You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@mesos.apache.org by bm...@apache.org on 2019/05/20 19:18:17 UTC

[mesos] 01/02: Introduced a function for validating a `FrameworkInfo` update.

This is an automated email from the ASF dual-hosted git repository.

bmahler pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/mesos.git

commit 734be1e9582f516edd168fa562cce570572ecf5e
Author: Andrei Sekretenko <as...@mesosphere.io>
AuthorDate: Mon May 20 14:24:41 2019 -0400

    Introduced a function for validating a `FrameworkInfo` update.
    
    This patch moves the code validating a new `FrameworkInfo` against
    the current one into a separate function. Note that the function
    currently *does not* check `user` and `checkpoint`, and that this
    will be done in a subsequent patch as some refactoring is needed
    to make that possible.
    
    Review: https://reviews.apache.org/r/70666/
---
 src/master/master.cpp     | 29 +++++++++--------------------
 src/master/validation.cpp | 34 ++++++++++++++++++++++++++++++++++
 src/master/validation.hpp |  8 ++++++++
 3 files changed, 51 insertions(+), 20 deletions(-)

diff --git a/src/master/master.cpp b/src/master/master.cpp
index be606e5..24bd957 100644
--- a/src/master/master.cpp
+++ b/src/master/master.cpp
@@ -2566,12 +2566,15 @@ Option<Error> Master::validateFrameworkSubscription(
   Option<Error> validationError =
     validation::framework::validate(frameworkInfo);
 
-  if (!validationError.isNone()){
+  if (validationError.isSome()) {
     return validationError;
   }
 
   // Validate that resubscribing framework does not attempt
-  // to change its principal.
+  // to change immutable fields of the FrameworkInfo.
+  //
+  // TODO(asekretenko): This currently does not check 'user' and 'checkpoint',
+  // which are both immutable! Update this to check these fields.
   if (frameworkInfo.has_id() && !frameworkInfo.id().value().empty()) {
     const Framework* framework = getFramework(frameworkInfo.id());
 
@@ -2580,25 +2583,11 @@ Option<Error> Master::validateFrameworkSubscription(
     // unknown at the time of re-registration. This has to be changed if we
     // decide to start storing `FrameworkInfo` messages.
     if (framework != nullptr) {
-      Option<string> oldPrincipal;
-      if (framework->info.has_principal()) {
-          oldPrincipal = framework->info.principal();
-      }
-
-      Option<string> newPrincipal;
-      if (frameworkInfo.has_principal()) {
-        newPrincipal = frameworkInfo.principal();
-      }
-
-      if (oldPrincipal != newPrincipal) {
-        LOG(WARNING)
-          << "Framework " << frameworkInfo.id() << " which had a principal '"
-          << (oldPrincipal.isSome() ? oldPrincipal.get() : "<NONE>")
-          << "' tried to (re)subscribe with a new principal '"
-          << (newPrincipal.isSome() ? newPrincipal.get() : "<NONE>")
-          << "'";
+      validationError = validation::framework::validateUpdate(
+          framework->info, frameworkInfo);
 
-        return Error("Changing framework's principal is not allowed.");
+      if (validationError.isSome()) {
+        return validationError;
       }
     }
   }
diff --git a/src/master/validation.cpp b/src/master/validation.cpp
index 764c846..39f5bfd 100644
--- a/src/master/validation.cpp
+++ b/src/master/validation.cpp
@@ -566,6 +566,40 @@ Option<Error> validate(const mesos::FrameworkInfo& frameworkInfo)
   return None();
 }
 
+
+Option<Error> validateUpdate(
+    const FrameworkInfo& oldInfo,
+    const FrameworkInfo& newInfo)
+{
+  Option<string> oldPrincipal = None();
+  if (oldInfo.has_principal()) {
+    oldPrincipal = oldInfo.principal();
+  }
+
+  Option<string> newPrincipal = None();
+  if (newInfo.has_principal()) {
+    newPrincipal = newInfo.principal();
+  }
+
+  if (oldPrincipal != newPrincipal) {
+    // We should not expose the old principal to the 'scheduler' which tries
+    // to subscribe with a known framework ID but another principal.
+    // However, it still should be possible for the people having access to
+    // the master to understand what is going on, hence the log message.
+    LOG(WARNING)
+      << "Framework " << oldInfo.id() << " which had a principal "
+      << " '" << oldPrincipal.getOrElse("<NONE>") << "'"
+      << " tried to (re)subscribe with a new principal "
+      << " '" << newPrincipal.getOrElse("<NONE>") << "'";
+
+    return Error("Changing framework's principal is not allowed.");
+  }
+
+  // TODO(asekretenko): Validate that 'user' and 'checkpoint' are not modified.
+
+  return None();
+}
+
 } // namespace framework {
 
 
diff --git a/src/master/validation.hpp b/src/master/validation.hpp
index 95638a1..97c2406 100644
--- a/src/master/validation.hpp
+++ b/src/master/validation.hpp
@@ -112,6 +112,14 @@ Option<Error> validateOfferFilters(const FrameworkInfo& frameworkInfo);
 // Validate a FrameworkInfo.
 Option<Error> validate(const mesos::FrameworkInfo& frameworkInfo);
 
+// Validate that the immutable fields of two FrameworkInfos are identical.
+//
+// TODO(asekretenko): This currently does not check 'user' and 'checkpoint',
+// which are both immutable! Update this to check these fields.
+Option<Error> validateUpdate(
+    const FrameworkInfo& oldInfo,
+    const FrameworkInfo& newInfo);
+
 } // namespace framework {