You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@mesos.apache.org by me...@apache.org on 2016/04/25 19:14:56 UTC
[1/4] mesos git commit: Fixed unsigned int comparison.
Repository: mesos
Updated Branches:
refs/heads/master cff6eea92 -> d014d994b
Fixed unsigned int comparison.
Project: http://git-wip-us.apache.org/repos/asf/mesos/repo
Commit: http://git-wip-us.apache.org/repos/asf/mesos/commit/d014d994
Tree: http://git-wip-us.apache.org/repos/asf/mesos/tree/d014d994
Diff: http://git-wip-us.apache.org/repos/asf/mesos/diff/d014d994
Branch: refs/heads/master
Commit: d014d994b4513f9dcf9d33a293e847505bfb10fb
Parents: 03168ce
Author: Adam B <ad...@mesosphere.io>
Authored: Mon Apr 25 05:09:44 2016 -0700
Committer: Adam B <ad...@mesosphere.io>
Committed: Mon Apr 25 10:14:25 2016 -0700
----------------------------------------------------------------------
src/tests/dynamic_weights_tests.cpp | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/mesos/blob/d014d994/src/tests/dynamic_weights_tests.cpp
----------------------------------------------------------------------
diff --git a/src/tests/dynamic_weights_tests.cpp b/src/tests/dynamic_weights_tests.cpp
index 18e1df0..362c59a 100644
--- a/src/tests/dynamic_weights_tests.cpp
+++ b/src/tests/dynamic_weights_tests.cpp
@@ -112,13 +112,13 @@ protected:
convertToHashmap(weightInfos.get());
if (_weights.isNone()) {
- EXPECT_EQ(0, weights.size());
+ EXPECT_EQ(0u, weights.size());
} else if (_weights == UPDATED_WEIGHTS1) {
- EXPECT_EQ(2, weights.size());
+ EXPECT_EQ(2u, weights.size());
EXPECT_EQ(2.0, weights["role1"]);
EXPECT_EQ(4.0, weights["role2"]);
} else if (_weights == UPDATED_WEIGHTS2) {
- EXPECT_EQ(3, weights.size());
+ EXPECT_EQ(3u, weights.size());
EXPECT_EQ(1.0, weights["role1"]);
EXPECT_EQ(4.0, weights["role2"]);
EXPECT_EQ(2.5, weights["role3"]);
[3/4] mesos git commit: Added positive tests for /weights endpoint.
Posted by me...@apache.org.
Added positive tests for /weights endpoint.
Review: https://reviews.apache.org/r/46139/
Project: http://git-wip-us.apache.org/repos/asf/mesos/repo
Commit: http://git-wip-us.apache.org/repos/asf/mesos/commit/03168ce6
Tree: http://git-wip-us.apache.org/repos/asf/mesos/tree/03168ce6
Diff: http://git-wip-us.apache.org/repos/asf/mesos/diff/03168ce6
Branch: refs/heads/master
Commit: 03168ce650856bffdcf172c3e87d85c2e2dd8f6b
Parents: 365ec59
Author: Yongqiao Wang <yq...@cn.ibm.com>
Authored: Mon Apr 25 04:23:16 2016 -0700
Committer: Adam B <ad...@mesosphere.io>
Committed: Mon Apr 25 10:14:25 2016 -0700
----------------------------------------------------------------------
src/tests/dynamic_weights_tests.cpp | 219 +++++++------------------------
src/tests/mesos.hpp | 14 ++
2 files changed, 58 insertions(+), 175 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/mesos/blob/03168ce6/src/tests/dynamic_weights_tests.cpp
----------------------------------------------------------------------
diff --git a/src/tests/dynamic_weights_tests.cpp b/src/tests/dynamic_weights_tests.cpp
index f89b89d..18e1df0 100644
--- a/src/tests/dynamic_weights_tests.cpp
+++ b/src/tests/dynamic_weights_tests.cpp
@@ -82,16 +82,16 @@ class DynamicWeightsTest : public MesosTest
protected:
DynamicWeightsTest() {}
- void checkWithRolesEndpoint(
+ void checkWithGetRequest(
const PID<Master>& master,
- const Option<string>& weights = None())
+ const Option<string>& _weights = None())
{
Future<Response> response = process::http::request(
process::http::createRequest(
master,
"GET",
false,
- "roles",
+ "weights",
createBasicAuthHeaders(DEFAULT_CREDENTIAL)));
AWAIT_EXPECT_RESPONSE_STATUS_EQ(OK().status, response)
@@ -102,165 +102,34 @@ protected:
Try<JSON::Value> parse = JSON::parse(response.get().body);
ASSERT_SOME(parse);
- Try<JSON::Value> expected = JSON::Null();
-
- if (weights.isNone()) {
- expected = JSON::parse(
