Added support for auth tokens to the default executor. This patch updates the default executor to extract an authentication token from its environment when present, and use this token to authenticate with the agent.
Review: https://reviews.apache.org/r/57808/ Project: http://git-wip-us.apache.org/repos/asf/mesos/repo Commit: http://git-wip-us.apache.org/repos/asf/mesos/commit/0fea4c5f Tree: http://git-wip-us.apache.org/repos/asf/mesos/tree/0fea4c5f Diff: http://git-wip-us.apache.org/repos/asf/mesos/diff/0fea4c5f Branch: refs/heads/master Commit: 0fea4c5fb4ab785cf8c6d6db9e288391a8705e65 Parents: dfdd9bd Author: Greg Mann <[email protected]> Authored: Sat Mar 25 12:04:14 2017 -0700 Committer: Anand Mazumdar <[email protected]> Committed: Sat Mar 25 12:04:14 2017 -0700 ---------------------------------------------------------------------- src/launcher/default_executor.cpp | 20 +++++++++++++++++--- 1 file changed, 17 insertions(+), 3 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/mesos/blob/0fea4c5f/src/launcher/default_executor.cpp ---------------------------------------------------------------------- diff --git a/src/launcher/default_executor.cpp b/src/launcher/default_executor.cpp index ee24531..606fd9c 100644 --- a/src/launcher/default_executor.cpp +++ b/src/launcher/default_executor.cpp @@ -120,7 +120,8 @@ public: const ExecutorID& _executorId, const ::URL& _agent, const string& _sandboxDirectory, - const string& _launcherDirectory) + const string& _launcherDirectory, + const Option<string>& _authenticationToken) : ProcessBase(process::ID::generate("default-executor")), state(DISCONNECTED), contentType(ContentType::PROTOBUF), @@ -133,7 +134,8 @@ public: executorId(_executorId), agent(_agent), sandboxDirectory(_sandboxDirectory), - launcherDirectory(_launcherDirectory) {} + launcherDirectory(_launcherDirectory), + authenticationToken(_authenticationToken) {} virtual ~DefaultExecutor() = default; @@ -1191,6 +1193,10 @@ private: request.headers = {{"Accept", stringify(contentType)}, {"Content-Type", stringify(contentType)}}; + if (authenticationToken.isSome()) { + request.headers["Authorization"] = "Bearer " + authenticationToken.get(); + } + // Only pipeline requests when there is an active connection. if (connection.isSome()) { request.keepAlive = true; @@ -1286,6 +1292,7 @@ private: const ::URL agent; // Agent API URL. const string sandboxDirectory; const string launcherDirectory; + const Option<string> authenticationToken; LinkedHashMap<UUID, Call::Update> unacknowledgedUpdates; @@ -1392,13 +1399,20 @@ int main(int argc, char** argv) } sandboxDirectory = value.get(); + Option<string> authenticationToken; + value = os::getenv("MESOS_EXECUTOR_AUTHENTICATION_TOKEN"); + if (value.isSome()) { + authenticationToken = value.get(); + } + Owned<mesos::internal::DefaultExecutor> executor( new mesos::internal::DefaultExecutor( frameworkId, executorId, agent, sandboxDirectory, - flags.launcher_dir)); + flags.launcher_dir, + authenticationToken)); process::spawn(executor.get()); process::wait(executor.get());
