokenNotFound)
	ErrTokenExpired               = errors.New(errTokenExpired)
	ErrTokenInvalid               = errors.New(errTokenInvalid)
	ErrPermissionDenied           = errors.New(errPermissionDenied)
	ErrJobRegistrationDisabled    = errors.New(errJobRegistrationDisabled)
	ErrNoNodeConn                 = errors.New(errNoNodeConn)
	ErrUnknownMethod              = errors.New(errUnknownMethod)
	ErrUnknownNomadVersion        = errors.New(errUnknownNomadVersion)
	ErrNodeLacksRpc               = errors.New(errNodeLacksRpc)
	ErrMissingAllocID             = errors.New(errMissingAllocID)
	ErrIncompatibleFiltering      = errors.New(errIncompatibleFiltering)
	ErrMalformedChooseParameter   = errors.New(errMalformedChooseParameter)

	ErrUnknownNode = errors.New(ErrUnknownNodePrefix)

	ErrDeploymentTerminalNoCancel    = errors.New(errDeploymentTerminalNoCancel)
	ErrDeploymentTerminalNoFail      = errors.New(errDeploymentTerminalNoFail)
	ErrDeploymentTerminalNoPause     = errors.New(errDeploymentTerminalNoPause)
	ErrDeploymentTerminalNoPromote   = errors.New(errDeploymentTerminalNoPromote)
	ErrDeploymentTerminalNoResume    = errors.New(errDeploymentTerminalNoResume)
	ErrDeploymentTerminalNoUnblock   = errors.New(errDeploymentTerminalNoUnblock)
	ErrDeploymentTerminalNoRun       = errors.New(errDeploymentTerminalNoRun)
	ErrDeploymentTerminalNoSetHealth = errors.New(errDeploymentTerminalNoSetHealth)
	ErrDeploymentRunningNoUnblock    = errors.New(errDeploymentRunningNoUnblock)

	ErrCSIClientRPCIgnorable  = errors.New("CSI client error (ignorable)")
	ErrCSIClientRPCRetryable  = errors.New("CSI client error (retryable)")
	ErrCSIVolumeMaxClaims     = errors.New("volume max claims reached")
	ErrCSIVolumeUnschedulable = errors.New("volume is currently unschedulable")
)
View Source
var (
	// JsonHandle and JsonHandlePretty are the codec handles to JSON encode
	// structs. The pretty handle will add indents for easier human consumption.
	// JsonHandleWithExtensions and JsonHandlePretty include extensions for
	// encoding structs objects with API-specific fields
	JsonHandle = &codec.JsonHandle{
		HTMLCharsAsIs: true,
	}
	JsonHandleWithExtensions = NomadJsonEncodingExtensions(&codec.JsonHandle{
		HTMLCharsAsIs: true,
	})
	JsonHandlePretty = NomadJsonEncodingExtensions(&codec.JsonHandle{
		HTMLCharsAsIs: true,
		Indent:        4,
	})
)
View Source
var (
	DefaultServiceJobRestartPolicy = RestartPolicy{
		Delay:    15 * time.Second,
		Attempts: 2,
		Interval: 30 * time.Minute,
		Mode:     RestartPolicyModeFail,
	}
	DefaultBatchJobRestartPolicy = RestartPolicy{
		Delay:    15 * time.Second,
		Attempts: 3,
		Interval: 24 * time.Hour,
		Mode:     RestartPolicyModeFail,
	}
)
View Source
var (
	DefaultServiceJobReschedulePolicy = ReschedulePolicy{
		Delay:         30 * time.Second,
		DelayFunction: "exponential",
		MaxDelay:      1 * time.Hour,
		Unlimited:     true,
	}
	DefaultBatchJobReschedulePolicy = ReschedulePolicy{
		Attempts:      1,
		Interval:      24 * time.Hour,
		Delay:         5 * time.Second,
		DelayFunction: "constant",
	}
)
View Source
var (
	// AnonymousACLToken is used no SecretID is provided, and the
	// request is made anonymously.
	AnonymousACLToken = &ACLToken{
		AccessorID: "anonymous",
		Name:       "Anonymous Token",
		Type:       ACLClientToken,
		Policies:   []string{"anonymous"},
		Global:     false,
	}

	// LeaderACLToken is used to represent a leader's own token; this object
	// never gets used except on the leader
	LeaderACLToken = &ACLToken{
		AccessorID: "leader",
		Name:       "Leader Token",
		Type:       ACLManagementToken,
	}
)
View Source
var (
	// DefaultUpdateStrategy provides a baseline that can be used to upgrade
	// jobs with the old policy or for populating field defaults.
	DefaultUpdateStrategy = &UpdateStrategy{
		Stagger:          30 * time.Second,
		MaxParallel:      1,
		HealthCheck:      UpdateStrategyHealthCheck_Checks,
		MinHealthyTime:   10 * time.Second,
		HealthyDeadline:  5 * time.Minute,
		ProgressDeadline: 10 * time.Minute,
		AutoRevert:       false,
		AutoPromote:      false,
		Canary:           0,
	}
)
View Source
var MsgpackHandle = func() *codec.MsgpackHandle {
	h := &codec.MsgpackHandle{}
	h.RawToString = true

	h.BasicHandle.TimeNotBuiltin = true

	h.MapType = reflect.TypeOf(map[string]interface{}(nil))

	h.TypeInfos = codec.NewTypeInfos([]string{"codec"})

	return h
}()

msgpackHandle is a shared handle for encoding/decoding of structs

View Source
var RescheduleDelayFunctions = [...]string{"constant", "exponential", "fibonacci"}
View Source
var (
	// TemplateChangeModeInvalidError is the error for when an invalid change
	// mode is given
	TemplateChangeModeInvalidError = errors.New("Invalid change mode. Must be one of the following: noop, signal, script, restart")
)
View Source
var (
	// ValidPolicyName is used to validate a policy name
	ValidPolicyName = regexp.MustCompile("^[a-zA-Z0-9-]{1,128}$")
)
View Source
var (
	// VaultUnrecoverableError matches unrecoverable errors returned by a Vault
	// server
	VaultUnrecoverableError = regexp.MustCompile(`Code:\s+40(0|3|4)`)
)

Functions

func ACLPolicyListHash added in v0.7.0

func ACLPolicyListHash(policies []*ACLPolicy) string

ACLPolicyListHash returns a consistent hash for a set of policies.

func AllocName added in v0.6.0

func AllocName(job, group string, idx uint) string

AllocName returns the name of the allocation given the input.

func AllocSubset added in v1.1.13

func AllocSubset(allocs []*Allocation, subset []*Allocation) bool

func AllocSuffix added in v1.1.0

func AllocSuffix(name string) string

AllocSuffix returns the alloc index suffix that was added by the AllocName function above.

func Bridge added in v0.8.0

func Bridge(a, b io.ReadWriteCloser)

Bridge is used to just link two connections together and copy traffic

func CSIPluginTypeIsValid added in v0.11.0

func CSIPluginTypeIsValid(pt CSIPluginType) bool

CSIPluginTypeIsValid validates the given CSIPluginType string and returns true only when a correct plugin type is specified.

func CodeFromRPCCodedErr added in v0.10.2

func CodeFromRPCCodedErr(err error) (code int, msg string, ok bool)

CodeFromRPCCodedErr returns the code and message of error if it's an RPC error created through NewErrRPCCoded function. Returns `ok` false if error is not an rpc error

func CompareMigrateToken added in v0.8.0

func CompareMigrateToken(allocID, nodeSecretID, otherMigrateToken string) bool

CompareMigrateToken returns true if two migration tokens can be computed and are equal.

func CompileACLObject added in v0.7.0

func CompileACLObject(cache *ACLCache[*acl.ACL], policies []*ACLPolicy) (*acl.ACL, error)

CompileACLObject compiles a set of ACL policies into an ACL object with a cache

func CopyMapStringClientHostVolumeConfig added in v0.10.0

func CopyMapStringClientHostVolumeConfig(m map[string]*ClientHostVolumeConfig) map[string]*ClientHostVolumeConfig

func CopyMapVolumeRequest added in v0.10.0

func CopyMapVolumeRequest(s map[string]*VolumeRequest) map[string]*VolumeRequest

func CronParseNext added in v0.8.2

func CronParseNext(e *cronexpr.Expression, fromTime time.Time, spec string) (t time.Time, err error)

CronParseNext is a helper that parses the next time for the given expression but captures any panic that may occur in the underlying library.

func Decode

func Decode(buf []byte, out interface{}) error

Decode is used to decode a MsgPack encoded object

func DecodeVaultSecretData added in v1.3.0

func DecodeVaultSecretData(s *vapi.Secret, out interface{}) error

DecodeVaultSecretData decodes a Vault sercret Data map into a struct.

func DenormalizeAllocationJobs added in v0.6.0

func DenormalizeAllocationJobs(job *Job, allocs []*Allocation)

DenormalizeAllocationJobs is used to attach a job to all allocations that are non-terminal and do not have a job already. This is useful in cases where the job is normalized.

func DeploymentStatusDescriptionNoRollbackTarget added in v0.6.1

func DeploymentStatusDescriptionNoRollbackTarget(baseDescription string) string

DeploymentStatusDescriptionNoRollbackTarget is used to get the status description of a deployment when there is no target to rollback to but autorevert is desired.

func DeploymentStatusDescriptionRollback added in v0.6.0

func DeploymentStatusDescriptionRollback(baseDescription string, jobVersion uint64) string

DeploymentStatusDescriptionRollback is used to get the status description of a deployment when rolling back to an older job.

func DeploymentStatusDescriptionRollbackNoop added in v0.7.1

func DeploymentStatusDescriptionRollbackNoop(baseDescription string, jobVersion uint64) string

DeploymentStatusDescriptionRollbackNoop is used to get the status description of a deployment when rolling back is not possible because it has the same specification

func DevicesEquals added in v0.9.0

func DevicesEquals(d1, d2 []*NodeDeviceResource) bool

DevicesEquals returns true if the two device arrays are set equal

func DispatchedID added in v0.5.3

func DispatchedID(templateID, idPrefixTemplate string, t time.Time) string

DispatchedID returns an ID appropriate for a job dispatched against a particular parameterized job

func Encode

func Encode(t MessageType, msg interface{}) ([]byte, error)

Encode is used to encode a MsgPack object with type prefix

func GenerateMigrateToken added in v0.8.0

func GenerateMigrateToken(allocID, nodeSecretID string) (string, error)

GenerateMigrateToken will create a token for a client to access an authenticated volume of another client to migrate data for sticky volumes.

func IsErrNoLeader added in v0.8.0

func IsErrNoLeader(err error) bool

IsErrNoLeader returns whether the error is due to there being no leader.

func IsErrNoNodeConn added in v0.8.0

func IsErrNoNodeConn(err error) bool

IsErrNoNodeConn returns whether the error is due to there being no path to the given node.

func IsErrNoRegionPath added in v0.8.0

func IsErrNoRegionPath(err error) bool

IsErrNoRegionPath returns whether the error is due to there being no path to the given region.

func IsErrNoSuchFileOrDirectory added in v1.2.4

func IsErrNoSuchFileOrDirectory(err error) bool

func IsErrNodeLacksRpc added in v0.8.0

func IsErrNodeLacksRpc(err error) bool

IsErrNodeLacksRpc returns whether error is due to a Nomad server being unable to connect to a client node because the client is too old (pre-v0.8).

func IsErrPermissionDenied added in v0.8.0

func IsErrPermissionDenied(err error) bool

IsErrPermissionDenied returns whether the error is due to the operation not being allowed due to lack of permissions.

func IsErrRPCCoded added in v0.10.4

func IsErrRPCCoded(err error) bool

func IsErrTokenNotFound added in v0.8.0

func IsErrTokenNotFound(err error) bool

IsErrTokenNotFound returns whether the error is due to the passed token not being resolvable.

func IsErrUnknownAllocation added in v0.8.0

func IsErrUnknownAllocation(err error) bool

IsErrUnknownAllocation returns whether the error is due to an unknown allocation.

func IsErrUnknownDeployment added in v0.8.0

func IsErrUnknownDeployment(err error) bool

IsErrUnknownDeployment returns whether the error is due to an unknown deployment.

func IsErrUnknownEvaluation added in v0.8.0

func IsErrUnknownEvaluation(err error) bool

IsErrUnknownEvaluation returns whether the error is due to an unknown evaluation.

func IsErrUnknownJob added in v0.8.0

func IsErrUnknownJob(err error) bool

IsErrUnknownJob returns whether the error is due to an unknown job.

func IsErrUnknownMethod added in v0.8.0

func IsErrUnknownMethod(err error) bool

IsErrUnknownMethod returns whether the error is due to the operation not being allowed due to lack of permissions.

func IsErrUnknownNode added in v0.8.0

func IsErrUnknownNode(err error) bool

IsErrUnknownNode returns whether the error is due to an unknown node.

func IsErrUnknownNomadVersion added in v0.8.0

func IsErrUnknownNomadVersion(err error) bool

IsErrUnknownNomadVersion returns whether the error is due to Nomad being unable to determine the version of a node.

func IsRecoverable added in v0.5.3

func IsRecoverable(e error) bool

IsRecoverable returns true if error is a RecoverableError with Recoverable=true. Otherwise false is returned.

func IsServerSide added in v0.8.0

func IsServerSide(e error) bool

IsServerSide returns true if error is a wrapped server side error

func IsUniqueNamespace added in v0.3.0

func IsUniqueNamespace(key string) bool

IsUniqueNamespace returns whether the key is under the unique namespace.

func MountPropagationModeIsValid added in v0.10.2

func MountPropagationModeIsValid(propagationMode string) bool

func NewErrRPCCoded added in v0.10.2

func NewErrRPCCoded(code int, msg string) error

NewErrRPCCoded wraps an RPC error with a code to be converted to HTTP status code

func NewErrRPCCodedf added in v0.10.2

func NewErrRPCCodedf(code int, format string, args ...interface{}) error

NewErrRPCCodedf wraps an RPC error with a code to be converted to HTTP status code.

func NewErrUnknownAllocation added in v0.8.0

func NewErrUnknownAllocation(allocID string) error

NewErrUnknownAllocation returns a new error caused by the allocation being unknown.

func NewErrUnknownDeployment added in v0.8.0

func NewErrUnknownDeployment(deploymentID string) error

NewErrUnknownDeployment returns a new error caused by the deployment being unknown.

func NewErrUnknownEvaluation added in v0.8.0

func NewErrUnknownEvaluation(evaluationID string) error

NewErrUnknownEvaluation returns a new error caused by the evaluation being unknown.

func NewErrUnknownJob added in v0.8.0

func NewErrUnknownJob(jobID string) error

NewErrUnknownJob returns a new error caused by the job being unknown.

func NewErrUnknownNode added in v0.8.0

func NewErrUnknownNode(nodeID string) error

NewErrUnknownNode returns a new error caused by the node being unknown.

func NewRecoverableError added in v0.5.0

func NewRecoverableError(e error, recoverable bool) error

NewRecoverableError is used to wrap an error and mark it as recoverable or not.

func NewWrappedServerError added in v0.8.0

func NewWrappedServerError(e error) error

NewWrappedServerError is used to create a wrapped server side error

func NodeNetworksEquals added in v0.12.0

func NodeNetworksEquals(n1, n2 []*NodeNetworkResource) bool

func NomadJsonEncodingExtensions added in v1.1.0

func NomadJsonEncodingExtensions(h *codec.JsonHandle) *codec.JsonHandle

NomadJsonEncodingExtensions registers all extension functions against the provided JsonHandle. It should be called on any JsonHandle which is used by the API HTTP server.

func ParsePortRanges added in v0.9.0

func ParsePortRanges(spec string) ([]uint64, error)

ParsePortRanges parses the passed port range string and returns a list of the ports. The specification is a comma separated list of either port numbers or port ranges. A port number is a single integer and a port range is two integers separated by a hyphen. As an example the following spec would convert to: ParsePortRanges("10,12-14,16") -> []uint64{10, 12, 13, 14, 16}

func ScoreFitBinPack added in v0.11.2

func ScoreFitBinPack(node *Node, util *ComparableResources) float64

ScoreFitBinPack computes a fit score to achieve pinbacking behavior. Score is in [0, 18]

It's the BestFit v3 on the Google work published here: http://www.columbia.edu/~cs2035/courses/ieor4405.S13/datacenter_scheduling.ppt

func ScoreFitSpread added in v0.11.2

func ScoreFitSpread(node *Node, util *ComparableResources) float64

ScoreFitSpread computes a fit score to achieve spread behavior. Score is in [0, 18]

This is equivalent to Worst Fit of http://www.columbia.edu/~cs2035/courses/ieor4405.S13/datacenter_scheduling.ppt

func ShouldDrainNode

func ShouldDrainNode(status string) bool

ShouldDrainNode checks if a given node status should trigger an evaluation. Some states don't require any further action.

func SplitTerminalAllocs added in v1.2.0

func SplitTerminalAllocs(allocs []*Allocation) ([]*Allocation, TerminalByNodeByName)

SplitTerminalAllocs splits allocs into non-terminal and terminal allocs, with the terminal allocs indexed by node->alloc.name.

func UniqueNamespace added in v0.3.0

func UniqueNamespace(key string) string

UniqueNamespace takes a key and returns the key marked under the unique namespace.

func ValidCSIVolumeAccessMode added in v0.11.0

func ValidCSIVolumeAccessMode(accessMode CSIVolumeAccessMode) bool

ValidCSIVolumeAccessMode checks to see that the provided access mode is a valid, non-empty access mode.

func ValidCSIVolumeAttachmentMode added in v0.11.0

func ValidCSIVolumeAttachmentMode(attachmentMode CSIVolumeAttachmentMode) bool

func ValidCSIVolumeWriteAccessMode added in v0.11.0

func ValidCSIVolumeWriteAccessMode(accessMode CSIVolumeAccessMode) bool

ValidCSIVolumeWriteAccessMode checks for a writable access mode.

func ValidNodeStatus

func ValidNodeStatus(status string) bool

ValidNodeStatus is used to check if a node status is valid

func ValidateConnectProxyService added in v0.10.0

func ValidateConnectProxyService(serviceName string, tgServices []*Service) error

ValidateConnectProxyService checks that the service that is being proxied by this task exists in the task group and contains valid Connect config.

func VaultNamespaceSet added in v0.12.2

func VaultNamespaceSet(policies map[string]map[string]*Vault) []string

VaultNamespaceSet takes the structure returned by VaultPolicies and returns a set of required namespaces

func VaultPoliciesSet added in v0.5.0

func VaultPoliciesSet(policies map[string]map[string]*Vault) []string

VaultPoliciesSet takes the structure returned by VaultPolicies and returns the set of required policies

func WrapRecoverable added in v0.5.6

func WrapRecoverable(msg string, err error) error

WrapRecoverable wraps an existing error in a new RecoverableError with a new message. If the error was recoverable before the returned error is as well; otherwise it is unrecoverable.

Types

type ACLAuthClaims added in v1.5.0

type ACLAuthClaims struct {
	Value map[string]string   `bexpr:"value"`
	List  map[string][]string `bexpr:"list"`
}

ACLAuthClaims is the claim mapping of the OIDC auth method in a format that can be used with go-bexpr. This structure is used during rule binding evaluation.

type ACLAuthMethod added in v1.5.0

type ACLAuthMethod struct {
	Name          string
	Type          string
	TokenLocality string // is the token valid locally or globally?
	MaxTokenTTL   time.Duration
	Default       bool
	Config        *ACLAuthMethodConfig

	Hash []byte

	CreateTime  time.Time
	ModifyTime  time.Time
	CreateIndex uint64
	ModifyIndex uint64
}

ACLAuthMethod is used to capture the properties of an authentication method used for single sing-on

func (*ACLAuthMethod) Canonicalize added in v1.5.0

func (a *ACLAuthMethod) Canonicalize()

Canonicalize performs basic canonicalization on the ACL auth method object.

func (*ACLAuthMethod) Copy added in v1.5.0

func (a *ACLAuthMethod) Copy() *ACLAuthMethod

Copy creates a deep copy of the ACL auth method. This copy can then be safely modified. It handles nil objects.

func (*ACLAuthMethod) Equal added in v1.5.0

func (a *ACLAuthMethod) Equal(other *ACLAuthMethod) bool

func (*ACLAuthMethod) MarshalJSON added in v1.5.0

func (a *ACLAuthMethod) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaler interface and allows ACLAuthMethod.MaxTokenTTL to be marshaled correctly.

func (*ACLAuthMethod) Merge added in v1.5.0

func (a *ACLAuthMethod) Merge(b *ACLAuthMethod)

Merge merges auth method a with method b. It sets all required empty fields of method a to corresponding values of method b, except for "default" and "name."

func (*ACLAuthMethod) SetHash added in v1.5.0

func (a *ACLAuthMethod) SetHash() []byte

SetHash is used to compute and set the hash of the ACL auth method. This should be called every and each time a user specified field on the method is changed before updating the Nomad state store.

func (*ACLAuthMethod) Stub added in v1.5.0

func (a *ACLAuthMethod) Stub() *ACLAuthMethodStub

func (*ACLAuthMethod) TokenLocalityIsGlobal added in v1.5.0

func (a *ACLAuthMethod) TokenLocalityIsGlobal() bool

TokenLocalityIsGlobal returns whether the auth method creates global ACL tokens or not.

func (*ACLAuthMethod) UnmarshalJSON added in v1.5.0

func (a *ACLAuthMethod) UnmarshalJSON(data []byte) (err error)

UnmarshalJSON implements the json.Unmarshaler interface and allows ACLAuthMethod.MaxTokenTTL to be unmarshalled correctly.

func (*ACLAuthMethod) Validate added in v1.5.0

func (a *ACLAuthMethod) Validate(minTTL, maxTTL time.Duration) error

Validate returns an error is the ACLAuthMethod is invalid.

TODO revisit possible other validity conditions in the future

type ACLAuthMethodConfig added in v1.5.0

type ACLAuthMethodConfig struct {
	// A list of PEM-encoded public keys to use to authenticate signatures
	// locally
	JWTValidationPubKeys []string

	// JSON Web Key Sets url for authenticating signatures
	JWKSURL string

	// The OIDC Discovery URL, without any .well-known component (base path)
	OIDCDiscoveryURL string

	// The OAuth Client ID configured with the OIDC provider
	OIDCClientID string

	// The OAuth Client Secret configured with the OIDC provider
	OIDCClientSecret string

	// List of OIDC scopes
	OIDCScopes []string

	// List of auth claims that are valid for login
	BoundAudiences []string

	// The value against which to match the iss claim in a JWT
	BoundIssuer []string

	// A list of allowed values for redirect_uri
	AllowedRedirectURIs []string

	// PEM encoded CA certs for use by the TLS client used to talk with the
	// OIDC Discovery URL.
	DiscoveryCaPem []string

	// PEM encoded CA cert for use by the TLS client used to talk with the JWKS
	// URL
	JWKSCACert string

	// A list of supported signing algorithms
	SigningAlgs []string

	// Duration in seconds of leeway when validating expiration of a token to
	// account for clock skew
	ExpirationLeeway time.Duration

	// Duration in seconds of leeway when validating not before values of a
	// token to account for clock skew.
	NotBeforeLeeway time.Duration

	// Duration in seconds of leeway when validating all claims to account for
	// clock skew.
	ClockSkewLeeway time.Duration

	// Mappings of claims (key) that will be copied to a metadata field
	// (value).
	ClaimMappings     map[string]string
	ListClaimMappings map[string]string
}