- "{"
- " \"roles\": ["
- " {"
- " \"frameworks\": [],"
- " \"name\": \"*\","
- " \"resources\": {"
- " \"cpus\": 0,"
- " \"disk\": 0,"
- " \"gpus\": 0,"
- " \"mem\": 0"
- " },"
- " \"weight\": 1.0"
- " }"
- " ]"
- "}");
- } else if (weights == DEFAULT_WEIGHTS) {
- expected = JSON::parse(
- "{"
- " \"roles\": ["
- " {"
- " \"frameworks\": [],"
- " \"name\": \"*\","
- " \"resources\": {"
- " \"cpus\": 0,"
- " \"disk\": 0,"
- " \"gpus\": 0,"
- " \"mem\": 0"
- " },"
- " \"weight\": 1.0"
- " },"
- " {"
- " \"frameworks\": [],"
- " \"name\": \"role1\","
- " \"resources\": {"
- " \"cpus\": 0,"
- " \"disk\": 0,"
- " \"gpus\": 0,"
- " \"mem\": 0"
- " },"
- " \"weight\": 1.0"
- " },"
- " {"
- " \"frameworks\": [],"
- " \"name\": \"role2\","
- " \"resources\": {"
- " \"cpus\": 0,"
- " \"disk\": 0,"
- " \"gpus\": 0,"
- " \"mem\": 0"
- " },"
- " \"weight\": 1.0"
- " }"
- " ]"
- "}");
- } else if (weights == UPDATED_WEIGHTS1) {
- expected = JSON::parse(
- "{"
- " \"roles\": ["
- " {"
- " \"frameworks\": [],"
- " \"name\": \"*\","
- " \"resources\": {"
- " \"cpus\": 0,"
- " \"disk\": 0,"
- " \"gpus\": 0,"
- " \"mem\": 0"
- " },"
- " \"weight\": 1.0"
- " },"
- " {"
- " \"frameworks\": [],"
- " \"name\": \"role1\","
- " \"resources\": {"
- " \"cpus\": 0,"
- " \"disk\": 0,"
- " \"gpus\": 0,"
- " \"mem\": 0"
- " },"
- " \"weight\": 2.0"
- " },"
- " {"
- " \"frameworks\": [],"
- " \"name\": \"role2\","
- " \"resources\": {"
- " \"cpus\": 0,"
- " \"disk\": 0,"
- " \"gpus\": 0,"
- " \"mem\": 0"
- " },"
- " \"weight\": 4.0"
- " }"
- " ]"
- "}");
- } else if (weights == UPDATED_WEIGHTS2) {
- expected = JSON::parse(
- "{"
- " \"roles\": ["
- " {"
- " \"frameworks\": [],"
- " \"name\": \"*\","
- " \"resources\": {"
- " \"cpus\": 0,"
- " \"disk\": 0,"
- " \"gpus\": 0,"
- " \"mem\": 0"
- " },"
- " \"weight\": 1.0"
- " },"
- " {"
- " \"frameworks\": [],"
- " \"name\": \"role1\","
- " \"resources\": {"
- " \"cpus\": 0,"
- " \"disk\": 0,"
- " \"gpus\": 0,"
- " \"mem\": 0"
- " },"
- " \"weight\": 1.0"
- " },"
- " {"
- " \"frameworks\": [],"
- " \"name\": \"role2\","
- " \"resources\": {"
- " \"cpus\": 0,"
- " \"disk\": 0,"
- " \"gpus\": 0,"
- " \"mem\": 0"
- " },"
- " \"weight\": 4.0"
- " },"
- " {"
- " \"frameworks\": [],"
- " \"name\": \"role3\","
- " \"resources\": {"
- " \"cpus\": 0,"
- " \"disk\": 0,"
- " \"gpus\": 0,"
- " \"mem\": 0"
- " },"
- " \"weight\": 2.5"
- " }"
- " ]"
- "}");
+ // Create Protobuf representation of weights.
+ Try<RepeatedPtrField<WeightInfo>> weightInfos =
+ ::protobuf::parse<RepeatedPtrField<WeightInfo>>(parse.get());
+
+ ASSERT_SOME(weightInfos);
+
+ hashmap<std::string, double> weights =
+ convertToHashmap(weightInfos.get());
+
+ if (_weights.isNone()) {
+ EXPECT_EQ(0, weights.size());
+ } else if (_weights == UPDATED_WEIGHTS1) {
+ EXPECT_EQ(2, weights.size());
+ EXPECT_EQ(2.0, weights["role1"]);
+ EXPECT_EQ(4.0, weights["role2"]);
+ } else if (_weights == UPDATED_WEIGHTS2) {
+ EXPECT_EQ(3, weights.size());
+ EXPECT_EQ(1.0, weights["role1"]);
+ EXPECT_EQ(4.0, weights["role2"]);
+ EXPECT_EQ(2.5, weights["role3"]);
} else {
- expected = Error("Unexpected weights string.");
+ EXPECT_EQ(_weights.get(), "Unexpected weights string.");
}
-
- ASSERT_SOME(expected);
- EXPECT_EQ(expected.get(), parse.get());
}
protected:
const string ROLE1 = "role1";
const string ROLE2 = "role2";
- const string DEFAULT_WEIGHTS = "role1=1.0,role2=1.0";
const string UPDATED_WEIGHTS1 = "role1=2.0,role2=4.0";
const string UPDATED_WEIGHTS2 = "role1=1.0,role3=2.5";
};
@@ -292,7 +161,7 @@ TEST_F(DynamicWeightsTest, PutInvalidRequest)
AWAIT_EXPECT_RESPONSE_STATUS_EQ(BadRequest().status, response)
<< response.get().body;
- checkWithRolesEndpoint(master.get()->pid);
+ checkWithGetRequest(master.get()->pid);
// Tests whether an update weights request with an invalid field fails.
