Quota: Added authentication of quota requests. Review: https://reviews.apache.org/r/39288
Project: http://git-wip-us.apache.org/repos/asf/mesos/repo Commit: http://git-wip-us.apache.org/repos/asf/mesos/commit/0ca126fa Tree: http://git-wip-us.apache.org/repos/asf/mesos/tree/0ca126fa Diff: http://git-wip-us.apache.org/repos/asf/mesos/diff/0ca126fa Branch: refs/heads/master Commit: 0ca126fa8afbcfa8f1628ba16a1928989f6bf582 Parents: 41badcc Author: Jan Schlicht <[email protected]> Authored: Thu Dec 10 09:35:13 2015 -0800 Committer: Joris Van Remoortere <[email protected]> Committed: Thu Dec 10 11:46:53 2015 -0800 ---------------------------------------------------------------------- src/master/master.hpp | 3 +++ src/master/quota_handler.cpp | 21 +++++++++++++++++---- 2 files changed, 20 insertions(+), 4 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/mesos/blob/0ca126fa/src/master/master.hpp ---------------------------------------------------------------------- diff --git a/src/master/master.hpp b/src/master/master.hpp index d8f9801..9aa548a 100644 --- a/src/master/master.hpp +++ b/src/master/master.hpp @@ -1113,6 +1113,9 @@ private: // NOTE: The quota specific pieces of the Operator API are factored // out into this separate class. QuotaHandler quotaHandler; + + // Access to `authenticate`. + friend class QuotaHandler; }; Master(const Master&); // No copying. http://git-wip-us.apache.org/repos/asf/mesos/blob/0ca126fa/src/master/quota_handler.cpp ---------------------------------------------------------------------- diff --git a/src/master/quota_handler.cpp b/src/master/quota_handler.cpp index b209da4..1116787 100644 --- a/src/master/quota_handler.cpp +++ b/src/master/quota_handler.cpp @@ -16,6 +16,8 @@ #include "master/master.hpp" +#include <vector> + #include <mesos/resources.hpp> #include <mesos/quota/quota.hpp> @@ -44,6 +46,7 @@ using http::Accepted; using http::BadRequest; using http::Conflict; using http::OK; +using http::Unauthorized; using process::Future; using process::Owned; @@ -254,8 +257,13 @@ Future<http::Response> Master::QuotaHandler::set( { VLOG(1) << "Setting quota from request: '" << request.body << "'"; - // Authenticate and authorize the request. - // TODO(alexr): Check Master::Http::authenticate() for an example. + // Authenticate the request. + Result<Credential> credential = master->http.authenticate(request); + if (credential.isError()) { + return Unauthorized("Mesos master", credential.error()); + } + + // TODO(nfnt): Authorize the request. // Check that the request type is POST which is guaranteed by the master. CHECK_EQ("POST", request.method); @@ -368,8 +376,13 @@ Future<http::Response> Master::QuotaHandler::remove( { VLOG(1) << "Removing quota for request path: '" << request.url.path << "'"; - // Authenticate and authorize the request. - // TODO(alexr): Check Master::Http::authenticate() for an example. + // Authenticate the request. + Result<Credential> credential = master->http.authenticate(request); + if (credential.isError()) { + return Unauthorized("Mesos master", credential.error()); + } + + // TODO(nfnt): Authorize the request. // Check that the request type is DELETE which is guaranteed by the master. CHECK_EQ("DELETE", request.method);
