You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@mesos.apache.org by me...@apache.org on 2016/03/13 12:08:33 UTC
[1/2] mesos git commit: Added authentication to master endpoints.
Repository: mesos
Updated Branches:
refs/heads/master 295b58022 -> 477b9ab8a
Added authentication to master endpoints.
Added Authentication to master process http endpoints
(except version, health, redirect, scheduler).
Review: https://reviews.apache.org/r/44186/
Project: http://git-wip-us.apache.org/repos/asf/mesos/repo
Commit: http://git-wip-us.apache.org/repos/asf/mesos/commit/37eff333
Tree: http://git-wip-us.apache.org/repos/asf/mesos/tree/37eff333
Diff: http://git-wip-us.apache.org/repos/asf/mesos/diff/37eff333
Branch: refs/heads/master
Commit: 37eff3337e67e32005fbd6d1ca9d45b336701106
Parents: 295b580
Author: Joerg Schad <jo...@mesosphere.io>
Authored: Sat Mar 12 23:59:12 2016 -0800
Committer: Adam B <ad...@mesosphere.io>
Committed: Sat Mar 12 23:59:12 2016 -0800
----------------------------------------------------------------------
src/master/http.cpp | 48 ++++++--
src/master/master.cpp | 90 +++++++++-----
src/master/master.hpp | 36 ++++--
.../docker_containerizer_tests.cpp | 7 +-
src/tests/fault_tolerance_tests.cpp | 31 ++++-
src/tests/health_check_tests.cpp | 24 +++-
src/tests/master_maintenance_tests.cpp | 55 +++++++--
src/tests/master_tests.cpp | 123 +++++++++++++++----
src/tests/persistent_volume_endpoints_tests.cpp | 6 +-
src/tests/repair_tests.cpp | 49 ++++++--
src/tests/role_tests.cpp | 30 ++++-
src/tests/status_update_manager_tests.cpp | 7 +-
12 files changed, 390 insertions(+), 116 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/mesos/blob/37eff333/src/master/http.cpp
----------------------------------------------------------------------
diff --git a/src/master/http.cpp b/src/master/http.cpp
index 0834c33..6dec322 100644
--- a/src/master/http.cpp
+++ b/src/master/http.cpp
@@ -734,7 +734,9 @@ string Master::Http::FRAMEWORKS()
}
-Future<Response> Master::Http::frameworks(const Request& request) const
+Future<Response> Master::Http::frameworks(
+ const Request& request,
+ const Option<string>& /*principal*/) const
{
auto frameworks = [this](JSON::ObjectWriter* writer) {
// Model all of the frameworks.
@@ -776,7 +778,9 @@ string Master::Http::FLAGS_HELP()
}
-Future<Response> Master::Http::flags(const Request& request) const
+Future<Response> Master::Http::flags(
+ const Request& request,
+ const Option<string>& /*principal*/) const
{
JSON::Object object;
@@ -855,7 +859,9 @@ Try<string> getFormValue(
}
-Future<Response> Master::Http::observe(const Request& request) const
+Future<Response> Master::Http::observe(
+ const Request& request,
+ const Option<string>& /*principal*/) const
{
Try<hashmap<string, string>> decode =
process::http::query::decode(request.body);
@@ -1060,7 +1066,9 @@ string Master::Http::SLAVES_HELP()
}
-Future<Response> Master::Http::slaves(const Request& request) const
+Future<Response> Master::Http::slaves(
+ const Request& request,
+ const Option<string>& /*principal*/) const
{
auto slaves = [this](JSON::ObjectWriter* writer) {
writer->field("slaves", [this](JSON::ArrayWriter* writer) {
@@ -1268,7 +1276,9 @@ string Master::Http::STATE_HELP()
}
-Future<Response> Master::Http::state(const Request& request) const
+Future<Response> Master::Http::state(
+ const Request& request,
+ const Option<string>& /*principal*/) const
{
auto state = [this](JSON::ObjectWriter* writer) {
writer->field("version", MESOS_VERSION);
@@ -1541,7 +1551,9 @@ string Master::Http::STATESUMMARY_HELP()
}
-Future<Response> Master::Http::stateSummary(const Request& request) const
+Future<Response> Master::Http::stateSummary(
+ const Request& request,
+ const Option<string>& /*principal*/) const
{
auto stateSummary = [this](JSON::ObjectWriter* writer) {
writer->field("hostname", master->info().hostname());
@@ -1699,7 +1711,9 @@ JSON::Object model(
}
-Future<Response> Master::Http::roles(const Request& request) const
+Future<Response> Master::Http::roles(
+ const Request& request,
+ const Option<string>& /*principal*/) const
{
JSON::Object object;
@@ -1904,7 +1918,9 @@ struct TaskComparator
};
-Future<Response> Master::Http::tasks(const Request& request) const
+Future<Response> Master::Http::tasks(
+ const Request& request,
+ const Option<string>& /*principal*/) const
{
// Get list options (limit and offset).
Result<int> result = numify<int>(request.url.query.get("limit"));
@@ -1978,7 +1994,9 @@ string Master::Http::MAINTENANCE_SCHEDULE_HELP()
// /master/maintenance/schedule endpoint handler.
-Future<Response> Master::Http::maintenanceSchedule(const Request& request) const
+Future<Response> Master::Http::maintenanceSchedule(
+ const Request& request,
+ const Option<string>& /*principal*/) const
{
if (request.method != "GET" && request.method != "POST") {
return MethodNotAllowed(
@@ -2113,7 +2131,9 @@ string Master::Http::MACHINE_DOWN_HELP()
// /master/machine/down endpoint handler.
-Future<Response> Master::Http::machineDown(const Request& request) const
+Future<Response> Master::Http::machineDown(
+ const Request& request,
+ const Option<string>& /*principal*/) const
{
if (request.method != "POST") {
return MethodNotAllowed(
@@ -2216,7 +2236,9 @@ string Master::Http::MACHINE_UP_HELP()
// /master/machine/up endpoint handler.
-Future<Response> Master::Http::machineUp(const Request& request) const
+Future<Response> Master::Http::machineUp(
+ const Request& request,
+ const Option<string>& /*principal*/) const
{
if (request.method != "POST") {
return MethodNotAllowed(
@@ -2320,7 +2342,9 @@ string Master::Http::MAINTENANCE_STATUS_HELP()
// /master/maintenance/status endpoint handler.