// In this case, the correct field name should be 'role'.
@@ -314,7 +183,7 @@ TEST_F(DynamicWeightsTest, PutInvalidRequest)
AWAIT_EXPECT_RESPONSE_STATUS_EQ(BadRequest().status, response)
<< response.get().body;
- checkWithRolesEndpoint(master.get()->pid);
+ checkWithGetRequest(master.get()->pid);
}
@@ -339,7 +208,7 @@ TEST_F(DynamicWeightsTest, ZeroWeight)
AWAIT_EXPECT_RESPONSE_STATUS_EQ(BadRequest().status, response)
<< response.get().body;
- checkWithRolesEndpoint(master.get()->pid);
+ checkWithGetRequest(master.get()->pid);
}
@@ -364,7 +233,7 @@ TEST_F(DynamicWeightsTest, NegativeWeight)
AWAIT_EXPECT_RESPONSE_STATUS_EQ(BadRequest().status, response)
<< response.get().body;
- checkWithRolesEndpoint(master.get()->pid);
+ checkWithGetRequest(master.get()->pid);
}
@@ -389,7 +258,7 @@ TEST_F(DynamicWeightsTest, NonNumericWeight)
AWAIT_EXPECT_RESPONSE_STATUS_EQ(BadRequest().status, response)
<< response.get().body;
- checkWithRolesEndpoint(master.get()->pid);
+ checkWithGetRequest(master.get()->pid);
}
@@ -413,7 +282,7 @@ TEST_F(DynamicWeightsTest, MissingRole)
AWAIT_EXPECT_RESPONSE_STATUS_EQ(BadRequest().status, response1)
<< response1.get().body;
- checkWithRolesEndpoint(master.get()->pid);
+ checkWithGetRequest(master.get()->pid);
// Send an empty role (only a space) update request.
RepeatedPtrField<WeightInfo> infos = createWeightInfos(" =2.0");
@@ -429,7 +298,7 @@ TEST_F(DynamicWeightsTest, MissingRole)
AWAIT_EXPECT_RESPONSE_STATUS_EQ(BadRequest().status, response2)
<< response2.get().body;
- checkWithRolesEndpoint(master.get()->pid);
+ checkWithGetRequest(master.get()->pid);
}
@@ -458,7 +327,7 @@ TEST_F(DynamicWeightsTest, UnknownRole)
AWAIT_EXPECT_RESPONSE_STATUS_EQ(BadRequest().status, response)
<< response.get().body;
- checkWithRolesEndpoint(master.get()->pid, DEFAULT_WEIGHTS);
+ checkWithGetRequest(master.get()->pid);
}
@@ -473,7 +342,7 @@ TEST_F(DynamicWeightsTest, UpdateWeightsWithExplictRoles)
Try<Owned<cluster::Master>> master = StartMaster(flags);
ASSERT_SOME(master);
- checkWithRolesEndpoint(master.get()->pid, DEFAULT_WEIGHTS);
+ checkWithGetRequest(master.get()->pid);
// Send a weight update request for the specified roles in UPDATED_WEIGHTS1.
RepeatedPtrField<WeightInfo> infos = createWeightInfos(UPDATED_WEIGHTS1);
@@ -489,7 +358,7 @@ TEST_F(DynamicWeightsTest, UpdateWeightsWithExplictRoles)
AWAIT_EXPECT_RESPONSE_STATUS_EQ(OK().status, response)
<< response.get().body;
- checkWithRolesEndpoint(master.get()->pid, UPDATED_WEIGHTS1);
+ checkWithGetRequest(master.get()->pid, UPDATED_WEIGHTS1);
}
@@ -520,7 +389,7 @@ TEST_F(DynamicWeightsTest, UnauthenticatedUpdateWeightRequest)
AWAIT_EXPECT_RESPONSE_STATUS_EQ(Unauthorized({}).status, response1)
<< response1.get().body;
- checkWithRolesEndpoint(master.get()->pid);
+ checkWithGetRequest(master.get()->pid);
// The absence of credentials leads to authentication failure as well.
infos = createWeightInfos(UPDATED_WEIGHTS1);
@@ -536,7 +405,7 @@ TEST_F(DynamicWeightsTest, UnauthenticatedUpdateWeightRequest)
AWAIT_EXPECT_RESPONSE_STATUS_EQ(Unauthorized({}).status, response2)
<< response2.get().body;
- checkWithRolesEndpoint(master.get()->pid);
+ checkWithGetRequest(master.get()->pid);
}
@@ -599,7 +468,7 @@ TEST_F(DynamicWeightsTest, AuthorizedWeightUpdateRequest)
AWAIT_EXPECT_RESPONSE_STATUS_EQ(OK().status, response)
<< response.get().body;
- checkWithRolesEndpoint(master.get()->pid, UPDATED_WEIGHTS1);
+ checkWithGetRequest(master.get()->pid, UPDATED_WEIGHTS1);
}
@@ -639,7 +508,7 @@ TEST_F(DynamicWeightsTest, AuthorizedUpdateWeightRequestWithoutPrincipal)
AWAIT_EXPECT_RESPONSE_STATUS_EQ(OK().status, response)
<< response.get().body;
- checkWithRolesEndpoint(master.get()->pid, UPDATED_WEIGHTS1);
+ checkWithGetRequest(master.get()->pid, UPDATED_WEIGHTS1);
}
@@ -671,7 +540,7 @@ TEST_F(DynamicWeightsTest, UnauthorizedWeightUpdateRequest)
AWAIT_EXPECT_RESPONSE_STATUS_EQ(Forbidden().status, response)
<< response.get().body;
- checkWithRolesEndpoint(master.get()->pid);
+ checkWithGetRequest(master.get()->pid);
}
@@ -687,7 +556,7 @@ TEST_F(DynamicWeightsTest, RecoveredWeightsFromRegistry)
// Tests whether the weights replicated log is initialized with the
// `--weights` flag when bootstrapping the cluster.
