You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@mesos.apache.org by gr...@apache.org on 2020/08/25 01:02:21 UTC
[mesos] branch master updated: Fixed a bug in CSI server
initialization.
This is an automated email from the ASF dual-hosted git repository.
grag pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/mesos.git
The following commit(s) were added to refs/heads/master by this push:
new 22ecccc Fixed a bug in CSI server initialization.
22ecccc is described below
commit 22ecccc50813597edd2cbb0304823ca56e5f2d25
Author: Greg Mann <gr...@mesosphere.io>
AuthorDate: Mon Aug 24 17:51:17 2020 -0700
Fixed a bug in CSI server initialization.
Previously, the CSI server would initialize the service
managers before the auth token was generated, meaning
that requests made by the service managers to an agent
which requires HTTP authentication would fail.
This patch changes the order of initialization so that
the service managers will be initialized with a valid
auth token when necessary.
Review: https://reviews.apache.org/r/72799/
---
src/slave/csi_server.cpp | 71 ++++++++++++++++++++++++++----------------------
1 file changed, 39 insertions(+), 32 deletions(-)
diff --git a/src/slave/csi_server.cpp b/src/slave/csi_server.cpp
index 0ffe020..3f29a81 100644
--- a/src/slave/csi_server.cpp
+++ b/src/slave/csi_server.cpp
@@ -311,44 +311,51 @@ Future<Nothing> CSIServerProcess::start(const SlaveID& _agentId)
agentId = _agentId;
- // Load all CSI plugin configurations found.
- Try<Nothing> init = initializePlugin();
- if (init.isError()) {
- return Failure(
- "CSI server failed to initialize CSI plugins: " + init.error());
- }
-
- if (!secretGenerator) {
- return Nothing();
+ Future<Nothing> result = Nothing();
+
+ if (secretGenerator) {
+ // The contents of this principal are arbitrary. We choose to avoid a
+ // principal with a 'value' string so that we do not unintentionally collide
+ // with another real principal with restricted permissions.
+ Principal principal(Option<string>::none(), {{"key", "csi-server"}});
+
+ result = secretGenerator->generate(principal)
+ .then(defer(self(), [=](const Secret& secret) -> Future<Nothing> {
+ Option<Error> error = common::validation::validateSecret(secret);
+ if (error.isSome()) {
+ return Failure(
+ "CSI server failed to validate generated secret: " +
+ error->message);
+ }
+
+ if (secret.type() != Secret::VALUE) {
+ return Failure(
+ "CSI server expecting generated secret to be of VALUE type "
+ "instead of " + stringify(secret.type()) + " type; " +
+ "only VALUE type secrets are supported at this time");
+ }
+
+ CHECK(secret.has_value());
+
+ authToken = secret.value().data();
+
+ return Nothing();
+ }));
}
- // The contents of this principal are arbitrary. We choose to avoid a
- // principal with a 'value' string so that we do not unintentionally collide
- // with another real principal with restricted permissions.
- Principal principal(Option<string>::none(), {{"key", "csi-server"}});
-
- return secretGenerator->generate(principal)
- .then([=](const Secret& secret) -> Future<Nothing> {
- Option<Error> error = common::validation::validateSecret(secret);
- if (error.isSome()) {
+ return result
+ .then(defer(self(), [=]() -> Future<Nothing> {
+ // Load all CSI plugin configurations found.
+ // NOTE: `initializePlugin()` requires that the `authToken` has already
+ // been set, so the order of these continuations matters.
+ Try<Nothing> init = initializePlugin();
+ if (init.isError()) {
return Failure(
- "CSI server failed to validate generated secret: " +
- error->message);
+ "CSI server failed to initialize CSI plugins: " + init.error());
}
- if (secret.type() != Secret::VALUE) {
- return Failure(
- "CSI server expecting generated secret to be of VALUE type "
- "instead of " + stringify(secret.type()) + " type; " +
- "only VALUE type secrets are supported at this time");
- }
-
- CHECK(secret.has_value());
-
- authToken = secret.value().data();
-
return Nothing();
- });
+ }));
}