Repository: mesos Updated Branches: refs/heads/master 8bbe70041 -> 6cf2536c2
Updated 'HealthChecker' to authenticate with the agent. This patch updates the `HealthChecker` to permit initialization with an authorization header, which it will provide to the agent operator API for authentication when present. Review: https://reviews.apache.org/r/58368/ Project: http://git-wip-us.apache.org/repos/asf/mesos/repo Commit: http://git-wip-us.apache.org/repos/asf/mesos/commit/5f05bdca Tree: http://git-wip-us.apache.org/repos/asf/mesos/tree/5f05bdca Diff: http://git-wip-us.apache.org/repos/asf/mesos/diff/5f05bdca Branch: refs/heads/master Commit: 5f05bdca871ad8ecb1b2d23194e74804df746774 Parents: 8bbe700 Author: Greg Mann <[email protected]> Authored: Thu Apr 13 15:49:43 2017 -0700 Committer: Vinod Kone <[email protected]> Committed: Thu Apr 13 15:49:43 2017 -0700 ---------------------------------------------------------------------- src/checks/health_checker.cpp | 19 ++++++++++++++++++- src/checks/health_checker.hpp | 7 ++++++- 2 files changed, 24 insertions(+), 2 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/mesos/blob/5f05bdca/src/checks/health_checker.cpp ---------------------------------------------------------------------- diff --git a/src/checks/health_checker.cpp b/src/checks/health_checker.cpp index 769278c..9d8c847 100644 --- a/src/checks/health_checker.cpp +++ b/src/checks/health_checker.cpp @@ -154,6 +154,7 @@ Try<Owned<HealthChecker>> HealthChecker::create( namespaces, None(), None(), + None(), false)); return Owned<HealthChecker>(new HealthChecker(process)); @@ -166,7 +167,8 @@ Try<Owned<HealthChecker>> HealthChecker::create( const lambda::function<void(const TaskHealthStatus&)>& callback, const TaskID& taskId, const ContainerID& taskContainerId, - const process::http::URL& agentURL) + const process::http::URL& agentURL, + const Option<string>& authorizationHeader) { // Validate the 'HealthCheck' protobuf. Option<Error> error = validation::healthCheck(check); @@ -183,6 +185,7 @@ Try<Owned<HealthChecker>> HealthChecker::create( {}, taskContainerId, agentURL, + authorizationHeader, true)); return Owned<HealthChecker>(new HealthChecker(process)); @@ -225,6 +228,7 @@ HealthCheckerProcess::HealthCheckerProcess( const vector<string>& _namespaces, const Option<ContainerID>& _taskContainerId, const Option<process::http::URL>& _agentURL, + const Option<string>& _authorizationHeader, bool _commandCheckViaAgent) : ProcessBase(process::ID::generate("health-checker")), check(_check), @@ -235,6 +239,7 @@ HealthCheckerProcess::HealthCheckerProcess( namespaces(_namespaces), taskContainerId(_taskContainerId), agentURL(_agentURL), + authorizationHeader(_authorizationHeader), commandCheckViaAgent(_commandCheckViaAgent), consecutiveFailures(0), initializing(true), @@ -535,6 +540,10 @@ Future<Nothing> HealthCheckerProcess::nestedCommandHealthCheck() request.headers = {{"Accept", stringify(ContentType::PROTOBUF)}, {"Content-Type", stringify(ContentType::PROTOBUF)}}; + if (authorizationHeader.isSome()) { + request.headers["Authorization"] = authorizationHeader.get(); + } + process::http::request(request, false) .onFailed(defer(self(), [this, promise](const string& failure) { @@ -621,6 +630,10 @@ void HealthCheckerProcess::__nestedCommandHealthCheck( {"Message-Accept", stringify(ContentType::PROTOBUF)}, {"Content-Type", stringify(ContentType::PROTOBUF)}}; + if (authorizationHeader.isSome()) { + request.headers["Authorization"] = authorizationHeader.get(); + } + // TODO(alexr): Use a lambda named capture for // this cached value once it is available. const Duration timeout = checkTimeout; @@ -768,6 +781,10 @@ Future<Option<int>> HealthCheckerProcess::waitNestedContainer( request.headers = {{"Accept", stringify(ContentType::PROTOBUF)}, {"Content-Type", stringify(ContentType::PROTOBUF)}}; + if (authorizationHeader.isSome()) { + request.headers["Authorization"] = authorizationHeader.get(); + } + return process::http::request(request, false) .repair([containerId](const Future<Response>& future) { return Failure( http://git-wip-us.apache.org/repos/asf/mesos/blob/5f05bdca/src/checks/health_checker.hpp ---------------------------------------------------------------------- diff --git a/src/checks/health_checker.hpp b/src/checks/health_checker.hpp index e17f12f..25bf7e9 100644 --- a/src/checks/health_checker.hpp +++ b/src/checks/health_checker.hpp @@ -95,6 +95,8 @@ public: * @param taskId The TaskID of the target task. * @param taskContainerId The ContainerID of the target task. * @param agentURL The URL of the agent. + * @param authorizationHeader The authorization header the health checker + * should use to authenticate with the agent operator API. * @return A `HealthChecker` object or an error if `create` fails. * * @todo A better approach would be to return a stream of updates, e.g., @@ -106,7 +108,8 @@ public: const lambda::function<void(const TaskHealthStatus&)>& callback, const TaskID& taskId, const ContainerID& taskContainerId, - const process::http::URL& agentURL); + const process::http::URL& agentURL, + const Option<std::string>& authorizationHeader); ~HealthChecker(); @@ -134,6 +137,7 @@ public: const std::vector<std::string>& _namespaces, const Option<ContainerID>& _taskContainerId, const Option<process::http::URL>& _agentURL, + const Option<std::string>& authorizationHeader, bool _commandCheckViaAgent); virtual ~HealthCheckerProcess() {} @@ -227,6 +231,7 @@ private: const std::vector<std::string> namespaces; const Option<ContainerID> taskContainerId; const Option<process::http::URL> agentURL; + const Option<std::string> authorizationHeader; const bool commandCheckViaAgent; Option<lambda::function<pid_t(const lambda::function<int()>&)>> clone;