ACLAuthMethodConfig is used to store configuration of an auth method

func (*ACLAuthMethodConfig) Copy added in v1.5.0

func (*ACLAuthMethodConfig) MarshalJSON added in v1.5.4

func (a *ACLAuthMethodConfig) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaler interface and allows time.Diration fields to be marshaled correctly.

func (*ACLAuthMethodConfig) UnmarshalJSON added in v1.5.4

func (a *ACLAuthMethodConfig) UnmarshalJSON(data []byte) (err error)

UnmarshalJSON implements the json.Unmarshaler interface and allows time.Duration fields to be unmarshalled correctly.

type ACLAuthMethodDeleteRequest added in v1.5.0

type ACLAuthMethodDeleteRequest struct {
	Names []string
	WriteRequest
}

ACLAuthMethodDeleteRequest is used to delete a set of auth methods by their name

type ACLAuthMethodDeleteResponse added in v1.5.0

type ACLAuthMethodDeleteResponse struct {
	WriteMeta
}

ACLAuthMethodDeleteResponse is a response of the delete ACL auth methods operation

type ACLAuthMethodEvent added in v1.5.0

type ACLAuthMethodEvent struct {
	AuthMethod *ACLAuthMethod
}

ACLAuthMethodEvent holds a newly updated or deleted ACL auth method to be used as an event in the event stream.

type ACLAuthMethodGetRequest added in v1.5.0

type ACLAuthMethodGetRequest struct {
	MethodName string
	QueryOptions
}

ACLAuthMethodGetRequest is used to query a specific auth method

type ACLAuthMethodGetResponse added in v1.5.0

type ACLAuthMethodGetResponse struct {
	AuthMethod *ACLAuthMethod
	QueryMeta
}

ACLAuthMethodGetResponse is used to return a single auth method

type ACLAuthMethodListRequest added in v1.5.0

type ACLAuthMethodListRequest struct {
	QueryOptions
}

ACLAuthMethodListRequest is used to list auth methods

type ACLAuthMethodListResponse added in v1.5.0

type ACLAuthMethodListResponse struct {
	AuthMethods []*ACLAuthMethodStub
	QueryMeta
}

ACLAuthMethodListResponse is used to list auth methods

type ACLAuthMethodStub added in v1.5.0

type ACLAuthMethodStub struct {
	Name    string
	Type    string
	Default bool

	// Hash is the hashed value of the auth-method and is generated using all
	// fields from the full object except the create and modify times and
	// indexes.
	Hash []byte

	CreateIndex uint64
	ModifyIndex uint64
}

ACLAuthMethodStub is used for listing ACL auth methods

type ACLAuthMethodUpsertRequest added in v1.5.0

type ACLAuthMethodUpsertRequest struct {
	AuthMethods []*ACLAuthMethod
	WriteRequest
}

ACLAuthMethodUpsertRequest is used to upsert a set of auth methods

type ACLAuthMethodUpsertResponse added in v1.5.0

type ACLAuthMethodUpsertResponse struct {
	AuthMethods []*ACLAuthMethod
	WriteMeta
}

ACLAuthMethodUpsertResponse is a response of the upsert ACL auth methods operation

type ACLAuthMethodsGetRequest added in v1.5.0

type ACLAuthMethodsGetRequest struct {
	Names []string
	QueryOptions
}

ACLAuthMethodsGetRequest is used to query a set of auth methods

type ACLAuthMethodsGetResponse added in v1.5.0

type ACLAuthMethodsGetResponse struct {
	AuthMethods map[string]*ACLAuthMethod
	QueryMeta
}

ACLAuthMethodsGetResponse is used to return a set of auth methods

type ACLBindingRule added in v1.5.0

type ACLBindingRule struct {

	// ID is an internally generated UUID for this rule and is controlled by
	// Nomad.
	ID string

	// Description is a human-readable, operator set description that can
	// provide additional context about the binding role. This is an
	// operational field.
	Description string

	// AuthMethod is the name of the auth method for which this rule applies
	// to. This is required and the method must exist within state before the
	// cluster administrator can create the rule.
	AuthMethod string

	// Selector is an expression that matches against verified identity
	// attributes returned from the auth method during login. This is optional
	// and when not set, provides a catch-all rule.
	Selector string

	// BindType adjusts how this binding rule is applied at login time. The
	// valid values are ACLBindingRuleBindTypeRole,
	// ACLBindingRuleBindTypePolicy, and ACLBindingRuleBindTypeManagement.
	BindType string

	// BindName is the target of the binding. Can be lightly templated using
	// HIL ${foo} syntax from available field names. How it is used depends
	// upon the BindType.
	BindName string

	// Hash is the hashed value of the binding rule and is generated using all
	// fields from the full object except the create and modify times and
	// indexes.
	Hash []byte

	CreateTime  time.Time
	ModifyTime  time.Time
	CreateIndex uint64
	ModifyIndex uint64
}

ACLBindingRule contains a direct relation to an ACLAuthMethod and represents a rule to apply when logging in via the named AuthMethod. This allows the transformation of OIDC provider claims, to Nomad based ACL concepts such as ACL Roles and Policies.

func (*ACLBindingRule) Canonicalize added in v1.5.0

func (a *ACLBindingRule) Canonicalize()

Canonicalize performs basic canonicalization on the ACL token object. It is important for callers to understand certain fields such as ID are set if it is empty, so copies should be taken if needed before calling this function.

func (*ACLBindingRule) Copy added in v1.5.0

func (a *ACLBindingRule) Copy() *ACLBindingRule

Copy creates a deep copy of the ACL binding rule. This copy can then be safely modified. It handles nil objects.

func (*ACLBindingRule) Equal added in v1.5.0

func (a *ACLBindingRule) Equal(other *ACLBindingRule) bool

Equal performs an equality check on the two ACL binding rules. It handles nil objects.

func (*ACLBindingRule) Merge added in v1.5.0

func (a *ACLBindingRule) Merge(b *ACLBindingRule)

Merge merges binding rule a with b. It sets all required empty fields of rule a to corresponding values of rule b, except for "ID" which must be provided.

func (*ACLBindingRule) SetHash added in v1.5.0

func (a *ACLBindingRule) SetHash() []byte

SetHash is used to compute and set the hash of the ACL binding rule. This should be called every and each time a user specified field on the method is changed before updating the Nomad state store.

func (*ACLBindingRule) Stub added in v1.5.0

Stub converts the ACLBindingRule object into a ACLBindingRuleListStub object.

func (*ACLBindingRule) Validate added in v1.5.0

func (a *ACLBindingRule) Validate() error

Validate ensures the ACL binding rule contains valid information which meets Nomad's internal requirements.

type ACLBindingRuleEvent added in v1.5.0

type ACLBindingRuleEvent struct {
	ACLBindingRule *ACLBindingRule
}

ACLBindingRuleEvent holds a newly updated or deleted ACL binding rule to be used as an event in the event stream.

type ACLBindingRuleListStub added in v1.5.0

type ACLBindingRuleListStub struct {

	// ID is an internally generated UUID for this role and is controlled by
	// Nomad.
	ID string

	// Description is a human-readable, operator set description that can
	// provide additional context about the binding role. This is an
	// operational field.
	Description string

	// AuthMethod is the name of the auth method for which this rule applies
	// to. This is required and the method must exist within state before the
	// cluster administrator can create the rule.
	AuthMethod string

	// Hash is the hashed value of the binding rule and is generated using all
	// fields from the full object except the create and modify times and
	// indexes.
	Hash []byte

	CreateIndex uint64
	ModifyIndex uint64
}

ACLBindingRuleListStub is the stub object returned when performing a listing of ACL binding rules.

type ACLBindingRuleRequest added in v1.5.0

type ACLBindingRuleRequest struct {
	ACLBindingRuleID string
	QueryOptions
}

ACLBindingRuleRequest is the request object to perform a lookup of an ACL binding rule using a specific ID.

type ACLBindingRuleResponse added in v1.5.0

type ACLBindingRuleResponse struct {
	ACLBindingRule *ACLBindingRule
	QueryMeta
}

ACLBindingRuleResponse is the response object when performing a lookup of an ACL binding rule matching a specific ID.

type ACLBindingRulesDeleteRequest added in v1.5.0

type ACLBindingRulesDeleteRequest struct {
	ACLBindingRuleIDs []string
	WriteRequest
}

ACLBindingRulesDeleteRequest is used to delete a set of ACL binding rules by their IDs.

type ACLBindingRulesDeleteResponse added in v1.5.0

type ACLBindingRulesDeleteResponse struct {
	WriteMeta
}

ACLBindingRulesDeleteResponse is a response of the delete ACL binding rules operation.

type ACLBindingRulesListRequest added in v1.5.0

type ACLBindingRulesListRequest struct {
	QueryOptions
}

ACLBindingRulesListRequest is the request object when performing ACL binding rules listings.

type ACLBindingRulesListResponse added in v1.5.0

type ACLBindingRulesListResponse struct {
	ACLBindingRules []*ACLBindingRuleListStub
	QueryMeta
}

ACLBindingRulesListResponse is the response object when performing ACL binding rule listings.

type ACLBindingRulesRequest added in v1.5.0

type ACLBindingRulesRequest struct {
	ACLBindingRuleIDs []string
	QueryOptions
}

ACLBindingRulesRequest is the request object when performing a lookup of multiple binding rules by the ID.

type ACLBindingRulesResponse added in v1.5.0

type ACLBindingRulesResponse struct {
	ACLBindingRules map[string]*ACLBindingRule
	QueryMeta
}

ACLBindingRulesResponse is the response object when performing a lookup of multiple binding rules by their IDs.

type ACLBindingRulesUpsertRequest added in v1.5.0

type ACLBindingRulesUpsertRequest struct {
	ACLBindingRules []*ACLBindingRule

	// AllowMissingAuthMethods skips the ACL binding rule auth method link
	// verification and is used by the replication process. The replication
	// cannot ensure auth methods are present before ACL binding rules are
	// replicated.
	AllowMissingAuthMethods bool

	WriteRequest
}

ACLBindingRulesUpsertRequest is used to upsert a set of ACL binding rules.

type ACLBindingRulesUpsertResponse added in v1.5.0

type ACLBindingRulesUpsertResponse struct {
	ACLBindingRules []*ACLBindingRule
	WriteMeta
}

ACLBindingRulesUpsertResponse is a response of the upsert ACL binding rules operation.

type ACLCache added in v1.5.0

type ACLCache[T any] struct {
	*lru.TwoQueueCache[string, ACLCacheEntry[T]]
	// contains filtered or unexported fields
}

An ACLCache caches ACL tokens by their policy content.

func NewACLCache added in v1.5.0

func NewACLCache[T any](size int) *ACLCache[T]

func (*ACLCache[T]) Add added in v1.5.0

func (c *ACLCache[T]) Add(key string, item T)

func (*ACLCache[T]) AddAtTime added in v1.5.0

func (c *ACLCache[T]) AddAtTime(key string, item T, now time.Time)

type ACLCacheEntry added in v1.5.0

type ACLCacheEntry[T any] lang.Pair[T, time.Time]

func (ACLCacheEntry[T]) Age added in v1.5.0

func (e ACLCacheEntry[T]) Age() time.Duration

func (ACLCacheEntry[T]) Get added in v1.5.0

func (e ACLCacheEntry[T]) Get() T

type ACLLoginRequest added in v1.5.4

type ACLLoginRequest struct {

	// AuthMethodName is the name of the auth method being used to login. This
	// is a required parameter.
	AuthMethodName string

	// LoginToken is the 3rd party token that we use to exchange for Nomad ACL
	// Token in order to authenticate. This is a required parameter.
	LoginToken string

	WriteRequest
}

ACLLoginRequest is the request object to begin auth with an external token provider.

func (*ACLLoginRequest) Validate added in v1.5.4

func (a *ACLLoginRequest) Validate() error

Validate ensures the request object contains all the required fields in order to complete the authentication flow.

type ACLLoginResponse added in v1.5.4

type ACLLoginResponse struct {
	ACLToken *ACLToken
	WriteMeta
}

ACLLoginResponse is the response when the auth flow has been completed successfully.

