You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@aurora.apache.org by wf...@apache.org on 2013/12/06 00:34:12 UTC

git commit: Retrieve credentials from file.

Updated Branches:
  refs/heads/wfarner/test-committer-access [created] 1b734b56f


Retrieve credentials from file.


Project: http://git-wip-us.apache.org/repos/asf/incubator-aurora/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-aurora/commit/1b734b56
Tree: http://git-wip-us.apache.org/repos/asf/incubator-aurora/tree/1b734b56
Diff: http://git-wip-us.apache.org/repos/asf/incubator-aurora/diff/1b734b56

Branch: refs/heads/wfarner/test-committer-access
Commit: 1b734b56f81a71ce048a9dc5bc72c428062b8848
Parents: d51feca
Author: Zameer Manji <zm...@twitter.com>
Authored: Thu Dec 5 12:14:27 2013 -0800
Committer: Zameer Manji <zm...@twitter.com>
Committed: Thu Dec 5 12:14:27 2013 -0800

----------------------------------------------------------------------
 .../twitter/aurora/scheduler/DriverFactory.java | 57 ++++++++++----
 .../aurora/scheduler/DriverFactoryImplTest.java | 78 ++++++++++++++++++++
 2 files changed, 122 insertions(+), 13 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/incubator-aurora/blob/1b734b56/src/main/java/com/twitter/aurora/scheduler/DriverFactory.java
----------------------------------------------------------------------
diff --git a/src/main/java/com/twitter/aurora/scheduler/DriverFactory.java b/src/main/java/com/twitter/aurora/scheduler/DriverFactory.java
index 0d69c85..e39bb09 100644
--- a/src/main/java/com/twitter/aurora/scheduler/DriverFactory.java
+++ b/src/main/java/com/twitter/aurora/scheduler/DriverFactory.java
@@ -15,14 +15,22 @@
  */
 package com.twitter.aurora.scheduler;
 
+import java.io.File;
+import java.io.FileInputStream;
+import java.io.FileNotFoundException;
+import java.io.IOException;
+import java.io.InputStream;
+import java.util.Properties;
 import java.util.logging.Logger;
 
 import javax.annotation.Nullable;
 import javax.inject.Inject;
 import javax.inject.Provider;
 
+import com.google.common.annotations.VisibleForTesting;
 import com.google.common.base.Function;
 import com.google.common.base.Preconditions;
+import com.google.common.base.Throwables;
 import com.google.protobuf.ByteString;
 
 import org.apache.mesos.MesosSchedulerDriver;
@@ -51,14 +59,15 @@ public interface DriverFactory extends Function<String, SchedulerDriver> {
         help = "Address for the mesos master, can be a socket address or zookeeper path.")
     private static final Arg<String> MESOS_MASTER_ADDRESS = Arg.create();
 
-    @CmdLine(name = "framework_authentication_principal",
-        help = "Principal used to authenticate to the Mesos master.")
-    private static final Arg<String> FRAMEWORK_AUTHENTICATION_PRINCIPAL = Arg.create();
-
-    // TODO(Kevin Sweeney): Read a file here to avoid leaking secrets on the command-line.
-    @CmdLine(name = "framework_authentication_secret",
-        help = "Secret used to authenticate to the Mesos master.")
-    private static final Arg<String> FRAMEWORK_AUTHENTICATION_SECRET = Arg.create();
+    @VisibleForTesting
+    static final String PRINCIPAL_KEY = "aurora_authentication_principal";
+    @VisibleForTesting
+    static final String SECRET_KEY = "aurora_authentication_secret";
+    @CmdLine(name = "framework_authentication_file",
+        help = "Properties file which contains framework credentials to authenticate with Mesos"
+            + "master. Must contain the properties '" + PRINCIPAL_KEY + "' and "
+            + "'" + SECRET_KEY + "'.")
+    private static final Arg<File> FRAMEWORK_AUTHENTICATION_FILE = Arg.create();
 
     @CmdLine(name = "framework_failover_timeout",
         help = "Time after which a framework is considered deleted.  SHOULD BE VERY HIGH.")
@@ -104,6 +113,22 @@ public interface DriverFactory extends Function<String, SchedulerDriver> {
       this.scheduler = Preconditions.checkNotNull(scheduler);
     }
 
+    @VisibleForTesting
+    static Properties parseCredentials(InputStream credentialsStream) {
+      Properties properties = new Properties();
+      try {
+        properties.load(credentialsStream);
+      } catch (IOException e) {
+        LOG.severe("Unable to load authentication file");
+        throw Throwables.propagate(e);
+      }
+      Preconditions.checkState(properties.containsKey(PRINCIPAL_KEY),
+          "The framework authentication file is missing the key: %s", PRINCIPAL_KEY);
+      Preconditions.checkState(properties.containsKey(SECRET_KEY),
+          "The framework authentication file is missing the key: %s", SECRET_KEY);
+      return properties;
+    }
+
     @Override
     public SchedulerDriver apply(@Nullable String frameworkId) {
       LOG.info("Connecting to mesos master: " + MESOS_MASTER_ADDRESS.get());
@@ -121,15 +146,21 @@ public interface DriverFactory extends Function<String, SchedulerDriver> {
         LOG.warning("Did not find a persisted framework ID, connecting as a new framework.");
       }
 
