You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@mesos.apache.org by ji...@apache.org on 2016/02/26 20:43:20 UTC

[5/6] mesos git commit: Added '/reserve' tests with multiple roles.

Added '/reserve' tests with multiple roles.

Operators may reserve resources for multiple roles in the same
operation; this patch adds tests to confirm correct behavior of
authorization in this case. The tests
`ReservationEndpointsTest.GoodReserveACLMultipleRoles` and
`ReservationEndpointsTest.BadReserveACLMultipleRoles` were added.

Review: https://reviews.apache.org/r/43779/


Project: http://git-wip-us.apache.org/repos/asf/mesos/repo
Commit: http://git-wip-us.apache.org/repos/asf/mesos/commit/b234d364
Tree: http://git-wip-us.apache.org/repos/asf/mesos/tree/b234d364
Diff: http://git-wip-us.apache.org/repos/asf/mesos/diff/b234d364

Branch: refs/heads/master
Commit: b234d3641e65fdd4f6ec845d1015bd3f50184914
Parents: 27ce052
Author: Greg Mann <gr...@mesosphere.io>
Authored: Fri Feb 26 11:42:55 2016 -0800
Committer: Jie Yu <yu...@gmail.com>
Committed: Fri Feb 26 11:42:55 2016 -0800

----------------------------------------------------------------------
 src/tests/reservation_endpoints_tests.cpp | 124 +++++++++++++++++++++++++
 1 file changed, 124 insertions(+)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/mesos/blob/b234d364/src/tests/reservation_endpoints_tests.cpp
----------------------------------------------------------------------
diff --git a/src/tests/reservation_endpoints_tests.cpp b/src/tests/reservation_endpoints_tests.cpp
index 8c582f7..f3a1438 100644
--- a/src/tests/reservation_endpoints_tests.cpp
+++ b/src/tests/reservation_endpoints_tests.cpp
@@ -1032,6 +1032,63 @@ TEST_F(ReservationEndpointsTest, GoodReserveAndUnreserveACL)
 }
 
 
+// This tests that correct setup of `ReserveResources` ACLs allows the operator
+// to perform reserve operations for multiple roles successfully.
+TEST_F(ReservationEndpointsTest, GoodReserveACLMultipleRoles)
+{
+  TestAllocator<> allocator;
+  ACLs acls;
+
+  // This ACL asserts that the principal of `DEFAULT_CREDENTIAL`
+  // can reserve resources for any role.
+  mesos::ACL::ReserveResources* reserve = acls.add_reserve_resources();
+  reserve->mutable_principals()->add_values(DEFAULT_CREDENTIAL.principal());
+  reserve->mutable_roles()->set_type(mesos::ACL::Entity::ANY);
+
+  // Create a master.
+  master::Flags masterFlags = CreateMasterFlags();
+  masterFlags.acls = acls;
+
+  EXPECT_CALL(allocator, initialize(_, _, _, _));
+
+  Try<PID<Master>> master = StartMaster(&allocator, masterFlags);
+  ASSERT_SOME(master);
+
+  // Create a slave.
+  slave::Flags slaveFlags = CreateSlaveFlags();
+  slaveFlags.resources = "cpus:2;mem:1024";
+
+  Future<SlaveID> slaveId;
+  EXPECT_CALL(allocator, addSlave(_, _, _, _, _))
+    .WillOnce(DoAll(InvokeAddSlave(&allocator),
+                    FutureArg<0>(&slaveId)));
+
+  Try<PID<Slave>> slave = StartSlave(slaveFlags);
+  ASSERT_SOME(slave);
+
+  Resources unreserved = Resources::parse("cpus:1;mem:512").get();
+  Resources dynamicallyReserved1 = unreserved.flatten(
+      "jedi_master",
+      createReservationInfo(DEFAULT_CREDENTIAL.principal()));
+  Resources dynamicallyReserved2 = unreserved.flatten(
+      "sith_lord",
+      createReservationInfo(DEFAULT_CREDENTIAL.principal()));
+  Resources dynamicallyReservedMultipleRoles =
+    dynamicallyReserved1 + dynamicallyReserved2;
+
+  // Reserve the resources.
+  Future<Response> response = process::http::post(
+      master.get(),
+      "reserve",
+      createBasicAuthHeaders(DEFAULT_CREDENTIAL),
+      createRequestBody(slaveId.get(), dynamicallyReservedMultipleRoles));
+
+  AWAIT_EXPECT_RESPONSE_STATUS_EQ(OK().status, response);
+
+  Shutdown();
+}
+
+
 // This tests that an incorrect set-up of Reserve ACL disallows the
 // operator from performing reserve operations.
 TEST_F(ReservationEndpointsTest, BadReserveACL)
@@ -1161,6 +1218,73 @@ TEST_F(ReservationEndpointsTest, BadUnreserveACL)
 }
 