type ACLOIDCAuthURLRequest added in v1.5.0

type ACLOIDCAuthURLRequest struct {

	// AuthMethodName is the OIDC auth-method to use. This is a required
	// parameter.
	AuthMethodName string

	// RedirectURI is the URL that authorization should redirect to. This is a
	// required parameter.
	RedirectURI string

	// ClientNonce is a randomly generated string to prevent replay attacks. It
	// is up to the client to generate this and Go integrations should use the
	// oidc.NewID function within the hashicorp/cap library. This must then be
	// passed back to ACLOIDCCompleteAuthRequest. This is a required parameter.
	ClientNonce string

	// WriteRequest is used due to the requirement by the RPC forwarding
	// mechanism. This request doesn't write anything to Nomad's internal
	// state.
	WriteRequest
}

ACLOIDCAuthURLRequest is the request to make when starting the OIDC authentication login flow.

func (*ACLOIDCAuthURLRequest) Validate added in v1.5.0

func (a *ACLOIDCAuthURLRequest) Validate() error

Validate ensures the request object contains all the required fields in order to start the OIDC authentication flow.

type ACLOIDCAuthURLResponse added in v1.5.0

type ACLOIDCAuthURLResponse struct {

	// AuthURL is URL to begin authorization and is where the user logging in
	// should go.
	AuthURL string
}

ACLOIDCAuthURLResponse is the response when starting the OIDC authentication login flow.

type ACLOIDCCompleteAuthRequest added in v1.5.0

type ACLOIDCCompleteAuthRequest struct {

	// AuthMethodName is the name of the auth method being used to login via
	// OIDC. This will match ACLOIDCAuthURLRequest.AuthMethodName. This is a
	// required parameter.
	AuthMethodName string

	// ClientNonce, State, and Code are provided from the parameters given to
	// the redirect URL. These are all required parameters.
	ClientNonce string
	State       string
	Code        string

	// RedirectURI is the URL that authorization should redirect to. This is a
	// required parameter.
	RedirectURI string

	WriteRequest
}

ACLOIDCCompleteAuthRequest is the request object to begin completing the OIDC auth cycle after receiving the callback from the OIDC provider.

func (*ACLOIDCCompleteAuthRequest) Validate added in v1.5.0

func (a *ACLOIDCCompleteAuthRequest) Validate() error

Validate ensures the request object contains all the required fields in order to complete the OIDC authentication flow.

type ACLPolicy added in v0.7.0

type ACLPolicy struct {
	Name        string      // Unique name
	Description string      // Human readable
	Rules       string      // HCL or JSON format
	RulesJSON   *acl.Policy // Generated from Rules on read
	JobACL      *JobACL
	Hash        []byte

	CreateIndex uint64
	ModifyIndex uint64
}

ACLPolicy is used to represent an ACL policy

func (*ACLPolicy) SetHash added in v0.7.0

func (a *ACLPolicy) SetHash() []byte

SetHash is used to compute and set the hash of the ACL policy

func (*ACLPolicy) Stub added in v0.7.0

func (a *ACLPolicy) Stub() *ACLPolicyListStub

func (*ACLPolicy) Validate added in v0.7.0

func (a *ACLPolicy) Validate() error

type ACLPolicyDeleteRequest added in v0.7.0

type ACLPolicyDeleteRequest struct {
	Names []string
	WriteRequest
}

ACLPolicyDeleteRequest is used to delete a set of policies

type ACLPolicyEvent added in v1.0.0

type ACLPolicyEvent struct {
	ACLPolicy *ACLPolicy
}

type ACLPolicyListRequest added in v0.7.0

type ACLPolicyListRequest struct {
	QueryOptions
}

ACLPolicyListRequest is used to request a list of policies

type ACLPolicyListResponse added in v0.7.0

type ACLPolicyListResponse struct {
	Policies []*ACLPolicyListStub
	QueryMeta
}

ACLPolicyListResponse is used for a list request

type ACLPolicyListStub added in v0.7.0

type ACLPolicyListStub struct {
	Name        string
	Description string
	Hash        []byte
	CreateIndex uint64
	ModifyIndex uint64
}

ACLPolicyListStub is used to for listing ACL policies

type ACLPolicySetRequest added in v0.7.0

type ACLPolicySetRequest struct {
	Names []string
	QueryOptions
}

ACLPolicySetRequest is used to query a set of policies

type ACLPolicySetResponse added in v0.7.0

type ACLPolicySetResponse struct {
	Policies map[string]*ACLPolicy
	QueryMeta
}

ACLPolicySetResponse is used to return a set of policies

type ACLPolicySpecificRequest added in v0.7.0

type ACLPolicySpecificRequest struct {
	Name string
	QueryOptions
}

ACLPolicySpecificRequest is used to query a specific policy

type ACLPolicyUpsertRequest added in v0.7.0

type ACLPolicyUpsertRequest struct {
	Policies []*ACLPolicy
	WriteRequest
}

ACLPolicyUpsertRequest is used to upsert a set of policies

type ACLRole added in v1.4.0

type ACLRole struct {

	// ID is an internally generated UUID for this role and is controlled by
	// Nomad.
	ID string

	// Name is unique across the entire set of federated clusters and is
	// supplied by the operator on role creation. The name can be modified by
	// updating the role and including the Nomad generated ID. This update will
	// not affect tokens created and linked to this role. This is a required
	// field.
	Name string

	// Description is a human-readable, operator set description that can
	// provide additional context about the role. This is an operational field.
	Description string

	// Policies is an array of ACL policy links. Although currently policies
	// can only be linked using their name, in the future we will want to add
	// IDs also and thus allow operators to specify either a name, an ID, or
	// both.
	Policies []*ACLRolePolicyLink

	// Hash is the hashed value of the role and is generated using all fields
	// above this point.
	Hash []byte

	CreateIndex uint64
	ModifyIndex uint64
}

ACLRole is an abstraction for the ACL system which allows the grouping of ACL policies into a single object. ACL tokens can be created and linked to a role; the token then inherits all the permissions granted by the policies.

func (*ACLRole) Canonicalize added in v1.4.0

func (a *ACLRole) Canonicalize()

Canonicalize performs basic canonicalization on the ACL role object. It is important for callers to understand certain fields such as ID are set if it is empty, so copies should be taken if needed before calling this function.

func (*ACLRole) Copy added in v1.4.0

func (a *ACLRole) Copy() *ACLRole

Copy creates a deep copy of the ACL role. This copy can then be safely modified. It handles nil objects.

func (*ACLRole) Equal added in v1.5.0

func (a *ACLRole) Equal(o *ACLRole) bool

Equal performs an equality check on the two service registrations. It handles nil objects.

func (*ACLRole) SetHash added in v1.4.0

func (a *ACLRole) SetHash() []byte

SetHash is used to compute and set the hash of the ACL role. This should be called every and each time a user specified field on the role is changed before updating the Nomad state store.

func (*ACLRole) Stub added in v1.4.0

func (a *ACLRole) Stub() *ACLRoleListStub

Stub converts the ACLRole object into a ACLRoleListStub object.

func (*ACLRole) Validate added in v1.4.0

func (a *ACLRole) Validate() error

Validate ensure the ACL role contains valid information which meets Nomad's internal requirements. This does not include any state calls, such as ensuring the linked policies exist.

type ACLRoleByIDRequest added in v1.4.0

type ACLRoleByIDRequest struct {
	RoleID string
	QueryOptions
}

ACLRoleByIDRequest is the request object to perform a lookup of an ACL role using a specific ID.

type ACLRoleByIDResponse added in v1.4.0

type ACLRoleByIDResponse struct {
	ACLRole *ACLRole
	QueryMeta
}

ACLRoleByIDResponse is the response object when performing a lookup of an ACL role matching a specific ID.

type ACLRoleByNameRequest added in v1.4.0

type ACLRoleByNameRequest struct {
	RoleName string
	QueryOptions
}

ACLRoleByNameRequest is the request object to perform a lookup of an ACL role using a specific name.

type ACLRoleByNameResponse added in v1.4.0

type ACLRoleByNameResponse struct {
	ACLRole *ACLRole
	QueryMeta
}

ACLRoleByNameResponse is the response object when performing a lookup of an ACL role matching a specific name.

type ACLRoleListStub added in v1.4.0

type ACLRoleListStub struct {

	// ID is an internally generated UUID for this role and is controlled by
	// Nomad.
	ID string

	// Name is unique across the entire set of federated clusters and is
	// supplied by the operator on role creation. The name can be modified by
	// updating the role and including the Nomad generated ID. This update will
	// not affect tokens created and linked to this role. This is a required
	// field.
	Name string

	// Description is a human-readable, operator set description that can
	// provide additional context about the role. This is an operational field.
	Description string

	// Policies is an array of ACL policy links. Although currently policies
	// can only be linked using their name, in the future we will want to add
	// IDs also and thus allow operators to specify either a name, an ID, or
	// both.
	Policies []*ACLRolePolicyLink

	// Hash is the hashed value of the role and is generated using all fields
	// above this point.
	Hash []byte

	CreateIndex uint64
	ModifyIndex uint64
}

ACLRoleListStub is the stub object returned when performing a listing of ACL roles. While it might not currently be different to the full response object, it allows us to future-proof the RPC in the event the ACLRole object grows over time.

type ACLRolePolicyLink struct {

	// Name is the ACLPolicy.Name value which will be linked to the ACL role.
	Name string
}

ACLRolePolicyLink is used to link a policy to an ACL role. We use a struct rather than a list of strings as in the future we will want to add IDs to policies and then link via these.

type ACLRoleStreamEvent added in v1.4.2

type ACLRoleStreamEvent struct {
	ACLRole *ACLRole
}

ACLRoleStreamEvent holds a newly updated or deleted ACL role to be used as an event within the event stream.

type ACLRolesByIDRequest added in v1.4.0

type ACLRolesByIDRequest struct {
	ACLRoleIDs []string
	QueryOptions
}

ACLRolesByIDRequest is the request object when performing a lookup of multiple roles by the ID.

type ACLRolesByIDResponse added in v1.4.0

type ACLRolesByIDResponse struct {
	ACLRoles map[string]*ACLRole
	QueryMeta
}

ACLRolesByIDResponse is the response object when performing a lookup of multiple roles by their IDs.

type ACLRolesDeleteByIDRequest added in v1.4.0

type ACLRolesDeleteByIDRequest struct {
	ACLRoleIDs []string
	WriteRequest
}

ACLRolesDeleteByIDRequest is the request object to delete one or more ACL roles using the role ID.

type ACLRolesDeleteByIDResponse added in v1.4.0

type ACLRolesDeleteByIDResponse struct {
	WriteMeta
}

ACLRolesDeleteByIDResponse is the response object when performing a deletion of one or more ACL roles using the role ID.

type ACLRolesListRequest added in v1.4.0

type ACLRolesListRequest struct {
	QueryOptions
}

ACLRolesListRequest is the request object when performing ACL role listings.

type ACLRolesListResponse added in v1.4.0

type ACLRolesListResponse struct {
	ACLRoles []*ACLRoleListStub
	QueryMeta
}

ACLRolesListResponse is the response object when performing ACL role listings.

type ACLRolesUpsertRequest added in v1.4.0

type ACLRolesUpsertRequest struct {
	ACLRoles []*ACLRole

	// AllowMissingPolicies skips the ACL Role policy link verification and is
	// used by the replication process. The replication cannot ensure policies
	// are present before ACL Roles are replicated.
	AllowMissingPolicies bool

	WriteRequest
}

ACLRolesUpsertRequest is the request object used to upsert one or more ACL roles.

type ACLRolesUpsertResponse added in v1.4.0

type ACLRolesUpsertResponse struct {
	ACLRoles []*ACLRole
	WriteMeta
}

ACLRolesUpsertResponse is the response object when one or more ACL roles have been successfully upserted into state.

