You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@mesos.apache.org by ji...@apache.org on 2016/02/26 20:43:20 UTC
[5/6] mesos git commit: Added '/reserve' tests with multiple roles.
Added '/reserve' tests with multiple roles.
Operators may reserve resources for multiple roles in the same
operation; this patch adds tests to confirm correct behavior of
authorization in this case. The tests
`ReservationEndpointsTest.GoodReserveACLMultipleRoles` and
`ReservationEndpointsTest.BadReserveACLMultipleRoles` were added.
Review: https://reviews.apache.org/r/43779/
Project: http://git-wip-us.apache.org/repos/asf/mesos/repo
Commit: http://git-wip-us.apache.org/repos/asf/mesos/commit/b234d364
Tree: http://git-wip-us.apache.org/repos/asf/mesos/tree/b234d364
Diff: http://git-wip-us.apache.org/repos/asf/mesos/diff/b234d364
Branch: refs/heads/master
Commit: b234d3641e65fdd4f6ec845d1015bd3f50184914
Parents: 27ce052
Author: Greg Mann <gr...@mesosphere.io>
Authored: Fri Feb 26 11:42:55 2016 -0800
Committer: Jie Yu <yu...@gmail.com>
Committed: Fri Feb 26 11:42:55 2016 -0800
----------------------------------------------------------------------
src/tests/reservation_endpoints_tests.cpp | 124 +++++++++++++++++++++++++
1 file changed, 124 insertions(+)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/mesos/blob/b234d364/src/tests/reservation_endpoints_tests.cpp
----------------------------------------------------------------------
diff --git a/src/tests/reservation_endpoints_tests.cpp b/src/tests/reservation_endpoints_tests.cpp
index 8c582f7..f3a1438 100644
--- a/src/tests/reservation_endpoints_tests.cpp
+++ b/src/tests/reservation_endpoints_tests.cpp
@@ -1032,6 +1032,63 @@ TEST_F(ReservationEndpointsTest, GoodReserveAndUnreserveACL)
}
+// This tests that correct setup of `ReserveResources` ACLs allows the operator
+// to perform reserve operations for multiple roles successfully.
+TEST_F(ReservationEndpointsTest, GoodReserveACLMultipleRoles)
+{
+ TestAllocator<> allocator;
+ ACLs acls;
+
+ // This ACL asserts that the principal of `DEFAULT_CREDENTIAL`
+ // can reserve resources for any role.
+ mesos::ACL::ReserveResources* reserve = acls.add_reserve_resources();
+ reserve->mutable_principals()->add_values(DEFAULT_CREDENTIAL.principal());
+ reserve->mutable_roles()->set_type(mesos::ACL::Entity::ANY);
+
+ // Create a master.
+ master::Flags masterFlags = CreateMasterFlags();
+ masterFlags.acls = acls;
+
+ EXPECT_CALL(allocator, initialize(_, _, _, _));
+
+ Try<PID<Master>> master = StartMaster(&allocator, masterFlags);
+ ASSERT_SOME(master);
+
+ // Create a slave.
+ slave::Flags slaveFlags = CreateSlaveFlags();
+ slaveFlags.resources = "cpus:2;mem:1024";
+
+ Future<SlaveID> slaveId;
+ EXPECT_CALL(allocator, addSlave(_, _, _, _, _))
+ .WillOnce(DoAll(InvokeAddSlave(&allocator),
+ FutureArg<0>(&slaveId)));
+
+ Try<PID<Slave>> slave = StartSlave(slaveFlags);
+ ASSERT_SOME(slave);
+
+ Resources unreserved = Resources::parse("cpus:1;mem:512").get();
+ Resources dynamicallyReserved1 = unreserved.flatten(
+ "jedi_master",
+ createReservationInfo(DEFAULT_CREDENTIAL.principal()));
+ Resources dynamicallyReserved2 = unreserved.flatten(
+ "sith_lord",
+ createReservationInfo(DEFAULT_CREDENTIAL.principal()));
+ Resources dynamicallyReservedMultipleRoles =
+ dynamicallyReserved1 + dynamicallyReserved2;
+
+ // Reserve the resources.
