You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@mesos.apache.org by me...@apache.org on 2016/04/14 13:35:55 UTC
[1/3] mesos git commit: Used already forward-declared
process::http::OK.
Repository: mesos
Updated Branches:
refs/heads/master 0845ec043 -> e893f4959
Used already forward-declared process::http::OK.
Review: https://reviews.apache.org/r/46083/
Project: http://git-wip-us.apache.org/repos/asf/mesos/repo
Commit: http://git-wip-us.apache.org/repos/asf/mesos/commit/3c865e41
Tree: http://git-wip-us.apache.org/repos/asf/mesos/tree/3c865e41
Diff: http://git-wip-us.apache.org/repos/asf/mesos/diff/3c865e41
Branch: refs/heads/master
Commit: 3c865e410dbd5a7d5427ca72860340389ae3c36a
Parents: 0845ec0
Author: Benjamin Bannier <be...@mesosphere.io>
Authored: Thu Apr 14 03:29:43 2016 -0700
Committer: Adam B <ad...@mesosphere.io>
Committed: Thu Apr 14 03:29:43 2016 -0700
----------------------------------------------------------------------
src/tests/slave_tests.cpp | 8 ++++----
1 file changed, 4 insertions(+), 4 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/mesos/blob/3c865e41/src/tests/slave_tests.cpp
----------------------------------------------------------------------
diff --git a/src/tests/slave_tests.cpp b/src/tests/slave_tests.cpp
index 7d2e387..630e73a 100644
--- a/src/tests/slave_tests.cpp
+++ b/src/tests/slave_tests.cpp
@@ -1425,7 +1425,7 @@ TEST_F(SlaveTest, StateEndpoint)
None(),
createBasicAuthHeaders(DEFAULT_CREDENTIAL));
- AWAIT_EXPECT_RESPONSE_STATUS_EQ(http::OK().status, response);
+ AWAIT_EXPECT_RESPONSE_STATUS_EQ(OK().status, response);
AWAIT_EXPECT_RESPONSE_HEADER_EQ(APPLICATION_JSON, "Content-Type", response);
parse = JSON::parse<JSON::Object>(response.get().body);
@@ -1632,7 +1632,7 @@ TEST_F(SlaveTest, StatisticsEndpointNoExecutor)
None(),
createBasicAuthHeaders(DEFAULT_CREDENTIAL));
- AWAIT_EXPECT_RESPONSE_STATUS_EQ(http::OK().status, response);
+ AWAIT_EXPECT_RESPONSE_STATUS_EQ(OK().status, response);
AWAIT_EXPECT_RESPONSE_HEADER_EQ(APPLICATION_JSON, "Content-Type", response);
AWAIT_EXPECT_RESPONSE_BODY_EQ("[]", response);
}
@@ -1701,7 +1701,7 @@ TEST_F(SlaveTest, StatisticsEndpointMissingStatistics)
createBasicAuthHeaders(DEFAULT_CREDENTIAL));
AWAIT_READY(response);
- AWAIT_EXPECT_RESPONSE_STATUS_EQ(http::OK().status, response);
+ AWAIT_EXPECT_RESPONSE_STATUS_EQ(OK().status, response);
AWAIT_EXPECT_RESPONSE_HEADER_EQ(APPLICATION_JSON, "Content-Type", response);
AWAIT_EXPECT_RESPONSE_BODY_EQ("[]", response);
@@ -1803,7 +1803,7 @@ TEST_F(SlaveTest, StatisticsEndpointRunningExecutor)
None(),
createBasicAuthHeaders(DEFAULT_CREDENTIAL));
- AWAIT_EXPECT_RESPONSE_STATUS_EQ(http::OK().status, response);
+ AWAIT_EXPECT_RESPONSE_STATUS_EQ(OK().status, response);
AWAIT_EXPECT_RESPONSE_HEADER_EQ(APPLICATION_JSON, "Content-Type", response);
// Verify that the statistics in the response contains the proper
[2/3] mesos git commit: Added needed forward-declaration for
InternalServerError.
Posted by me...@apache.org.
Added needed forward-declaration for InternalServerError.
As currently written the code relies on `process::http` being the only
visible namespace with name `http`, an assumption which will break as
soon as we introduce declarations from `mesos::http`.
Fix this as customary by explicitly pulling the needed name into the
local name lookup scope.
