You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@aurora.apache.org by wf...@apache.org on 2013/12/06 00:34:12 UTC
git commit: Retrieve credentials from file.
Updated Branches:
refs/heads/wfarner/test-committer-access [created] 1b734b56f
Retrieve credentials from file.
Project: http://git-wip-us.apache.org/repos/asf/incubator-aurora/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-aurora/commit/1b734b56
Tree: http://git-wip-us.apache.org/repos/asf/incubator-aurora/tree/1b734b56
Diff: http://git-wip-us.apache.org/repos/asf/incubator-aurora/diff/1b734b56
Branch: refs/heads/wfarner/test-committer-access
Commit: 1b734b56f81a71ce048a9dc5bc72c428062b8848
Parents: d51feca
Author: Zameer Manji <zm...@twitter.com>
Authored: Thu Dec 5 12:14:27 2013 -0800
Committer: Zameer Manji <zm...@twitter.com>
Committed: Thu Dec 5 12:14:27 2013 -0800
----------------------------------------------------------------------
.../twitter/aurora/scheduler/DriverFactory.java | 57 ++++++++++----
.../aurora/scheduler/DriverFactoryImplTest.java | 78 ++++++++++++++++++++
2 files changed, 122 insertions(+), 13 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/incubator-aurora/blob/1b734b56/src/main/java/com/twitter/aurora/scheduler/DriverFactory.java
----------------------------------------------------------------------
diff --git a/src/main/java/com/twitter/aurora/scheduler/DriverFactory.java b/src/main/java/com/twitter/aurora/scheduler/DriverFactory.java
index 0d69c85..e39bb09 100644
--- a/src/main/java/com/twitter/aurora/scheduler/DriverFactory.java
+++ b/src/main/java/com/twitter/aurora/scheduler/DriverFactory.java
@@ -15,14 +15,22 @@
*/
package com.twitter.aurora.scheduler;
+import java.io.File;
+import java.io.FileInputStream;
+import java.io.FileNotFoundException;
+import java.io.IOException;
+import java.io.InputStream;
+import java.util.Properties;
import java.util.logging.Logger;
import javax.annotation.Nullable;
import javax.inject.Inject;
import javax.inject.Provider;
+import com.google.common.annotations.VisibleForTesting;
import com.google.common.base.Function;
import com.google.common.base.Preconditions;
+import com.google.common.base.Throwables;
import com.google.protobuf.ByteString;
import org.apache.mesos.MesosSchedulerDriver;
@@ -51,14 +59,15 @@ public interface DriverFactory extends Function<String, SchedulerDriver> {
help = "Address for the mesos master, can be a socket address or zookeeper path.")
private static final Arg<String> MESOS_MASTER_ADDRESS = Arg.create();
- @CmdLine(name = "framework_authentication_principal",
- help = "Principal used to authenticate to the Mesos master.")
- private static final Arg<String> FRAMEWORK_AUTHENTICATION_PRINCIPAL = Arg.create();
-
- // TODO(Kevin Sweeney): Read a file here to avoid leaking secrets on the command-line.
- @CmdLine(name = "framework_authentication_secret",
- help = "Secret used to authenticate to the Mesos master.")
- private static final Arg<String> FRAMEWORK_AUTHENTICATION_SECRET = Arg.create();
+ @VisibleForTesting
+ static final String PRINCIPAL_KEY = "aurora_authentication_principal";
+ @VisibleForTesting
+ static final String SECRET_KEY = "aurora_authentication_secret";
+ @CmdLine(name = "framework_authentication_file",
+ help = "Properties file which contains framework credentials to authenticate with Mesos"
+ + "master. Must contain the properties '" + PRINCIPAL_KEY + "' and "
+ + "'" + SECRET_KEY + "'.")
+ private static final Arg<File> FRAMEWORK_AUTHENTICATION_FILE = Arg.create();
@CmdLine(name = "framework_failover_timeout",
help = "Time after which a framework is considered deleted. SHOULD BE VERY HIGH.")