+ Future<Response> response = process::http::post(
+ master.get(),
+ "reserve",
+ createBasicAuthHeaders(DEFAULT_CREDENTIAL),
+ createRequestBody(slaveId.get(), dynamicallyReservedMultipleRoles));
+
+ AWAIT_EXPECT_RESPONSE_STATUS_EQ(OK().status, response);
+
+ Shutdown();
+}
+
+
// This tests that an incorrect set-up of Reserve ACL disallows the
// operator from performing reserve operations.
TEST_F(ReservationEndpointsTest, BadReserveACL)
@@ -1161,6 +1218,73 @@ TEST_F(ReservationEndpointsTest, BadUnreserveACL)
}
+// Tests that reserve operations will fail if multiple roles are included in a
+// request, while the principal attempting the reservation is not authorized to
+// reserve for one of them.
+TEST_F(ReservationEndpointsTest, BadReserveACLMultipleRoles)
+{
+ const string AUTHORIZED_ROLE = "panda";
+ const string UNAUTHORIZED_ROLE = "giraffe";
+
+ TestAllocator<> allocator;
+ ACLs acls;
+
+ // This ACL asserts that the principal of `DEFAULT_CREDENTIAL`
+ // can reserve resources for `AUTHORIZED_ROLE`.
+ mesos::ACL::ReserveResources* reserve1 = acls.add_reserve_resources();
+ reserve1->mutable_principals()->add_values(DEFAULT_CREDENTIAL.principal());
+ reserve1->mutable_roles()->add_values(AUTHORIZED_ROLE);
+
+ // This ACL asserts that the principal of `DEFAULT_CREDENTIAL`
+ // cannot reserve resources for any other role.
+ mesos::ACL::ReserveResources* reserve2 = acls.add_reserve_resources();
+ reserve2->mutable_principals()->add_values(DEFAULT_CREDENTIAL.principal());
+ reserve2->mutable_roles()->set_type(mesos::ACL::Entity::NONE);
+
+ // Create a master.
+ master::Flags masterFlags = CreateMasterFlags();
+ masterFlags.acls = acls;
+
+ EXPECT_CALL(allocator, initialize(_, _, _, _));
+
+ Try<PID<Master>> master = StartMaster(&allocator, masterFlags);
+ ASSERT_SOME(master);
+
+ // Create a slave.
+ slave::Flags slaveFlags = CreateSlaveFlags();
+ slaveFlags.resources = "cpus:2;mem:1024";
+
+ Future<SlaveID> slaveId;
+ EXPECT_CALL(allocator, addSlave(_, _, _, _, _))
+ .WillOnce(DoAll(InvokeAddSlave(&allocator),
+ FutureArg<0>(&slaveId)));
+
+ Try<PID<Slave>> slave = StartSlave(slaveFlags);
+ ASSERT_SOME(slave);
+
+ Resources unreserved = Resources::parse("cpus:1;mem:512").get();
+ Resources dynamicallyReserved1 = unreserved.flatten(
+ AUTHORIZED_ROLE,
+ createReservationInfo(DEFAULT_CREDENTIAL.principal()));
+ Resources dynamicallyReserved2 = unreserved.flatten(
+ UNAUTHORIZED_ROLE,
+ createReservationInfo(DEFAULT_CREDENTIAL.principal()));
+ Resources dynamicallyReservedMultipleRoles =
+ dynamicallyReserved1 + dynamicallyReserved2;
+
+ // Reserve the resources.
+ Future<Response> response = process::http::post(
+ master.get(),
+ "reserve",
+ createBasicAuthHeaders(DEFAULT_CREDENTIAL),
+ createRequestBody(slaveId.get(), dynamicallyReservedMultipleRoles));
+
+ AWAIT_EXPECT_RESPONSE_STATUS_EQ(Forbidden().status, response);
+
+ Shutdown();
+}
+
+
// This tests that an attempt to reserve with no 'slaveId' results in a
// 'BadRequest' HTTP error.
TEST_F(ReservationEndpointsTest, NoSlaveId)