-Future<Response> Master::Http::maintenanceStatus(const Request& request) const
+Future<Response> Master::Http::maintenanceStatus(
+ const Request& request,
+ const Option<string>& /*principal*/) const
{
if (request.method != "GET") {
return MethodNotAllowed(
http://git-wip-us.apache.org/repos/asf/mesos/blob/37eff333/src/master/master.cpp
----------------------------------------------------------------------
diff --git a/src/master/master.cpp b/src/master/master.cpp
index 5f66a8d..255b4d1 100644
--- a/src/master/master.cpp
+++ b/src/master/master.cpp
@@ -845,16 +845,20 @@ void Master::initialize()
return http.destroyVolumes(request, principal);
});
route("/frameworks",
+ DEFAULT_HTTP_AUTHENTICATION_REALM,
Http::FRAMEWORKS(),
- [this](const process::http::Request& request) {
+ [this](const process::http::Request& request,
+ const Option<string>& principal) {
Http::log(request);
- return http.frameworks(request);
+ return http.frameworks(request, principal);
});
route("/flags",
+ DEFAULT_HTTP_AUTHENTICATION_REALM,
Http::FLAGS_HELP(),
- [this](const process::http::Request& request) {
+ [this](const process::http::Request& request,
+ const Option<string>& principal) {
Http::log(request);
- return http.flags(request);
+ return http.flags(request, principal);
});
route("/health",
Http::HEALTH_HELP(),
@@ -862,10 +866,12 @@ void Master::initialize()
return http.health(request);
});
route("/observe",
+ DEFAULT_HTTP_AUTHENTICATION_REALM,
Http::OBSERVE_HELP(),
- [this](const process::http::Request& request) {
+ [this](const process::http::Request& request,
+ const Option<string>& principal) {
Http::log(request);
- return http.observe(request);
+ return http.observe(request, principal);
});
route("/redirect",
Http::REDIRECT_HELP(),
@@ -883,16 +889,20 @@ void Master::initialize()
// TODO(ijimenez): Remove this endpoint at the end of the
// deprecation cycle on 0.26.
route("/roles.json",
+ DEFAULT_HTTP_AUTHENTICATION_REALM,
Http::ROLES_HELP(),
- [this](const process::http::Request& request) {
+ [this](const process::http::Request& request,
+ const Option<string>& principal) {
Http::log(request);
- return http.roles(request);
+ return http.roles(request, principal);
});
route("/roles",
+ DEFAULT_HTTP_AUTHENTICATION_REALM,
Http::ROLES_HELP(),
- [this](const process::http::Request& request) {
+ [this](const process::http::Request& request,
+ const Option<string>& principal) {
Http::log(request);
- return http.roles(request);
+ return http.roles(request, principal);
});
route("/teardown",
DEFAULT_HTTP_AUTHENTICATION_REALM,
@@ -903,68 +913,88 @@ void Master::initialize()
return http.teardown(request, principal);
});
route("/slaves",
+ DEFAULT_HTTP_AUTHENTICATION_REALM,
Http::SLAVES_HELP(),
- [this](const process::http::Request& request) {
+ [this](const process::http::Request& request,
+ const Option<string>& principal) {
Http::log(request);
- return http.slaves(request);
+ return http.slaves(request, principal);
});
// TODO(ijimenez): Remove this endpoint at the end of the
// deprecation cycle on 0.26.
route("/state.json",
+ DEFAULT_HTTP_AUTHENTICATION_REALM,
Http::STATE_HELP(),
- [this](const process::http::Request& request) {
+ [this](const process::http::Request& request,
+ const Option<string>& principal) {
Http::log(request);
- return http.state(request);
+ return http.state(request, principal);
});
route("/state",
+ DEFAULT_HTTP_AUTHENTICATION_REALM,
Http::STATE_HELP(),
- [this](const process::http::Request& request) {
+ [this](const process::http::Request& request,
+ const Option<string>& principal) {
Http::log(request);
- return http.state(request);
+ return http.state(request, principal);
});
route("/state-summary",
+ DEFAULT_HTTP_AUTHENTICATION_REALM,
Http::STATESUMMARY_HELP(),
- [this](const process::http::Request& request) {
+ [this](const process::http::Request& request,
+ const Option<string>& principal) {
Http::log(request);
- return http.stateSummary(request);
+ return http.stateSummary(request, principal);
});
// TODO(ijimenez): Remove this endpoint at the end of the
// deprecation cycle.
route("/tasks.json",
+ DEFAULT_HTTP_AUTHENTICATION_REALM,
Http::TASKS_HELP(),
- [this](const process::http::Request& request) {
+ [this](const process::http::Request& request,
+ const Option<string>& principal) {
Http::log(request);
- return http.tasks(request);
+ return http.tasks(request, principal);
});
route("/tasks",
+ DEFAULT_HTTP_AUTHENTICATION_REALM,
Http::TASKS_HELP(),
- [this](const process::http::Request& request) {
+ [this](const process::http::Request& request,
+ const Option<string>& principal) {
Http::log(request);
- return http.tasks(request);
+ return http.tasks(request, principal);
});
route("/maintenance/schedule",
+ DEFAULT_HTTP_AUTHENTICATION_REALM,
Http::MAINTENANCE_SCHEDULE_HELP(),
- [this](const process::http::Request& request) {
+ [this](const process::http::Request& request,
+ const Option<string>& principal) {
Http::log(request);
- return http.maintenanceSchedule(request);
+ return http.maintenanceSchedule(request, principal);
});
route("/maintenance/status",
+ DEFAULT_HTTP_AUTHENTICATION_REALM,
Http::MAINTENANCE_STATUS_HELP(),
- [this](const process::http::Request& request) {
+ [this](const process::http::Request& request,
+ const Option<string>& principal) {
Http::log(request);
- return http.maintenanceStatus(request);
+ return http.maintenanceStatus(request, principal);
});
route("/machine/down",
+ DEFAULT_HTTP_AUTHENTICATION_REALM,
Http::MACHINE_DOWN_HELP(),
- [this](const process::http::Request& request) {
+ [this](const process::http::Request& request,
+ const Option<string>& principal) {
Http::log(request);
- return http.machineDown(request);
+ return http.machineDown(request, principal);
});
route("/machine/up",
+ DEFAULT_HTTP_AUTHENTICATION_REALM,
Http::MACHINE_UP_HELP(),
- [this](const process::http::Request& request) {
+ [this](const process::http::Request& request,
+ const Option<string>& principal) {
Http::log(request);
- return http.machineUp(request);
+ return http.machineUp(request, principal);
});
route("/unreserve",
DEFAULT_HTTP_AUTHENTICATION_REALM,
http://git-wip-us.apache.org/repos/asf/mesos/blob/37eff333/src/master/master.hpp
----------------------------------------------------------------------
diff --git a/src/master/master.hpp b/src/master/master.hpp
index 4fa88f1..7b51391 100644
--- a/src/master/master.hpp
+++ b/src/master/master.hpp
@@ -1076,11 +1076,13 @@ private:
// /master/flags
process::Future<process::http::Response> flags(
- const process::http::Request& request) const;
+ const process::http::Request& request,
+ const Option<std::string>& principal) const;
