You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@mesos.apache.org by me...@apache.org on 2016/04/14 13:35:55 UTC

[1/3] mesos git commit: Used already forward-declared process::http::OK.

Repository: mesos
Updated Branches:
  refs/heads/master 0845ec043 -> e893f4959


Used already forward-declared process::http::OK.

Review: https://reviews.apache.org/r/46083/


Project: http://git-wip-us.apache.org/repos/asf/mesos/repo
Commit: http://git-wip-us.apache.org/repos/asf/mesos/commit/3c865e41
Tree: http://git-wip-us.apache.org/repos/asf/mesos/tree/3c865e41
Diff: http://git-wip-us.apache.org/repos/asf/mesos/diff/3c865e41

Branch: refs/heads/master
Commit: 3c865e410dbd5a7d5427ca72860340389ae3c36a
Parents: 0845ec0
Author: Benjamin Bannier <be...@mesosphere.io>
Authored: Thu Apr 14 03:29:43 2016 -0700
Committer: Adam B <ad...@mesosphere.io>
Committed: Thu Apr 14 03:29:43 2016 -0700

----------------------------------------------------------------------
 src/tests/slave_tests.cpp | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/mesos/blob/3c865e41/src/tests/slave_tests.cpp
----------------------------------------------------------------------
diff --git a/src/tests/slave_tests.cpp b/src/tests/slave_tests.cpp
index 7d2e387..630e73a 100644
--- a/src/tests/slave_tests.cpp
+++ b/src/tests/slave_tests.cpp
@@ -1425,7 +1425,7 @@ TEST_F(SlaveTest, StateEndpoint)
       None(),
       createBasicAuthHeaders(DEFAULT_CREDENTIAL));
 
-  AWAIT_EXPECT_RESPONSE_STATUS_EQ(http::OK().status, response);
+  AWAIT_EXPECT_RESPONSE_STATUS_EQ(OK().status, response);
   AWAIT_EXPECT_RESPONSE_HEADER_EQ(APPLICATION_JSON, "Content-Type", response);
 
   parse = JSON::parse<JSON::Object>(response.get().body);
@@ -1632,7 +1632,7 @@ TEST_F(SlaveTest, StatisticsEndpointNoExecutor)
       None(),
       createBasicAuthHeaders(DEFAULT_CREDENTIAL));
 
-  AWAIT_EXPECT_RESPONSE_STATUS_EQ(http::OK().status, response);
+  AWAIT_EXPECT_RESPONSE_STATUS_EQ(OK().status, response);
   AWAIT_EXPECT_RESPONSE_HEADER_EQ(APPLICATION_JSON, "Content-Type", response);
   AWAIT_EXPECT_RESPONSE_BODY_EQ("[]", response);
 }
@@ -1701,7 +1701,7 @@ TEST_F(SlaveTest, StatisticsEndpointMissingStatistics)
       createBasicAuthHeaders(DEFAULT_CREDENTIAL));
 
   AWAIT_READY(response);
-  AWAIT_EXPECT_RESPONSE_STATUS_EQ(http::OK().status, response);
+  AWAIT_EXPECT_RESPONSE_STATUS_EQ(OK().status, response);
   AWAIT_EXPECT_RESPONSE_HEADER_EQ(APPLICATION_JSON, "Content-Type", response);
   AWAIT_EXPECT_RESPONSE_BODY_EQ("[]", response);
 
@@ -1803,7 +1803,7 @@ TEST_F(SlaveTest, StatisticsEndpointRunningExecutor)
       None(),
       createBasicAuthHeaders(DEFAULT_CREDENTIAL));
 
-  AWAIT_EXPECT_RESPONSE_STATUS_EQ(http::OK().status, response);
+  AWAIT_EXPECT_RESPONSE_STATUS_EQ(OK().status, response);
   AWAIT_EXPECT_RESPONSE_HEADER_EQ(APPLICATION_JSON, "Content-Type", response);
 
   // Verify that the statistics in the response contains the proper

[2/3] mesos git commit: Added needed forward-declaration for InternalServerError.

Posted by me...@apache.org.

Added needed forward-declaration for InternalServerError.

As currently written the code relies on `process::http` being the only
visible namespace with name `http`, an assumption which will break as
soon as we introduce declarations from `mesos::http`.

Fix this as customary by explicitly pulling the needed name into the
local name lookup scope.