Review: https://reviews.apache.org/r/46084/
Project: http://git-wip-us.apache.org/repos/asf/mesos/repo
Commit: http://git-wip-us.apache.org/repos/asf/mesos/commit/b372c8d5
Tree: http://git-wip-us.apache.org/repos/asf/mesos/tree/b372c8d5
Diff: http://git-wip-us.apache.org/repos/asf/mesos/diff/b372c8d5
Branch: refs/heads/master
Commit: b372c8d548b440671320adb41abbafaa341987f6
Parents: 3c865e4
Author: Benjamin Bannier <be...@mesosphere.io>
Authored: Thu Apr 14 03:30:04 2016 -0700
Committer: Adam B <ad...@mesosphere.io>
Committed: Thu Apr 14 03:30:04 2016 -0700
----------------------------------------------------------------------
src/tests/slave_tests.cpp | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/mesos/blob/b372c8d5/src/tests/slave_tests.cpp
----------------------------------------------------------------------
diff --git a/src/tests/slave_tests.cpp b/src/tests/slave_tests.cpp
index 630e73a..fd12f3b 100644
--- a/src/tests/slave_tests.cpp
+++ b/src/tests/slave_tests.cpp
@@ -81,6 +81,7 @@ using process::PID;
using process::Promise;
using process::UPID;
+using process::http::InternalServerError;
using process::http::OK;
using process::http::Response;
using process::http::ServiceUnavailable;
@@ -1742,7 +1743,7 @@ TEST_F(SlaveTest, StatisticsEndpointGetResourceUsageFailed)
AWAIT_READY(response);
AWAIT_EXPECT_RESPONSE_STATUS_EQ(
- http::InternalServerError().status, response);
+ InternalServerError().status, response);
terminate(slave);
wait(slave);
[3/3] mesos git commit: Added authentication to agent's
/monitor/statistics endpoint.
Posted by me...@apache.org.
Added authentication to agent's /monitor/statistics endpoint.
Review: https://reviews.apache.org/r/46085/
Project: http://git-wip-us.apache.org/repos/asf/mesos/repo
Commit: http://git-wip-us.apache.org/repos/asf/mesos/commit/e893f495
Tree: http://git-wip-us.apache.org/repos/asf/mesos/tree/e893f495
Diff: http://git-wip-us.apache.org/repos/asf/mesos/diff/e893f495
Branch: refs/heads/master
Commit: e893f4959ec6aa075ebcf721661172499f28a3d2
Parents: b372c8d
Author: Benjamin Bannier <be...@mesosphere.io>
Authored: Thu Apr 14 03:35:45 2016 -0700
Committer: Adam B <ad...@mesosphere.io>
Committed: Thu Apr 14 03:35:45 2016 -0700
----------------------------------------------------------------------
src/slave/http.cpp | 4 ++-
src/slave/slave.cpp | 12 ++++++---
src/slave/slave.hpp | 3 ++-
src/tests/slave_tests.cpp | 60 ++++++++++++++++++++++++++++++++++++++++++
4 files changed, 73 insertions(+), 6 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/mesos/blob/e893f495/src/slave/http.cpp
----------------------------------------------------------------------
diff --git a/src/slave/http.cpp b/src/slave/http.cpp
index 922aaad..3f96f2c 100644
--- a/src/slave/http.cpp
+++ b/src/slave/http.cpp
@@ -591,7 +591,9 @@ string Slave::Http::STATISTICS_HELP()
}
-Future<Response> Slave::Http::statistics(const Request& request) const
+Future<Response> Slave::Http::statistics(
+ const Request& request,
+ const Option<string>& /* principal */) const
{
return statisticsLimiter->acquire()
.then(defer(slave->self(), &Slave::usage))
http://git-wip-us.apache.org/repos/asf/mesos/blob/e893f495/src/slave/slave.cpp
----------------------------------------------------------------------
diff --git a/src/slave/slave.cpp b/src/slave/slave.cpp
index 49fa4a0..de99e9e 100644
--- a/src/slave/slave.cpp
+++ b/src/slave/slave.cpp
@@ -742,16 +742,20 @@ void Slave::initialize()
return http.health(request);
});
route("/monitor/statistics",
+ DEFAULT_HTTP_AUTHENTICATION_REALM,
Http::STATISTICS_HELP(),
- [http](const process::http::Request& request) {
- return http.statistics(request);
+ [http](const process::http::Request& request,
+ const Option<string>& principal) {
+ return http.statistics(request, principal);
});
// TODO(ijimenez): Remove this endpoint at the end of the
// deprecation cycle on 0.26.