// /master/frameworks
process::Future<process::http::Response> frameworks(
- const process::http::Request& request) const;
+ const process::http::Request& request,
+ const Option<std::string>& principal) const;
// /master/health
process::Future<process::http::Response> health(
@@ -1088,7 +1090,8 @@ private:
// /master/observe
process::Future<process::http::Response> observe(
- const process::http::Request& request) const;
+ const process::http::Request& request,
+ const Option<std::string>& principal) const;
// /master/redirect
process::Future<process::http::Response> redirect(
@@ -1101,7 +1104,8 @@ private:
// /master/roles
process::Future<process::http::Response> roles(
- const process::http::Request& request) const;
+ const process::http::Request& request,
+ const Option<std::string>& principal) const;
// /master/teardown
process::Future<process::http::Response> teardown(
@@ -1110,35 +1114,43 @@ private:
// /master/slaves
process::Future<process::http::Response> slaves(
- const process::http::Request& request) const;
+ const process::http::Request& request,
+ const Option<std::string>& principal) const;
// /master/state
process::Future<process::http::Response> state(
- const process::http::Request& request) const;
+ const process::http::Request& request,
+ const Option<std::string>& principal) const;
// /master/state-summary
process::Future<process::http::Response> stateSummary(
- const process::http::Request& request) const;
+ const process::http::Request& request,
+ const Option<std::string>& principal) const;
// /master/tasks
process::Future<process::http::Response> tasks(
- const process::http::Request& request) const;
+ const process::http::Request& request,
+ const Option<std::string>& principal) const;
// /master/maintenance/schedule
process::Future<process::http::Response> maintenanceSchedule(
- const process::http::Request& request) const;
+ const process::http::Request& request,
+ const Option<std::string>& principal) const;
// /master/maintenance/status
process::Future<process::http::Response> maintenanceStatus(
- const process::http::Request& request) const;
+ const process::http::Request& request,
+ const Option<std::string>& principal) const;
// /master/machine/down
process::Future<process::http::Response> machineDown(
- const process::http::Request& request) const;
+ const process::http::Request& request,
+ const Option<std::string>& principal) const;
// /master/machine/up
process::Future<process::http::Response> machineUp(
- const process::http::Request& request) const;
+ const process::http::Request& request,
+ const Option<std::string>& principal) const;
// /master/unreserve
process::Future<process::http::Response> unreserve(
http://git-wip-us.apache.org/repos/asf/mesos/blob/37eff333/src/tests/containerizer/docker_containerizer_tests.cpp
----------------------------------------------------------------------
diff --git a/src/tests/containerizer/docker_containerizer_tests.cpp b/src/tests/containerizer/docker_containerizer_tests.cpp
index 6aecd91..8afaa4d 100644
--- a/src/tests/containerizer/docker_containerizer_tests.cpp
+++ b/src/tests/containerizer/docker_containerizer_tests.cpp
@@ -509,7 +509,12 @@ TEST_F(DockerContainerizerTest, ROOT_DOCKER_Launch)
ASSERT_SOME(array);
// Check if container information is exposed through master's state endpoint.
- Future<http::Response> response = http::get(master.get(), "state");
+ Future<http::Response> response = http::get(
+ master.get(),
+ "state",
+ None(),
+ createBasicAuthHeaders(DEFAULT_CREDENTIAL));
+
AWAIT_EXPECT_RESPONSE_STATUS_EQ(process::http::OK().status, response);
Try<JSON::Object> parse = JSON::parse<JSON::Object>(response.get().body);
http://git-wip-us.apache.org/repos/asf/mesos/blob/37eff333/src/tests/fault_tolerance_tests.cpp
----------------------------------------------------------------------
diff --git a/src/tests/fault_tolerance_tests.cpp b/src/tests/fault_tolerance_tests.cpp
index d193897..2d1bac2 100644
--- a/src/tests/fault_tolerance_tests.cpp
+++ b/src/tests/fault_tolerance_tests.cpp
@@ -168,7 +168,11 @@ TEST_F(FaultToleranceTest, ReregisterCompletedFrameworks)
ASSERT_SOME(slave);
// Verify master/slave have 0 completed/running frameworks.
- Future<Response> masterState = process::http::get(master.get(), "state");
+ Future<Response> masterState = process::http::get(
+ master.get(),
+ "state",
+ None(),
+ createBasicAuthHeaders(DEFAULT_CREDENTIAL));
AWAIT_EXPECT_RESPONSE_STATUS_EQ(OK().status, masterState);
AWAIT_EXPECT_RESPONSE_HEADER_EQ(
@@ -225,7 +229,11 @@ TEST_F(FaultToleranceTest, ReregisterCompletedFrameworks)
EXPECT_EQ(TASK_RUNNING, statusRunning.get().state());
// Verify master and slave recognize the running task/framework.
- masterState = process::http::get(master.get(), "state");
+ masterState = process::http::get(
+ master.get(),
+ "state",
+ None(),
+ createBasicAuthHeaders(DEFAULT_CREDENTIAL));
AWAIT_EXPECT_RESPONSE_STATUS_EQ(OK().status, masterState);
@@ -267,7 +275,11 @@ TEST_F(FaultToleranceTest, ReregisterCompletedFrameworks)
// At this point, the task is killed, but the framework is still
// running. This is because the executor has to time-out before
// it exits.
- masterState = process::http::get(master.get(), "state");
+ masterState = process::http::get(
+ master.get(),
+ "state",
+ None(),
+ createBasicAuthHeaders(DEFAULT_CREDENTIAL));
AWAIT_EXPECT_RESPONSE_STATUS_EQ(OK().status, masterState);
@@ -353,7 +365,11 @@ TEST_F(FaultToleranceTest, ReregisterCompletedFrameworks)
Clock::settle();
Clock::resume();
- masterState = process::http::get(master.get(), "state");
+ masterState = process::http::get(
+ master.get(),
+ "state",
+ None(),
+ createBasicAuthHeaders(DEFAULT_CREDENTIAL));
AWAIT_EXPECT_RESPONSE_STATUS_EQ(OK().status, masterState);
@@ -1920,7 +1936,12 @@ TEST_F(FaultToleranceTest, UpdateFrameworkInfoOnSchedulerFailover)
AWAIT_READY(sched1Error);
- Future<Response> response = process::http::get(master.get(), "state");
+ Future<Response> response = process::http::get(
+ master.get(),
+ "state",
+ None(),
+ createBasicAuthHeaders(DEFAULT_CREDENTIAL));
+
AWAIT_EXPECT_RESPONSE_STATUS_EQ(OK().status, response);
Try<JSON::Object> parse =
http://git-wip-us.apache.org/repos/asf/mesos/blob/37eff333/src/tests/health_check_tests.cpp
----------------------------------------------------------------------
diff --git a/src/tests/health_check_tests.cpp b/src/tests/health_check_tests.cpp
index d0fd27f..9605859 100644
--- a/src/tests/health_check_tests.cpp
+++ b/src/tests/health_check_tests.cpp
@@ -256,7 +256,11 @@ TEST_F(HealthCheckTest, HealthyTask)
// Verify that task health is exposed in the master's state endpoint.