type ACLToken added in v0.7.0

type ACLToken struct {
	AccessorID string   // Public Accessor ID (UUID)
	SecretID   string   // Secret ID, private (UUID)
	Name       string   // Human friendly name
	Type       string   // Client or Management
	Policies   []string // Policies this token ties to

	// Roles represents the ACL roles that this token is tied to. The token
	// will inherit the permissions of all policies detailed within the role.
	Roles []*ACLTokenRoleLink

	Global     bool // Global or Region local
	Hash       []byte
	CreateTime time.Time // Time of creation

	// ExpirationTime represents the point after which a token should be
	// considered revoked and is eligible for destruction. This time should
	// always use UTC to account for multi-region global tokens. It is a
	// pointer, so we can store nil, rather than the zero value of time.Time.
	ExpirationTime *time.Time

	// ExpirationTTL is a convenience field for helping set ExpirationTime to a
	// value of CreateTime+ExpirationTTL. This can only be set during token
	// creation. This is a string version of a time.Duration like "2m".
	ExpirationTTL time.Duration

	CreateIndex uint64
	ModifyIndex uint64
}

ACLToken represents a client token which is used to Authenticate

func (*ACLToken) Canonicalize added in v1.4.0

func (a *ACLToken) Canonicalize()

Canonicalize performs basic canonicalization on the ACL token object. It is important for callers to understand certain fields such as AccessorID are set if it is empty, so copies should be taken if needed before calling this function.

func (*ACLToken) Copy added in v1.0.1

func (a *ACLToken) Copy() *ACLToken

func (*ACLToken) GetCreateIndex added in v1.3.0

func (a *ACLToken) GetCreateIndex() uint64

GetCreateIndex implements the CreateIndexGetter interface, required for pagination.

func (*ACLToken) GetID added in v1.3.0

func (a *ACLToken) GetID() string

GetID implements the IDGetter interface, required for pagination.

func (*ACLToken) HasExpirationTime added in v1.4.0

func (a *ACLToken) HasExpirationTime() bool

HasExpirationTime checks whether the ACL token has an expiration time value set.

func (*ACLToken) HasRoles added in v1.4.2

func (a *ACLToken) HasRoles(roleIDs []string) bool

HasRoles checks if a given set of role IDs are assigned to the ACL token. It does not account for management tokens, therefore it is the responsibility of the caller to perform this check, if required.

func (*ACLToken) IsExpired added in v1.4.0

func (a *ACLToken) IsExpired(t time.Time) bool

IsExpired compares the ACLToken.ExpirationTime against the passed t to identify whether the token is considered expired. The function can be called without checking whether the ACL token has an expiry time.

func (*ACLToken) MarshalJSON added in v1.4.5

func (a *ACLToken) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaler interface and allows ACLToken.ExpirationTTL to be marshaled correctly.

func (*ACLToken) SetHash added in v0.7.0

func (a *ACLToken) SetHash() []byte

SetHash is used to compute and set the hash of the ACL token. It only hashes fields which can be updated, and as such, does not hash fields such as ExpirationTime.

func (*ACLToken) Stub added in v0.7.0

func (a *ACLToken) Stub() *ACLTokenListStub

func (*ACLToken) UnmarshalJSON added in v1.4.5

func (a *ACLToken) UnmarshalJSON(data []byte) (err error)

UnmarshalJSON implements the json.Unmarshaler interface and allows ACLToken.ExpirationTTL to be unmarshalled correctly.

func (*ACLToken) Validate added in v0.7.0

func (a *ACLToken) Validate(minTTL, maxTTL time.Duration, existing *ACLToken) error

Validate is used to check a token for reasonableness

type ACLTokenBootstrapRequest added in v0.7.0

type ACLTokenBootstrapRequest struct {
	Token           *ACLToken // Not client specifiable
	ResetIndex      uint64    // Reset index is used to clear the bootstrap token
	BootstrapSecret string
	WriteRequest
}

ACLTokenBootstrapRequest is used to bootstrap ACLs

type ACLTokenDeleteRequest added in v0.7.0

type ACLTokenDeleteRequest struct {
	AccessorIDs []string
	WriteRequest
}

ACLTokenDeleteRequest is used to delete a set of tokens

type ACLTokenEvent added in v1.0.0

type ACLTokenEvent struct {
	ACLToken *ACLToken
	// contains filtered or unexported fields
}

func NewACLTokenEvent added in v1.0.1

func NewACLTokenEvent(token *ACLToken) *ACLTokenEvent

NewACLTokenEvent takes a token and creates a new ACLTokenEvent. It creates a copy of the passed in ACLToken and empties out the copied tokens SecretID

func (*ACLTokenEvent) SecretID added in v1.0.1

func (a *ACLTokenEvent) SecretID() string

type ACLTokenListRequest added in v0.7.0

type ACLTokenListRequest struct {
	GlobalOnly bool
	QueryOptions
}

ACLTokenListRequest is used to request a list of tokens

type ACLTokenListResponse added in v0.7.0

type ACLTokenListResponse struct {
	Tokens []*ACLTokenListStub
	QueryMeta
}

ACLTokenListResponse is used for a list request

type ACLTokenListStub added in v0.7.0

type ACLTokenListStub struct {
	AccessorID     string
	Name           string
	Type           string
	Policies       []string
	Roles          []*ACLTokenRoleLink
	Global         bool
	Hash           []byte
	CreateTime     time.Time
	ExpirationTime *time.Time
	CreateIndex    uint64
	ModifyIndex    uint64
}
type ACLTokenRoleLink struct {

	// ID is the ACLRole.ID UUID. This field is immutable and represents the
	// absolute truth for the link.
	ID string

	// Name is the human friendly identifier for the ACL role and is a
	// convenience field for operators. This field is always resolved to the
	// ID and discarded before the token is stored in state. This is because
	// operators can change the name of an ACL role.
	Name string
}

ACLTokenRoleLink is used to link an ACL token to an ACL role. The ACL token can therefore inherit all the ACL policy permissions that the ACL role contains.

type ACLTokenSetRequest added in v0.7.0

type ACLTokenSetRequest struct {
	AccessorIDS []string
	QueryOptions
}

ACLTokenSetRequest is used to query a set of tokens

type ACLTokenSetResponse added in v0.7.0

type ACLTokenSetResponse struct {
	Tokens map[string]*ACLToken // Keyed by Accessor ID
	QueryMeta
}

ACLTokenSetResponse is used to return a set of token

type ACLTokenSpecificRequest added in v0.7.0

type ACLTokenSpecificRequest struct {
	AccessorID string
	QueryOptions
}

ACLTokenSpecificRequest is used to query a specific token

type ACLTokenUpsertRequest added in v0.7.0

type ACLTokenUpsertRequest struct {
	Tokens []*ACLToken
	WriteRequest
}

ACLTokenUpsertRequest is used to upsert a set of tokens

type ACLTokenUpsertResponse added in v0.7.0

type ACLTokenUpsertResponse struct {
	Tokens []*ACLToken
	WriteMeta
}

ACLTokenUpsertResponse is used to return from an ACLTokenUpsertRequest

type ACLWhoAmIResponse added in v1.5.0

type ACLWhoAmIResponse struct {
	Identity *AuthenticatedIdentity
	QueryMeta
}

type Affinities added in v0.9.2

type Affinities []*Affinity

func (*Affinities) Equal added in v1.5.0

func (xs *Affinities) Equal(ys *Affinities) bool

Equal compares Affinities as a set

type Affinity added in v0.9.0

type Affinity struct {
	LTarget string // Left-hand target
	RTarget string // Right-hand target
	Operand string // Affinity operand (<=, <, =, !=, >, >=), set_contains_all, set_contains_any
	Weight  int8   // Weight applied to nodes that match the affinity. Can be negative
}

Affinity is used to score placement options based on a weight

func CopySliceAffinities added in v0.9.0

func CopySliceAffinities(s []*Affinity) []*Affinity

func (*Affinity) Copy added in v0.9.0

func (a *Affinity) Copy() *Affinity

func (*Affinity) Equal added in v0.9.0

func (a *Affinity) Equal(o *Affinity) bool

Equal checks if two affinities are equal.

func (*Affinity) String added in v0.9.0

func (a *Affinity) String() string

func (*Affinity) Validate added in v0.9.0

func (a *Affinity) Validate() error

type AgentPprofRequest added in v0.10.4

type AgentPprofRequest struct {
	// ReqType specifies the profile to use
	ReqType pprof.ReqType

	// Profile specifies the runtime/pprof profile to lookup and generate.
	Profile string

	// Seconds is the number of seconds to capture a profile
	Seconds int

	// Debug specifies if pprof profile should inclue debug output
	Debug int

	// GC specifies if the profile should call runtime.GC() before
	// running its profile. This is only used for "heap" profiles
	GC int

	// NodeID is the node we want to track the logs of
	NodeID string

	// ServerID is the server we want to track the logs of
	ServerID string

	QueryOptions
}

AgentPprofRequest is used to request a pprof report for a given node.

type AgentPprofResponse added in v0.10.4

type AgentPprofResponse struct {
	// ID of the agent that fulfilled the request
	AgentID string

	// Payload is the generated pprof profile
	Payload []byte

	// HTTPHeaders are a set of key value pairs to be applied as
	// HTTP headers for a specific runtime profile
	HTTPHeaders map[string]string
}

AgentPprofResponse is used to return a generated pprof profile

type AllocDeploymentStatus added in v0.6.0

type AllocDeploymentStatus struct {
	// Healthy marks whether the allocation has been marked healthy or unhealthy
	// as part of a deployment. It can be unset if it has neither been marked
	// healthy or unhealthy.
	Healthy *bool

	// Timestamp is the time at which the health status was set.
	Timestamp time.Time

	// Canary marks whether the allocation is a canary or not. A canary that has
	// been promoted will have this field set to false.
	Canary bool

	// ModifyIndex is the raft index in which the deployment status was last
	// changed.
	ModifyIndex uint64
}

AllocDeploymentStatus captures the status of the allocation as part of the deployment. This can include things like if the allocation has been marked as healthy.

func (*AllocDeploymentStatus) Copy added in v0.6.0

func (*AllocDeploymentStatus) HasHealth added in v0.8.0

func (a *AllocDeploymentStatus) HasHealth() bool

HasHealth returns true if the allocation has its health set.

func (*AllocDeploymentStatus) IsCanary added in v0.8.4

func (a *AllocDeploymentStatus) IsCanary() bool

IsCanary returns if the allocation is marked as a canary

func (*AllocDeploymentStatus) IsHealthy added in v0.6.0

func (a *AllocDeploymentStatus) IsHealthy() bool

IsHealthy returns if the allocation is marked as healthy as part of a deployment

func (*AllocDeploymentStatus) IsUnhealthy added in v0.6.0

func (a *AllocDeploymentStatus) IsUnhealthy() bool

IsUnhealthy returns if the allocation is marked as unhealthy as part of a deployment

type AllocInfo added in v1.4.0

type AllocInfo struct {
	AllocID string

	// Group in which the service belongs for a group-level service, or the
	// group in which task belongs for a task-level service.
	Group string

	// Task in which the service belongs for task-level service. Will be empty
	// for a group-level service.
	Task string

	// JobID provides additional context for providers regarding which job
	// caused this registration.
	JobID string

	// NomadNamespace provides additional context for providers regarding which
	// nomad namespace caused this registration.
	Namespace string
}

type AllocListRequest

type AllocListRequest struct {
	QueryOptions

	Fields *AllocStubFields
}

AllocListRequest is used to request a list of allocations

type AllocListResponse

type AllocListResponse struct {
	Allocations []*AllocListStub
	QueryMeta
}

AllocListResponse is used for a list request

type AllocListStub

type AllocListStub struct {
	ID                    string
	EvalID                string
	Name                  string
	Namespace             string
	NodeID                string
	NodeName              string
	JobID                 string
	JobType               string
	JobVersion            uint64
	TaskGroup             string
	AllocatedResources    *AllocatedResources `json:",omitempty"`
	DesiredStatus         string
	DesiredDescription    string
	ClientStatus          string
	ClientDescription     string
	DesiredTransition     DesiredTransition
	TaskStates            map[string]*TaskState
	DeploymentStatus      *AllocDeploymentStatus
	FollowupEvalID        string
	RescheduleTracker     *RescheduleTracker
	PreemptedAllocations  []string
	PreemptedByAllocation string
	CreateIndex           uint64
	ModifyIndex           uint64
	CreateTime            int64
	ModifyTime            int64
}