{
- checkWithRolesEndpoint(master.get()->pid, UPDATED_WEIGHTS1);
+ checkWithGetRequest(master.get()->pid, UPDATED_WEIGHTS1);
// Stop the master
master->reset();
@@ -697,7 +566,7 @@ TEST_F(DynamicWeightsTest, RecoveredWeightsFromRegistry)
master = StartMaster(masterFlags);
ASSERT_SOME(master);
- checkWithRolesEndpoint(master.get()->pid, UPDATED_WEIGHTS1);
+ checkWithGetRequest(master.get()->pid, UPDATED_WEIGHTS1);
}
// Tests whether the weights replicated log can be updated with
@@ -717,7 +586,7 @@ TEST_F(DynamicWeightsTest, RecoveredWeightsFromRegistry)
AWAIT_EXPECT_RESPONSE_STATUS_EQ(OK().status, response)
<< response.get().body;
- checkWithRolesEndpoint(master.get()->pid, UPDATED_WEIGHTS2);
+ checkWithGetRequest(master.get()->pid, UPDATED_WEIGHTS2);
// Stop the master
master->reset();
@@ -727,7 +596,7 @@ TEST_F(DynamicWeightsTest, RecoveredWeightsFromRegistry)
master = StartMaster(masterFlags);
ASSERT_SOME(master);
- checkWithRolesEndpoint(master.get()->pid, UPDATED_WEIGHTS2);
+ checkWithGetRequest(master.get()->pid, UPDATED_WEIGHTS2);
}
// Tests whether the `--weights` flag is ignored and use the registry value
@@ -742,7 +611,7 @@ TEST_F(DynamicWeightsTest, RecoveredWeightsFromRegistry)
master = StartMaster(masterFlags);
ASSERT_SOME(master);
- checkWithRolesEndpoint(master.get()->pid, UPDATED_WEIGHTS2);
+ checkWithGetRequest(master.get()->pid, UPDATED_WEIGHTS2);
}
}
http://git-wip-us.apache.org/repos/asf/mesos/blob/03168ce6/src/tests/mesos.hpp
----------------------------------------------------------------------
diff --git a/src/tests/mesos.hpp b/src/tests/mesos.hpp
index 55bdeb6..bff7938 100644
--- a/src/tests/mesos.hpp
+++ b/src/tests/mesos.hpp
@@ -668,6 +668,20 @@ inline google::protobuf::RepeatedPtrField<WeightInfo> createWeightInfos(
}
+// Convert WeightInfos protobuf to weights hashmap.
+inline hashmap<std::string, double> convertToHashmap(
+ const google::protobuf::RepeatedPtrField<WeightInfo> weightInfos)
+{
+ hashmap<std::string, double> weights;
+
+ for (const WeightInfo& weightInfo : weightInfos) {
+ weights[weightInfo.role()] = weightInfo.weight();
+ }
+
+ return weights;
+}
+
+
// Helpers for creating reserve operations.
inline Offer::Operation RESERVE(const Resources& resources)
{
[4/4] mesos git commit: Added agent authorization flags.
Posted by me...@apache.org.
Added agent authorization flags.
Review: https://reviews.apache.org/r/45922/
Project: http://git-wip-us.apache.org/repos/asf/mesos/repo
Commit: http://git-wip-us.apache.org/repos/asf/mesos/commit/a3da5811
Tree: http://git-wip-us.apache.org/repos/asf/mesos/tree/a3da5811
Diff: http://git-wip-us.apache.org/repos/asf/mesos/diff/a3da5811
Branch: refs/heads/master
Commit: a3da5811e0de83373f6ef5d98fbe9f72e65de046
Parents: cff6eea
Author: Jan Schlicht <ja...@mesosphere.io>
Authored: Mon Apr 25 03:57:31 2016 -0700
Committer: Adam B <ad...@mesosphere.io>
Committed: Mon Apr 25 10:14:25 2016 -0700
----------------------------------------------------------------------
docs/configuration.md | 32 ++++++++++++++++++++++++++++++++
src/local/local.cpp | 3 ++-
src/slave/constants.hpp | 3 +++
src/slave/flags.cpp | 25 +++++++++++++++++++++++++
src/slave/flags.hpp | 2 ++
src/slave/main.cpp | 36 +++++++++++++++++++++++++++++++++++-
src/slave/slave.cpp | 6 ++++--
src/slave/slave.hpp | 9 ++++++++-
src/tests/cluster.cpp | 36 ++++++++++++++++++++++++++++++++++--
src/tests/cluster.hpp | 4 +++-
src/tests/mesos.cpp | 9 +++++++--
src/tests/mesos.hpp | 3 ++-
12 files changed, 157 insertions(+), 11 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/mesos/blob/a3da5811/docs/configuration.md
----------------------------------------------------------------------
diff --git a/docs/configuration.md b/docs/configuration.md
index 86ba66a..318275f 100644
--- a/docs/configuration.md
+++ b/docs/configuration.md
@@ -878,6 +878,23 @@ May be one of:
</thead>
<tr>
<td>
+ --acls=VALUE
+ </td>
+ <td>
+The value could be a JSON-formatted string of ACLs
+or a file path containing the JSON-formatted ACLs used
+for authorization. Path could be of the form <code>file:///path/to/file</code>
+or <code>/path/to/file</code>.
