You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@mesos.apache.org by ar...@apache.org on 2018/01/19 13:09:35 UTC

[2/2] mesos git commit: Mesos flags related to ZooKeeper use SecurePathOrValue.

Mesos flags related to ZooKeeper use SecurePathOrValue.

Up until now the Mesos master flag `--zk` as well as the Mesos agent
flag `--master` would leak ZooKeeper authentication credentials in
both logs and results for the `/flags` endpoint, if the credentials
were part of the configuration url.

This patch prevents this leakage if a user decides to store the
ZooKeeper url in a file and pass the file as a value to the flags
mentioned above (using the preffix `file://`).

Review: https://reviews.apache.org/r/65090


Project: http://git-wip-us.apache.org/repos/asf/mesos/repo
Commit: http://git-wip-us.apache.org/repos/asf/mesos/commit/ddde3252
Tree: http://git-wip-us.apache.org/repos/asf/mesos/tree/ddde3252
Diff: http://git-wip-us.apache.org/repos/asf/mesos/diff/ddde3252

Branch: refs/heads/master
Commit: ddde325257359950b4a7b2c0bb88dd072330f744
Parents: 398f361
Author: Alexander Rojas <al...@mesosphere.io>
Authored: Thu Jan 11 10:47:04 2018 +0100
Committer: Alexander Rojas <al...@mesosphere.io>
Committed: Fri Jan 19 14:08:36 2018 +0100

----------------------------------------------------------------------
 src/master/flags.hpp |  2 +-
 src/master/main.cpp  | 10 +++++++---
 src/slave/flags.hpp  |  2 +-
 src/slave/main.cpp   |  4 +++-
 4 files changed, 12 insertions(+), 6 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/mesos/blob/ddde3252/src/master/flags.hpp
----------------------------------------------------------------------
diff --git a/src/master/flags.hpp b/src/master/flags.hpp
index dabb414..505786e 100644
--- a/src/master/flags.hpp
+++ b/src/master/flags.hpp
@@ -107,7 +107,7 @@ public:
   uint16_t port;
   Option<std::string> advertise_ip;
   Option<std::string> advertise_port;
-  Option<std::string> zk;
+  Option<flags::SecurePathOrValue> zk;
 
   // Optional IP discover script that will set the Master IP.
   // If set, its output is expected to be a valid parseable IP string.

http://git-wip-us.apache.org/repos/asf/mesos/blob/ddde3252/src/master/main.cpp
----------------------------------------------------------------------
diff --git a/src/master/main.cpp b/src/master/main.cpp
index f65ce63..0040d65 100644
--- a/src/master/main.cpp
+++ b/src/master/main.cpp
@@ -370,7 +370,7 @@ int main(int argc, char** argv)
           << " registry when using ZooKeeper";
       }
 
-      Try<zookeeper::URL> url = zookeeper::URL::parse(flags.zk.get());
+      Try<zookeeper::URL> url = zookeeper::URL::parse(flags.zk.get().value);
       if (url.isError()) {
         EXIT(EXIT_FAILURE) << "Error parsing ZooKeeper URL: " << url.error();
       }
@@ -411,7 +411,9 @@ int main(int argc, char** argv)
   MasterDetector* detector;
 
   Try<MasterContender*> contender_ = MasterContender::create(
-      flags.zk, flags.master_contender, flags.zk_session_timeout);
+      flags.zk.isSome() ? flags.zk->value : Option<string>::none(),
+      flags.master_contender,
+      flags.zk_session_timeout);
 
   if (contender_.isError()) {
     EXIT(EXIT_FAILURE)
@@ -421,7 +423,9 @@ int main(int argc, char** argv)
   contender = contender_.get();
 
   Try<MasterDetector*> detector_ = MasterDetector::create(
-      flags.zk, flags.master_detector, flags.zk_session_timeout);
+      flags.zk.isSome() ? flags.zk->value : Option<string>::none(),
+      flags.master_detector,
+      flags.zk_session_timeout);
 
   if (detector_.isError()) {
     EXIT(EXIT_FAILURE)

http://git-wip-us.apache.org/repos/asf/mesos/blob/ddde3252/src/slave/flags.hpp
----------------------------------------------------------------------
diff --git a/src/slave/flags.hpp b/src/slave/flags.hpp
index 42c4861..0c67bf2 100644
--- a/src/slave/flags.hpp
+++ b/src/slave/flags.hpp
@@ -192,7 +192,7 @@ public:
   uint16_t port;
   Option<std::string> advertise_ip;
   Option<std::string> advertise_port;
-  Option<std::string> master;
+  Option<flags::SecurePathOrValue> master;
 
   Duration zk_session_timeout;
 

http://git-wip-us.apache.org/repos/asf/mesos/blob/ddde3252/src/slave/main.cpp
----------------------------------------------------------------------
diff --git a/src/slave/main.cpp b/src/slave/main.cpp
index f38fec6..43292ea 100644
--- a/src/slave/main.cpp
+++ b/src/slave/main.cpp
@@ -500,7 +500,9 @@ int main(int argc, char** argv)
   }
 
   Try<MasterDetector*> detector_ = MasterDetector::create(
-      flags.master, flags.master_detector, flags.zk_session_timeout);
+      flags.master.isSome() ? flags.master->value : Option<string>::none(),
+      flags.master_detector,
+      flags.zk_session_timeout);
 
   if (detector_.isError()) {
     EXIT(EXIT_FAILURE)