Updated 'Checker' to authenticate with agent operator API. This patch updates the `Checker` to permit initialization with an authorization header, which it will provide to the agent operator API for authentication when present.
Review: https://reviews.apache.org/r/58373/ Project: http://git-wip-us.apache.org/repos/asf/mesos/repo Commit: http://git-wip-us.apache.org/repos/asf/mesos/commit/e8562faf Tree: http://git-wip-us.apache.org/repos/asf/mesos/tree/e8562faf Diff: http://git-wip-us.apache.org/repos/asf/mesos/diff/e8562faf Branch: refs/heads/master Commit: e8562faf1f8a624beeb56880c4a980d32f89533f Parents: 5f05bdc Author: Greg Mann <[email protected]> Authored: Thu Apr 13 15:49:46 2017 -0700 Committer: Vinod Kone <[email protected]> Committed: Thu Apr 13 15:49:46 2017 -0700 ---------------------------------------------------------------------- src/checks/checker.cpp | 21 ++++++++++++++++++++- src/checks/checker.hpp | 5 ++++- 2 files changed, 24 insertions(+), 2 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/mesos/blob/e8562faf/src/checks/checker.cpp ---------------------------------------------------------------------- diff --git a/src/checks/checker.cpp b/src/checks/checker.cpp index 7510bf2..cf7a086 100644 --- a/src/checks/checker.cpp +++ b/src/checks/checker.cpp @@ -139,6 +139,7 @@ public: const vector<string>& _namespaces, const Option<ContainerID>& _taskContainerId, const Option<http::URL>& _agentURL, + const Option<string>& _authorizationHeader, bool _commandCheckViaAgent); void pause(); @@ -203,6 +204,7 @@ private: const vector<string> namespaces; const Option<ContainerID> taskContainerId; const Option<http::URL> agentURL; + const Option<std::string> authorizationHeader; const bool commandCheckViaAgent; Option<lambda::function<pid_t(const lambda::function<int()>&)>> clone; @@ -237,6 +239,7 @@ Try<Owned<Checker>> Checker::create( namespaces, None(), None(), + None(), false)); return Owned<Checker>(new Checker(process)); @@ -248,7 +251,8 @@ Try<Owned<Checker>> Checker::create( const lambda::function<void(const CheckStatusInfo&)>& callback, const TaskID& taskId, const ContainerID& taskContainerId, - const http::URL& agentURL) + const http::URL& agentURL, + const Option<string>& authorizationHeader) { // Validate the `CheckInfo` protobuf. Option<Error> error = validation::checkInfo(check); @@ -264,6 +268,7 @@ Try<Owned<Checker>> Checker::create( {}, taskContainerId, agentURL, + authorizationHeader, true)); return Owned<Checker>(new Checker(process)); @@ -304,6 +309,7 @@ CheckerProcess::CheckerProcess( const vector<string>& _namespaces, const Option<ContainerID>& _taskContainerId, const Option<http::URL>& _agentURL, + const Option<std::string>& _authorizationHeader, bool _commandCheckViaAgent) : ProcessBase(process::ID::generate("checker")), check(_check), @@ -313,6 +319,7 @@ CheckerProcess::CheckerProcess( namespaces(_namespaces), taskContainerId(_taskContainerId), agentURL(_agentURL), + authorizationHeader(_authorizationHeader), commandCheckViaAgent(_commandCheckViaAgent), paused(false) { @@ -589,6 +596,10 @@ Future<int> CheckerProcess::nestedCommandCheck() request.headers = {{"Accept", stringify(ContentType::PROTOBUF)}, {"Content-Type", stringify(ContentType::PROTOBUF)}}; + if (authorizationHeader.isSome()) { + request.headers["Authorization"] = authorizationHeader.get(); + } + http::request(request, false) .onFailed(defer(self(), [this, promise](const string& failure) { @@ -673,6 +684,10 @@ void CheckerProcess::__nestedCommandCheck( {"Message-Accept", stringify(ContentType::PROTOBUF)}, {"Content-Type", stringify(ContentType::PROTOBUF)}}; + if (authorizationHeader.isSome()) { + request.headers["Authorization"] = authorizationHeader.get(); + } + // TODO(alexr): Use a lambda named capture for // this cached value once it is available. const Duration timeout = checkTimeout; @@ -816,6 +831,10 @@ Future<Option<int>> CheckerProcess::waitNestedContainer( request.headers = {{"Accept", stringify(ContentType::PROTOBUF)}, {"Content-Type", stringify(ContentType::PROTOBUF)}}; + if (authorizationHeader.isSome()) { + request.headers["Authorization"] = authorizationHeader.get(); + } + return http::request(request, false) .repair([containerId](const Future<http::Response>& future) { return Failure( http://git-wip-us.apache.org/repos/asf/mesos/blob/e8562faf/src/checks/checker.hpp ---------------------------------------------------------------------- diff --git a/src/checks/checker.hpp b/src/checks/checker.hpp index fb939d8..fec30a2 100644 --- a/src/checks/checker.hpp +++ b/src/checks/checker.hpp @@ -80,6 +80,8 @@ public: * @param taskId The TaskID of the target task. * @param taskContainerId The ContainerID of the target task. * @param agentURL The URL of the agent. + * @param authorizationHeader The authorization header the checker should use + * to authenticate with the agent operator API. * @return A `Checker` object or an error if `create` fails. * * @todo A better approach would be to return a stream of updates, e.g., @@ -90,7 +92,8 @@ public: const lambda::function<void(const CheckStatusInfo&)>& callback, const TaskID& taskId, const ContainerID& taskContainerId, - const process::http::URL& agentURL); + const process::http::URL& agentURL, + const Option<std::string>& authorizationHeader); ~Checker();