Review: https://reviews.apache.org/r/46084/


Project: http://git-wip-us.apache.org/repos/asf/mesos/repo
Commit: http://git-wip-us.apache.org/repos/asf/mesos/commit/b372c8d5
Tree: http://git-wip-us.apache.org/repos/asf/mesos/tree/b372c8d5
Diff: http://git-wip-us.apache.org/repos/asf/mesos/diff/b372c8d5

Branch: refs/heads/master
Commit: b372c8d548b440671320adb41abbafaa341987f6
Parents: 3c865e4
Author: Benjamin Bannier <be...@mesosphere.io>
Authored: Thu Apr 14 03:30:04 2016 -0700
Committer: Adam B <ad...@mesosphere.io>
Committed: Thu Apr 14 03:30:04 2016 -0700

----------------------------------------------------------------------
 src/tests/slave_tests.cpp | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/mesos/blob/b372c8d5/src/tests/slave_tests.cpp
----------------------------------------------------------------------
diff --git a/src/tests/slave_tests.cpp b/src/tests/slave_tests.cpp
index 630e73a..fd12f3b 100644
--- a/src/tests/slave_tests.cpp
+++ b/src/tests/slave_tests.cpp
@@ -81,6 +81,7 @@ using process::PID;
 using process::Promise;
 using process::UPID;
 
+using process::http::InternalServerError;
 using process::http::OK;
 using process::http::Response;
 using process::http::ServiceUnavailable;
@@ -1742,7 +1743,7 @@ TEST_F(SlaveTest, StatisticsEndpointGetResourceUsageFailed)
 
   AWAIT_READY(response);
   AWAIT_EXPECT_RESPONSE_STATUS_EQ(
-      http::InternalServerError().status, response);
+      InternalServerError().status, response);
 
   terminate(slave);
   wait(slave);

[3/3] mesos git commit: Added authentication to agent's /monitor/statistics endpoint.

Posted by me...@apache.org.

Added authentication to agent's /monitor/statistics endpoint.

Review: https://reviews.apache.org/r/46085/


Project: http://git-wip-us.apache.org/repos/asf/mesos/repo
Commit: http://git-wip-us.apache.org/repos/asf/mesos/commit/e893f495
Tree: http://git-wip-us.apache.org/repos/asf/mesos/tree/e893f495
Diff: http://git-wip-us.apache.org/repos/asf/mesos/diff/e893f495

Branch: refs/heads/master
Commit: e893f4959ec6aa075ebcf721661172499f28a3d2
Parents: b372c8d
Author: Benjamin Bannier <be...@mesosphere.io>
Authored: Thu Apr 14 03:35:45 2016 -0700
Committer: Adam B <ad...@mesosphere.io>
Committed: Thu Apr 14 03:35:45 2016 -0700

----------------------------------------------------------------------
 src/slave/http.cpp        |  4 ++-
 src/slave/slave.cpp       | 12 ++++++---
 src/slave/slave.hpp       |  3 ++-
 src/tests/slave_tests.cpp | 60 ++++++++++++++++++++++++++++++++++++++++++
 4 files changed, 73 insertions(+), 6 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/mesos/blob/e893f495/src/slave/http.cpp
----------------------------------------------------------------------
diff --git a/src/slave/http.cpp b/src/slave/http.cpp
index 922aaad..3f96f2c 100644
--- a/src/slave/http.cpp
+++ b/src/slave/http.cpp
@@ -591,7 +591,9 @@ string Slave::Http::STATISTICS_HELP()
 }
 
 
-Future<Response> Slave::Http::statistics(const Request& request) const
+Future<Response> Slave::Http::statistics(
+    const Request& request,
+    const Option<string>& /* principal */) const
 {
   return statisticsLimiter->acquire()
     .then(defer(slave->self(), &Slave::usage))

http://git-wip-us.apache.org/repos/asf/mesos/blob/e893f495/src/slave/slave.cpp
----------------------------------------------------------------------
diff --git a/src/slave/slave.cpp b/src/slave/slave.cpp
index 49fa4a0..de99e9e 100644
--- a/src/slave/slave.cpp
+++ b/src/slave/slave.cpp
@@ -742,16 +742,20 @@ void Slave::initialize()
           return http.health(request);
         });
   route("/monitor/statistics",
+        DEFAULT_HTTP_AUTHENTICATION_REALM,
         Http::STATISTICS_HELP(),
-        [http](const process::http::Request& request) {
-          return http.statistics(request);
+        [http](const process::http::Request& request,
+               const Option<string>& principal) {
+          return http.statistics(request, principal);
         });
   // TODO(ijimenez): Remove this endpoint at the end of the
   // deprecation cycle on 0.26.
   route("/monitor/statistics.json",
+        DEFAULT_HTTP_AUTHENTICATION_REALM,
         Http::STATISTICS_HELP(),
-        [http](const process::http::Request& request) {
-          return http.statistics(request);
+        [http](const process::http::Request& request,
+               const Option<string>& principal) {
+          return http.statistics(request, principal);
         });
 