+<p/>
+Note that if the <code>--authorizer</code> flag is provided with a value
+other than <code>local</code>, the ACLs contents will be
+ignored.
+<p/>
+See the ACLs protobuf in acls.proto for the expected format.
+ </td>
+</tr>
+<tr>
+ <td>
--appc_store_dir=VALUE
</td>
<td>
@@ -906,6 +923,21 @@ load an alternate authenticatee module using <code>--modules</code>. (default: c
</tr>
<tr>
<td>
+ --authorizer=VALUE
+ </td>
+ <td>
+Authorizer implementation to use when authorizing actions that
+require it.
+Use the default <code>local</code>, or
+load an alternate authorizer module using <code>--modules</code>.
+<p/>
+Note that if the <code>--authorizer</code> flag is provided with a value
+other than the default <code>local</code>, the ACLs
+passed through the <code>--acls</code> flag will be ignored.
+ </td>
+</tr>
+<tr>
+ <td>
--[no]-cgroups_cpu_enable_pids_and_tids_count
</td>
<td>
http://git-wip-us.apache.org/repos/asf/mesos/blob/a3da5811/src/local/local.cpp
----------------------------------------------------------------------
diff --git a/src/local/local.cpp b/src/local/local.cpp
index 7de8a24..1c679ec 100644
--- a/src/local/local.cpp
+++ b/src/local/local.cpp
@@ -401,7 +401,8 @@ PID<Master> launch(const Flags& flags, Allocator* _allocator)
garbageCollectors->back(),
statusUpdateManagers->back(),
resourceEstimators->back(),
- qosControllers->back());
+ qosControllers->back(),
+ authorizer_); // Same authorizer as master.
slaves[containerizer.get()] = slave;
http://git-wip-us.apache.org/repos/asf/mesos/blob/a3da5811/src/slave/constants.hpp
----------------------------------------------------------------------
diff --git a/src/slave/constants.hpp b/src/slave/constants.hpp
index 9978c11..c24167f 100644
--- a/src/slave/constants.hpp
+++ b/src/slave/constants.hpp
@@ -114,6 +114,9 @@ constexpr Duration DOCKER_FORCE_KILL_TIMEOUT = Seconds(1);
// Name of the default, CRAM-MD5 authenticatee.
constexpr char DEFAULT_AUTHENTICATEE[] = "crammd5";
+// Name of the default, local authorizer.
+constexpr char DEFAULT_AUTHORIZER[] = "local";
+
// Name of the default HTTP authenticator.
constexpr char DEFAULT_HTTP_AUTHENTICATOR[] = "basic";
http://git-wip-us.apache.org/repos/asf/mesos/blob/a3da5811/src/slave/flags.cpp
----------------------------------------------------------------------
diff --git a/src/slave/flags.cpp b/src/slave/flags.cpp
index 10d2974..a319d60 100644
--- a/src/slave/flags.cpp
+++ b/src/slave/flags.cpp
@@ -443,6 +443,19 @@ mesos::internal::slave::Flags::Flags()
" \"secret\": \"secret\"\n"
"}");
+ add(&Flags::acls,
+ "acls",
+ "The value could be a JSON-formatted string of ACLs\n"
+ "or a file path containing the JSON-formatted ACLs used\n"
+ "for authorization. Path could be of the form `file:///path/to/file`\n"
+ "or `/path/to/file`.\n"
+ "\n"
+ "Note that if the `--authorizer` flag is provided with a value\n"
+ "other than `" + string(DEFAULT_AUTHORIZER) + "`, the ACLs contents\n"
+ "will be ignored.\n"
+ "\n"
+ "See the ACLs protobuf in acls.proto for the expected format.");
+
add(&Flags::containerizer_path,
"containerizer_path",
"The path to the external containerizer executable used when\n"
@@ -710,6 +723,18 @@ mesos::internal::slave::Flags::Flags()
"load an alternate authenticatee module using `--modules`.",
DEFAULT_AUTHENTICATEE);
+ add(&Flags::authorizer,
+ "authorizer",
+ "Authorizer implementation to use when authorizing actions that\n"
+ "require it.\n"
+ "Use the default `" + string(DEFAULT_AUTHORIZER) + "`, or\n"
+ "load an alternate authorizer module using `--modules`.\n"
+ "\n"
+ "Note that if the `--authorizer` flag is provided with a value\n"
+ "other than the default `" + string(DEFAULT_AUTHORIZER) + "`, the\n"
+ "ACLs passed through the `--acls` flag will be ignored.",
+ DEFAULT_AUTHORIZER);
+
add(&Flags::http_authenticators,
"http_authenticators",
"HTTP authenticator implementation to use when handling requests to\n"
http://git-wip-us.apache.org/repos/asf/mesos/blob/a3da5811/src/slave/flags.hpp
