Repository: mesos Updated Branches: refs/heads/master a93c3b2c7 -> f40554bab
Firewall rule's apply method now returns HTTP response instead of error message. Review: https://reviews.apache.org/r/35919 Project: http://git-wip-us.apache.org/repos/asf/mesos/repo Commit: http://git-wip-us.apache.org/repos/asf/mesos/commit/f40554ba Tree: http://git-wip-us.apache.org/repos/asf/mesos/tree/f40554ba Diff: http://git-wip-us.apache.org/repos/asf/mesos/diff/f40554ba Branch: refs/heads/master Commit: f40554bab4862b64b8177535eb8a93046bd92f29 Parents: a93c3b2 Author: Alexander Rojas <[email protected]> Authored: Wed Jul 1 01:19:59 2015 -0700 Committer: Adam B <[email protected]> Committed: Wed Jul 1 01:19:59 2015 -0700 ---------------------------------------------------------------------- 3rdparty/libprocess/include/process/firewall.hpp | 13 ++++++++----- 3rdparty/libprocess/src/process.cpp | 11 ++++++----- 2 files changed, 14 insertions(+), 10 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/mesos/blob/f40554ba/3rdparty/libprocess/include/process/firewall.hpp ---------------------------------------------------------------------- diff --git a/3rdparty/libprocess/include/process/firewall.hpp b/3rdparty/libprocess/include/process/firewall.hpp index f71d654..692e065 100644 --- a/3rdparty/libprocess/include/process/firewall.hpp +++ b/3rdparty/libprocess/include/process/firewall.hpp @@ -18,6 +18,7 @@ #include <string> #include <process/http.hpp> +#include <process/owned.hpp> #include <process/socket.hpp> #include <stout/error.hpp> @@ -51,10 +52,11 @@ public: * @param socket Socket used to deliver the HTTP request. * @param request HTTP request made by the client to libprocess. * @return If the rule verification fails, i.e. the rule didn't - * match, the returned error is set with an explanation for the - * failure. Otherwise None is returned. + * match, a pointer to a 'http::Response' object containing the + * HTTP error code and possibly a message indicating the reason + * for failure. Otherwise an unset 'Option' object. */ - virtual Option<Error> apply( + virtual Option<Owned<http::Response>> apply( const network::Socket& socket, const http::Request& request) = 0; }; @@ -75,12 +77,13 @@ public: virtual ~DisabledEndpointsFirewallRule() {} - virtual Option<Error> apply( + virtual Option<Owned<http::Response>> apply( const network::Socket&, const http::Request& request) { if (paths.contains(request.path)) { - return Error("'" + request.path + "' is disabled"); + return Owned<http::Response>( + new http::Forbidden("Endpoint '" + request.path + "' is disabled")); } return None(); http://git-wip-us.apache.org/repos/asf/mesos/blob/f40554ba/3rdparty/libprocess/src/process.cpp ---------------------------------------------------------------------- diff --git a/3rdparty/libprocess/src/process.cpp b/3rdparty/libprocess/src/process.cpp index d99947c..b754fb3 100644 --- a/3rdparty/libprocess/src/process.cpp +++ b/3rdparty/libprocess/src/process.cpp @@ -2209,11 +2209,12 @@ bool ProcessManager::handle( // Don't use a const reference, since it cannot be guaranteed // that the rules don't keep an internal state. foreach (Owned<FirewallRule>& rule, firewallRules) { - Option<Error> rejection = rule->apply(socket, *request); + Option<Owned<Response>> rejection = rule->apply(socket, *request); if (rejection.isSome()) { - VLOG(1) << "Returning '403 Forbidden' for '" << request->path - << "' (firewall rule forbids request): " - << rejection.get().message; + CHECK(rejection.get().get() != NULL); + + VLOG(1) << "Returning '"<< rejection.get()->status << "' for '" + << request->path << "' (firewall rule forbids request)"; // TODO(arojas): Get rid of the duplicated code to return an // error. @@ -2226,7 +2227,7 @@ bool ProcessManager::handle( dispatch( proxy, &HttpProxy::enqueue, - Forbidden(rejection.get().message), + *rejection.get(), *request); // Cleanup request.