{
- Future<http::Response> response = http::get(master.get(), "state");
+ Future<http::Response> response = http::get(
+ master.get(),
+ "state",
+ None(),
+ createBasicAuthHeaders(DEFAULT_CREDENTIAL));
AWAIT_EXPECT_RESPONSE_STATUS_EQ(process::http::OK().status, response);
@@ -545,7 +549,11 @@ TEST_F(HealthCheckTest, HealthStatusChange)
// Verify that task health is exposed in the master's state endpoint.
{
- Future<http::Response> response = http::get(master.get(), "state");
+ Future<http::Response> response = http::get(
+ master.get(),
+ "state",
+ None(),
+ createBasicAuthHeaders(DEFAULT_CREDENTIAL));
AWAIT_EXPECT_RESPONSE_STATUS_EQ(process::http::OK().status, response);
@@ -578,7 +586,11 @@ TEST_F(HealthCheckTest, HealthStatusChange)
// Verify that the task health change is reflected in the master's
// state endpoint.
{
- Future<http::Response> response = http::get(master.get(), "state");
+ Future<http::Response> response = http::get(
+ master.get(),
+ "state",
+ None(),
+ createBasicAuthHeaders(DEFAULT_CREDENTIAL));
AWAIT_EXPECT_RESPONSE_STATUS_EQ(process::http::OK().status, response);
@@ -612,7 +624,11 @@ TEST_F(HealthCheckTest, HealthStatusChange)
// Verify through master's state endpoint that the task is back to a
// healthy state.
{
- Future<http::Response> response = http::get(master.get(), "state");
+ Future<http::Response> response = http::get(
+ master.get(),
+ "state",
+ None(),
+ createBasicAuthHeaders(DEFAULT_CREDENTIAL));
AWAIT_EXPECT_RESPONSE_STATUS_EQ(process::http::OK().status, response);
http://git-wip-us.apache.org/repos/asf/mesos/blob/37eff333/src/tests/master_maintenance_tests.cpp
----------------------------------------------------------------------
diff --git a/src/tests/master_maintenance_tests.cpp b/src/tests/master_maintenance_tests.cpp
index 3c7024c..5a421d4 100644
--- a/src/tests/master_maintenance_tests.cpp
+++ b/src/tests/master_maintenance_tests.cpp
@@ -110,6 +110,7 @@ public:
MesosTest::SetUp();
// Initialize the default POST header.
+ headers = createBasicAuthHeaders(DEFAULT_CREDENTIAL);
headers["Content-Type"] = "application/json";
// Initialize some `MachineID`s.
@@ -209,7 +210,9 @@ TEST_F(MasterMaintenanceTest, UpdateSchedule)
// Get the maintenance schedule.
response = process::http::get(
master.get(),
- "maintenance/schedule");
+ "maintenance/schedule",
+ None(),
+ createBasicAuthHeaders(DEFAULT_CREDENTIAL));
AWAIT_EXPECT_RESPONSE_STATUS_EQ(OK().status, response);
@@ -903,7 +906,9 @@ TEST_F(MasterMaintenanceTest, BringUpMachines)
// Get the maintenance schedule.
response = process::http::get(
master.get(),
- "maintenance/schedule");
+ "maintenance/schedule",
+ None(),
+ createBasicAuthHeaders(DEFAULT_CREDENTIAL));
AWAIT_EXPECT_RESPONSE_STATUS_EQ(OK().status, response);
@@ -941,7 +946,9 @@ TEST_F(MasterMaintenanceTest, BringUpMachines)
// Get the maintenance schedule again.
response = process::http::get(
master.get(),
- "maintenance/schedule");
+ "maintenance/schedule",
+ None(),
+ createBasicAuthHeaders(DEFAULT_CREDENTIAL));
AWAIT_EXPECT_RESPONSE_STATUS_EQ(OK().status, response);
@@ -977,7 +984,12 @@ TEST_F(MasterMaintenanceTest, MachineStatus)
AWAIT_EXPECT_RESPONSE_STATUS_EQ(OK().status, response);
// Get the maintenance statuses.
- response = process::http::get(master.get(), "maintenance/status");
+ response = process::http::get(
+ master.get(),
+ "maintenance/status",
+ None(),
+ createBasicAuthHeaders(DEFAULT_CREDENTIAL));
+
AWAIT_EXPECT_RESPONSE_STATUS_EQ(OK().status, response);
// Check that both machines are draining.
@@ -1003,7 +1015,12 @@ TEST_F(MasterMaintenanceTest, MachineStatus)
AWAIT_EXPECT_RESPONSE_STATUS_EQ(OK().status, response);
// Get the maintenance statuses.
- response = process::http::get(master.get(), "maintenance/status");
+ response = process::http::get(
+ master.get(),
+ "maintenance/status",
+ None(),
+ createBasicAuthHeaders(DEFAULT_CREDENTIAL));
+
AWAIT_EXPECT_RESPONSE_STATUS_EQ(OK().status, response);
// Check one machine is deactivated.
@@ -1028,7 +1045,12 @@ TEST_F(MasterMaintenanceTest, MachineStatus)
AWAIT_EXPECT_RESPONSE_STATUS_EQ(OK().status, response);
// Get the maintenance statuses.
- response = process::http::get(master.get(), "maintenance/status");
+ response = process::http::get(
+ master.get(),
+ "maintenance/status",
+ None(),
+ createBasicAuthHeaders(DEFAULT_CREDENTIAL));
+
AWAIT_EXPECT_RESPONSE_STATUS_EQ(OK().status, response);
// Check that only one machine remains.
@@ -1081,7 +1103,12 @@ TEST_F(MasterMaintenanceTest, InverseOffers)
// Sanity check that this machine shows up in the status endpoint
// and there should be no inverse offer status.