----------------------------------------------------------------------
diff --git a/src/slave/flags.hpp b/src/slave/flags.hpp
index ee520ac..4fa3213 100644
--- a/src/slave/flags.hpp
+++ b/src/slave/flags.hpp
@@ -99,6 +99,7 @@ public:
#endif
Option<Firewall> firewall_rules;
Option<Path> credential;
+ Option<ACLs> acls;
Option<std::string> containerizer_path;
std::string containerizers;
Option<std::string> default_container_image;
@@ -135,6 +136,7 @@ public:
bool enforce_container_disk_quota;
Option<Modules> modules;
std::string authenticatee;
+ std::string authorizer;
std::string http_authenticators;
bool authenticate_http;
Option<Path> http_credentials;
http://git-wip-us.apache.org/repos/asf/mesos/blob/a3da5811/src/slave/main.cpp
----------------------------------------------------------------------
diff --git a/src/slave/main.cpp b/src/slave/main.cpp
index 7d84c77..3ea1453 100644
--- a/src/slave/main.cpp
+++ b/src/slave/main.cpp
@@ -19,6 +19,8 @@
#include <vector>
#include <utility>
+#include <mesos/authorizer/authorizer.hpp>
+
#include <mesos/master/detector.hpp>
#include <mesos/mesos.hpp>
@@ -71,6 +73,7 @@ using mesos::master::detector::MasterDetector;
using mesos::slave::QoSController;
using mesos::slave::ResourceEstimator;
+using mesos::Authorizer;
using mesos::SlaveInfo;
using process::Owned;
@@ -281,6 +284,32 @@ int main(int argc, char** argv)
MasterDetector* detector = detector_.get();
+ Option<Authorizer*> authorizer_ = None();
+
+ string authorizerName = flags.authorizer;
+
+ Result<Authorizer*> authorizer((None()));
+ if (authorizerName != slave::DEFAULT_AUTHORIZER) {
+ LOG(INFO) << "Creating '" << authorizerName << "' authorizer";
+
+ // NOTE: The contents of --acls will be ignored.
+ authorizer = Authorizer::create(authorizerName);
+ } else {
+ // `authorizerName` is `DEFAULT_AUTHORIZER` at this point.
+ if (flags.acls.isSome()) {
+ LOG(INFO) << "Creating default '" << authorizerName << "' authorizer";
+
+ authorizer = Authorizer::create(flags.acls.get());
+ }
+ }
+
+ if (authorizer.isError()) {
+ EXIT(EXIT_FAILURE) << "Could not create '" << authorizerName
+ << "' authorizer: " << authorizer.error();
+ } else if (authorizer.isSome()) {
+ authorizer_ = authorizer.get();
+ }
+
if (flags.firewall_rules.isSome()) {
vector<Owned<FirewallRule>> rules;
@@ -350,7 +379,8 @@ int main(int argc, char** argv)
&gc,
&statusUpdateManager,
resourceEstimator.get(),
- qosController.get());
+ qosController.get(),
+ authorizer_);
process::spawn(slave);
process::wait(slave->self());
@@ -365,5 +395,9 @@ int main(int argc, char** argv)
delete containerizer.get();
+ if (authorizer_.isSome()) {
+ delete authorizer_.get();
+ }
+
return EXIT_SUCCESS;
}
http://git-wip-us.apache.org/repos/asf/mesos/blob/a3da5811/src/slave/slave.cpp
----------------------------------------------------------------------
diff --git a/src/slave/slave.cpp b/src/slave/slave.cpp
index ebf2606..5aa1530 100644
--- a/src/slave/slave.cpp
+++ b/src/slave/slave.cpp
@@ -134,7 +134,8 @@ Slave::Slave(const std::string& id,
GarbageCollector* _gc,
StatusUpdateManager* _statusUpdateManager,
ResourceEstimator* _resourceEstimator,
- QoSController* _qosController)
+ QoSController* _qosController,
+ const Option<Authorizer*>& _authorizer)
: ProcessBase(id),
state(RECOVERING),
flags(_flags),
@@ -155,7 +156,8 @@ Slave::Slave(const std::string& id,
reauthenticate(false),
executorDirectoryMaxAllowedAge(age(0)),
resourceEstimator(_resourceEstimator),
- qosController(_qosController) {}
+ qosController(_qosController),
+ authorizer(_authorizer) {}
Slave::~Slave()
http://git-wip-us.apache.org/repos/asf/mesos/blob/a3da5811/src/slave/slave.hpp
----------------------------------------------------------------------
diff --git a/src/slave/slave.hpp b/src/slave/slave.hpp
index 20a4bcd..57b1888 100644
--- a/src/slave/slave.hpp
+++ b/src/slave/slave.hpp
@@ -83,6 +83,10 @@
#endif // __WINDOWS__
namespace mesos {
+
+// Forward declarations.
