Repository: aurora Updated Branches: refs/heads/master 3c33f663f -> 1b0ce86cf
Add flag to set FrameworkInfo.principal Bugs closed: AURORA-687 Reviewed at https://reviews.apache.org/r/41525/ Project: http://git-wip-us.apache.org/repos/asf/aurora/repo Commit: http://git-wip-us.apache.org/repos/asf/aurora/commit/1b0ce86c Tree: http://git-wip-us.apache.org/repos/asf/aurora/tree/1b0ce86c Diff: http://git-wip-us.apache.org/repos/asf/aurora/diff/1b0ce86c Branch: refs/heads/master Commit: 1b0ce86cfaae07275c83f79819baf641952617c8 Parents: 3c33f66 Author: R.B. Boyer <[email protected]> Authored: Thu Dec 17 14:36:11 2015 -0800 Committer: Bill Farner <[email protected]> Committed: Thu Dec 17 14:36:11 2015 -0800 ---------------------------------------------------------------------- NEWS | 2 ++ .../mesos/CommandLineDriverSettingsModule.java | 19 ++++++++++++- .../CommandLineDriverSettingsModuleTest.java | 28 ++++++++++++++++++++ 3 files changed, 48 insertions(+), 1 deletion(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/aurora/blob/1b0ce86c/NEWS ---------------------------------------------------------------------- diff --git a/NEWS b/NEWS index 066925e..79d8668 100644 --- a/NEWS +++ b/NEWS @@ -19,6 +19,8 @@ - Log rotation has been added to the thermos runner. See the configuration reference for details on how configure rotation per-process. Command line options may also be passed through the scheduler in order to configure the global default behavior. +- Added a new scheduler flag 'framework_announce_principal' to support use of authorization and + rate limiting in Mesos. 0.10.0 ------ http://git-wip-us.apache.org/repos/asf/aurora/blob/1b0ce86c/src/main/java/org/apache/aurora/scheduler/mesos/CommandLineDriverSettingsModule.java ---------------------------------------------------------------------- diff --git a/src/main/java/org/apache/aurora/scheduler/mesos/CommandLineDriverSettingsModule.java b/src/main/java/org/apache/aurora/scheduler/mesos/CommandLineDriverSettingsModule.java index 68aeda1..5c6f6a4 100644 --- a/src/main/java/org/apache/aurora/scheduler/mesos/CommandLineDriverSettingsModule.java +++ b/src/main/java/org/apache/aurora/scheduler/mesos/CommandLineDriverSettingsModule.java @@ -68,6 +68,13 @@ public class CommandLineDriverSettingsModule extends AbstractModule { private static final Arg<Amount<Long, Time>> FRAMEWORK_FAILOVER_TIMEOUT = Arg.create(Amount.of(21L, Time.DAYS)); + @CmdLine(name = "framework_announce_principal", + help = "When 'framework_authentication_file' flag is set, the FrameworkInfo " + + "registered with the mesos master will also contain the principal. This is " + + "necessary if you intend to use mesos authorization via mesos ACLs. " + + "The default will change in a future release.") + private static final Arg<Boolean> FRAMEWORK_ANNOUNCE_PRINCIPAL = Arg.create(false); + @CmdLine(name = "executor_user", help = "User to start the executor. Defaults to \"root\". " + "Set this to an unprivileged user if the mesos master was started with " @@ -86,11 +93,17 @@ public class CommandLineDriverSettingsModule extends AbstractModule { @Override protected void configure() { + Optional<Protos.Credential> credentials = getCredentials(); + Optional<String> principal = Optional.absent(); + if (FRAMEWORK_ANNOUNCE_PRINCIPAL.get() && credentials.isPresent()) { + principal = Optional.of(credentials.get().getPrincipal()); + } DriverSettings