- response = process::http::get(master.get(), "maintenance/status");
+ response = process::http::get(
+ master.get(),
+ "maintenance/status",
+ None(),
+ createBasicAuthHeaders(DEFAULT_CREDENTIAL));
+
AWAIT_EXPECT_RESPONSE_STATUS_EQ(OK().status, response);
Try<JSON::Object> statuses_ = JSON::parse<JSON::Object>(response.get().body);
@@ -1247,7 +1274,12 @@ TEST_F(MasterMaintenanceTest, InverseOffers)
inverseOffer = event.get().offers().inverse_offers(0);
// Check that the status endpoint shows the inverse offer as declined.
- response = process::http::get(master.get(), "maintenance/status");
+ response = process::http::get(
+ master.get(),
+ "maintenance/status",
+ None(),
+ createBasicAuthHeaders(DEFAULT_CREDENTIAL));
+
AWAIT_EXPECT_RESPONSE_STATUS_EQ(OK().status, response);
statuses_ = JSON::parse<JSON::Object>(response.get().body);
@@ -1306,7 +1338,12 @@ TEST_F(MasterMaintenanceTest, InverseOffers)
EXPECT_EQ(1, event.get().offers().inverse_offers().size());
// Check that the status endpoint shows the inverse offer as accepted.
- response = process::http::get(master.get(), "maintenance/status");
+ response = process::http::get(
+ master.get(),
+ "maintenance/status",
+ None(),
+ createBasicAuthHeaders(DEFAULT_CREDENTIAL));
+
AWAIT_EXPECT_RESPONSE_STATUS_EQ(OK().status, response);
statuses_ = JSON::parse<JSON::Object>(response.get().body);
http://git-wip-us.apache.org/repos/asf/mesos/blob/37eff333/src/tests/master_tests.cpp
----------------------------------------------------------------------
diff --git a/src/tests/master_tests.cpp b/src/tests/master_tests.cpp
index 2f4d820..e9ddd36 100644
--- a/src/tests/master_tests.cpp
+++ b/src/tests/master_tests.cpp
@@ -282,7 +282,11 @@ TEST_F(MasterTest, ShutdownFrameworkWhileTaskRunning)
Clock::resume();
// Request master state.
- Future<Response> response = process::http::get(master.get(), "state");
+ Future<Response> response = process::http::get(
+ master.get(),
+ "state",
+ None(),
+ createBasicAuthHeaders(DEFAULT_CREDENTIAL));
AWAIT_EXPECT_RESPONSE_STATUS_EQ(OK().status, response);
AWAIT_EXPECT_RESPONSE_HEADER_EQ(APPLICATION_JSON, "Content-Type", response);
@@ -1633,7 +1637,11 @@ TEST_F(MasterTest, SlavesEndpointWithoutSlaves)
ASSERT_SOME(master);
// Query the master.
- Future<Response> response = process::http::get(master.get(), "slaves");
+ Future<Response> response = process::http::get(
+ master.get(),
+ "slaves",
+ None(),
+ createBasicAuthHeaders(DEFAULT_CREDENTIAL));
AWAIT_EXPECT_RESPONSE_STATUS_EQ(OK().status, response);
AWAIT_EXPECT_RESPONSE_HEADER_EQ(APPLICATION_JSON, "Content-Type", response);
@@ -1677,7 +1685,11 @@ TEST_F(MasterTest, SlavesEndpointTwoSlaves)
AWAIT_READY(slave2RegisteredMessage);
// Query the master.
- Future<Response> response = process::http::get(master.get(), "slaves");
+ Future<Response> response = process::http::get(
+ master.get(),
+ "slaves",
+ None(),
+ createBasicAuthHeaders(DEFAULT_CREDENTIAL));
AWAIT_EXPECT_RESPONSE_STATUS_EQ(OK().status, response);
AWAIT_EXPECT_RESPONSE_HEADER_EQ(APPLICATION_JSON, "Content-Type", response);
@@ -2265,7 +2277,11 @@ TEST_F(MasterTest, OrphanTasks)
EXPECT_EQ(TASK_RUNNING, status.get().state());
// Get the master's state.
- Future<Response> response = process::http::get(master.get(), "state");
+ Future<Response> response = process::http::get(
+ master.get(),
+ "state",
+ None(),
+ createBasicAuthHeaders(DEFAULT_CREDENTIAL));
AWAIT_EXPECT_RESPONSE_STATUS_EQ(OK().status, response);
AWAIT_EXPECT_RESPONSE_HEADER_EQ(APPLICATION_JSON, "Content-Type", response);
@@ -2329,7 +2345,11 @@ TEST_F(MasterTest, OrphanTasks)
AWAIT_READY(subscribeCall);
// Get the master's state.
- response = process::http::get(master.get(), "state");
+ response = process::http::get(
+ master.get(),
+ "state",
+ None(),
+ createBasicAuthHeaders(DEFAULT_CREDENTIAL));
AWAIT_EXPECT_RESPONSE_STATUS_EQ(OK().status, response);
AWAIT_EXPECT_RESPONSE_HEADER_EQ(APPLICATION_JSON, "Content-Type", response);
@@ -2362,7 +2382,11 @@ TEST_F(MasterTest, OrphanTasks)
AWAIT_READY(frameworkRegisteredMessage);
// Get the master's state.
- response = process::http::get(master.get(), "state");
+ response = process::http::get(
+ master.get(),
+ "state",
+ None(),
+ createBasicAuthHeaders(DEFAULT_CREDENTIAL));
AWAIT_EXPECT_RESPONSE_STATUS_EQ(OK().status, response);
AWAIT_EXPECT_RESPONSE_HEADER_EQ(APPLICATION_JSON, "Content-Type", response);
@@ -2833,7 +2857,11 @@ TEST_F(MasterTest, StateEndpoint)
Try<PID<Master>> master = StartMaster(flags);
ASSERT_SOME(master);
- Future<Response> response = process::http::get(master.get(), "state");
+ Future<Response> response = process::http::get(
+ master.get(),
+ "state",
+ None(),
+ createBasicAuthHeaders(DEFAULT_CREDENTIAL));
AWAIT_EXPECT_RESPONSE_STATUS_EQ(OK().status, response);
AWAIT_EXPECT_RESPONSE_HEADER_EQ(APPLICATION_JSON, "Content-Type", response);
@@ -2938,7 +2966,12 @@ TEST_F(MasterTest, StateEndpointFrameworkInfo)
AWAIT_READY(registered);
- Future<Response> response = process::http::get(master.get(), "state");
+ Future<Response> response = process::http::get(
+ master.get(),
+ "state",
+ None(),
+ createBasicAuthHeaders(DEFAULT_CREDENTIAL));
+
AWAIT_EXPECT_RESPONSE_STATUS_EQ(OK().status, response);
Try<JSON::Object> object = JSON::parse<JSON::Object>(response->body);
@@ -3055,7 +3088,11 @@ TEST_F(MasterTest, StateSummaryEndpoint)
EXPECT_CALL(exec, shutdown(_))
.Times(AtMost(1));
- Future<Response> response = process::http::get(master.get(), "state-summary");
+ Future<Response> response = process::http::get(
+ master.get(),
+ "state-summary",
+ None(),
+ createBasicAuthHeaders(DEFAULT_CREDENTIAL));
AWAIT_EXPECT_RESPONSE_STATUS_EQ(OK().status, response);
AWAIT_EXPECT_RESPONSE_HEADER_EQ(APPLICATION_JSON, "Content-Type", response);
@@ -3155,7 +3192,11 @@ TEST_F(MasterTest, TaskLabels)
AWAIT_READY(update);
// Verify label key and value in the master's state endpoint.