AllocListStub is used to return a subset of alloc information

func (*AllocListStub) SetEventDisplayMessages added in v0.7.1

func (a *AllocListStub) SetEventDisplayMessages()

SetEventDisplayMessages populates the display message if its not already set, a temporary fix to handle old allocations that don't have it. This method will be removed in a future release.

type AllocMetric

type AllocMetric struct {
	// NodesEvaluated is the number of nodes that were evaluated
	NodesEvaluated int

	// NodesFiltered is the number of nodes filtered due to a constraint
	NodesFiltered int

	// NodesAvailable is the number of nodes available for evaluation per DC.
	NodesAvailable map[string]int

	// ClassFiltered is the number of nodes filtered by class
	ClassFiltered map[string]int

	// ConstraintFiltered is the number of failures caused by constraint
	ConstraintFiltered map[string]int

	// NodesExhausted is the number of nodes skipped due to being
	// exhausted of at least one resource
	NodesExhausted int

	// ClassExhausted is the number of nodes exhausted by class
	ClassExhausted map[string]int

	// DimensionExhausted provides the count by dimension or reason
	DimensionExhausted map[string]int

	// QuotaExhausted provides the exhausted dimensions
	QuotaExhausted []string

	// ResourcesExhausted provides the amount of resources exhausted by task
	// during the allocation placement
	ResourcesExhausted map[string]*Resources

	// Scores is the scores of the final few nodes remaining
	// for placement. The top score is typically selected.
	// Deprecated: Replaced by ScoreMetaData in Nomad 0.9
	Scores map[string]float64

	// ScoreMetaData is a slice of top scoring nodes displayed in the CLI
	ScoreMetaData []*NodeScoreMeta

	// AllocationTime is a measure of how long the allocation
	// attempt took. This can affect performance and SLAs.
	AllocationTime time.Duration

	// CoalescedFailures indicates the number of other
	// allocations that were coalesced into this failed allocation.
	// This is to prevent creating many failed allocations for a
	// single task group.
	CoalescedFailures int
	// contains filtered or unexported fields
}

AllocMetric is used to track various metrics while attempting to make an allocation. These are used to debug a job, or to better understand the pressure within the system.

func (*AllocMetric) Copy added in v0.3.0

func (a *AllocMetric) Copy() *AllocMetric

func (*AllocMetric) EvaluateNode

func (a *AllocMetric) EvaluateNode()

func (*AllocMetric) ExhaustQuota added in v0.7.0

func (a *AllocMetric) ExhaustQuota(dimensions []string)

func (*AllocMetric) ExhaustResources added in v1.1.0

func (a *AllocMetric) ExhaustResources(tg *TaskGroup)

ExhaustResources updates the amount of resources exhausted for the allocation because of the given task group.

func (*AllocMetric) ExhaustedNode

func (a *AllocMetric) ExhaustedNode(node *Node, dimension string)

func (*AllocMetric) FilterNode

func (a *AllocMetric) FilterNode(node *Node, constraint string)

func (*AllocMetric) MaxNormScore added in v1.3.0

func (a *AllocMetric) MaxNormScore() *NodeScoreMeta

MaxNormScore returns the ScoreMetaData entry with the highest normalized score.

func (*AllocMetric) PopulateScoreMetaData added in v0.9.0

func (a *AllocMetric) PopulateScoreMetaData()

PopulateScoreMetaData populates a map of scorer to scoring metadata The map is populated by popping elements from a heap of top K scores maintained per scorer

func (*AllocMetric) ScoreNode

func (a *AllocMetric) ScoreNode(node *Node, name string, score float64)

ScoreNode is used to gather top K scoring nodes in a heap

type AllocNetworkStatus added in v1.0.0

type AllocNetworkStatus struct {
	InterfaceName string
	Address       string
	DNS           *DNSConfig
}

AllocNetworkStatus captures the status of an allocation's network during runtime. Depending on the network mode, an allocation's address may need to be known to other systems in Nomad such as service registration.

func (*AllocNetworkStatus) Copy added in v1.0.0

type AllocRestartRequest added in v0.9.2

type AllocRestartRequest struct {
	AllocID  string
	TaskName string
	AllTasks bool

	QueryOptions
}

AllocRestartRequest is used to restart a specific allocations tasks.

type AllocServiceRegistrationsRequest added in v1.3.0

type AllocServiceRegistrationsRequest struct {
	AllocID string
	QueryOptions
}

AllocServiceRegistrationsRequest is the request object used to list all service registrations belonging to the specified Allocation.ID.

type AllocServiceRegistrationsResponse added in v1.3.0

type AllocServiceRegistrationsResponse struct {
	Services []*ServiceRegistration
	QueryMeta
}

AllocServiceRegistrationsResponse is the response object when performing a listing of services belonging to an allocation.

type AllocSignalRequest added in v0.9.2

type AllocSignalRequest struct {
	AllocID string
	Task    string
	Signal  string
	QueryOptions
}

AllocSignalRequest is used to signal a specific allocation

type AllocSpecificRequest

type AllocSpecificRequest struct {
	AllocID string
	QueryOptions
}

AllocSpecificRequest is used to query a specific allocation

type AllocState added in v0.11.2

type AllocState struct {
	Field AllocStateField
	Value string
	Time  time.Time
}

type AllocStateField added in v0.11.2

type AllocStateField uint8

AllocStateField records a single event that changes the state of the whole allocation

const (
	AllocStateFieldClientStatus AllocStateField = iota
)

type AllocStopRequest added in v0.9.2

type AllocStopRequest struct {
	AllocID         string
	NoShutdownDelay bool

	WriteRequest
}

AllocStopRequest is used to stop and reschedule a running Allocation.

type AllocStopResponse added in v0.9.2

type AllocStopResponse struct {
	// EvalID is the id of the follow up evalution for the rescheduled alloc.
	EvalID string

	WriteMeta
}

AllocStopResponse is the response to an `AllocStopRequest`

type AllocStubFields added in v1.0.0

type AllocStubFields struct {
	// Resources includes resource-related fields if true.
	Resources bool

	// TaskStates removes the TaskStates field if false (default is to
	// include TaskStates).
	TaskStates bool
}

AllocStubFields defines which fields are included in the AllocListStub.

func NewAllocStubFields added in v1.0.0

func NewAllocStubFields() *AllocStubFields

type AllocUpdateDesiredTransitionRequest added in v0.8.0

type AllocUpdateDesiredTransitionRequest struct {
	// Allocs is the mapping of allocation ids to their desired state
	// transition
	Allocs map[string]*DesiredTransition

	// Evals is the set of evaluations to create
	Evals []*Evaluation

	WriteRequest
}

AllocUpdateDesiredTransitionRequest is used to submit changes to allocations desired transition state.

type AllocUpdateRequest

type AllocUpdateRequest struct {
	// COMPAT 0.11
	// Alloc is the list of new allocations to assign
	// Deprecated: Replaced with two separate slices, one containing stopped allocations
	// and another containing updated allocations
	Alloc []*Allocation

	// Allocations to stop. Contains only the diff, not the entire allocation
	AllocsStopped []*AllocationDiff

	// New or updated allocations
	AllocsUpdated []*Allocation

	// Evals is the list of new evaluations to create
	// Evals are valid only when used in the Raft RPC
	Evals []*Evaluation

	// Job is the shared parent job of the allocations.
	// It is pulled out since it is common to reduce payload size.
	Job *Job

	WriteRequest
}

AllocUpdateRequest is used to submit changes to allocations, either to cause evictions or to assign new allocations. Both can be done within a single transaction

type AllocatedCpuResources added in v0.9.0

type AllocatedCpuResources struct {
	CpuShares     int64
	ReservedCores []uint16
}

AllocatedCpuResources captures the allocated CPU resources.

func (*AllocatedCpuResources) Add added in v0.9.0

func (*AllocatedCpuResources) Max added in v0.11.0

func (*AllocatedCpuResources) Subtract added in v0.9.0

func (a *AllocatedCpuResources) Subtract(delta *AllocatedCpuResources)

type AllocatedDeviceResource added in v0.9.0

type AllocatedDeviceResource struct {
	// Vendor, Type, and Name are used to select the plugin to request the
	// device IDs from.
	Vendor string
	Type   string
	Name   string

	// DeviceIDs is the set of allocated devices
	DeviceIDs []string
}

AllocatedDeviceResource captures a set of allocated devices.

func (*AllocatedDeviceResource) Add added in v0.9.0

func (*AllocatedDeviceResource) Copy added in v0.9.0

func (*AllocatedDeviceResource) ID added in v0.9.0

type AllocatedDevices added in v0.9.0

type AllocatedDevices []*AllocatedDeviceResource

func (AllocatedDevices) Index added in v0.9.0

Index finds the matching index using the passed device. If not found, -1 is returned.

type AllocatedMemoryResources added in v0.9.0

type AllocatedMemoryResources struct {
	MemoryMB    int64
	MemoryMaxMB int64
}

AllocatedMemoryResources captures the allocated memory resources.

func (*AllocatedMemoryResources) Add added in v0.9.0

func (*AllocatedMemoryResources) Max added in v0.11.0

func (*AllocatedMemoryResources) Subtract added in v0.9.0

type AllocatedPortMapping added in v0.12.0

type AllocatedPortMapping struct {
	Label  string
	Value  int
	To     int
	HostIP string
}

func (*AllocatedPortMapping) Copy added in v1.5.2

func (*AllocatedPortMapping) Equal added in v1.5.2

type AllocatedPorts added in v0.12.0

type AllocatedPorts []AllocatedPortMapping

func (AllocatedPorts) Equal added in v1.5.2

func (p AllocatedPorts) Equal(o AllocatedPorts) bool

func (AllocatedPorts) Get added in v0.12.0

type AllocatedResources added in v0.9.0

type AllocatedResources struct {
	// Tasks is a mapping of task name to the resources for the task.
	Tasks          map[string]*AllocatedTaskResources
	TaskLifecycles map[string]*TaskLifecycleConfig

	// Shared is the set of resource that are shared by all tasks in the group.
	Shared AllocatedSharedResources
}

AllocatedResources is the set of resources to be used by an allocation.

func NodeResourcesToAllocatedResources added in v0.9.0

func NodeResourcesToAllocatedResources(n *NodeResources) *AllocatedResources

NodeResourcesToAllocatedResources converts a node resources to an allocated resources. The task name used is "web" and network is omitted. This is useful when trying to make an allocation fill an entire node.

func (*AllocatedResources) Canonicalize added in v1.0.0

func (a *AllocatedResources) Canonicalize()

func (*AllocatedResources) Comparable added in v0.9.0

func (a *AllocatedResources) Comparable() *ComparableResources

Comparable returns a comparable version of the allocations allocated resources. This conversion can be lossy so care must be taken when using it.

func (*AllocatedResources) Copy added in v0.9.0

func (*AllocatedResources) OldTaskResources added in v0.9.0

func (a *AllocatedResources) OldTaskResources() map[string]*Resources

OldTaskResources returns the pre-0.9.0 map of task resources

type AllocatedSharedResources added in v0.9.0

type AllocatedSharedResources struct {
	Networks Networks
	DiskMB   int64
	Ports    AllocatedPorts
}

AllocatedSharedResources are the set of resources allocated to a task group.

func (*AllocatedSharedResources) Add added in v0.9.0

func (*AllocatedSharedResources) Canonicalize added in v0.12.4

func (a *AllocatedSharedResources) Canonicalize()

func (AllocatedSharedResources) Copy added in v0.10.0

func (*AllocatedSharedResources) Subtract added in v0.9.0

type AllocatedTaskResources added in v0.9.0

type AllocatedTaskResources struct {
	Cpu      AllocatedCpuResources
	Memory   AllocatedMemoryResources
	Networks Networks
	Devices  []*AllocatedDeviceResource
}