-      if (FRAMEWORK_AUTHENTICATION_PRINCIPAL.hasAppliedValue()
-          && FRAMEWORK_AUTHENTICATION_SECRET.hasAppliedValue()) {
+      if (FRAMEWORK_AUTHENTICATION_FILE.hasAppliedValue()) {
+        Properties properties;
+        try {
+          properties = parseCredentials(new FileInputStream(FRAMEWORK_AUTHENTICATION_FILE.get()));
+        } catch (FileNotFoundException e) {
+          LOG.severe("Authentication File not Found");
+          throw Throwables.propagate(e);
+        }
 
         LOG.info(String.format("Connecting to master using authentication (principal: %s).",
-            FRAMEWORK_AUTHENTICATION_PRINCIPAL.get()));
+            properties.get(PRINCIPAL_KEY)));
 
         Credential credential = Credential.newBuilder()
-            .setPrincipal(FRAMEWORK_AUTHENTICATION_PRINCIPAL.get())
-            .setSecret(ByteString.copyFromUtf8(FRAMEWORK_AUTHENTICATION_SECRET.get()))
+            .setPrincipal(properties.getProperty(PRINCIPAL_KEY))
+            .setSecret(ByteString.copyFromUtf8(properties.getProperty(SECRET_KEY)))
             .build();
 
         return new MesosSchedulerDriver(

http://git-wip-us.apache.org/repos/asf/incubator-aurora/blob/1b734b56/src/test/java/com/twitter/aurora/scheduler/DriverFactoryImplTest.java
----------------------------------------------------------------------
diff --git a/src/test/java/com/twitter/aurora/scheduler/DriverFactoryImplTest.java b/src/test/java/com/twitter/aurora/scheduler/DriverFactoryImplTest.java
new file mode 100644
index 0000000..bb4b1c5
--- /dev/null
+++ b/src/test/java/com/twitter/aurora/scheduler/DriverFactoryImplTest.java
@@ -0,0 +1,78 @@
+/*
+ * Copyright 2013 Twitter, Inc.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package com.twitter.aurora.scheduler;
+
+import java.io.ByteArrayInputStream;
+import java.io.ByteArrayOutputStream;
+import java.io.File;
+import java.io.FileNotFoundException;
+import java.io.IOException;
+import java.io.Writer;
+import java.nio.charset.Charset;
+import java.util.Properties;
+
+import javax.inject.Provider;
+
+import com.google.common.base.Charsets;
+import com.google.common.io.Files;
+import com.google.common.base.Throwables;
+
+import org.apache.mesos.Scheduler;
+import org.junit.Before;
+import org.junit.Test;
+
+import com.twitter.aurora.scheduler.DriverFactory.DriverFactoryImpl;
+import com.twitter.common.testing.easymock.EasyMockTest;
+
+import static org.junit.Assert.assertEquals;
+
+public class DriverFactoryImplTest extends EasyMockTest {
+
+  @Test(expected=IllegalStateException.class)
+  public void testMissingPropertiesParsing() {
+    Properties testProperties = new Properties();
+    testProperties.put(DriverFactoryImpl.PRINCIPAL_KEY, "aurora-scheduler");
+
+    ByteArrayOutputStream propertiesStream = new ByteArrayOutputStream();
+    try {
+      testProperties.store(propertiesStream, "");
+    } catch (IOException e) {
+      throw Throwables.propagate(e);
+    }
+
+    control.replay();
+    DriverFactoryImpl.parseCredentials(new ByteArrayInputStream(propertiesStream.toByteArray()));
+  }
+
+  @Test
+  public void testPropertiesParsing() {
+    Properties testProperties = new Properties();
+    testProperties.put(DriverFactoryImpl.PRINCIPAL_KEY, "aurora-scheduler");
+    testProperties.put(DriverFactoryImpl.SECRET_KEY, "secret");
+
+    ByteArrayOutputStream propertiesStream = new ByteArrayOutputStream();
+    try {
+      testProperties.store(propertiesStream, "");
+    } catch (IOException e) {
+      throw Throwables.propagate(e);
+    }
+
+    control.replay();
+    assertEquals(testProperties,
+        DriverFactoryImpl.parseCredentials(
+            new ByteArrayInputStream(propertiesStream.toByteArray())));
+  }
+}