settings = new DriverSettings( MESOS_MASTER_ADDRESS.get(), - getCredentials(), + credentials, buildFrameworkInfo( EXECUTOR_USER.get(), + principal, FRAMEWORK_FAILOVER_TIMEOUT.get(), RECEIVE_REVOCABLE_RESOURCES.get())); bind(DriverSettings.class).toInstance(settings); @@ -121,6 +134,7 @@ public class CommandLineDriverSettingsModule extends AbstractModule { @VisibleForTesting static FrameworkInfo buildFrameworkInfo( String executorUser, + Optional<String> principal, Amount<Long, Time> failoverTimeout, boolean revocable) { @@ -130,6 +144,9 @@ public class CommandLineDriverSettingsModule extends AbstractModule { // Require slave checkpointing. Assumes slaves have '--checkpoint=true' arg set. .setCheckpoint(true) .setFailoverTimeout(failoverTimeout.as(Time.SECONDS)); + if (principal.isPresent()) { + infoBuilder.setPrincipal(principal.get()); + } if (revocable) { infoBuilder.addCapabilities(Capability.newBuilder().setType(REVOCABLE_RESOURCES)); http://git-wip-us.apache.org/repos/asf/aurora/blob/1b0ce86c/src/test/java/org/apache/aurora/scheduler/mesos/CommandLineDriverSettingsModuleTest.java ---------------------------------------------------------------------- diff --git a/src/test/java/org/apache/aurora/scheduler/mesos/CommandLineDriverSettingsModuleTest.java b/src/test/java/org/apache/aurora/scheduler/mesos/CommandLineDriverSettingsModuleTest.java index 513391f..33149ab 100644 --- a/src/test/java/org/apache/aurora/scheduler/mesos/CommandLineDriverSettingsModuleTest.java +++ b/src/test/java/org/apache/aurora/scheduler/mesos/CommandLineDriverSettingsModuleTest.java @@ -18,6 +18,7 @@ import java.io.ByteArrayOutputStream; import java.io.IOException; import java.util.Properties; +import com.google.common.base.Optional; import com.google.common.base.Throwables; import org.apache.aurora.common.quantity.Amount; @@ -69,8 +70,10 @@ public class CommandLineDriverSettingsModuleTest { public void testFrameworkInfoNoRevocable() { Protos.FrameworkInfo info = CommandLineDriverSettingsModule.buildFrameworkInfo( "user", + Optional.absent(), Amount.of(1L, Time.MINUTES), false); + assertEquals("", info.getPrincipal()); assertEquals(0, info.getCapabilitiesCount()); } @@ -78,8 +81,33 @@ public class CommandLineDriverSettingsModuleTest { public void testFrameworkInfoRevocable() { Protos.FrameworkInfo info = CommandLineDriverSettingsModule.buildFrameworkInfo( "user", + Optional.absent(), Amount.of(1L, Time.MINUTES), true); + assertEquals("", info.getPrincipal()); + assertEquals(1, info.getCapabilitiesCount()); + assertEquals(REVOCABLE_RESOURCES, info.getCapabilities(0).getType()); + } + + @Test + public void testFrameworkInfoNoRevocableWithAnnouncedPrincipal() { + Protos.FrameworkInfo info = CommandLineDriverSettingsModule.buildFrameworkInfo( + "user", + Optional.of("auroraprincipal"), + Amount.of(1L, Time.MINUTES), + false); + assertEquals("auroraprincipal", info.getPrincipal()); + assertEquals(0, info.getCapabilitiesCount()); + } + + @Test + public void testFrameworkInfoRevocableWithAnnouncedPrincipal() { + Protos.FrameworkInfo info = CommandLineDriverSettingsModule.buildFrameworkInfo( + "user", + Optional.of("auroraprincipal"), + Amount.of(1L, Time.MINUTES), + true); + assertEquals("auroraprincipal", info.getPrincipal()); assertEquals(1, info.getCapabilitiesCount()); assertEquals(REVOCABLE_RESOURCES, info.getCapabilities(0).getType()); }