route("/monitor/statistics.json",
+ DEFAULT_HTTP_AUTHENTICATION_REALM,
Http::STATISTICS_HELP(),
- [http](const process::http::Request& request) {
- return http.statistics(request);
+ [http](const process::http::Request& request,
+ const Option<string>& principal) {
+ return http.statistics(request, principal);
});
// Expose the log file for the webui. Fall back to 'log_dir' if
http://git-wip-us.apache.org/repos/asf/mesos/blob/e893f495/src/slave/slave.hpp
----------------------------------------------------------------------
diff --git a/src/slave/slave.hpp b/src/slave/slave.hpp
index 76f3aff..f78c1b4 100644
--- a/src/slave/slave.hpp
+++ b/src/slave/slave.hpp
@@ -448,7 +448,8 @@ private:
// /slave/monitor/statistics
// /slave/monitor/statistics.json
process::Future<process::http::Response> statistics(
- const process::http::Request& request) const;
+ const process::http::Request& request,
+ const Option<std::string>& /* principal */) const;
static std::string EXECUTOR_HELP();
static std::string FLAGS_HELP();
http://git-wip-us.apache.org/repos/asf/mesos/blob/e893f495/src/tests/slave_tests.cpp
----------------------------------------------------------------------
diff --git a/src/tests/slave_tests.cpp b/src/tests/slave_tests.cpp
index fd12f3b..ee58488 100644
--- a/src/tests/slave_tests.cpp
+++ b/src/tests/slave_tests.cpp
@@ -27,6 +27,8 @@
#include <mesos/executor.hpp>
#include <mesos/scheduler.hpp>
+#include <mesos/authentication/http/basic_authenticator_factory.hpp>
+
#include <process/clock.hpp>
#include <process/future.hpp>
#include <process/gmock.hpp>
@@ -1830,6 +1832,64 @@ TEST_F(SlaveTest, StatisticsEndpointRunningExecutor)
}
+// This test confirms that an agent's statistics endpoint is
+// authenticated. We rely on the agent implicitly having HTTP
+// authentication enabled.
+TEST_F(SlaveTest, StatisticsEndpointAuthentication)
+{
+ Try<Owned<cluster::Master>> master = StartMaster();
+ ASSERT_SOME(master);
+
+ Owned<MasterDetector> detector = master.get()->createDetector();
+
+ Try<Owned<cluster::Slave>> agent = StartSlave(detector.get());
+ ASSERT_SOME(agent);
+
+ const string statisticsEndpoints[] =
+ {"monitor/statistics", "monitor/statistics.json"};
+
+ foreach (const string& statisticsEndpoint, statisticsEndpoints) {
+ // Unauthenticated requests are rejected.
+ {
+ Future<Response> response = process::http::get(
+ agent.get()->pid,
+ statisticsEndpoint);
+
+ AWAIT_EXPECT_RESPONSE_STATUS_EQ(Unauthorized({}).status, response)
+ << response.get().body;
+ }
+
+ // Incorrectly authenticated requests are rejected.
+ {
+ Credential badCredential;
+ badCredential.set_principal("badPrincipal");
+ badCredential.set_secret("badSecret");
+
+ Future<Response> response = process::http::get(
+ agent.get()->pid,
+ statisticsEndpoint,
+ None(),
+ createBasicAuthHeaders(badCredential));
+
+ AWAIT_EXPECT_RESPONSE_STATUS_EQ(Unauthorized({}).status, response)
+ << response.get().body;
+ }
+
+ // Correctly authenticated requests succeed.
+ {
+ Future<Response> response = process::http::get(
+ agent.get()->pid,
+ statisticsEndpoint,
+ None(),
+ createBasicAuthHeaders(DEFAULT_CREDENTIAL));
+
+ AWAIT_EXPECT_RESPONSE_STATUS_EQ(OK().status, response)
+ << response.get().body;
+ }
+ }
+}
+
+
// This test ensures that when a slave is shutting down, it will not
// try to re-register with the master.
TEST_F(SlaveTest, DISABLED_TerminatingSlaveDoesNotReregister)