AllocatedTaskResources are the set of resources allocated to a task.

func (*AllocatedTaskResources) Add added in v0.9.0

func (*AllocatedTaskResources) Comparable added in v0.9.0

Comparable turns AllocatedTaskResources into ComparableResources as a helper step in preemption

func (*AllocatedTaskResources) Copy added in v0.9.0

func (*AllocatedTaskResources) Max added in v0.11.0

func (*AllocatedTaskResources) NetIndex added in v0.9.0

func (a *AllocatedTaskResources) NetIndex(n *NetworkResource) int

NetIndex finds the matching net index using device name

func (*AllocatedTaskResources) Subtract added in v0.9.0

func (a *AllocatedTaskResources) Subtract(delta *AllocatedTaskResources)

Subtract only subtracts CPU and Memory resources. Network utilization is managed separately in NetworkIndex

type Allocation

type Allocation struct {

	// ID of the allocation (UUID)
	ID string

	// Namespace is the namespace the allocation is created in
	Namespace string

	// ID of the evaluation that generated this allocation
	EvalID string

	// Name is a logical name of the allocation.
	Name string

	// NodeID is the node this is being placed on
	NodeID string

	// NodeName is the name of the node this is being placed on.
	NodeName string

	// Job is the parent job of the task group being allocated.
	// This is copied at allocation time to avoid issues if the job
	// definition is updated.
	JobID string
	Job   *Job

	// TaskGroup is the name of the task group that should be run
	TaskGroup string

	// COMPAT(0.11): Remove in 0.11
	// Resources is the total set of resources allocated as part
	// of this allocation of the task group. Dynamic ports will be set by
	// the scheduler.
	Resources *Resources

	// SharedResources are the resources that are shared by all the tasks in an
	// allocation
	// Deprecated: use AllocatedResources.Shared instead.
	// Keep field to allow us to handle upgrade paths from old versions
	SharedResources *Resources

	// TaskResources is the set of resources allocated to each
	// task. These should sum to the total Resources. Dynamic ports will be
	// set by the scheduler.
	// Deprecated: use AllocatedResources.Tasks instead.
	// Keep field to allow us to handle upgrade paths from old versions
	TaskResources map[string]*Resources

	// AllocatedResources is the total resources allocated for the task group.
	AllocatedResources *AllocatedResources

	// Metrics associated with this allocation
	Metrics *AllocMetric

	// Desired Status of the allocation on the client
	DesiredStatus string

	// DesiredStatusDescription is meant to provide more human useful information
	DesiredDescription string

	// DesiredTransition is used to indicate that a state transition
	// is desired for a given reason.
	DesiredTransition DesiredTransition

	// Status of the allocation on the client
	ClientStatus string

	// ClientStatusDescription is meant to provide more human useful information
	ClientDescription string

	// TaskStates stores the state of each task,
	TaskStates map[string]*TaskState

	// AllocStates track meta data associated with changes to the state of the whole allocation, like becoming lost
	AllocStates []*AllocState

	// PreviousAllocation is the allocation that this allocation is replacing
	PreviousAllocation string

	// NextAllocation is the allocation that this allocation is being replaced by
	NextAllocation string

	// DeploymentID identifies an allocation as being created from a
	// particular deployment
	DeploymentID string

	// DeploymentStatus captures the status of the allocation as part of the
	// given deployment
	DeploymentStatus *AllocDeploymentStatus

	// RescheduleTrackers captures details of previous reschedule attempts of the allocation
	RescheduleTracker *RescheduleTracker

	// NetworkStatus captures networking details of an allocation known at runtime
	NetworkStatus *AllocNetworkStatus

	// FollowupEvalID captures a follow up evaluation created to handle a failed allocation
	// that can be rescheduled in the future
	FollowupEvalID string

	// PreemptedAllocations captures IDs of any allocations that were preempted
	// in order to place this allocation
	PreemptedAllocations []string

	// PreemptedByAllocation tracks the alloc ID of the allocation that caused this allocation
	// to stop running because it got preempted
	PreemptedByAllocation string

	// SignedIdentities is a map of task names to signed identity/capability
	// claim tokens for those tasks. If needed, it is populated in the plan
	// applier.
	SignedIdentities map[string]string `json:"-"`

	// SigningKeyID is the key used to sign the SignedIdentities field.
	SigningKeyID string

	// Raft Indexes
	CreateIndex uint64
	ModifyIndex uint64

	// AllocModifyIndex is not updated when the client updates allocations. This
	// lets the client pull only the allocs updated by the server.
	AllocModifyIndex uint64

	// CreateTime is the time the allocation has finished scheduling and been
	// verified by the plan applier.
	CreateTime int64

	// ModifyTime is the time the allocation was last updated.
	ModifyTime int64
	// contains filtered or unexported fields
}

Allocation is used to allocate the placement of a task group to a node.

func FilterTerminalAllocs

func FilterTerminalAllocs(allocs []*Allocation) ([]*Allocation, map[string]*Allocation)

FilterTerminalAllocs filters out all allocations in a terminal state and returns the latest terminal allocations.

func MockAlloc added in v0.9.0

func MockAlloc() *Allocation

func RemoveAllocs

func RemoveAllocs(allocs []*Allocation, remove []*Allocation) []*Allocation

RemoveAllocs is used to remove any allocs with the given IDs from the list of allocations

func (*Allocation) AllocationDiff added in v0.9.2

func (a *Allocation) AllocationDiff() *AllocationDiff

AllocationDiff converts an Allocation type to an AllocationDiff type If at any time, modification are made to AllocationDiff so that an Allocation can no longer be safely converted to AllocationDiff, this method should be changed accordingly.

func (*Allocation) AppendState added in v0.11.2

func (a *Allocation) AppendState(field AllocStateField, value string)

AppendState creates and appends an AllocState entry recording the time of the state transition. Used to mark the transition to lost

func (*Allocation) Canonicalize added in v0.10.4

func (a *Allocation) Canonicalize()

Canonicalize Allocation to ensure fields are initialized to the expectations of this version of Nomad. Should be called when restoring persisted Allocations or receiving Allocations from Nomad agents potentially on an older version of Nomad.

func (*Allocation) ClientTerminalStatus added in v0.8.0

func (a *Allocation) ClientTerminalStatus() bool

ClientTerminalStatus returns if the client status is terminal and will no longer transition

func (*Allocation) ComparableResources added in v0.9.0

func (a *Allocation) ComparableResources() *ComparableResources

ComparableResources returns the resources on the allocation handling upgrade paths. After 0.11 calls to this should be replaced with: alloc.AllocatedResources.Comparable()

COMPAT(0.11): Remove in 0.11

func (*Allocation) ConsulNamespace added in v1.1.0

func (a *Allocation) ConsulNamespace() string

ConsulNamespace returns the Consul namespace of the task group associated with this allocation.

func (*Allocation) Copy added in v0.3.0

func (a *Allocation) Copy() *Allocation

Copy provides a copy of the allocation and deep copies the job

func (*Allocation) CopySkipJob added in v0.6.0

func (a *Allocation) CopySkipJob() *Allocation

CopySkipJob provides a copy of the allocation but doesn't deep copy the job

func (*Allocation) DisconnectTimeout added in v1.3.0

func (a *Allocation) DisconnectTimeout(now time.Time) time.Time

DisconnectTimeout uses the MaxClientDisconnect to compute when the allocation should transition to lost.

func (*Allocation) Expired added in v1.3.0

func (a *Allocation) Expired(now time.Time) bool

Expired determines whether an allocation has exceeded its MaxClientDisonnect duration relative to the passed time stamp.

func (*Allocation) GetCreateIndex added in v1.3.0

func (a *Allocation) GetCreateIndex() uint64

GetCreateIndex implements the CreateIndexGetter interface, required for pagination.

func (*Allocation) GetID added in v1.3.0

func (a *Allocation) GetID() string

GetID implements the IDGetter interface, required for pagination.

func (*Allocation) GetNamespace added in v1.3.0

func (a *Allocation) GetNamespace() string

GetNamespace implements the NamespaceGetter interface, required for pagination and filtering namespaces in endpoints that support glob namespace requests using tokens with limited access.

func (*Allocation) Index added in v0.3.1

func (a *Allocation) Index() uint

Index returns the index of the allocation. If the allocation is from a task group with count greater than 1, there will be multiple allocations for it.

func (*Allocation) JobNamespacedID added in v1.0.6

func (a *Allocation) JobNamespacedID() NamespacedID

func (*Allocation) LastEventTime added in v0.8.0

func (a *Allocation) LastEventTime() time.Time

LastEventTime is the time of the last task event in the allocation. It is used to determine allocation failure time. If the FinishedAt field is not set, the alloc's modify time is used

func (*Allocation) LastUnknown added in v1.3.0

func (a *Allocation) LastUnknown() time.Time

LastUnknown returns the timestamp for the last time the allocation transitioned into the unknown client status.

func (*Allocation) LookupTask added in v0.9.0

func (a *Allocation) LookupTask(name string) *Task

LookupTask by name from the Allocation. Returns nil if the Job is not set, the TaskGroup does not exist, or the task name cannot be found.

func (*Allocation) MigrateStrategy added in v1.0.0

func (a *Allocation) MigrateStrategy() *MigrateStrategy

MigrateStrategy returns the migrate strategy based on the task group

func (*Allocation) NeedsToReconnect added in v1.3.8

func (a *Allocation) NeedsToReconnect() bool

NeedsToReconnect returns true if the last known ClientStatus value is "unknown" and so the allocation did not reconnect yet.

func (*Allocation) NextDelay added in v0.8.0

func (a *Allocation) NextDelay() time.Duration

NextDelay returns a duration after which the allocation can be rescheduled. It is calculated according to the delay function and previous reschedule attempts.

func (*Allocation) NextRescheduleTime added in v0.8.0

func (a *Allocation) NextRescheduleTime() (time.Time, bool)

NextRescheduleTime returns a time on or after which the allocation is eligible to be rescheduled, and whether the next reschedule time is within policy's interval if the policy doesn't allow unlimited reschedules

func (*Allocation) NextRescheduleTimeByFailTime added in v1.3.0

func (a *Allocation) NextRescheduleTimeByFailTime(failTime time.Time) (time.Time, bool)

NextRescheduleTimeByFailTime works like NextRescheduleTime but allows callers specify a failure time. Useful for things like determining whether to reschedule an alloc on a disconnected node.

func (*Allocation) RanSuccessfully added in v0.4.0

func (a *Allocation) RanSuccessfully() bool

RanSuccessfully returns whether the client has ran the allocation and all tasks finished successfully. Critically this function returns whether the allocation has ran to completion and not just that the alloc has converged to its desired state. That is to say that a batch allocation must have finished with exit code 0 on all task groups. This doesn't really have meaning on a non-batch allocation because a service and system allocation should not finish.

func (*Allocation) RescheduleEligible added in v0.8.0

func (a *Allocation) RescheduleEligible(reschedulePolicy *ReschedulePolicy, failTime time.Time) bool

RescheduleEligible returns if the allocation is eligible to be rescheduled according to its ReschedulePolicy and the current state of its reschedule trackers

func (*Allocation) RescheduleInfo added in v1.2.4

func (a *Allocation) RescheduleInfo() (int, int)

func (*Allocation) ReschedulePolicy added in v0.8.0

func (a *Allocation) ReschedulePolicy() *ReschedulePolicy

ReschedulePolicy returns the reschedule policy based on the task group

func (*Allocation) ServerTerminalStatus added in v0.9.0

func (a *Allocation) ServerTerminalStatus() bool

ServerTerminalStatus returns true if the desired state of the allocation is terminal

func (*Allocation) ServiceProviderNamespace added in v1.3.0

func (a *Allocation) ServiceProviderNamespace() string

ServiceProviderNamespace returns the namespace within which the allocations services should be registered. This takes into account the different providers that can provide service registrations. In the event no services are found, the function will return the Consul namespace which allows hooks to work as they did before this feature.

