You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@mesos.apache.org by ji...@apache.org on 2017/11/30 00:04:13 UTC
[02/13] mesos git commit: Added `LocalResourceProvider::principal()`
for authentication.
Added `LocalResourceProvider::principal()` for authentication.
The `LocalResourceProvider::principal()` function takes a
`ResourceProviderInfo` and generates a principal with the following
claim:
{"cid_prefix", <type-with-dots-replaced-by-dashes>-<name>--}
For example, for resource provider with type
'org.apache.mesos.rp.local.storage' and name 'foo', the claim would be:
{"cid_prefix", "org-apache-mesos-rp-local-storage-foo--"}
In the future, we could add more claims for authorizing other
operations, such as authorization for Resource Provider API.
Review: https://reviews.apache.org/r/62762/
Project: http://git-wip-us.apache.org/repos/asf/mesos/repo
Commit: http://git-wip-us.apache.org/repos/asf/mesos/commit/957b0c0b
Tree: http://git-wip-us.apache.org/repos/asf/mesos/tree/957b0c0b
Diff: http://git-wip-us.apache.org/repos/asf/mesos/diff/957b0c0b
Branch: refs/heads/master
Commit: 957b0c0bbf8c03f94148ff8339718645474ada5e
Parents: 459fb2c
Author: Chun-Hung Hsiao <ch...@mesosphere.io>
Authored: Wed Nov 29 15:30:30 2017 -0800
Committer: Jie Yu <yu...@gmail.com>
Committed: Wed Nov 29 15:30:30 2017 -0800
----------------------------------------------------------------------
src/resource_provider/local.cpp | 49 ++++++++++++++++-----
src/resource_provider/local.hpp | 4 ++
src/resource_provider/storage/provider.cpp | 58 +++++++++++++++++++++++++
src/resource_provider/storage/provider.hpp | 3 ++
4 files changed, 103 insertions(+), 11 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/mesos/blob/957b0c0b/src/resource_provider/local.cpp
----------------------------------------------------------------------
diff --git a/src/resource_provider/local.cpp b/src/resource_provider/local.cpp
index ad98f33..ff9819e 100644
--- a/src/resource_provider/local.cpp
+++ b/src/resource_provider/local.cpp
@@ -14,34 +14,61 @@
// See the License for the specific language governing permissions and
// limitations under the License.
+#include <stout/hashmap.hpp>
+#include <stout/lambda.hpp>
+
#include "resource_provider/local.hpp"
#include "resource_provider/storage/provider.hpp"
+namespace http = process::http;
+
+using std::string;
+
using process::Owned;
+using process::http::authentication::Principal;
+
namespace mesos {
namespace internal {
Try<Owned<LocalResourceProvider>> LocalResourceProvider::create(
- const process::http::URL& url,
+ const http::URL& url,
const ResourceProviderInfo& info)
{
// TODO(jieyu): Document the built-in local resource providers.
- if (info.type() == "org.apache.mesos.rp.local.storage") {
- Try<Owned<LocalResourceProvider>> provider =
- StorageLocalResourceProvider::create(url, info);
+ const hashmap<string, lambda::function<decltype(create)>> creators = {
+#if defined(ENABLE_GRPC) && defined(__linux__)
+ {"org.apache.mesos.rp.local.storage", &StorageLocalResourceProvider::create}
+#endif
+ };
+
+ if (creators.contains(info.type())) {
+ return creators.at(info.type())(url, info);
+ }
- if (provider.isError()) {
- return Error(
- "Failed to create storage local resource provider: " +
- provider.error());
- }
+ return Error("Unknown local resource provider type '" + info.type() + "'");
+}
+
+
+Try<Principal> LocalResourceProvider::principal(
+ const ResourceProviderInfo& info)
+{
+ // TODO(chhsiao): Document the principals for built-in local resource
+ // providers.
