You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@mesos.apache.org by ar...@apache.org on 2018/01/19 13:09:35 UTC
[2/2] mesos git commit: Mesos flags related to ZooKeeper use
SecurePathOrValue.
Mesos flags related to ZooKeeper use SecurePathOrValue.
Up until now the Mesos master flag `--zk` as well as the Mesos agent
flag `--master` would leak ZooKeeper authentication credentials in
both logs and results for the `/flags` endpoint, if the credentials
were part of the configuration url.
This patch prevents this leakage if a user decides to store the
ZooKeeper url in a file and pass the file as a value to the flags
mentioned above (using the preffix `file://`).
Review: https://reviews.apache.org/r/65090
Project: http://git-wip-us.apache.org/repos/asf/mesos/repo
Commit: http://git-wip-us.apache.org/repos/asf/mesos/commit/ddde3252
Tree: http://git-wip-us.apache.org/repos/asf/mesos/tree/ddde3252
Diff: http://git-wip-us.apache.org/repos/asf/mesos/diff/ddde3252
Branch: refs/heads/master
Commit: ddde325257359950b4a7b2c0bb88dd072330f744
Parents: 398f361
Author: Alexander Rojas <al...@mesosphere.io>
Authored: Thu Jan 11 10:47:04 2018 +0100
Committer: Alexander Rojas <al...@mesosphere.io>
Committed: Fri Jan 19 14:08:36 2018 +0100
----------------------------------------------------------------------
src/master/flags.hpp | 2 +-
src/master/main.cpp | 10 +++++++---
src/slave/flags.hpp | 2 +-
src/slave/main.cpp | 4 +++-
4 files changed, 12 insertions(+), 6 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/mesos/blob/ddde3252/src/master/flags.hpp
----------------------------------------------------------------------
diff --git a/src/master/flags.hpp b/src/master/flags.hpp
index dabb414..505786e 100644
--- a/src/master/flags.hpp
+++ b/src/master/flags.hpp
@@ -107,7 +107,7 @@ public:
uint16_t port;
Option<std::string> advertise_ip;
Option<std::string> advertise_port;
- Option<std::string> zk;
+ Option<flags::SecurePathOrValue> zk;
// Optional IP discover script that will set the Master IP.
// If set, its output is expected to be a valid parseable IP string.
http://git-wip-us.apache.org/repos/asf/mesos/blob/ddde3252/src/master/main.cpp
----------------------------------------------------------------------
diff --git a/src/master/main.cpp b/src/master/main.cpp
index f65ce63..0040d65 100644
--- a/src/master/main.cpp
+++ b/src/master/main.cpp
@@ -370,7 +370,7 @@ int main(int argc, char** argv)
<< " registry when using ZooKeeper";
}
- Try<zookeeper::URL> url = zookeeper::URL::parse(flags.zk.get());
+ Try<zookeeper::URL> url = zookeeper::URL::parse(flags.zk.get().value);
if (url.isError()) {
EXIT(EXIT_FAILURE) << "Error parsing ZooKeeper URL: " << url.error();
}
@@ -411,7 +411,9 @@ int main(int argc, char** argv)
MasterDetector* detector;
Try<MasterContender*> contender_ = MasterContender::create(
- flags.zk, flags.master_contender, flags.zk_session_timeout);
+ flags.zk.isSome() ? flags.zk->value : Option<string>::none(),
+ flags.master_contender,
+ flags.zk_session_timeout);
if (contender_.isError()) {
EXIT(EXIT_FAILURE)
@@ -421,7 +423,9 @@ int main(int argc, char** argv)
contender = contender_.get();
Try<MasterDetector*> detector_ = MasterDetector::create(
- flags.zk, flags.master_detector, flags.zk_session_timeout);
+ flags.zk.isSome() ? flags.zk->value : Option<string>::none(),
+ flags.master_detector,
+ flags.zk_session_timeout);
if (detector_.isError()) {
EXIT(EXIT_FAILURE)
http://git-wip-us.apache.org/repos/asf/mesos/blob/ddde3252/src/slave/flags.hpp
----------------------------------------------------------------------
diff --git a/src/slave/flags.hpp b/src/slave/flags.hpp
index 42c4861..0c67bf2 100644
--- a/src/slave/flags.hpp
+++ b/src/slave/flags.hpp
@@ -192,7 +192,7 @@ public:
uint16_t port;
Option<std::string> advertise_ip;
Option<std::string> advertise_port;
- Option<std::string> master;
+ Option<flags::SecurePathOrValue> master;
Duration zk_session_timeout;
http://git-wip-us.apache.org/repos/asf/mesos/blob/ddde3252/src/slave/main.cpp
----------------------------------------------------------------------
diff --git a/src/slave/main.cpp b/src/slave/main.cpp
index f38fec6..43292ea 100644
--- a/src/slave/main.cpp
+++ b/src/slave/main.cpp
@@ -500,7 +500,9 @@ int main(int argc, char** argv)
}
Try<MasterDetector*> detector_ = MasterDetector::create(
- flags.master, flags.master_detector, flags.zk_session_timeout);
+ flags.master.isSome() ? flags.master->value : Option<string>::none(),
+ flags.master_detector,
+ flags.zk_session_timeout);
if (detector_.isError()) {
EXIT(EXIT_FAILURE)