- Future<Response> response = process::http::get(master.get(), "state");
+ Future<Response> response = process::http::get(
+ master.get(),
+ "state",
+ None(),
+ createBasicAuthHeaders(DEFAULT_CREDENTIAL));
AWAIT_EXPECT_RESPONSE_STATUS_EQ(OK().status, response);
AWAIT_EXPECT_RESPONSE_HEADER_EQ(APPLICATION_JSON, "Content-Type", response);
@@ -3254,7 +3295,11 @@ TEST_F(MasterTest, TaskStatusLabels)
AWAIT_READY(status);
// Verify label key and value in master state endpoint.
- Future<Response> response = process::http::get(master.get(), "state");
+ Future<Response> response = process::http::get(
+ master.get(),
+ "state",
+ None(),
+ createBasicAuthHeaders(DEFAULT_CREDENTIAL));
AWAIT_EXPECT_RESPONSE_STATUS_EQ(OK().status, response);
AWAIT_EXPECT_RESPONSE_HEADER_EQ(APPLICATION_JSON, "Content-Type", response);
@@ -3346,7 +3391,11 @@ TEST_F(MasterTest, TaskStatusContainerStatus)
EXPECT_EQ(slaveIPAddress, containerStatus.network_infos(0).ip_address());
// Now do the same validation with state endpoint.
- Future<Response> response = process::http::get(master.get(), "state");
+ Future<Response> response = process::http::get(
+ master.get(),
+ "state",
+ None(),
+ createBasicAuthHeaders(DEFAULT_CREDENTIAL));
AWAIT_EXPECT_RESPONSE_STATUS_EQ(OK().status, response);
AWAIT_EXPECT_RESPONSE_HEADER_EQ(APPLICATION_JSON, "Content-Type", response);
@@ -3428,7 +3477,11 @@ TEST_F(MasterTest, SlaveActiveEndpoint)
AWAIT_READY(slaveRegisteredMessage);
// Verify slave is active.
- Future<Response> response = process::http::get(master.get(), "state");
+ Future<Response> response = process::http::get(
+ master.get(),
+ "state",
+ None(),
+ createBasicAuthHeaders(DEFAULT_CREDENTIAL));
AWAIT_EXPECT_RESPONSE_STATUS_EQ(OK().status, response);
AWAIT_EXPECT_RESPONSE_HEADER_EQ(APPLICATION_JSON, "Content-Type", response);
@@ -3452,7 +3505,11 @@ TEST_F(MasterTest, SlaveActiveEndpoint)
AWAIT_READY(deactivateSlave);
// Verify slave is inactive.
- response = process::http::get(master.get(), "state");
+ response = process::http::get(
+ master.get(),
+ "state",
+ None(),
+ createBasicAuthHeaders(DEFAULT_CREDENTIAL));
AWAIT_EXPECT_RESPONSE_STATUS_EQ(OK().status, response);
@@ -3552,7 +3609,11 @@ TEST_F(MasterTest, TaskDiscoveryInfo)
AWAIT_READY(update);
// Verify label key and value in the master's state endpoint.
- Future<Response> response = process::http::get(master.get(), "state");
+ Future<Response> response = process::http::get(
+ master.get(),
+ "state",
+ None(),
+ createBasicAuthHeaders(DEFAULT_CREDENTIAL));
AWAIT_EXPECT_RESPONSE_STATUS_EQ(OK().status, response);
AWAIT_EXPECT_RESPONSE_HEADER_EQ(APPLICATION_JSON, "Content-Type", response);
@@ -3833,7 +3894,11 @@ TEST_F(MasterTest, FrameworkInfoLabels)
AWAIT_READY(registered);
- Future<Response> response = process::http::get(master.get(), "state");
+ Future<Response> response = process::http::get(
+ master.get(),
+ "state",
+ None(),
+ createBasicAuthHeaders(DEFAULT_CREDENTIAL));
AWAIT_EXPECT_RESPONSE_STATUS_EQ(OK().status, response);
AWAIT_EXPECT_RESPONSE_HEADER_EQ(APPLICATION_JSON, "Content-Type", response);
@@ -3879,7 +3944,11 @@ TEST_F(MasterTest, FrameworksEndpointWithoutFrameworks)
Try<PID<Master>> master = StartMaster(flags);
ASSERT_SOME(master);
- Future<Response> response = process::http::get(master.get(), "frameworks");
+ Future<Response> response = process::http::get(
+ master.get(),
+ "frameworks",
+ None(),
+ createBasicAuthHeaders(DEFAULT_CREDENTIAL));
AWAIT_EXPECT_RESPONSE_STATUS_EQ(OK().status, response);
AWAIT_EXPECT_RESPONSE_HEADER_EQ(APPLICATION_JSON, "Content-Type", response);
@@ -3925,7 +3994,11 @@ TEST_F(MasterTest, FrameworksEndpointOneFramework)
AWAIT_READY(registered);
- Future<Response> response = process::http::get(master.get(), "frameworks");
+ Future<Response> response = process::http::get(
+ master.get(),
+ "frameworks",
+ None(),
+ createBasicAuthHeaders(DEFAULT_CREDENTIAL));
AWAIT_EXPECT_RESPONSE_STATUS_EQ(OK().status, response);
AWAIT_EXPECT_RESPONSE_HEADER_EQ(APPLICATION_JSON, "Content-Type", response);
@@ -3987,8 +4060,11 @@ TEST_F(MasterTest, MaxCompletedFrameworksFlag)
schedDriver.join();
}
- Future<process::http::Response> response =
- process::http::get(master.get(), "state");
+ Future<Response> response = process::http::get(
+ master.get(),
+ "state",
+ None(),
+ createBasicAuthHeaders(DEFAULT_CREDENTIAL));
AWAIT_EXPECT_RESPONSE_STATUS_EQ(OK().status, response);
@@ -4082,8 +4158,11 @@ TEST_F(MasterTest, MaxCompletedTasksPerFrameworkFlag)
schedDriver.stop();
schedDriver.join();
- Future<process::http::Response> response =
- process::http::get(master.get(), "state");
+ Future<Response> response = process::http::get(
+ master.get(),
+ "state",
+ None(),
+ createBasicAuthHeaders(DEFAULT_CREDENTIAL));
AWAIT_EXPECT_RESPONSE_STATUS_EQ(OK().status, response);
http://git-wip-us.apache.org/repos/asf/mesos/blob/37eff333/src/tests/persistent_volume_endpoints_tests.cpp
----------------------------------------------------------------------
diff --git a/src/tests/persistent_volume_endpoints_tests.cpp b/src/tests/persistent_volume_endpoints_tests.cpp
index 81185a1..b5f425a 100644
--- a/src/tests/persistent_volume_endpoints_tests.cpp
+++ b/src/tests/persistent_volume_endpoints_tests.cpp
@@ -1492,7 +1492,11 @@ TEST_F(PersistentVolumeEndpointsTest, SlavesEndpointFullResources)
// Wait for TASK_RUNNING update ack.