+class Authorizer;
+
namespace internal {
namespace slave {
@@ -106,7 +110,8 @@ public:
GarbageCollector* gc,
StatusUpdateManager* statusUpdateManager,
mesos::slave::ResourceEstimator* resourceEstimator,
- mesos::slave::QoSController* qosController);
+ mesos::slave::QoSController* qosController,
+ const Option<Authorizer*>& authorizer);
virtual ~Slave();
@@ -593,6 +598,8 @@ private:
mesos::slave::QoSController* qosController;
+ const Option<Authorizer*> authorizer;
+
// The most recent estimate of the total amount of oversubscribed
// (allocated and oversubscribable) resources.
Option<Resources> oversubscribedResources;
http://git-wip-us.apache.org/repos/asf/mesos/blob/a3da5811/src/tests/cluster.cpp
----------------------------------------------------------------------
diff --git a/src/tests/cluster.cpp b/src/tests/cluster.cpp
index 3e5fdf6..db72628 100644
--- a/src/tests/cluster.cpp
+++ b/src/tests/cluster.cpp
@@ -352,7 +352,8 @@ Try<process::Owned<Slave>> Slave::start(
const Option<slave::GarbageCollector*>& gc,
const Option<slave::StatusUpdateManager*>& statusUpdateManager,
const Option<mesos::slave::ResourceEstimator*>& resourceEstimator,
- const Option<mesos::slave::QoSController*>& qosController)
+ const Option<mesos::slave::QoSController*>& qosController,
+ const Option<Authorizer*>& providedAuthorizer)
{
process::Owned<Slave> slave(new Slave());
@@ -379,6 +380,36 @@ Try<process::Owned<Slave>> Slave::start(
slave->containerizer = _containerizer.get();
}
+ Option<Authorizer*> authorizer = providedAuthorizer;
+
+ // If the authorizer is not provided, create a default one.
+ if (providedAuthorizer.isNone()) {
+ std::string authorizerName = flags.authorizer;
+
+ Result<Authorizer*> createdAuthorizer((None()));
+ if (authorizerName != slave::DEFAULT_AUTHORIZER) {
+ LOG(INFO) << "Creating '" << authorizerName << "' authorizer";
+
+ // NOTE: The contents of --acls will be ignored.
+ createdAuthorizer = Authorizer::create(authorizerName);
+ } else {
+ // `authorizerName` is `DEFAULT_AUTHORIZER` at this point.
+ if (flags.acls.isSome()) {
+ LOG(INFO) << "Creating default '" << authorizerName << "' authorizer";
+
+ createdAuthorizer = Authorizer::create(flags.acls.get());
+ }
+ }
+
+ if (createdAuthorizer.isError()) {
+ EXIT(EXIT_FAILURE) << "Could not create '" << authorizerName
+ << "' authorizer: " << createdAuthorizer.error();
+ } else if (createdAuthorizer.isSome()) {
+ slave->authorizer.reset(createdAuthorizer.get());
+ authorizer = createdAuthorizer.get();
+ }
+ }
+
// If the garbage collector is not provided, create a default one.
if (gc.isNone()) {
slave->gc.reset(new slave::GarbageCollector());
@@ -425,7 +456,8 @@ Try<process::Owned<Slave>> Slave::start(
gc.getOrElse(slave->gc.get()),
statusUpdateManager.getOrElse(slave->statusUpdateManager.get()),
resourceEstimator.getOrElse(slave->resourceEstimator.get()),
- qosController.getOrElse(slave->qosController.get())));
+ qosController.getOrElse(slave->qosController.get()),
+ authorizer));
slave->pid = process::spawn(slave->slave.get());
http://git-wip-us.apache.org/repos/asf/mesos/blob/a3da5811/src/tests/cluster.hpp
----------------------------------------------------------------------
diff --git a/src/tests/cluster.hpp b/src/tests/cluster.hpp
index 96ec52a..60ab3f7 100644
--- a/src/tests/cluster.hpp
+++ b/src/tests/cluster.hpp
@@ -147,7 +147,8 @@ public:
const Option<slave::StatusUpdateManager*>& statusUpdateManager = None(),
const Option<mesos::slave::ResourceEstimator*>& resourceEstimator =
None(),
- const Option<mesos::slave::QoSController*>& qosController = None());
+ const Option<mesos::slave::QoSController*>& qosController = None(),
+ const Option<Authorizer*>& authorizer = None());
~Slave();
@@ -194,6 +195,7 @@ private:
slave::Containerizer* containerizer = nullptr;
// Dependencies that are created by the factory method.
+ process::Owned<Authorizer> authorizer;
process::Owned<slave::Containerizer> ownedContainerizer;
process::Owned<slave::Fetcher> fetcher;
process::Owned<slave::GarbageCollector> gc;
http://git-wip-us.apache.org/repos/asf/mesos/blob/a3da5811/src/tests/mesos.cpp
----------------------------------------------------------------------
diff --git a/src/tests/mesos.cpp b/src/tests/mesos.cpp
index b5937af..118b3b4 100644
--- a/src/tests/mesos.cpp
+++ b/src/tests/mesos.cpp
@@ -175,6 +175,9 @@ slave::Flags MesosTest::CreateSlaveFlags()
CHECK_SOME(os::close(fd.get()));
flags.credential = path;
+
+ // Set default (permissive) ACLs.