 
+// Tests that reserve operations will fail if multiple roles are included in a
+// request, while the principal attempting the reservation is not authorized to
+// reserve for one of them.
+TEST_F(ReservationEndpointsTest, BadReserveACLMultipleRoles)
+{
+  const string AUTHORIZED_ROLE = "panda";
+  const string UNAUTHORIZED_ROLE = "giraffe";
+
+  TestAllocator<> allocator;
+  ACLs acls;
+
+  // This ACL asserts that the principal of `DEFAULT_CREDENTIAL`
+  // can reserve resources for `AUTHORIZED_ROLE`.
+  mesos::ACL::ReserveResources* reserve1 = acls.add_reserve_resources();
+  reserve1->mutable_principals()->add_values(DEFAULT_CREDENTIAL.principal());
+  reserve1->mutable_roles()->add_values(AUTHORIZED_ROLE);
+
+  // This ACL asserts that the principal of `DEFAULT_CREDENTIAL`
+  // cannot reserve resources for any other role.
+  mesos::ACL::ReserveResources* reserve2 = acls.add_reserve_resources();
+  reserve2->mutable_principals()->add_values(DEFAULT_CREDENTIAL.principal());
+  reserve2->mutable_roles()->set_type(mesos::ACL::Entity::NONE);
+
+  // Create a master.
+  master::Flags masterFlags = CreateMasterFlags();
+  masterFlags.acls = acls;
+
+  EXPECT_CALL(allocator, initialize(_, _, _, _));
+
+  Try<PID<Master>> master = StartMaster(&allocator, masterFlags);
+  ASSERT_SOME(master);
+
+  // Create a slave.
+  slave::Flags slaveFlags = CreateSlaveFlags();
+  slaveFlags.resources = "cpus:2;mem:1024";
+
+  Future<SlaveID> slaveId;
+  EXPECT_CALL(allocator, addSlave(_, _, _, _, _))
+    .WillOnce(DoAll(InvokeAddSlave(&allocator),
+                    FutureArg<0>(&slaveId)));
+
+  Try<PID<Slave>> slave = StartSlave(slaveFlags);
+  ASSERT_SOME(slave);
+
+  Resources unreserved = Resources::parse("cpus:1;mem:512").get();
+  Resources dynamicallyReserved1 = unreserved.flatten(
+      AUTHORIZED_ROLE,
+      createReservationInfo(DEFAULT_CREDENTIAL.principal()));
+  Resources dynamicallyReserved2 = unreserved.flatten(
+      UNAUTHORIZED_ROLE,
+      createReservationInfo(DEFAULT_CREDENTIAL.principal()));
+  Resources dynamicallyReservedMultipleRoles =
+    dynamicallyReserved1 + dynamicallyReserved2;
+
+  // Reserve the resources.
+  Future<Response> response = process::http::post(
+      master.get(),
+      "reserve",
+      createBasicAuthHeaders(DEFAULT_CREDENTIAL),
+      createRequestBody(slaveId.get(), dynamicallyReservedMultipleRoles));
+
+  AWAIT_EXPECT_RESPONSE_STATUS_EQ(Forbidden().status, response);
+
+  Shutdown();
+}
+
+
 // This tests that an attempt to reserve with no 'slaveId' results in a
 // 'BadRequest' HTTP error.
 TEST_F(ReservationEndpointsTest, NoSlaveId)