It currently assumes that all services within an allocation use the same provider and therefore the same namespace.

func (*Allocation) SetEventDisplayMessages added in v0.7.1

func (a *Allocation) SetEventDisplayMessages()

SetEventDisplayMessages populates the display message if its not already set, a temporary fix to handle old allocations that don't have it. This method will be removed in a future release.

func (*Allocation) SetStop added in v0.11.2

func (a *Allocation) SetStop(clientStatus, clientDesc string)

SetStop updates the allocation in place to a DesiredStatus stop, with the ClientStatus

func (*Allocation) ShouldClientStop added in v0.11.2

func (a *Allocation) ShouldClientStop() bool

ShouldClientStop tests an alloc for StopAfterClientDisconnect configuration

func (*Allocation) ShouldMigrate added in v0.5.0

func (a *Allocation) ShouldMigrate() bool

ShouldMigrate returns if the allocation needs data migration

func (*Allocation) ShouldReschedule added in v0.8.0

func (a *Allocation) ShouldReschedule(reschedulePolicy *ReschedulePolicy, failTime time.Time) bool

ShouldReschedule returns if the allocation is eligible to be rescheduled according to its status and ReschedulePolicy given its failure time

func (*Allocation) Stub

func (a *Allocation) Stub(fields *AllocStubFields) *AllocListStub

Stub returns a list stub for the allocation

func (*Allocation) SupportsDisconnectedClients added in v1.3.0

func (a *Allocation) SupportsDisconnectedClients(serverSupportsDisconnectedClients bool) bool

SupportsDisconnectedClients determines whether both the server and the task group are configured to allow the allocation to reconnect after network connectivity has been lost and then restored.

func (*Allocation) TerminalStatus

func (a *Allocation) TerminalStatus() bool

TerminalStatus returns if the desired or actual status is terminal and will no longer transition.

func (*Allocation) Terminated added in v0.5.0

func (a *Allocation) Terminated() bool

Terminated returns if the allocation is in a terminal state on a client.

func (*Allocation) ToIdentityClaims added in v1.4.0

func (a *Allocation) ToIdentityClaims(job *Job) *IdentityClaims

func (*Allocation) ToTaskIdentityClaims added in v1.4.0

func (a *Allocation) ToTaskIdentityClaims(job *Job, taskName string) *IdentityClaims

func (*Allocation) WaitClientStop added in v0.11.2

func (a *Allocation) WaitClientStop() time.Time

WaitClientStop uses the reschedule delay mechanism to block rescheduling until StopAfterClientDisconnect's block interval passes

type AllocationDiff added in v0.9.2

type AllocationDiff Allocation

AllocationDiff is another named type for Allocation (to use the same fields), which is used to represent the delta for an Allocation. If you need a method defined on the al

type AllocationEvent added in v1.0.0

type AllocationEvent struct {
	Allocation *Allocation
}

AllocationEvent holds a newly updated Allocation. The Allocs embedded Job has been removed to reduce size.

type AllocsGetRequest added in v0.3.0

type AllocsGetRequest struct {
	AllocIDs []string
	QueryOptions
}

AllocsGetRequest is used to query a set of allocations

type AllocsGetResponse added in v0.3.0

type AllocsGetResponse struct {
	Allocs []*Allocation
	QueryMeta
}

AllocsGetResponse is used to return a set of allocations

type ApplyDeploymentAllocHealthRequest added in v0.6.0

type ApplyDeploymentAllocHealthRequest struct {
	DeploymentAllocHealthRequest

	// Timestamp is the timestamp to use when setting the allocations health.
	Timestamp time.Time

	// An optional field to update the status of a deployment
	DeploymentUpdate *DeploymentStatusUpdate

	// Job is used to optionally upsert a job. This is used when setting the
	// allocation health results in a deployment failure and the deployment
	// auto-reverts to the latest stable job.
	Job *Job

	// An optional evaluation to create after promoting the canaries
	Eval *Evaluation
}

ApplyDeploymentAllocHealthRequest is used to apply an alloc health request via Raft

type ApplyDeploymentPromoteRequest added in v0.6.0

type ApplyDeploymentPromoteRequest struct {
	DeploymentPromoteRequest

	// An optional evaluation to create after promoting the canaries
	Eval *Evaluation
}

ApplyDeploymentPromoteRequest is used to apply a promotion request via Raft

type ApplyPlanResultsRequest added in v0.6.0

type ApplyPlanResultsRequest struct {
	// AllocUpdateRequest holds the allocation updates to be made by the
	// scheduler.
	AllocUpdateRequest

	// Deployment is the deployment created or updated as a result of a
	// scheduling event.
	Deployment *Deployment

	// DeploymentUpdates is a set of status updates to apply to the given
	// deployments. This allows the scheduler to cancel any unneeded deployment
	// because the job is stopped or the update block is removed.
	DeploymentUpdates []*DeploymentStatusUpdate

	// EvalID is the eval ID of the plan being applied. The modify index of the
	// evaluation is updated as part of applying the plan to ensure that subsequent
	// scheduling events for the same job will wait for the index that last produced
	// state changes. This is necessary for blocked evaluations since they can be
	// processed many times, potentially making state updates, without the state of
	// the evaluation itself being updated.
	EvalID string

	// COMPAT 0.11
	// NodePreemptions is a slice of allocations from other lower priority jobs
	// that are preempted. Preempted allocations are marked as evicted.
	// Deprecated: Replaced with AllocsPreempted which contains only the diff
	NodePreemptions []*Allocation

	// AllocsPreempted is a slice of allocation diffs from other lower priority jobs
	// that are preempted. Preempted allocations are marked as evicted.
	AllocsPreempted []*AllocationDiff

	// PreemptionEvals is a slice of follow up evals for jobs whose allocations
	// have been preempted to place allocs in this plan
	PreemptionEvals []*Evaluation

	// IneligibleNodes are nodes the plan applier has repeatedly rejected
	// placements for and should therefore be considered ineligible by workers
	// to avoid retrying them repeatedly.
	IneligibleNodes []string

	// UpdatedAt represents server time of receiving request.
	UpdatedAt int64
}

ApplyPlanResultsRequest is used by the planner to apply a Raft transaction committing the result of a plan.

type AuthenticatedIdentity added in v1.5.0

type AuthenticatedIdentity struct {
	// ACLToken authenticated. Claims will be nil if this is set.
	ACLToken *ACLToken

	// Claims authenticated by workload identity. ACLToken will be nil if this is
	// set.
	Claims *IdentityClaims

	ClientID string
	TLSName  string
	RemoteIP net.IP
}

AuthenticatedIdentity is returned by the Authenticate method on server to return a wrapper around the various elements that can be resolved as an identity. RPC handlers will use the relevant fields for performing authorization.

Keeping these fields independent rather than merging them into an ephemeral ACLToken makes the original of the credential clear to RPC handlers, who may have different behavior for internal vs external origins.

func (*AuthenticatedIdentity) GetACLToken added in v1.5.0

func (ai *AuthenticatedIdentity) GetACLToken() *ACLToken

func (*AuthenticatedIdentity) GetClaims added in v1.5.0

func (ai *AuthenticatedIdentity) GetClaims() *IdentityClaims

func (*AuthenticatedIdentity) IsExpired added in v1.5.0

func (ai *AuthenticatedIdentity) IsExpired(now time.Time) bool

func (*AuthenticatedIdentity) String added in v1.5.0

func (ai *AuthenticatedIdentity) String() string

type AutopilotConfig added in v0.8.0

type AutopilotConfig struct {
	// CleanupDeadServers controls whether to remove dead servers when a new
	// server is added to the Raft peers.
	CleanupDeadServers bool

	// ServerStabilizationTime is the minimum amount of time a server must be
	// in a stable, healthy state before it can be added to the cluster. Only
	// applicable with Raft protocol version 3 or higher.
	ServerStabilizationTime time.Duration

	// LastContactThreshold is the limit on the amount of time a server can go
	// without leader contact before being considered unhealthy.
	LastContactThreshold time.Duration

	// MaxTrailingLogs is the amount of entries in the Raft Log that a server can
	// be behind before being considered unhealthy.
	MaxTrailingLogs uint64

	// MinQuorum sets the minimum number of servers required in a cluster
	// before autopilot can prune dead servers.
	MinQuorum uint

	// (Enterprise-only) EnableRedundancyZones specifies whether to enable redundancy zones.
	EnableRedundancyZones bool

	// (Enterprise-only) DisableUpgradeMigration will disable Autopilot's upgrade migration
	// strategy of waiting until enough newer-versioned servers have been added to the
	// cluster before promoting them to voters.
	DisableUpgradeMigration bool

	// (Enterprise-only) EnableCustomUpgrades specifies whether to enable using custom
	// upgrade versions when performing migrations.
	EnableCustomUpgrades bool

	// CreateIndex/ModifyIndex store the create/modify indexes of this configuration.
	CreateIndex uint64
	ModifyIndex uint64
}

AutopilotConfig is the internal config for the Autopilot mechanism.

func (*AutopilotConfig) Copy added in v1.2.13

func (a *AutopilotConfig) Copy() *AutopilotConfig

type AutopilotSetConfigRequest added in v0.8.0

type AutopilotSetConfigRequest struct {
	// Datacenter is the target this request is intended for.
	Datacenter string

	// Config is the new Autopilot configuration to use.
	Config AutopilotConfig

	// CAS controls whether to use check-and-set semantics for this request.
	CAS bool

	// WriteRequest holds the ACL token to go along with this request.
	WriteRequest
}

AutopilotSetConfigRequest is used by the Operator endpoint to update the current Autopilot configuration of the cluster.

func (*AutopilotSetConfigRequest) RequestDatacenter added in v0.8.0

func (op *AutopilotSetConfigRequest) RequestDatacenter() string

RequestDatacenter returns the datacenter for a given request.

type BatchFuture added in v0.8.0

type BatchFuture struct {
	// contains filtered or unexported fields
}

BatchFuture is used to wait on a batch update to complete

func NewBatchFuture added in v0.8.0

func NewBatchFuture() *BatchFuture

NewBatchFuture creates a new batch future

func (*BatchFuture) Error added in v0.8.0

func (b *BatchFuture) Error() error

Error is used to return the error of the batch, only after Wait()

func (*BatchFuture) Index added in v0.8.0

func (b *BatchFuture) Index() uint64

Index is used to return the index of the batch, only after Wait()

func (*BatchFuture) Respond added in v0.8.0

func (b *BatchFuture) Respond(index uint64, err error)

Respond is used to unblock the future

func (*BatchFuture) Wait added in v0.8.0

func (b *BatchFuture) Wait() error

Wait is used to block for the future to complete and returns the error

func (*BatchFuture) WaitCh added in v0.8.0

func (b *BatchFuture) WaitCh() <-chan struct{}

WaitCh is used to block for the future to complete

type BatchNodeUpdateDrainRequest added in v0.8.0

type BatchNodeUpdateDrainRequest struct {
	// Updates is a mapping of nodes to their updated drain strategy
	Updates map[string]*DrainUpdate

	// NodeEvents is a mapping of the node to the event to add to the node
	NodeEvents map[string]*NodeEvent

	// UpdatedAt represents server time of receiving request
	UpdatedAt int64

	WriteRequest
}

BatchNodeUpdateDrainRequest is used for updating the drain strategy for a batch of nodes

type Bitmap added in v0.3.0

type Bitmap []byte

Bitmap is a simple uncompressed bitmap

func NewBitmap added in v0.3.0

func NewBitmap(size uint) (Bitmap, error)

NewBitmap returns a bitmap with up to size indexes

func (Bitmap) Check added in v0.3.0

func (b Bitmap) Check(idx uint) bool

Check is used to check the given index of the bitmap

func (Bitmap) Clear