You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@mesos.apache.org by ya...@apache.org on 2018/01/17 20:03:01 UTC
[3/3] mesos git commit: Refactor out `authorizeReserveResources` that
takes a `Resources`.
Refactor out `authorizeReserveResources` that takes a `Resources`.
This allows us to authorize static resource reservations that don't
come from `Offer::Operation::Reserve`.
Review: https://reviews.apache.org/r/64514
Project: http://git-wip-us.apache.org/repos/asf/mesos/repo
Commit: http://git-wip-us.apache.org/repos/asf/mesos/commit/5d0d3523
Tree: http://git-wip-us.apache.org/repos/asf/mesos/tree/5d0d3523
Diff: http://git-wip-us.apache.org/repos/asf/mesos/diff/5d0d3523
Branch: refs/heads/master
Commit: 5d0d35236c3b0db3b2f3363244fc45b0928a0541
Parents: 1ead3e6
Author: Jiang Yan Xu <xu...@apple.com>
Authored: Mon Dec 11 15:56:18 2017 -0800
Committer: Jiang Yan Xu <xu...@apple.com>
Committed: Wed Jan 17 11:29:55 2018 -0800
----------------------------------------------------------------------
src/master/master.cpp | 14 ++++++++++++--
src/master/master.hpp | 6 ++++++
2 files changed, 18 insertions(+), 2 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/mesos/blob/5d0d3523/src/master/master.cpp
----------------------------------------------------------------------
diff --git a/src/master/master.cpp b/src/master/master.cpp
index 465336d..b2e28eb 100644
--- a/src/master/master.cpp
+++ b/src/master/master.cpp
@@ -3526,6 +3526,16 @@ Future<bool> Master::authorizeReserveResources(
const Offer::Operation::Reserve& reserve,
const Option<Principal>& principal)
{
+ // Authorizing the reserve operation is equivalent to authorizing
+ // the resources specified in the operation.
+ return authorizeReserveResources(reserve.resources(), principal);
+}
+
+
+Future<bool> Master::authorizeReserveResources(
+ const Resources& resources,
+ const Option<Principal>& principal)
+{
if (authorizer.isNone()) {
return true; // Authorization is disabled.
}
@@ -3543,7 +3553,7 @@ Future<bool> Master::authorizeReserveResources(
// Add an element to `request.roles` for each unique role in the resources.
hashset<string> roles;
list<Future<bool>> authorizations;
- foreach (const Resource& resource, reserve.resources()) {
+ foreach (const Resource& resource, resources) {
// NOTE: Since authorization happens __before__ validation and resource
// format conversion, we must look for roles that may appear in both
// "pre" and "post" reservation-refinement formats. This may not even be
@@ -3573,7 +3583,7 @@ Future<bool> Master::authorizeReserveResources(
LOG(INFO) << "Authorizing principal '"
<< (principal.isSome() ? stringify(principal.get()) : "ANY")
- << "' to reserve resources '" << reserve.resources() << "'";
+ << "' to reserve resources '" << resources << "'";
// NOTE: Empty authorizations are not valid and are checked by a validator.
// However under certain circumstances, this method can be called before
http://git-wip-us.apache.org/repos/asf/mesos/blob/5d0d3523/src/master/master.hpp
----------------------------------------------------------------------
diff --git a/src/master/master.hpp b/src/master/master.hpp
index 3d5180b..651e130 100644
--- a/src/master/master.hpp
+++ b/src/master/master.hpp
@@ -787,6 +787,12 @@ protected:
const Offer::Operation::Reserve& reserve,
const Option<process::http::authentication::Principal>& principal);
+ // Authorizes whether the provided `principal` is allowed to reserve
+ // the specified `resources`.
+ process::Future<bool> authorizeReserveResources(
+ const Resources& resources,
+ const Option<process::http::authentication::Principal>& principal);
+
/**
* Authorizes an `UNRESERVE` operation.
*