Repository: mesos Updated Branches: refs/heads/master 5b3d4a00d -> 6f15f67e1
Fixed disable endpoints rule failing to recognize HTTP path delegates. Review: https://reviews.apache.org/r/36821 Project: http://git-wip-us.apache.org/repos/asf/mesos/repo Commit: http://git-wip-us.apache.org/repos/asf/mesos/commit/6f15f67e Tree: http://git-wip-us.apache.org/repos/asf/mesos/tree/6f15f67e Diff: http://git-wip-us.apache.org/repos/asf/mesos/diff/6f15f67e Branch: refs/heads/master Commit: 6f15f67e13e1b4e16cd8acf9a47e9e7eefb2322d Parents: 5b3d4a0 Author: haosdent huang <[email protected]> Authored: Tue Aug 4 02:30:54 2015 -0700 Committer: Adam B <[email protected]> Committed: Tue Aug 4 02:31:55 2015 -0700 ---------------------------------------------------------------------- 3rdparty/libprocess/Makefile.am | 1 + .../libprocess/include/process/firewall.hpp | 3 +- 3rdparty/libprocess/include/process/process.hpp | 6 ++ 3rdparty/libprocess/src/firewall.cpp | 36 ++++++++ 3rdparty/libprocess/src/process.cpp | 90 ++++++++++++++------ 5 files changed, 109 insertions(+), 27 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/mesos/blob/6f15f67e/3rdparty/libprocess/Makefile.am ---------------------------------------------------------------------- diff --git a/3rdparty/libprocess/Makefile.am b/3rdparty/libprocess/Makefile.am index 44da603..5f215b7 100644 --- a/3rdparty/libprocess/Makefile.am +++ b/3rdparty/libprocess/Makefile.am @@ -48,6 +48,7 @@ libprocess_la_SOURCES = \ src/decoder.hpp \ src/encoder.hpp \ src/event_loop.hpp \ + src/firewall.cpp \ src/gate.hpp \ src/help.cpp \ src/http.cpp \ http://git-wip-us.apache.org/repos/asf/mesos/blob/6f15f67e/3rdparty/libprocess/include/process/firewall.hpp ---------------------------------------------------------------------- diff --git a/3rdparty/libprocess/include/process/firewall.hpp b/3rdparty/libprocess/include/process/firewall.hpp index f92a6c5..b1abfb2 100644 --- a/3rdparty/libprocess/include/process/firewall.hpp +++ b/3rdparty/libprocess/include/process/firewall.hpp @@ -72,8 +72,7 @@ public: class DisabledEndpointsFirewallRule : public FirewallRule { public: - explicit DisabledEndpointsFirewallRule(const hashset<std::string>& _paths) - : paths(_paths) {} + explicit DisabledEndpointsFirewallRule(const hashset<std::string>& _paths); virtual ~DisabledEndpointsFirewallRule() {} http://git-wip-us.apache.org/repos/asf/mesos/blob/6f15f67e/3rdparty/libprocess/include/process/process.hpp ---------------------------------------------------------------------- diff --git a/3rdparty/libprocess/include/process/process.hpp b/3rdparty/libprocess/include/process/process.hpp index 2558198..bf8e2bf 100644 --- a/3rdparty/libprocess/include/process/process.hpp +++ b/3rdparty/libprocess/include/process/process.hpp @@ -377,6 +377,12 @@ void finalize(); /** + * Get the request absolutePath path with delegate prefix. + */ +std::string absolutePath(const std::string& path); + + +/** * Returns the socket address associated with this instance of the library. */ network::Address address(); http://git-wip-us.apache.org/repos/asf/mesos/blob/6f15f67e/3rdparty/libprocess/src/firewall.cpp ---------------------------------------------------------------------- diff --git a/3rdparty/libprocess/src/firewall.cpp b/3rdparty/libprocess/src/firewall.cpp new file mode 100644 index 0000000..bfb63df --- /dev/null +++ b/3rdparty/libprocess/src/firewall.cpp @@ -0,0 +1,36 @@ +/** +* Licensed under the Apache License, Version 2.0 (the "License"); +* you may not use this file except in compliance with the License. +* You may obtain a copy of the License at +* +* http://www.apache.org/licenses/LICENSE-2.0 +* +* Unless required by applicable law or agreed to in writing, software +* distributed under the License is distributed on an "AS IS" BASIS, +* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +* See the License for the specific language governing permissions and +* limitations under the License +*/ + +#include <string> + +#include <process/firewall.hpp> +#include <process/process.hpp> + +#include <stout/hashset.hpp> + +using std::string; + +namespace process { +namespace firewall { + +DisabledEndpointsFirewallRule::DisabledEndpointsFirewallRule( + const hashset<string>& _paths) +{ + foreach (const string& path, _paths) { + paths.insert(process::absolutePath(path)); + } +} + +} // namespace firewall { +} // namespace process { http://git-wip-us.apache.org/repos/asf/mesos/blob/6f15f67e/3rdparty/libprocess/src/process.cpp ---------------------------------------------------------------------- diff --git a/3rdparty/libprocess/src/process.cpp b/3rdparty/libprocess/src/process.cpp index fd000f4..2ce547b 100644 --- a/3rdparty/libprocess/src/process.cpp +++ b/3rdparty/libprocess/src/process.cpp @@ -400,6 +400,7 @@ public: bool wait(const UPID& pid); void installFirewall(vector<Owned<FirewallRule>>&& rules); + string absolutePath(const string& path); void enqueue(ProcessBase* process); ProcessBase* dequeue(); @@ -998,6 +999,14 @@ void finalize() } +string absolutePath(const string& path) +{ + process::initialize(); + + return process_manager->absolutePath(path); +} + + Address address() { process::initialize(); @@ -2221,6 +2230,31 @@ bool ProcessManager::handle( return false; } + // Split the path by '/'. + vector<string> tokens = strings::tokenize(request->path, "/"); + + // Try and determine a receiver, otherwise try and delegate. + ProcessReference receiver; + + if (tokens.size() == 0 && delegate != "") { + request->path = "/" + delegate; + receiver = use(UPID(delegate, __address__)); + } else if (tokens.size() > 0) { + // Decode possible percent-encoded path. + Try<string> decode = http::decode(tokens[0]); + if (!decode.isError()) { + receiver = use(UPID(decode.get(), __address__)); + } else { + VLOG(1) << "Failed to decode URL path: " << decode.error(); + } + } + + if (!receiver && delegate != "") { + // Try and delegate the request. + request->path = "/" + delegate + request->path; + receiver = use(UPID(delegate, __address__)); + } + synchronized (firewall_mutex) { // Don't use a const reference, since it cannot be guaranteed // that the rules don't keep an internal state. @@ -2251,31 +2285,6 @@ bool ProcessManager::handle( } } - // Split the path by '/'. - vector<string> tokens = strings::tokenize(request->path, "/"); - - // Try and determine a receiver, otherwise try and delegate. - ProcessReference receiver; - - if (tokens.size() == 0 && delegate != "") { - request->path = "/" + delegate; - receiver = use(UPID(delegate, __address__)); - } else if (tokens.size() > 0) { - // Decode possible percent-encoded path. - Try<string> decode = http::decode(tokens[0]); - if (!decode.isError()) { - receiver = use(UPID(decode.get(), __address__)); - } else { - VLOG(1) << "Failed to decode URL path: " << decode.error(); - } - } - - if (!receiver && delegate != "") { - // Try and delegate the request. - request->path = "/" + delegate + request->path; - receiver = use(UPID(delegate, __address__)); - } - if (receiver) { // TODO(benh): Use the sender PID in order to capture // happens-before timing relationships for testing. @@ -2705,6 +2714,37 @@ void ProcessManager::installFirewall(vector<Owned<FirewallRule>>&& rules) } +string ProcessManager::absolutePath(const string& path) +{ + // Return directly when delegate is empty. + if (delegate.empty()) { + return path; + } + + vector<string> tokens = strings::tokenize(path, "/"); + + // Return delegate when path is root. + if (tokens.size() == 0) { + return "/" + delegate; + } + + Try<string> decode = http::decode(tokens[0]); + + // Return path when decode failed + if (decode.isError()) { + VLOG(1) << "Failed to decode URL path: " << decode.error(); + return path; + } + + if (processes.find(decode.get()) != processes.end()) { + // Return path when the first token is a process id. + return path; + } else { + return "/" + delegate + path; + } +} + + void ProcessManager::enqueue(ProcessBase* process) { CHECK(process != NULL);