+ flags.acls = ACLs();
}
flags.authenticate_http = true;
@@ -459,7 +462,8 @@ MockSlave::MockSlave(
const slave::Flags& flags,
MasterDetector* detector,
slave::Containerizer* containerizer,
- const Option<mesos::slave::QoSController*>& _qosController)
+ const Option<mesos::slave::QoSController*>& _qosController,
+ const Option<mesos::Authorizer*>& authorizer)
: slave::Slave(
process::ID::generate("slave"),
flags,
@@ -469,7 +473,8 @@ MockSlave::MockSlave(
&gc,
statusUpdateManager = new slave::StatusUpdateManager(flags),
&resourceEstimator,
- _qosController.isSome() ? _qosController.get() : &qosController),
+ _qosController.isSome() ? _qosController.get() : &qosController,
+ authorizer),
files(slave::DEFAULT_HTTP_AUTHENTICATION_REALM)
{
// Set up default behaviors, calling the original methods.
http://git-wip-us.apache.org/repos/asf/mesos/blob/a3da5811/src/tests/mesos.hpp
----------------------------------------------------------------------
diff --git a/src/tests/mesos.hpp b/src/tests/mesos.hpp
index fce9846..aeee7ac 100644
--- a/src/tests/mesos.hpp
+++ b/src/tests/mesos.hpp
@@ -1254,7 +1254,8 @@ public:
const slave::Flags& flags,
mesos::master::detector::MasterDetector* detector,
slave::Containerizer* containerizer,
- const Option<mesos::slave::QoSController*>& qosController = None());
+ const Option<mesos::slave::QoSController*>& qosController = None(),
+ const Option<mesos::Authorizer*>& authorizer = None());
virtual ~MockSlave();
[2/4] mesos git commit: Added helper to create test agent with
injected `Authorizer`.
Posted by me...@apache.org.
Added helper to create test agent with injected `Authorizer`.
In addition to the fully generic interface we do provide a number of
short hand functions for creating agents in tests which allow injecting
just a single component. Add one such short hand function for creating
a test agent with an injected `Authorizer` which we will use in a
subsequent patch.
Review: https://reviews.apache.org/r/46318/
Project: http://git-wip-us.apache.org/repos/asf/mesos/repo
Commit: http://git-wip-us.apache.org/repos/asf/mesos/commit/365ec591
Tree: http://git-wip-us.apache.org/repos/asf/mesos/tree/365ec591
Diff: http://git-wip-us.apache.org/repos/asf/mesos/diff/365ec591
Branch: refs/heads/master
Commit: 365ec5915a29721fd04572ed891cab5ed35a78bb
Parents: a3da581
Author: Benjamin Bannier <be...@mesosphere.io>
Authored: Mon Apr 25 03:58:58 2016 -0700
Committer: Adam B <ad...@mesosphere.io>
Committed: Mon Apr 25 10:14:25 2016 -0700
----------------------------------------------------------------------
src/tests/mesos.cpp | 19 +++++++++++++++++++
src/tests/mesos.hpp | 6 ++++++
2 files changed, 25 insertions(+)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/mesos/blob/365ec591/src/tests/mesos.cpp
----------------------------------------------------------------------
diff --git a/src/tests/mesos.cpp b/src/tests/mesos.cpp
index 118b3b4..036c589 100644
--- a/src/tests/mesos.cpp
+++ b/src/tests/mesos.cpp
@@ -389,6 +389,25 @@ Try<Owned<cluster::Slave>> MesosTest::StartSlave(
qoSController);
}
+
+Try<Owned<cluster::Slave>> MesosTest::StartSlave(
+ mesos::master::detector::MasterDetector* detector,
+ mesos::Authorizer* authorizer,
+ const Option<slave::Flags>& flags)
+{
+ return cluster::Slave::start(
+ detector,
+ flags.isNone() ? CreateSlaveFlags() : flags.get(),
+ None(),
+ None(),
+ None(),
+ None(),
+ None(),
+ None(),
+ authorizer);
+}
+
+
// Although the constructors and destructors for mock classes are
// often trivial, defining them out-of-line (in a separate compilation
// unit) improves compilation time: see MESOS-3827.
http://git-wip-us.apache.org/repos/asf/mesos/blob/365ec591/src/tests/mesos.hpp
----------------------------------------------------------------------
diff --git a/src/tests/mesos.hpp b/src/tests/mesos.hpp
index aeee7ac..55bdeb6 100644
--- a/src/tests/mesos.hpp
+++ b/src/tests/mesos.hpp
@@ -207,6 +207,12 @@ protected:
mesos::slave::QoSController* qosController,
const Option<slave::Flags>& flags = None());
+ // Starts a slave with the specified detector, authorizer, and flags.
+ virtual Try<process::Owned<cluster::Slave>> StartSlave(
+ mesos::master::detector::MasterDetector* detector,
+ mesos::Authorizer* authorizer,
+ const Option<slave::Flags>& flags = None());
+
Option<zookeeper::URL> zookeeperUrl;
const std::string defaultAgentResourcesString{