You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I have a user system running as a nomad service, and I want to add a new user to that system. Instead of launching a copy of the system to only perform that one action as a parameterized job, I would like to be able to just trigger a action on the running service job.
Attempted Solutions
Using a parameterized copy of the job in question.
The text was updated successfully, but these errors were encountered:
Hi @Freddo3000 , thanks for filing this issue. I think it's a great idea, and one we've considered strongly, but we decided against it because actions are designed to feel "locked down" by the jobspec author, and letting another operator change the context of an action at runtime feels like it goes against that a bit.
I think we'll probably still come around to doing this, but we probably have to make a few changes along the way (including, most likely, an ACL policy rule for something like run-action etc.), and possibly syntax for limiting the scope of args that could be passed to an action in the jobspec configuration.
Hi @Freddo3000 , thanks for filing this issue. I think it's a great idea, and one we've considered strongly, but we decided against it because actions are designed to feel "locked down" by the jobspec author, and letting another operator change the context of an action at runtime feels like it goes against that a bit.
I think we'll probably still come around to doing this, but we probably have to make a few changes along the way (including, most likely, an ACL policy rule for something like run-action etc.), and possibly syntax for limiting the scope of args that could be passed to an action in the jobspec configuration.
For now, tagging this for future consideration.
I came to think of that aspect as well, though I feel that it should be the responsibility of the jobspec author to ensure that whatever parameters are allowed are properly sanitized before being executed as part of the action (perhaps with some appropriate warnings in the documentation). That feels like it wouldn't be particularly different compared to parameterized nomad jobs, which depending on their design may run arbitrary code.
On that note, if you're going to add rules/policies for actions, then I'd like to suggest that you add it for parameterized jobs as well.
Proposal
Add the ability to pass parameters to nomad actions, similar to how you can pass arguments to parameterized jobs.
Use-cases
I have a user system running as a nomad service, and I want to add a new user to that system. Instead of launching a copy of the system to only perform that one action as a parameterized job, I would like to be able to just trigger a action on the running service job.
Attempted Solutions
Using a parameterized copy of the job in question.
The text was updated successfully, but these errors were encountered: