Updated agent handlers to use the 'Principal' type. This patch updates the HTTP endpoint handlers in the agent process to accept the `Principal` type instead of an `Option<string>& principal`.
Review: https://reviews.apache.org/r/56812/ Project: http://git-wip-us.apache.org/repos/asf/mesos/repo Commit: http://git-wip-us.apache.org/repos/asf/mesos/commit/8da4d6ff Tree: http://git-wip-us.apache.org/repos/asf/mesos/tree/8da4d6ff Diff: http://git-wip-us.apache.org/repos/asf/mesos/diff/8da4d6ff Branch: refs/heads/master Commit: 8da4d6ff4adfd72dc33d56302af1eeb0d13e83f1 Parents: a7a84a8 Author: Greg Mann <[email protected]> Authored: Mon Mar 6 12:39:29 2017 -0800 Committer: Vinod Kone <[email protected]> Committed: Mon Mar 6 12:39:29 2017 -0800 ---------------------------------------------------------------------- src/slave/http.cpp | 152 +++++++++++++++-------------------------------- src/slave/slave.cpp | 39 ++++++------ src/slave/slave.hpp | 82 ++++++++++++++++--------- 3 files changed, 122 insertions(+), 151 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/mesos/blob/8da4d6ff/src/slave/http.cpp ---------------------------------------------------------------------- diff --git a/src/slave/http.cpp b/src/slave/http.cpp index c904d89..3ab89f0 100644 --- a/src/slave/http.cpp +++ b/src/slave/http.cpp @@ -73,6 +73,8 @@ using mesos::agent::ProcessIO; +using mesos::authorization::createSubject; + using mesos::internal::recordio::Reader; using mesos::slave::ContainerClass; @@ -107,6 +109,8 @@ using process::http::Pipe; using process::http::ServiceUnavailable; using process::http::UnsupportedMediaType; +using process::http::authentication::Principal; + using process::metrics::internal::MetricsProcess; using ::recordio::Decoder; @@ -350,7 +354,7 @@ string Slave::Http::API_HELP() Future<Response> Slave::Http::api( const Request& request, - const Option<string>& principal) const + const Option<Principal>& principal) const { // TODO(anand): Add metrics for rejected requests. @@ -522,7 +526,7 @@ Future<Response> Slave::Http::_api( const agent::Call& call, Option<Owned<Reader<mesos::agent::Call>>>&& reader, const RequestMediaTypes& mediaTypes, - const Option<string>& principal) const + const Option<Principal>& principal) const { // Validate that a client has not _accidentally_ sent us a // streaming request for a call type that does not support it. @@ -775,7 +779,7 @@ string Slave::Http::FLAGS_HELP() Future<Response> Slave::Http::flags( const Request& request, - const Option<string>& principal) const + const Option<Principal>& principal) const { // TODO(nfnt): Remove check for enabled // authorization as part of MESOS-5346. @@ -790,8 +794,9 @@ Future<Response> Slave::Http::flags( authorization::Request authRequest; authRequest.set_action(authorization::VIEW_FLAGS); - if (principal.isSome()) { - authRequest.mutable_subject()->set_value(principal.get()); + Option<authorization::Subject> subject = createSubject(principal); + if (subject.isSome()) { + authRequest.mutable_subject()->CopyFrom(subject.get()); } return slave->authorizer.get()->authorized(authRequest) @@ -829,18 +834,14 @@ JSON::Object Slave::Http::_flags() const Future<Response> Slave::Http::getFlags( const agent::Call& call, ContentType acceptType, - const Option<string>& principal) const + const Option<Principal>& principal) const { CHECK_EQ(agent::Call::GET_FLAGS, call.type()); Future<Owned<ObjectApprover>> approver; if (slave->authorizer.isSome()) { - Option<authorization::Subject> subject; - if (principal.isSome()) { - subject = authorization::Subject(); - subject->set_value(principal.get()); - } + Option<authorization::Subject> subject = createSubject(principal); approver = slave->authorizer.get()->getObjectApprover( subject, authorization::VIEW_FLAGS); @@ -888,7 +889,7 @@ Future<Response> Slave::Http::health(const Request& request) const Future<Response> Slave::Http::getHealth( const agent::Call& call, ContentType acceptType, - const Option<string>& principal) const + const Option<Principal>& principal) const { CHECK_EQ(agent::Call::GET_HEALTH, call.type()); @@ -904,7 +905,7 @@ Future<Response> Slave::Http::getHealth( Future<Response> Slave::Http::getVersion( const agent::Call& call, ContentType acceptType, - const Option<string>& principal) const + const Option<Principal>& principal) const { CHECK_EQ(agent::Call::GET_VERSION, call.type()); @@ -917,7 +918,7 @@ Future<Response> Slave::Http::getVersion( Future<Response> Slave::Http::getMetrics( const agent::Call& call, ContentType acceptType, - const Option<string>& principal) const + const Option<Principal>& principal) const { CHECK_EQ(agent::Call::GET_METRICS, call.type()); CHECK(call.has_get_metrics()); @@ -949,7 +950,7 @@ Future<Response> Slave::Http::getMetrics( Future<Response> Slave::Http::getLoggingLevel( const agent::Call& call, ContentType acceptType, - const Option<string>& principal) const + const Option<Principal>& principal) const { CHECK_EQ(agent::Call::GET_LOGGING_LEVEL, call.type()); @@ -965,7 +966,7 @@ Future<Response> Slave::Http::getLoggingLevel( Future<Response> Slave::Http::setLoggingLevel( const agent::Call& call, ContentType /*contentType*/, - const Option<string>& principal) const + const Option<Principal>& principal) const { CHECK_EQ(agent::Call::SET_LOGGING_LEVEL, call.type()); CHECK(call.has_set_logging_level()); @@ -977,11 +978,7 @@ Future<Response> Slave::Http::setLoggingLevel( Future<Owned<ObjectApprover>> approver; if (slave->authorizer.isSome()) { - Option<authorization::Subject> subject; - if (principal.isSome()) { - subject = authorization::Subject(); - subject->set_value(principal.get()); - } + Option<authorization::Subject> subject = createSubject(principal); approver = slave->authorizer.get()->getObjectApprover( subject, authorization::SET_LOG_LEVEL); @@ -1012,7 +1009,7 @@ Future<Response> Slave::Http::setLoggingLevel( Future<Response> Slave::Http::listFiles( const mesos::agent::Call& call, ContentType acceptType, - const Option<string>& principal) const + const Option<Principal>& principal) const { CHECK_EQ(mesos::agent::Call::LIST_FILES, call.type()); @@ -1161,7 +1158,7 @@ string Slave::Http::STATE_HELP() { Future<Response> Slave::Http::state( const Request& request, - const Option<string>& principal) const + const Option<Principal>& principal) const { if (slave->state == Slave::RECOVERING) { return ServiceUnavailable("Agent has not finished recovery"); @@ -1174,11 +1171,7 @@ Future<Response> Slave::Http::state( Future<Owned<ObjectApprover>> flagsApprover; if (slave->authorizer.isSome()) { - Option<authorization::Subject> subject; - if (principal.isSome()) { - subject = authorization::Subject(); - subject->set_value(principal.get()); - } + Option<authorization::Subject> subject = createSubject(principal); frameworksApprover = slave->authorizer.get()->getObjectApprover( subject, authorization::VIEW_FRAMEWORK); @@ -1350,7 +1343,7 @@ Future<Response> Slave::Http::state( Future<Response> Slave::Http::getFrameworks( const agent::Call& call, ContentType acceptType, - const Option<string>& principal) const + const Option<Principal>& principal) const { CHECK_EQ(agent::Call::GET_FRAMEWORKS, call.type()); @@ -1358,15 +1351,10 @@ Future<Response> Slave::Http::getFrameworks( Future<Owned<ObjectApprover>> frameworksApprover; if (slave->authorizer.isSome()) { - Option<authorization::Subject> subject; - if (principal.isSome()) { - subject = authorization::Subject(); - subject->set_value(principal.get()); - } + Option<authorization::Subject> subject = createSubject(principal); frameworksApprover = slave->authorizer.get()->getObjectApprover( subject, authorization::VIEW_FRAMEWORK); - } else { frameworksApprover = Owned<ObjectApprover>(new AcceptingObjectApprover()); } @@ -1417,7 +1405,7 @@ agent::Response::GetFrameworks Slave::Http::_getFrameworks( Future<Response> Slave::Http::getExecutors( const agent::Call& call, ContentType acceptType, - const Option<string>& principal) const + const Option<Principal>& principal) const { CHECK_EQ(agent::Call::GET_EXECUTORS, call.type()); @@ -1425,11 +1413,7 @@ Future<Response> Slave::Http::getExecutors( Future<Owned<ObjectApprover>> frameworksApprover; Future<Owned<ObjectApprover>> executorsApprover; if (slave->authorizer.isSome()) { - Option<authorization::Subject> subject; - if (principal.isSome()) { - subject = authorization::Subject(); - subject->set_value(principal.get()); - } + Option<authorization::Subject> subject = createSubject(principal); frameworksApprover = slave->authorizer.get()->getObjectApprover( subject, authorization::VIEW_FRAMEWORK); @@ -1522,7 +1506,7 @@ agent::Response::GetExecutors Slave::Http::_getExecutors( Future<Response> Slave::Http::getTasks( const agent::Call& call, ContentType acceptType, - const Option<string>& principal) const + const Option<Principal>& principal) const { CHECK_EQ(agent::Call::GET_TASKS, call.type()); @@ -1531,11 +1515,7 @@ Future<Response> Slave::Http::getTasks( Future<Owned<ObjectApprover>> tasksApprover; Future<Owned<ObjectApprover>> executorsApprover; if (slave->authorizer.isSome()) { - Option<authorization::Subject> subject; - if (principal.isSome()) { - subject = authorization::Subject(); - subject->set_value(principal.get()); - } + Option<authorization::Subject> subject = createSubject(principal); frameworksApprover = slave->authorizer.get()->getObjectApprover( subject, authorization::VIEW_FRAMEWORK); @@ -1704,7 +1684,7 @@ agent::Response::GetTasks Slave::Http::_getTasks( Future<Response> Slave::Http::getState( const agent::Call& call, ContentType acceptType, - const Option<string>& principal) const + const Option<Principal>& principal) const { CHECK_EQ(agent::Call::GET_STATE, call.type()); @@ -1713,11 +1693,7 @@ Future<Response> Slave::Http::getState( Future<Owned<ObjectApprover>> tasksApprover; Future<Owned<ObjectApprover>> executorsApprover; if (slave->authorizer.isSome()) { - Option<authorization::Subject> subject; - if (principal.isSome()) { - subject = authorization::Subject(); - subject->set_value(principal.get()); - } + Option<authorization::Subject> subject = createSubject(principal); frameworksApprover = slave->authorizer.get()->getObjectApprover( subject, authorization::VIEW_FRAMEWORK); @@ -1821,7 +1797,7 @@ string Slave::Http::STATISTICS_HELP() Future<Response> Slave::Http::statistics( const Request& request, - const Option<string>& principal) const + const Option<Principal>& principal) const { // TODO(nfnt): Remove check for enabled // authorization as part of MESOS-5346. @@ -1930,7 +1906,7 @@ string Slave::Http::CONTAINERS_HELP() Future<Response> Slave::Http::containers( const Request& request, - const Option<string>& principal) const + const Option<Principal>& principal) const { // TODO(a10gupta): Remove check for enabled // authorization as part of MESOS-5346. @@ -1963,18 +1939,14 @@ Future<Response> Slave::Http::containers( Future<Response> Slave::Http::getContainers( const agent::Call& call, ContentType acceptType, - const Option<string>& principal) const + const Option<Principal>& principal) const { CHECK_EQ(agent::Call::GET_CONTAINERS, call.type()); Future<Owned<ObjectApprover>> approver; if (slave->authorizer.isSome()) { - Option<authorization::Subject> subject; - if (principal.isSome()) { - subject = authorization::Subject(); - subject->set_value(principal.get()); - } + Option<authorization::Subject> subject = createSubject(principal); approver = slave->authorizer.get()->getObjectApprover( subject, authorization::VIEW_CONTAINER); @@ -2008,16 +1980,12 @@ Future<Response> Slave::Http::getContainers( Future<Response> Slave::Http::_containers( const Request& request, - const Option<string>& principal) const + const Option<Principal>& principal) const { Future<Owned<ObjectApprover>> approver; if (slave->authorizer.isSome()) { - Option<authorization::Subject> subject; - if (principal.isSome()) { - subject = authorization::Subject(); - subject->set_value(principal.get()); - } + Option<authorization::Subject> subject = createSubject(principal); approver = slave->authorizer.get()->getObjectApprover( subject, authorization::VIEW_CONTAINER); @@ -2174,7 +2142,7 @@ Try<string> Slave::Http::extractEndpoint(const process::http::URL& url) const Future<Response> Slave::Http::readFile( const mesos::agent::Call& call, ContentType acceptType, - const Option<string>& principal) const + const Option<Principal>& principal) const { CHECK_EQ(mesos::agent::Call::READ_FILE, call.type()); @@ -2224,7 +2192,7 @@ Future<Response> Slave::Http::readFile( Future<Response> Slave::Http::launchNestedContainer( const mesos::agent::Call& call, ContentType acceptType, - const Option<string>& principal) const + const Option<Principal>& principal) const { CHECK_EQ(mesos::agent::Call::LAUNCH_NESTED_CONTAINER, call.type()); CHECK(call.has_launch_nested_container()); @@ -2232,11 +2200,7 @@ Future<Response> Slave::Http::launchNestedContainer( Future<Owned<ObjectApprover>> approver; if (slave->authorizer.isSome()) { - Option<authorization::Subject> subject; - if (principal.isSome()) { - subject = authorization::Subject(); - subject->set_value(principal.get()); - } + Option<authorization::Subject> subject = createSubject(principal); approver = slave->authorizer.get()->getObjectApprover( subject, authorization::LAUNCH_NESTED_CONTAINER); @@ -2333,7 +2297,7 @@ Future<Response> Slave::Http::_launchNestedContainer( Future<Response> Slave::Http::waitNestedContainer( const mesos::agent::Call& call, ContentType acceptType, - const Option<string>& principal) const + const Option<Principal>& principal) const { CHECK_EQ(mesos::agent::Call::WAIT_NESTED_CONTAINER, call.type()); CHECK(call.has_wait_nested_container()); @@ -2341,11 +2305,7 @@ Future<Response> Slave::Http::waitNestedContainer( Future<Owned<ObjectApprover>> approver; if (slave->authorizer.isSome()) { - Option<authorization::Subject> subject; - if (principal.isSome()) { - subject = authorization::Subject(); - subject->set_value(principal.get()); - } + Option<authorization::Subject> subject = createSubject(principal); approver = slave->authorizer.get()->getObjectApprover( subject, authorization::WAIT_NESTED_CONTAINER); @@ -2411,7 +2371,7 @@ Future<Response> Slave::Http::waitNestedContainer( Future<Response> Slave::Http::killNestedContainer( const mesos::agent::Call& call, ContentType acceptType, - const Option<string>& principal) const + const Option<Principal>& principal) const { CHECK_EQ(mesos::agent::Call::KILL_NESTED_CONTAINER, call.type()); CHECK(call.has_kill_nested_container()); @@ -2419,11 +2379,7 @@ Future<Response> Slave::Http::killNestedContainer( Future<Owned<ObjectApprover>> approver; if (slave->authorizer.isSome()) { - Option<authorization::Subject> subject; - if (principal.isSome()) { - subject = authorization::Subject(); - subject->set_value(principal.get()); - } + Option<authorization::Subject> subject = createSubject(principal); approver = slave->authorizer.get()->getObjectApprover( subject, authorization::KILL_NESTED_CONTAINER); @@ -2545,7 +2501,7 @@ Future<Response> Slave::Http::attachContainerInput( const mesos::agent::Call& call, Owned<Reader<mesos::agent::Call>>&& decoder, const RequestMediaTypes& mediaTypes, - const Option<string>& principal) const + const Option<Principal>& principal) const { CHECK_EQ(mesos::agent::Call::ATTACH_CONTAINER_INPUT, call.type()); CHECK(call.has_attach_container_input()); @@ -2561,11 +2517,7 @@ Future<Response> Slave::Http::attachContainerInput( Future<Owned<ObjectApprover>> approver; if (slave->authorizer.isSome()) { - Option<authorization::Subject> subject; - if (principal.isSome()) { - subject = authorization::Subject(); - subject->set_value(principal.get()); - } + Option<authorization::Subject> subject = createSubject(principal); approver = slave->authorizer.get()->getObjectApprover( subject, authorization::ATTACH_CONTAINER_INPUT); @@ -2637,7 +2589,7 @@ Future<Nothing> connect(Pipe::Reader reader, Pipe::Writer writer) Future<Response> Slave::Http::launchNestedContainerSession( const mesos::agent::Call& call, const RequestMediaTypes& mediaTypes, - const Option<string>& principal) const + const Option<Principal>& principal) const { CHECK_EQ(mesos::agent::Call::LAUNCH_NESTED_CONTAINER_SESSION, call.type()); CHECK(call.has_launch_nested_container_session()); @@ -2648,11 +2600,7 @@ Future<Response> Slave::Http::launchNestedContainerSession( Future<Owned<ObjectApprover>> approver; if (slave->authorizer.isSome()) { - Option<authorization::Subject> subject; - if (principal.isSome()) { - subject = authorization::Subject(); - subject->set_value(principal.get()); - } + Option<authorization::Subject> subject = createSubject(principal); approver = slave->authorizer.get()->getObjectApprover( subject, authorization::LAUNCH_NESTED_CONTAINER_SESSION); @@ -2876,7 +2824,7 @@ Future<Response> Slave::Http::_attachContainerOutput( Future<Response> Slave::Http::attachContainerOutput( const mesos::agent::Call& call, const RequestMediaTypes& mediaTypes, - const Option<string>& principal) const + const Option<Principal>& principal) const { CHECK_EQ(mesos::agent::Call::ATTACH_CONTAINER_OUTPUT, call.type()); CHECK(call.has_attach_container_output()); @@ -2884,11 +2832,7 @@ Future<Response> Slave::Http::attachContainerOutput( Future<Owned<ObjectApprover>> approver; if (slave->authorizer.isSome()) { - Option<authorization::Subject> subject; - if (principal.isSome()) { - subject = authorization::Subject(); - subject->set_value(principal.get()); - } + Option<authorization::Subject> subject = createSubject(principal); approver = slave->authorizer.get()->getObjectApprover( subject, authorization::ATTACH_CONTAINER_OUTPUT); http://git-wip-us.apache.org/repos/asf/mesos/blob/8da4d6ff/src/slave/slave.cpp ---------------------------------------------------------------------- diff --git a/src/slave/slave.cpp b/src/slave/slave.cpp index c8f9bf6..4319f84 100644 --- a/src/slave/slave.cpp +++ b/src/slave/slave.cpp @@ -103,6 +103,8 @@ using google::protobuf::RepeatedPtrField; +using mesos::authorization::createSubject; + using mesos::executor::Call; using mesos::master::detector::MasterDetector; @@ -131,6 +133,8 @@ using process::PID; using process::Time; using process::UPID; +using process::http::authentication::Principal; + #ifdef __WINDOWS__ constexpr char MESOS_EXECUTOR[] = "mesos-executor.exe"; #else @@ -672,7 +676,7 @@ void Slave::initialize() READWRITE_HTTP_AUTHENTICATION_REALM, Http::API_HELP(), [this](const process::http::Request& request, - const Option<string>& principal) { + const Option<Principal>& principal) { Http::log(request); return http.api(request, principal); }, @@ -691,7 +695,7 @@ void Slave::initialize() READONLY_HTTP_AUTHENTICATION_REALM, Http::STATE_HELP(), [this](const process::http::Request& request, - const Option<string>& principal) { + const Option<Principal>& principal) { Http::log(request); return http.state(request, principal); }); @@ -699,7 +703,7 @@ void Slave::initialize() READONLY_HTTP_AUTHENTICATION_REALM, Http::STATE_HELP(), [this](const process::http::Request& request, - const Option<string>& principal) { + const Option<Principal>& principal) { Http::log(request); return http.state(request, principal); }); @@ -707,7 +711,7 @@ void Slave::initialize() READONLY_HTTP_AUTHENTICATION_REALM, Http::FLAGS_HELP(), [this](const process::http::Request& request, - const Option<string>& principal) { + const Option<Principal>& principal) { Http::log(request); return http.flags(request, principal); }); @@ -720,7 +724,7 @@ void Slave::initialize() READONLY_HTTP_AUTHENTICATION_REALM, Http::STATISTICS_HELP(), [this](const process::http::Request& request, - const Option<string>& principal) { + const Option<Principal>& principal) { return http.statistics(request, principal); }); // TODO(ijimenez): Remove this endpoint at the end of the @@ -729,20 +733,20 @@ void Slave::initialize() READONLY_HTTP_AUTHENTICATION_REALM, Http::STATISTICS_HELP(), [this](const process::http::Request& request, - const Option<string>& principal) { + const Option<Principal>& principal) { return http.statistics(request, principal); }); route("/containers", READONLY_HTTP_AUTHENTICATION_REALM, Http::CONTAINERS_HELP(), [this](const process::http::Request& request, - const Option<string>& principal) { + const Option<Principal>& principal) { return http.containers(request, principal); }); const PID<Slave> slavePid = self(); - auto authorize = [slavePid](const Option<string>& principal) { + auto authorize = [slavePid](const Option<Principal>& principal) { return dispatch( slavePid, &Slave::authorizeLogAccess, @@ -6154,7 +6158,7 @@ double Slave::_executor_directory_max_allowed_age_secs() } -Future<bool> Slave::authorizeLogAccess(const Option<string>& principal) +Future<bool> Slave::authorizeLogAccess(const Option<Principal>& principal) { if (authorizer.isNone()) { return true; @@ -6163,8 +6167,9 @@ Future<bool> Slave::authorizeLogAccess(const Option<string>& principal) authorization::Request request; request.set_action(authorization::ACCESS_MESOS_LOG); - if (principal.isSome()) { - request.mutable_subject()->set_value(principal.get()); + Option<authorization::Subject> subject = createSubject(principal); + if (subject.isSome()) { + request.mutable_subject()->CopyFrom(subject.get()); } return authorizer.get()->authorized(request); @@ -6172,7 +6177,7 @@ Future<bool> Slave::authorizeLogAccess(const Option<string>& principal) Future<bool> Slave::authorizeSandboxAccess( - const Option<string>& principal, + const Option<Principal>& principal, const FrameworkID& frameworkId, const ExecutorID& executorId) { @@ -6181,11 +6186,7 @@ Future<bool> Slave::authorizeSandboxAccess( } // Set authorization subject. - Option<authorization::Subject> subject; - if (principal.isSome()) { - subject = authorization::Subject(); - subject->set_value(principal.get()); - } + Option<authorization::Subject> subject = createSubject(principal); Future<Owned<ObjectApprover>> sandboxApprover = authorizer.get()->getObjectApprover(subject, authorization::ACCESS_SANDBOX); @@ -6506,7 +6507,7 @@ Executor* Framework::launchExecutor( const PID<Slave> slavePid = slave->self(); auto authorize = - [slavePid, executorId, frameworkId](const Option<string>& principal) { + [slavePid, executorId, frameworkId](const Option<Principal>& principal) { return dispatch( slavePid, &Slave::authorizeSandboxAccess, @@ -6773,7 +6774,7 @@ void Framework::recoverExecutor( const PID<Slave> slavePid = slave->self(); auto authorize = - [slavePid, executorId, frameworkId](const Option<string>& principal) { + [slavePid, executorId, frameworkId](const Option<Principal>& principal) { return dispatch( slavePid, &Slave::authorizeSandboxAccess, http://git-wip-us.apache.org/repos/asf/mesos/blob/8da4d6ff/src/slave/slave.hpp ---------------------------------------------------------------------- diff --git a/src/slave/slave.hpp b/src/slave/slave.hpp index 857338c..33897fa 100644 --- a/src/slave/slave.hpp +++ b/src/slave/slave.hpp @@ -466,10 +466,10 @@ private: const Resources& newCheckpointedResources); process::Future<bool> authorizeLogAccess( - const Option<std::string>& principal); + const Option<process::http::authentication::Principal>& principal); process::Future<bool> authorizeSandboxAccess( - const Option<std::string>& principal, + const Option<process::http::authentication::Principal>& principal, const FrameworkID& frameworkId, const ExecutorID& executorId); @@ -489,7 +489,8 @@ private: // /api/v1 process::Future<process::http::Response> api( const process::http::Request& request, - const Option<std::string>& principal) const; + const Option<process::http::authentication::Principal>& + principal) const; // /api/v1/executor process::Future<process::http::Response> executor( @@ -498,7 +499,8 @@ private: // /slave/flags process::Future<process::http::Response> flags( const process::http::Request& request, - const Option<std::string>& principal) const; + const Option<process::http::authentication::Principal>& + principal) const; // /slave/health process::Future<process::http::Response> health( @@ -507,18 +509,21 @@ private: // /slave/state process::Future<process::http::Response> state( const process::http::Request& request, - const Option<std::string>& /* principal */) const; + const Option<process::http::authentication::Principal>&) + const; // /slave/monitor/statistics // /slave/monitor/statistics.json process::Future<process::http::Response> statistics( const process::http::Request& request, - const Option<std::string>& principal) const; + const Option<process::http::authentication::Principal>& + principal) const; // /slave/containers process::Future<process::http::Response> containers( const process::http::Request& request, - const Option<std::string>& principal) const; + const Option<process::http::authentication::Principal>& + principal) const; static std::string API_HELP(); static std::string EXECUTOR_HELP(); @@ -539,7 +544,8 @@ private: const agent::Call& call, Option<process::Owned<recordio::Reader<agent::Call>>>&& reader, const RequestMediaTypes& mediaTypes, - const Option<std::string>& principal) const; + const Option<process::http::authentication::Principal>& + principal) const; // Make continuation for `statistics` `static` as it might // execute when the invoking `Http` is already destructed. @@ -550,7 +556,8 @@ private: // Continuation for `/containers` endpoint process::Future<process::http::Response> _containers( const process::http::Request& request, - const Option<std::string>& principal) const; + const Option<process::http::authentication::Principal>& + principal) const; // Helper function to collect containers status and resource statistics. process::Future<JSON::Array> __containers( @@ -564,52 +571,62 @@ private: process::Future<process::http::Response> getFlags( const mesos::agent::Call& call, ContentType acceptType, - const Option<std::string>& principal) const; + const Option<process::http::authentication::Principal>& + principal) const; process::Future<process::http::Response> getHealth( const mesos::agent::Call& call, ContentType acceptType, - const Option<std::string>& principal) const; + const Option<process::http::authentication::Principal>& + principal) const; process::Future<process::http::Response> getVersion( const mesos::agent::Call& call, ContentType acceptType, - const Option<std::string>& principal) const; + const Option<process::http::authentication::Principal>& + principal) const; process::Future<process::http::Response> getMetrics( const mesos::agent::Call& call, ContentType acceptType, - const Option<std::string>& principal) const; + const Option<process::http::authentication::Principal>& + principal) const; process::Future<process::http::Response> getLoggingLevel( const mesos::agent::Call& call, ContentType acceptType, - const Option<std::string>& principal) const; + const Option<process::http::authentication::Principal>& + principal) const; process::Future<process::http::Response> setLoggingLevel( const mesos::agent::Call& call, ContentType acceptType, - const Option<std::string>& principal) const; + const Option<process::http::authentication::Principal>& + principal) const; process::Future<process::http::Response> listFiles( const mesos::agent::Call& call, ContentType acceptType, - const Option<std::string>& principal) const; + const Option<process::http::authentication::Principal>& + principal) const; process::Future<process::http::Response> getContainers( const mesos::agent::Call& call, ContentType acceptType, - const Option<std::string>& principal) const; + const Option<process::http::authentication::Principal>& + principal) const; process::Future<process::http::Response> readFile( const mesos::agent::Call& call, ContentType acceptType, - const Option<std::string>& principal) const; + const Option<process::http::authentication::Principal>& + principal) const; process::Future<process::http::Response> getFrameworks( const mesos::agent::Call& call, ContentType acceptType, - const Option<std::string>& principal) const; + const Option<process::http::authentication::Principal>& + principal) const; mesos::agent::Response::GetFrameworks _getFrameworks( const process::Owned<ObjectApprover>& frameworksApprover) const; @@ -617,7 +634,8 @@ private: process::Future<process::http::Response> getExecutors( const mesos::agent::Call& call, ContentType acceptType, - const Option<std::string>& principal) const; + const Option<process::http::authentication::Principal>& + principal) const; mesos::agent::Response::GetExecutors _getExecutors( const process::Owned<ObjectApprover>& frameworksApprover, @@ -626,7 +644,8 @@ private: process::Future<process::http::Response> getTasks( const mesos::agent::Call& call, ContentType acceptType, - const Option<std::string>& principal) const; + const Option<process::http::authentication::Principal>& + principal) const; mesos::agent::Response::GetTasks _getTasks( const process::Owned<ObjectApprover>& frameworksApprover, @@ -636,7 +655,8 @@ private: process::Future<process::http::Response> getState( const mesos::agent::Call& call, ContentType acceptType, - const Option<std::string>& principal) const; + const Option<process::http::authentication::Principal>& + principal) const; mesos::agent::Response::GetState _getState( const process::Owned<ObjectApprover>& frameworksApprover, @@ -646,7 +666,8 @@ private: process::Future<process::http::Response> launchNestedContainer( const mesos::agent::Call& call, ContentType acceptType, - const Option<std::string>& principal) const; + const Option<process::http::authentication::Principal>& + principal) const; process::Future<process::http::Response> _launchNestedContainer( const ContainerID& containerId, @@ -659,23 +680,27 @@ private: process::Future<process::http::Response> waitNestedContainer( const mesos::agent::Call& call, ContentType acceptType, - const Option<std::string>& principal) const; + const Option<process::http::authentication::Principal>& + principal) const; process::Future<process::http::Response> killNestedContainer( const mesos::agent::Call& call, ContentType acceptType, - const Option<std::string>& principal) const; + const Option<process::http::authentication::Principal>& + principal) const; process::Future<process::http::Response> launchNestedContainerSession( const mesos::agent::Call& call, const RequestMediaTypes& mediaTypes, - const Option<std::string>& principal) const; + const Option<process::http::authentication::Principal>& + principal) const; process::Future<process::http::Response> attachContainerInput( const mesos::agent::Call& call, process::Owned<recordio::Reader<agent::Call>>&& decoder, const RequestMediaTypes& mediaTypes, - const Option<std::string>& principal) const; + const Option<process::http::authentication::Principal>& + principal) const; process::Future<process::http::Response> _attachContainerInput( const mesos::agent::Call& call, @@ -685,7 +710,8 @@ private: process::Future<process::http::Response> attachContainerOutput( const mesos::agent::Call& call, const RequestMediaTypes& mediaTypes, - const Option<std::string>& principal) const; + const Option<process::http::authentication::Principal>& + principal) const; process::Future<process::http::Response> _attachContainerOutput( const mesos::agent::Call& call,
