You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@mesos.apache.org by ar...@apache.org on 2018/03/14 17:10:16 UTC
[6/8] mesos git commit: Refactored authorization logic in the agent.
http://git-wip-us.apache.org/repos/asf/mesos/blob/83dd7f87/src/slave/http.hpp
----------------------------------------------------------------------
diff --git a/src/slave/http.hpp b/src/slave/http.hpp
index c33adeb..dcfd0d9 100644
--- a/src/slave/http.hpp
+++ b/src/slave/http.hpp
@@ -116,8 +116,7 @@ private:
// Helper function to collect containers status and resource statistics.
process::Future<JSON::Array> __containers(
- process::Owned<AuthorizationAcceptor> authorizeContainer,
- process::Owned<AuthorizationAcceptor> authorizeStandaloneContainer,
+ const process::Owned<ObjectApprovers>& approvers,
Option<IDAcceptor<ContainerID>> selectContainerId,
bool showNestedContainers,
bool showStandaloneContainers) const;
@@ -177,7 +176,7 @@ private:
const Option<process::http::authentication::Principal>& principal) const;
mesos::agent::Response::GetFrameworks _getFrameworks(
- const process::Owned<ObjectApprover>& frameworksApprover) const;
+ const process::Owned<ObjectApprovers>& approvers ) const;
process::Future<process::http::Response> getExecutors(
const mesos::agent::Call& call,
@@ -185,8 +184,7 @@ private:
const Option<process::http::authentication::Principal>& principal) const;
mesos::agent::Response::GetExecutors _getExecutors(
- const process::Owned<ObjectApprover>& frameworksApprover,
- const process::Owned<ObjectApprover>& executorsApprover) const;
+ const process::Owned<ObjectApprovers>& approvers) const;
process::Future<process::http::Response> getOperations(
const mesos::agent::Call& call,
@@ -199,9 +197,7 @@ private:
const Option<process::http::authentication::Principal>& principal) const;
mesos::agent::Response::GetTasks _getTasks(
- const process::Owned<ObjectApprover>& frameworksApprover,
- const process::Owned<ObjectApprover>& tasksApprover,
- const process::Owned<ObjectApprover>& executorsApprover) const;
+ const process::Owned<ObjectApprovers>& approvers) const;
process::Future<process::http::Response> getAgent(
const mesos::agent::Call& call,
@@ -219,9 +215,7 @@ private:
const Option<process::http::authentication::Principal>& principal) const;
mesos::agent::Response::GetState _getState(
- const process::Owned<ObjectApprover>& frameworksApprover,
- const process::Owned<ObjectApprover>& taskApprover,
- const process::Owned<ObjectApprover>& executorsApprover) const;
+ const process::Owned<ObjectApprovers>& approvers) const;
process::Future<process::http::Response> launchNestedContainer(
const mesos::agent::Call& call,
@@ -233,6 +227,13 @@ private:
ContentType acceptType,
const Option<process::http::authentication::Principal>& principal) const;
+ template <mesos::authorization::Action action>
+ process::Future<process::http::Response> launchContainer(
+ const mesos::agent::Call& call,
+ ContentType acceptType,
+ const Option<process::http::authentication::Principal>& principal) const;
+
+ template <mesos::authorization::Action action>
process::Future<process::http::Response> _launchContainer(
const ContainerID& containerId,
const CommandInfo& commandInfo,
@@ -240,7 +241,7 @@ private:
const Option<ContainerInfo>& containerInfo,
const Option<mesos::slave::ContainerClass>& containerClass,
ContentType acceptType,
- const process::Owned<AuthorizationAcceptor>& authorizer) const;
+ const process::Owned<ObjectApprovers>& approvers) const;
process::Future<process::http::Response> waitNestedContainer(
const mesos::agent::Call& call,
@@ -252,10 +253,17 @@ private:
ContentType acceptType,