   // Expose the log file for the webui. Fall back to 'log_dir' if

http://git-wip-us.apache.org/repos/asf/mesos/blob/e893f495/src/slave/slave.hpp
----------------------------------------------------------------------
diff --git a/src/slave/slave.hpp b/src/slave/slave.hpp
index 76f3aff..f78c1b4 100644
--- a/src/slave/slave.hpp
+++ b/src/slave/slave.hpp
@@ -448,7 +448,8 @@ private:
     // /slave/monitor/statistics
     // /slave/monitor/statistics.json
     process::Future<process::http::Response> statistics(
-        const process::http::Request& request) const;
+        const process::http::Request& request,
+        const Option<std::string>& /* principal */) const;
 
     static std::string EXECUTOR_HELP();
     static std::string FLAGS_HELP();

http://git-wip-us.apache.org/repos/asf/mesos/blob/e893f495/src/tests/slave_tests.cpp
----------------------------------------------------------------------
diff --git a/src/tests/slave_tests.cpp b/src/tests/slave_tests.cpp
index fd12f3b..ee58488 100644
--- a/src/tests/slave_tests.cpp
+++ b/src/tests/slave_tests.cpp
@@ -27,6 +27,8 @@
 #include <mesos/executor.hpp>
 #include <mesos/scheduler.hpp>
 
+#include <mesos/authentication/http/basic_authenticator_factory.hpp>
+
 #include <process/clock.hpp>
 #include <process/future.hpp>
 #include <process/gmock.hpp>
@@ -1830,6 +1832,64 @@ TEST_F(SlaveTest, StatisticsEndpointRunningExecutor)
 }
 
 
+// This test confirms that an agent's statistics endpoint is
+// authenticated. We rely on the agent implicitly having HTTP
+// authentication enabled.
+TEST_F(SlaveTest, StatisticsEndpointAuthentication)
+{
+  Try<Owned<cluster::Master>> master = StartMaster();
+  ASSERT_SOME(master);
+
+  Owned<MasterDetector> detector = master.get()->createDetector();
+
+  Try<Owned<cluster::Slave>> agent = StartSlave(detector.get());
+  ASSERT_SOME(agent);
+
+  const string statisticsEndpoints[] =
+    {"monitor/statistics", "monitor/statistics.json"};
+
+  foreach (const string& statisticsEndpoint, statisticsEndpoints) {
+    // Unauthenticated requests are rejected.
+    {
+      Future<Response> response = process::http::get(
+          agent.get()->pid,
+          statisticsEndpoint);
+
+      AWAIT_EXPECT_RESPONSE_STATUS_EQ(Unauthorized({}).status, response)
+          << response.get().body;
+    }
+
+    // Incorrectly authenticated requests are rejected.
+    {
+      Credential badCredential;
+      badCredential.set_principal("badPrincipal");
+      badCredential.set_secret("badSecret");
+
+      Future<Response> response = process::http::get(
+          agent.get()->pid,
+          statisticsEndpoint,
+          None(),
+          createBasicAuthHeaders(badCredential));
+
+      AWAIT_EXPECT_RESPONSE_STATUS_EQ(Unauthorized({}).status, response)
+          << response.get().body;
+    }
+
+    // Correctly authenticated requests succeed.
+    {
+      Future<Response> response = process::http::get(
+          agent.get()->pid,
+          statisticsEndpoint,
+          None(),
+          createBasicAuthHeaders(DEFAULT_CREDENTIAL));
+
+      AWAIT_EXPECT_RESPONSE_STATUS_EQ(OK().status, response)
+          << response.get().body;
+    }
+  }
+}
+
+
 // This test ensures that when a slave is shutting down, it will not
 // try to re-register with the master.
 TEST_F(SlaveTest, DISABLED_TerminatingSlaveDoesNotReregister)