AWAIT_READY(_statusUpdateAcknowledgement);
- response = process::http::get(master.get(), "slaves");
+ response = process::http::get(
+ master.get(),
+ "slaves",
+ None(),
+ createBasicAuthHeaders(DEFAULT_CREDENTIAL));
AWAIT_EXPECT_RESPONSE_STATUS_EQ(OK().status, response);
AWAIT_EXPECT_RESPONSE_HEADER_EQ(APPLICATION_JSON, "Content-Type", response);
http://git-wip-us.apache.org/repos/asf/mesos/blob/37eff333/src/tests/repair_tests.cpp
----------------------------------------------------------------------
diff --git a/src/tests/repair_tests.cpp b/src/tests/repair_tests.cpp
index bb10456..cb38bb1 100644
--- a/src/tests/repair_tests.cpp
+++ b/src/tests/repair_tests.cpp
@@ -95,23 +95,37 @@ TEST_F(HealthTest, ObserveEndpoint)
ASSERT_SOME(master);
// Empty get to the observe endpoint.
- Future<Response> response = process::http::get(master.get(), "observe");
+ Future<Response> response = process::http::get(
+ master.get(),
+ "observe",
+ None(),
+ createBasicAuthHeaders(DEFAULT_CREDENTIAL));
+
VALIDATE_BAD_RESPONSE(response, "Missing value for 'monitor'");
// Empty post to the observe endpoint.
- response = process::http::post(master.get(), "observe");
+ response = process::http::post(
+ master.get(),
+ "observe",
+ createBasicAuthHeaders(DEFAULT_CREDENTIAL));
+
VALIDATE_BAD_RESPONSE(response, "Missing value for 'monitor'");
// Query string is ignored.
- response = process::http::post(master.get(), "observe?monitor=foo");
+ response = process::http::post(
+ master.get(),
+ "observe?monitor=foo",
+ createBasicAuthHeaders(DEFAULT_CREDENTIAL));
+
VALIDATE_BAD_RESPONSE(response, "Missing value for 'monitor'");
// Malformed value causes error.
response = process::http::post(
master.get(),
"observe",
- None(),
+ createBasicAuthHeaders(DEFAULT_CREDENTIAL),
"monitor=foo%");
+
VALIDATE_BAD_RESPONSE(
response,
"Unable to decode query string: Malformed % escape in 'foo%': '%'");
@@ -120,24 +134,27 @@ TEST_F(HealthTest, ObserveEndpoint)
response = process::http::post(
master.get(),
"observe",
- None(),
+ createBasicAuthHeaders(DEFAULT_CREDENTIAL),
"monitor=");
+
VALIDATE_BAD_RESPONSE(response, "Empty string for 'monitor'");
// Missing hosts.
response = process::http::post(
master.get(),
"observe",
- None(),
+ createBasicAuthHeaders(DEFAULT_CREDENTIAL),
"monitor=a");
+
VALIDATE_BAD_RESPONSE(response, "Missing value for 'hosts'");
// Missing level.
response = process::http::post(
master.get(),
"observe",
- None(),
+ createBasicAuthHeaders(DEFAULT_CREDENTIAL),
"monitor=a&hosts=b");
+
VALIDATE_BAD_RESPONSE(response, "Missing value for 'level'");
// Good request is successful.
@@ -149,30 +166,34 @@ TEST_F(HealthTest, ObserveEndpoint)
response = process::http::post(
master.get(),
"observe",
- None(),
+ createBasicAuthHeaders(DEFAULT_CREDENTIAL),
"monitor=a&hosts=b&level=ok");
+
VALIDATE_GOOD_RESPONSE(response, stringify(expected));
// ok is case-insensitive.
response = process::http::post(
master.get(),
"observe",
- None(),
+ createBasicAuthHeaders(DEFAULT_CREDENTIAL),
"monitor=a&hosts=b&level=Ok");
+
VALIDATE_GOOD_RESPONSE(response, stringify(expected));
response = process::http::post(
master.get(),
"observe",
- None(),
+ createBasicAuthHeaders(DEFAULT_CREDENTIAL),
"monitor=a&hosts=b&level=oK");
+
VALIDATE_GOOD_RESPONSE(response, stringify(expected));
response = process::http::post(
master.get(),
"observe",
- None(),
+ createBasicAuthHeaders(DEFAULT_CREDENTIAL),
"monitor=a&hosts=b&level=OK");
+
VALIDATE_GOOD_RESPONSE(response, stringify(expected));
// level != OK is unhealthy.
@@ -181,8 +202,9 @@ TEST_F(HealthTest, ObserveEndpoint)
process::http::post(
master.get(),
"observe",
- None(),
+ createBasicAuthHeaders(DEFAULT_CREDENTIAL),
"monitor=a&hosts=b&level=true");
+
VALIDATE_GOOD_RESPONSE(response, stringify(expected));
// Comma-separated hosts are parsed into an array.