const Option<process::http::authentication::Principal>& principal) const;
+ template <authorization::Action action>
+ process::Future<process::http::Response> waitContainer(
+ const mesos::agent::Call& call,
+ ContentType acceptType,
+ const Option<process::http::authentication::Principal>& principal) const;
+
+ template <authorization::Action action>
process::Future<process::http::Response> _waitContainer(
const ContainerID& containerId,
ContentType acceptType,
- const process::Owned<AuthorizationAcceptor>& authorizer,
+ const process::Owned<ObjectApprovers>& approvers,
const bool deprecated) const;
process::Future<process::http::Response> killNestedContainer(
@@ -268,11 +276,18 @@ private:
ContentType acceptType,
const Option<process::http::authentication::Principal>& principal) const;
+ template <mesos::authorization::Action ACTION>
+ process::Future<process::http::Response> killContainer(
+ const mesos::agent::Call& call,
+ ContentType acceptType,
+ const Option<process::http::authentication::Principal>& principal) const;
+
+ template <mesos::authorization::Action ACTION>
process::Future<process::http::Response> _killContainer(
const ContainerID& containerId,
const int signal,
ContentType acceptType,
- const process::Owned<AuthorizationAcceptor>& authorizer) const;
+ const process::Owned<ObjectApprovers>& approvers) const;
process::Future<process::http::Response> removeNestedContainer(
const mesos::agent::Call& call,
@@ -284,10 +299,17 @@ private:
ContentType acceptType,
const Option<process::http::authentication::Principal>& principal) const;
+ template <mesos::authorization::Action ACTION>
+ process::Future<process::http::Response> removeContainer(
+ const mesos::agent::Call& call,
+ ContentType acceptType,
+ const Option<process::http::authentication::Principal>& principal) const;
+
+ template <mesos::authorization::Action ACTION>
process::Future<process::http::Response> _removeContainer(
const ContainerID& containerId,
ContentType acceptType,
- const process::Owned<AuthorizationAcceptor>& authorizer) const;
+ const process::Owned<ObjectApprovers>& approvers) const;
process::Future<process::http::Response> launchNestedContainerSession(
const mesos::agent::Call& call,
http://git-wip-us.apache.org/repos/asf/mesos/blob/83dd7f87/src/slave/slave.cpp
----------------------------------------------------------------------
diff --git a/src/slave/slave.cpp b/src/slave/slave.cpp
index 2f4ab15..4112163 100644
--- a/src/slave/slave.cpp
+++ b/src/slave/slave.cpp
@@ -122,6 +122,7 @@ using google::protobuf::RepeatedPtrField;
using mesos::SecretGenerator;
using mesos::authorization::createSubject;
+using mesos::authorization::ACCESS_SANDBOX;
using mesos::executor::Call;
@@ -8373,14 +8374,13 @@ Future<bool> Slave::authorizeSandboxAccess(
// Set authorization subject.
Option<authorization::Subject> subject = createSubject(principal);
- Future<Owned<ObjectApprover>> sandboxApprover =
- authorizer.get()->getObjectApprover(subject, authorization::ACCESS_SANDBOX);
-
- return sandboxApprover
+ return ObjectApprovers::create(
+ authorizer,
+ principal,
+ {ACCESS_SANDBOX})
.then(defer(
self(),
- [this, frameworkId, executorId](
- const Owned<ObjectApprover>& sandboxApprover) -> Future<bool> {
+ [=](const Owned<ObjectApprovers>& approvers) -> Future<bool> {
// Construct authorization object.
ObjectApprover::Object object;
@@ -8395,13 +8395,7 @@ Future<bool> Slave::authorizeSandboxAccess(
}
}
- Try<bool> approved = sandboxApprover->approved(object);
-
- if (approved.isError()) {
- return Failure(approved.error());
- }
-
- return approved.get();
+ return approvers->approved<ACCESS_SANDBOX>(object);
}));
}