You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@mesos.apache.org by an...@apache.org on 2017/03/24 17:01:52 UTC
[5/6] mesos git commit: Enabled authentication on the V1 executor API.
Enabled authentication on the V1 executor API.
This patch updates the `v1/executor` endpoint on the agent to
route through the correct authentication realm, so that the
agent may require authentication on the executor API.
Review: https://reviews.apache.org/r/57670/
Project: http://git-wip-us.apache.org/repos/asf/mesos/repo
Commit: http://git-wip-us.apache.org/repos/asf/mesos/commit/3e62a134
Tree: http://git-wip-us.apache.org/repos/asf/mesos/tree/3e62a134
Diff: http://git-wip-us.apache.org/repos/asf/mesos/diff/3e62a134
Branch: refs/heads/master
Commit: 3e62a134210f1ea3f5de8b02f761d2e50898b70d
Parents: ede7944
Author: Greg Mann <gr...@mesosphere.io>
Authored: Fri Mar 24 10:00:59 2017 -0700
Committer: Anand Mazumdar <an...@apache.org>
Committed: Fri Mar 24 10:01:33 2017 -0700
----------------------------------------------------------------------
src/slave/constants.hpp | 3 +++
src/slave/http.cpp | 4 +++-
src/slave/slave.cpp | 6 ++++--
src/slave/slave.hpp | 4 +++-
4 files changed, 13 insertions(+), 4 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/mesos/blob/3e62a134/src/slave/constants.hpp
----------------------------------------------------------------------
diff --git a/src/slave/constants.hpp b/src/slave/constants.hpp
index 1f3c543..ef978d6 100644
--- a/src/slave/constants.hpp
+++ b/src/slave/constants.hpp
@@ -142,6 +142,9 @@ constexpr char READONLY_HTTP_AUTHENTICATION_REALM[] = "mesos-agent-readonly";
// Name of the agent HTTP authentication realm for read-write endpoints.
constexpr char READWRITE_HTTP_AUTHENTICATION_REALM[] = "mesos-agent-readwrite";
+// Name of the agent HTTP authentication realm for HTTP executors.
+constexpr char EXECUTOR_HTTP_AUTHENTICATION_REALM[] = "mesos-agent-executor";
+
// Default maximum storage space to be used by the fetcher cache.
constexpr Bytes DEFAULT_FETCHER_CACHE_SIZE = Gigabytes(2);
http://git-wip-us.apache.org/repos/asf/mesos/blob/3e62a134/src/slave/http.cpp
----------------------------------------------------------------------
diff --git a/src/slave/http.cpp b/src/slave/http.cpp
index 1ab6f94..e253ce9 100644
--- a/src/slave/http.cpp
+++ b/src/slave/http.cpp
@@ -635,7 +635,9 @@ string Slave::Http::EXECUTOR_HELP() {
}
-Future<Response> Slave::Http::executor(const Request& request) const
+Future<Response> Slave::Http::executor(
+ const Request& request,
+ const Option<Principal>& principal) const
{
if (!slave->recoveryInfo.reconnect) {
CHECK(slave->state == RECOVERING);
http://git-wip-us.apache.org/repos/asf/mesos/blob/3e62a134/src/slave/slave.cpp
----------------------------------------------------------------------
diff --git a/src/slave/slave.cpp b/src/slave/slave.cpp
index c6ee4fa..3acb29d 100644
--- a/src/slave/slave.cpp
+++ b/src/slave/slave.cpp
@@ -565,10 +565,12 @@ void Slave::initialize()
options);
route("/api/v1/executor",
+ EXECUTOR_HTTP_AUTHENTICATION_REALM,
Http::EXECUTOR_HELP(),
- [this](const process::http::Request& request) {
+ [this](const process::http::Request& request,
+ const Option<Principal>& principal) {
Http::log(request);
- return http.executor(request);
+ return http.executor(request, principal);
});
// TODO(ijimenez): Remove this endpoint at the end of the
http://git-wip-us.apache.org/repos/asf/mesos/blob/3e62a134/src/slave/slave.hpp
----------------------------------------------------------------------
diff --git a/src/slave/slave.hpp b/src/slave/slave.hpp
index f365a53..7ab646e 100644
--- a/src/slave/slave.hpp
+++ b/src/slave/slave.hpp
@@ -503,7 +503,9 @@ private:
// /api/v1/executor
process::Future<process::http::Response> executor(
- const process::http::Request& request) const;
+ const process::http::Request& request,
+ const Option<process::http::authentication::Principal>&
+ principal) const;
// /slave/flags
process::Future<process::http::Response> flags(