+ const hashmap<string, lambda::function<decltype(principal)>>
+ principalGenerators = {
+#if defined(ENABLE_GRPC) && defined(__linux__)
+ {"org.apache.mesos.rp.local.storage",
+ &StorageLocalResourceProvider::principal}
+#endif
+ };
- return provider.get();
+ if (principalGenerators.contains(info.type())) {
+ return principalGenerators.at(info.type())(info);
}
- return Error("Unknown resource provider type '" + info.type() + "'");
+ return Error("Unknown local resource provider type '" + info.type() + "'");
}
} // namespace internal {
http://git-wip-us.apache.org/repos/asf/mesos/blob/957b0c0b/src/resource_provider/local.hpp
----------------------------------------------------------------------
diff --git a/src/resource_provider/local.hpp b/src/resource_provider/local.hpp
index ebaa07d..40c8f98 100644
--- a/src/resource_provider/local.hpp
+++ b/src/resource_provider/local.hpp
@@ -17,6 +17,7 @@
#ifndef __RESOURCE_PROVIDER_LOCAL_HPP__
#define __RESOURCE_PROVIDER_LOCAL_HPP__
+#include <process/authenticator.hpp>
#include <process/http.hpp>
#include <process/owned.hpp>
@@ -34,6 +35,9 @@ public:
const process::http::URL& url,
const ResourceProviderInfo& info);
+ static Try<process::http::authentication::Principal> principal(
+ const ResourceProviderInfo& info);
+
virtual ~LocalResourceProvider() = default;
};
http://git-wip-us.apache.org/repos/asf/mesos/blob/957b0c0b/src/resource_provider/storage/provider.cpp
----------------------------------------------------------------------
diff --git a/src/resource_provider/storage/provider.cpp b/src/resource_provider/storage/provider.cpp
index 49c042c..6817df5 100644
--- a/src/resource_provider/storage/provider.cpp
+++ b/src/resource_provider/storage/provider.cpp
@@ -16,6 +16,8 @@
#include "resource_provider/storage/provider.hpp"
+#include <cctype>
+
#include <glog/logging.h>
#include <process/defer.hpp>
@@ -30,7 +32,10 @@
#include "resource_provider/detector.hpp"
+namespace http = process::http;
+
using std::queue;
+using std::string;
using process::Owned;
using process::Process;
@@ -40,6 +45,8 @@ using process::spawn;
using process::terminate;
using process::wait;
+using process::http::authentication::Principal;
+
using mesos::ResourceProviderInfo;
using mesos::resource_provider::Event;
@@ -49,6 +56,39 @@ using mesos::v1::resource_provider::Driver;
namespace mesos {
namespace internal {
+// Returns true if the string is a valid Java identifier.
+static bool isValidName(const string& s)
+{
+ if (s.empty()) {
+ return false;
+ }
+
+ foreach (const char c, s) {
+ if (!isalnum(c) && c != '_') {
+ return false;
+ }
+ }
+
+ return true;
+}
+
+
+// Returns a prefix for naming standalone containers to run CSI plugins
+// for the resource provider. The prefix is of the following format:
+// <rp_type>-<rp_name>--
+// where <rp_type> and <rp_name> are the type and name of the resource
+// provider, with dots replaced by dashes. We use a double-dash at the
+// end to explicitly mark the end of the prefix.
+static inline string getContainerIdPrefix(const ResourceProviderInfo& info)
+{
+ return strings::join(
+ "-",
+ strings::replace(info.type(), ".", "-"),
+ info.name(),
+ "-");
+}
+
+
class StorageLocalResourceProviderProcess
: public Process<StorageLocalResourceProviderProcess>
{
@@ -138,11 +178,29 @@ Try<Owned<LocalResourceProvider>> StorageLocalResourceProvider::create(
const process::http::URL& url,
const ResourceProviderInfo& info)
{
+ // Verify that the name follows Java package naming convention.
+ // TODO(chhsiao): We should move this check to a validation function
+ // for `ResourceProviderInfo`.
+ if (!isValidName(info.name())) {
+ return Error(
+ "Resource provider name '" + info.name() +
+ "' does not follow Java package naming convention");
+ }
+
return Owned<LocalResourceProvider>(
new StorageLocalResourceProvider(url, info));
}
+Try<Principal> StorageLocalResourceProvider::principal(
+ const ResourceProviderInfo& info)
+{
+ return Principal(
+ Option<string>::none(),
+ {{"cid_prefix", getContainerIdPrefix(info)}});
+}
+
+
StorageLocalResourceProvider::StorageLocalResourceProvider(
const process::http::URL& url,
const ResourceProviderInfo& info)
http://git-wip-us.apache.org/repos/asf/mesos/blob/957b0c0b/src/resource_provider/storage/provider.hpp
----------------------------------------------------------------------
diff --git a/src/resource_provider/storage/provider.hpp b/src/resource_provider/storage/provider.hpp
index 6de88c2..b61b41b 100644
--- a/src/resource_provider/storage/provider.hpp
+++ b/src/resource_provider/storage/provider.hpp
@@ -40,6 +40,9 @@ public:
const process::http::URL& url,
const mesos::ResourceProviderInfo& info);
+ static Try<process::http::authentication::Principal> principal(
+ const mesos::ResourceProviderInfo& info);
+
~StorageLocalResourceProvider() override;
StorageLocalResourceProvider(