@@ -190,8 +212,9 @@ TEST_F(HealthTest, ObserveEndpoint)
response = process::http::post(
master.get(),
"observe",
- None(),
+ createBasicAuthHeaders(DEFAULT_CREDENTIAL),
"monitor=a&hosts=b,e&level=true");
+
VALIDATE_GOOD_RESPONSE(response, stringify(expected));
Shutdown();
http://git-wip-us.apache.org/repos/asf/mesos/blob/37eff333/src/tests/role_tests.cpp
----------------------------------------------------------------------
diff --git a/src/tests/role_tests.cpp b/src/tests/role_tests.cpp
index fc3a728..2e23926 100644
--- a/src/tests/role_tests.cpp
+++ b/src/tests/role_tests.cpp
@@ -262,7 +262,11 @@ TEST_F(RoleTest, EndpointEmpty)
Try<PID<Master>> master = StartMaster();
ASSERT_SOME(master);
- Future<Response> response = process::http::get(master.get(), "roles");
+ Future<Response> response = process::http::get(
+ master.get(),
+ "roles",
+ None(),
+ createBasicAuthHeaders(DEFAULT_CREDENTIAL));
AWAIT_EXPECT_RESPONSE_STATUS_EQ(OK().status, response)
<< response.get().body;
@@ -307,7 +311,11 @@ TEST_F(RoleTest, EndpointNoFrameworks)
Try<PID<Master>> master = StartMaster(masterFlags);
ASSERT_SOME(master);
- Future<Response> response = process::http::get(master.get(), "roles");
+ Future<Response> response = process::http::get(
+ master.get(),
+ "roles",
+ None(),
+ createBasicAuthHeaders(DEFAULT_CREDENTIAL));
AWAIT_EXPECT_RESPONSE_STATUS_EQ(OK().status, response)
<< response.get().body;
@@ -400,7 +408,11 @@ TEST_F(RoleTest, EndpointImplicitRolesWeights)
AWAIT_READY(frameworkId1);
AWAIT_READY(frameworkId2);
- Future<Response> response = process::http::get(master.get(), "roles");
+ Future<Response> response = process::http::get(
+ master.get(),
+ "roles",
+ None(),
+ createBasicAuthHeaders(DEFAULT_CREDENTIAL));
AWAIT_EXPECT_RESPONSE_STATUS_EQ(OK().status, response)
<< response.get().body;
@@ -498,7 +510,11 @@ TEST_F(RoleTest, EndpointImplicitRolesQuotas)
AWAIT_EXPECT_RESPONSE_STATUS_EQ(OK().status, quotaResponse)
<< quotaResponse.get().body;
- Future<Response> rolesResponse = process::http::get(master.get(), "roles");
+ Future<Response> rolesResponse = process::http::get(
+ master.get(),
+ "roles",
+ None(),
+ createBasicAuthHeaders(DEFAULT_CREDENTIAL));
AWAIT_EXPECT_RESPONSE_STATUS_EQ(OK().status, rolesResponse)
<< rolesResponse.get().body;
@@ -548,7 +564,11 @@ TEST_F(RoleTest, EndpointImplicitRolesQuotas)
AWAIT_EXPECT_RESPONSE_STATUS_EQ(OK().status, deleteResponse)
<< deleteResponse.get().body;
- rolesResponse = process::http::get(master.get(), "roles");
+ rolesResponse = process::http::get(
+ master.get(),
+ "roles",
+ None(),
+ createBasicAuthHeaders(DEFAULT_CREDENTIAL));
AWAIT_EXPECT_RESPONSE_STATUS_EQ(OK().status, rolesResponse)
<< rolesResponse.get().body;
http://git-wip-us.apache.org/repos/asf/mesos/blob/37eff333/src/tests/status_update_manager_tests.cpp
----------------------------------------------------------------------
diff --git a/src/tests/status_update_manager_tests.cpp b/src/tests/status_update_manager_tests.cpp
index d64d3b8..9440d3b 100644
--- a/src/tests/status_update_manager_tests.cpp
+++ b/src/tests/status_update_manager_tests.cpp
@@ -926,8 +926,11 @@ TEST_F(StatusUpdateManagerTest, DuplicatedTerminalStatusUpdate)
AWAIT_READY(_statusUpdateAcknowledgement2);
// Verify the latest task status.
- Future<process::http::Response> tasks =
- process::http::get(master.get(), "tasks");
+ Future<process::http::Response> tasks = process::http::get(
+ master.get(),
+ "tasks",
+ None(),
+ createBasicAuthHeaders(DEFAULT_CREDENTIAL));
AWAIT_EXPECT_RESPONSE_STATUS_EQ(process::http::OK().status, tasks);
AWAIT_EXPECT_RESPONSE_HEADER_EQ(APPLICATION_JSON, "Content-Type", tasks);
[2/2] mesos git commit: Documented how to make executors work with
SSL.
Posted by me...@apache.org.
Documented how to make executors work with SSL.
Review: https://reviews.apache.org/r/44620/
Project: http://git-wip-us.apache.org/repos/asf/mesos/repo
Commit: http://git-wip-us.apache.org/repos/asf/mesos/commit/477b9ab8
Tree: http://git-wip-us.apache.org/repos/asf/mesos/tree/477b9ab8
Diff: http://git-wip-us.apache.org/repos/asf/mesos/diff/477b9ab8
Branch: refs/heads/master
Commit: 477b9ab8ac18c2c66b5e83f98716dbe56c7ce93e
Parents: 37eff33
Author: Jan Schlicht <ja...@mesosphere.io>
Authored: Sun Mar 13 00:41:02 2016 -0800
Committer: Adam B <ad...@mesosphere.io>
Committed: Sun Mar 13 00:52:24 2016 -0800
----------------------------------------------------------------------
docs/ssl.md | 2 ++
1 file changed, 2 insertions(+)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/mesos/blob/477b9ab8/docs/ssl.md
----------------------------------------------------------------------
diff --git a/docs/ssl.md b/docs/ssl.md
index 3de2a3e..6c5aec3 100644
--- a/docs/ssl.md
+++ b/docs/ssl.md
@@ -98,6 +98,8 @@ SSL_ENABLED=true SSL_SUPPORT_DOWNGRADE=true SSL_KEY_FILE=<path-to-your-private-k
// Restart each component WITHOUT downgrade support (master, slave, framework):
SSL_ENABLED=true SSL_SUPPORT_DOWNGRADE=false SSL_KEY_FILE=<path-to-your-private-key> SSL_CERT_FILE=<path-to-your-certificate> <Any other SSL_* environment variables you may choose> <your-component (e.g. bin/master.sh)> <your-flags>
~~~
+You need to make sure that executors are able to access the SSL environment variables and the files these variables are referring to. Executors can be provided with the environment variables by specifying them in `CommandInfo.environment` or by using the slave's `--executor_environment_variables` command line flag. If the slave and the executors are running in separate containers, `ContainerInfo.volumes` can be used to provide SSL files from the host to the executor's container.
+
The end state is a cluster that is only communicating with SSL.
__NOTE:__ Any tools you may use that communicate with your components must be able to speak SSL, or they will be denied. You may choose to maintain `SSL_SUPPORT_DOWNGRADE=true` for some time as you upgrade your internal tooling. The advantage of `SSL_SUPPORT_DOWNGRADE=true` is that all components that speak SSL will do so, while other components may still communicate over insecure channels.