@@ -104,6 +113,22 @@ public interface DriverFactory extends Function<String, SchedulerDriver> {
this.scheduler = Preconditions.checkNotNull(scheduler);
}
+ @VisibleForTesting
+ static Properties parseCredentials(InputStream credentialsStream) {
+ Properties properties = new Properties();
+ try {
+ properties.load(credentialsStream);
+ } catch (IOException e) {
+ LOG.severe("Unable to load authentication file");
+ throw Throwables.propagate(e);
+ }
+ Preconditions.checkState(properties.containsKey(PRINCIPAL_KEY),
+ "The framework authentication file is missing the key: %s", PRINCIPAL_KEY);
+ Preconditions.checkState(properties.containsKey(SECRET_KEY),
+ "The framework authentication file is missing the key: %s", SECRET_KEY);
+ return properties;
+ }
+
@Override
public SchedulerDriver apply(@Nullable String frameworkId) {
LOG.info("Connecting to mesos master: " + MESOS_MASTER_ADDRESS.get());
@@ -121,15 +146,21 @@ public interface DriverFactory extends Function<String, SchedulerDriver> {
LOG.warning("Did not find a persisted framework ID, connecting as a new framework.");
}
- if (FRAMEWORK_AUTHENTICATION_PRINCIPAL.hasAppliedValue()
- && FRAMEWORK_AUTHENTICATION_SECRET.hasAppliedValue()) {
+ if (FRAMEWORK_AUTHENTICATION_FILE.hasAppliedValue()) {
+ Properties properties;
+ try {
+ properties = parseCredentials(new FileInputStream(FRAMEWORK_AUTHENTICATION_FILE.get()));
+ } catch (FileNotFoundException e) {
+ LOG.severe("Authentication File not Found");
+ throw Throwables.propagate(e);
+ }
LOG.info(String.format("Connecting to master using authentication (principal: %s).",
- FRAMEWORK_AUTHENTICATION_PRINCIPAL.get()));
+ properties.get(PRINCIPAL_KEY)));
Credential credential = Credential.newBuilder()
- .setPrincipal(FRAMEWORK_AUTHENTICATION_PRINCIPAL.get())
- .setSecret(ByteString.copyFromUtf8(FRAMEWORK_AUTHENTICATION_SECRET.get()))
+ .setPrincipal(properties.getProperty(PRINCIPAL_KEY))
+ .setSecret(ByteString.copyFromUtf8(properties.getProperty(SECRET_KEY)))
.build();
return new MesosSchedulerDriver(
http://git-wip-us.apache.org/repos/asf/incubator-aurora/blob/1b734b56/src/test/java/com/twitter/aurora/scheduler/DriverFactoryImplTest.java
----------------------------------------------------------------------
diff --git a/src/test/java/com/twitter/aurora/scheduler/DriverFactoryImplTest.java b/src/test/java/com/twitter/aurora/scheduler/DriverFactoryImplTest.java
new file mode 100644
index 0000000..bb4b1c5
--- /dev/null
+++ b/src/test/java/com/twitter/aurora/scheduler/DriverFactoryImplTest.java
@@ -0,0 +1,78 @@
+/*
+ * Copyright 2013 Twitter, Inc.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package com.twitter.aurora.scheduler;
+
+import java.io.ByteArrayInputStream;
+import java.io.ByteArrayOutputStream;
+import java.io.File;
+import java.io.FileNotFoundException;
+import java.io.IOException;
+import java.io.Writer;
+import java.nio.charset.Charset;
+import java.util.Properties;
+
+import javax.inject.Provider;
+
+import com.google.common.base.Charsets;
+import com.google.common.io.Files;
+import com.google.common.base.Throwables;
+
+import org.apache.mesos.Scheduler;
+import org.junit.Before;
+import org.junit.Test;
+
+import com.twitter.aurora.scheduler.DriverFactory.DriverFactoryImpl;
+import com.twitter.common.testing.easymock.EasyMockTest;
+
+import static org.junit.Assert.assertEquals;
+
+public class DriverFactoryImplTest extends EasyMockTest {
+
+ @Test(expected=IllegalStateException.class)
+ public void testMissingPropertiesParsing() {
+ Properties testProperties = new Properties();
+ testProperties.put(DriverFactoryImpl.PRINCIPAL_KEY, "aurora-scheduler");
+
+ ByteArrayOutputStream propertiesStream = new ByteArrayOutputStream();
+ try {
+ testProperties.store(propertiesStream, "");
+ } catch (IOException e) {
+ throw Throwables.propagate(e);
+ }
+
+ control.replay();
+ DriverFactoryImpl.parseCredentials(new ByteArrayInputStream(propertiesStream.toByteArray()));
+ }
+
+ @Test
+ public void testPropertiesParsing() {
+ Properties testProperties = new Properties();
+ testProperties.put(DriverFactoryImpl.PRINCIPAL_KEY, "aurora-scheduler");
+ testProperties.put(DriverFactoryImpl.SECRET_KEY, "secret");
+
+ ByteArrayOutputStream propertiesStream = new ByteArrayOutputStream();
+ try {
+ testProperties.store(propertiesStream, "");
+ } catch (IOException e) {
+ throw Throwables.propagate(e);
+ }
+
+ control.replay();
+ assertEquals(testProperties,
+ DriverFactoryImpl.parseCredentials(
+ new ByteArrayInputStream(propertiesStream.toByteArray())));
+ }
+}