You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@mesos.apache.org by vi...@apache.org on 2017/04/13 22:53:44 UTC
[2/5] mesos git commit: Updated 'Checker' to authenticate with agent
operator API.
Updated 'Checker' to authenticate with agent operator API.
This patch updates the `Checker` to permit initialization with
an authorization header, which it will provide to the agent
operator API for authentication when present.
Review: https://reviews.apache.org/r/58373/
Project: http://git-wip-us.apache.org/repos/asf/mesos/repo
Commit: http://git-wip-us.apache.org/repos/asf/mesos/commit/e8562faf
Tree: http://git-wip-us.apache.org/repos/asf/mesos/tree/e8562faf
Diff: http://git-wip-us.apache.org/repos/asf/mesos/diff/e8562faf
Branch: refs/heads/master
Commit: e8562faf1f8a624beeb56880c4a980d32f89533f
Parents: 5f05bdc
Author: Greg Mann <gr...@mesosphere.io>
Authored: Thu Apr 13 15:49:46 2017 -0700
Committer: Vinod Kone <vi...@gmail.com>
Committed: Thu Apr 13 15:49:46 2017 -0700
----------------------------------------------------------------------
src/checks/checker.cpp | 21 ++++++++++++++++++++-
src/checks/checker.hpp | 5 ++++-
2 files changed, 24 insertions(+), 2 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/mesos/blob/e8562faf/src/checks/checker.cpp
----------------------------------------------------------------------
diff --git a/src/checks/checker.cpp b/src/checks/checker.cpp
index 7510bf2..cf7a086 100644
--- a/src/checks/checker.cpp
+++ b/src/checks/checker.cpp
@@ -139,6 +139,7 @@ public:
const vector<string>& _namespaces,
const Option<ContainerID>& _taskContainerId,
const Option<http::URL>& _agentURL,
+ const Option<string>& _authorizationHeader,
bool _commandCheckViaAgent);
void pause();
@@ -203,6 +204,7 @@ private:
const vector<string> namespaces;
const Option<ContainerID> taskContainerId;
const Option<http::URL> agentURL;
+ const Option<std::string> authorizationHeader;
const bool commandCheckViaAgent;
Option<lambda::function<pid_t(const lambda::function<int()>&)>> clone;
@@ -237,6 +239,7 @@ Try<Owned<Checker>> Checker::create(
namespaces,
None(),
None(),
+ None(),
false));
return Owned<Checker>(new Checker(process));
@@ -248,7 +251,8 @@ Try<Owned<Checker>> Checker::create(
const lambda::function<void(const CheckStatusInfo&)>& callback,
const TaskID& taskId,
const ContainerID& taskContainerId,
- const http::URL& agentURL)
+ const http::URL& agentURL,
+ const Option<string>& authorizationHeader)
{
// Validate the `CheckInfo` protobuf.
Option<Error> error = validation::checkInfo(check);
@@ -264,6 +268,7 @@ Try<Owned<Checker>> Checker::create(
{},
taskContainerId,
agentURL,
+ authorizationHeader,
true));
return Owned<Checker>(new Checker(process));
@@ -304,6 +309,7 @@ CheckerProcess::CheckerProcess(
const vector<string>& _namespaces,
const Option<ContainerID>& _taskContainerId,
const Option<http::URL>& _agentURL,
+ const Option<std::string>& _authorizationHeader,
bool _commandCheckViaAgent)
: ProcessBase(process::ID::generate("checker")),
check(_check),
@@ -313,6 +319,7 @@ CheckerProcess::CheckerProcess(
namespaces(_namespaces),
taskContainerId(_taskContainerId),
agentURL(_agentURL),
+ authorizationHeader(_authorizationHeader),
commandCheckViaAgent(_commandCheckViaAgent),
paused(false)
{
@@ -589,6 +596,10 @@ Future<int> CheckerProcess::nestedCommandCheck()
request.headers = {{"Accept", stringify(ContentType::PROTOBUF)},
{"Content-Type", stringify(ContentType::PROTOBUF)}};
+ if (authorizationHeader.isSome()) {
+ request.headers["Authorization"] = authorizationHeader.get();
+ }
+
http::request(request, false)
.onFailed(defer(self(),
[this, promise](const string& failure) {
@@ -673,6 +684,10 @@ void CheckerProcess::__nestedCommandCheck(
{"Message-Accept", stringify(ContentType::PROTOBUF)},
{"Content-Type", stringify(ContentType::PROTOBUF)}};
+ if (authorizationHeader.isSome()) {
+ request.headers["Authorization"] = authorizationHeader.get();
+ }
+
// TODO(alexr): Use a lambda named capture for
// this cached value once it is available.
const Duration timeout = checkTimeout;
@@ -816,6 +831,10 @@ Future<Option<int>> CheckerProcess::waitNestedContainer(
request.headers = {{"Accept", stringify(ContentType::PROTOBUF)},
{"Content-Type", stringify(ContentType::PROTOBUF)}};
+ if (authorizationHeader.isSome()) {
+ request.headers["Authorization"] = authorizationHeader.get();
+ }
+
return http::request(request, false)
.repair([containerId](const Future<http::Response>& future) {
return Failure(
http://git-wip-us.apache.org/repos/asf/mesos/blob/e8562faf/src/checks/checker.hpp
----------------------------------------------------------------------
diff --git a/src/checks/checker.hpp b/src/checks/checker.hpp
index fb939d8..fec30a2 100644
--- a/src/checks/checker.hpp
+++ b/src/checks/checker.hpp
@@ -80,6 +80,8 @@ public:
* @param taskId The TaskID of the target task.
* @param taskContainerId The ContainerID of the target task.
* @param agentURL The URL of the agent.
+ * @param authorizationHeader The authorization header the checker should use
+ * to authenticate with the agent operator API.
* @return A `Checker` object or an error if `create` fails.
*
* @todo A better approach would be to return a stream of updates, e.g.,
@@ -90,7 +92,8 @@ public:
const lambda::function<void(const CheckStatusInfo&)>& callback,
const TaskID& taskId,
const ContainerID& taskContainerId,
- const process::http::URL& agentURL);
+ const process::http::URL& agentURL,
+ const Option<std::string>& authorizationHeader);
~Checker();