Implemented passing the secret resolver to registry puller. Review: https://reviews.apache.org/r/59012
Project: http://git-wip-us.apache.org/repos/asf/mesos/repo Commit: http://git-wip-us.apache.org/repos/asf/mesos/commit/6b835417 Tree: http://git-wip-us.apache.org/repos/asf/mesos/tree/6b835417 Diff: http://git-wip-us.apache.org/repos/asf/mesos/diff/6b835417 Branch: refs/heads/master Commit: 6b83541735deda4356bd4cb2773b2557495d8813 Parents: 32dc11a Author: Gilbert Song <songzihao1...@gmail.com> Authored: Mon May 1 16:37:55 2017 -0700 Committer: Gilbert Song <songzihao1...@gmail.com> Committed: Thu May 25 01:04:30 2017 +0800 ---------------------------------------------------------------------- src/slave/containerizer/mesos/containerizer.cpp | 4 +++- .../mesos/provisioner/appc/store.cpp | 10 +++++++--- .../mesos/provisioner/appc/store.hpp | 6 +++++- .../mesos/provisioner/docker/puller.cpp | 9 +++++++-- .../mesos/provisioner/docker/puller.hpp | 5 ++++- .../mesos/provisioner/docker/registry_puller.cpp | 18 +++++++++++++----- .../mesos/provisioner/docker/registry_puller.hpp | 5 ++++- .../mesos/provisioner/docker/store.cpp | 14 ++++++++++---- .../mesos/provisioner/docker/store.hpp | 6 +++++- .../mesos/provisioner/provisioner.cpp | 10 ++++++++-- .../mesos/provisioner/provisioner.hpp | 6 +++++- .../containerizer/mesos/provisioner/store.cpp | 12 +++++++++--- .../containerizer/mesos/provisioner/store.hpp | 5 ++++- 13 files changed, 84 insertions(+), 26 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/mesos/blob/6b835417/src/slave/containerizer/mesos/containerizer.cpp ---------------------------------------------------------------------- diff --git a/src/slave/containerizer/mesos/containerizer.cpp b/src/slave/containerizer/mesos/containerizer.cpp index 403faa3..199202a 100644 --- a/src/slave/containerizer/mesos/containerizer.cpp +++ b/src/slave/containerizer/mesos/containerizer.cpp @@ -258,7 +258,9 @@ Try<MesosContainerizer*> MesosContainerizer::create( return Error("Failed to create launcher: " + launcher.error()); } - Try<Owned<Provisioner>> _provisioner = Provisioner::create(flags_); + Try<Owned<Provisioner>> _provisioner = + Provisioner::create(flags_, secretResolver); + if (_provisioner.isError()) { return Error("Failed to create provisioner: " + _provisioner.error()); } http://git-wip-us.apache.org/repos/asf/mesos/blob/6b835417/src/slave/containerizer/mesos/provisioner/appc/store.cpp ---------------------------------------------------------------------- diff --git a/src/slave/containerizer/mesos/provisioner/appc/store.cpp b/src/slave/containerizer/mesos/provisioner/appc/store.cpp index dc547dd..9e65990 100644 --- a/src/slave/containerizer/mesos/provisioner/appc/store.cpp +++ b/src/slave/containerizer/mesos/provisioner/appc/store.cpp @@ -18,6 +18,10 @@ #include <glog/logging.h> +#include <mesos/appc/spec.hpp> + +#include <mesos/secret/resolver.hpp> + #include <process/collect.hpp> #include <process/defer.hpp> #include <process/dispatch.hpp> @@ -28,8 +32,6 @@ #include <stout/os.hpp> #include <stout/path.hpp> -#include <mesos/appc/spec.hpp> - #include "slave/containerizer/mesos/provisioner/appc/cache.hpp" #include "slave/containerizer/mesos/provisioner/appc/fetcher.hpp" #include "slave/containerizer/mesos/provisioner/appc/paths.hpp" @@ -96,7 +98,9 @@ private: }; -Try<Owned<slave::Store>> Store::create(const Flags& flags) +Try<Owned<slave::Store>> Store::create( + const Flags& flags, + SecretResolver* secretResolver) { Try<Nothing> mkdir = os::mkdir(paths::getImagesDir(flags.appc_store_dir)); if (mkdir.isError()) { http://git-wip-us.apache.org/repos/asf/mesos/blob/6b835417/src/slave/containerizer/mesos/provisioner/appc/store.hpp ---------------------------------------------------------------------- diff --git a/src/slave/containerizer/mesos/provisioner/appc/store.hpp b/src/slave/containerizer/mesos/provisioner/appc/store.hpp index 15c79e9..37ef779 100644 --- a/src/slave/containerizer/mesos/provisioner/appc/store.hpp +++ b/src/slave/containerizer/mesos/provisioner/appc/store.hpp @@ -17,6 +17,8 @@ #ifndef __PROVISIONER_APPC_STORE_HPP__ #define __PROVISIONER_APPC_STORE_HPP__ +#include <mesos/secret/resolver.hpp> + #include "slave/containerizer/mesos/provisioner/store.hpp" namespace mesos { @@ -31,7 +33,9 @@ class StoreProcess; class Store : public slave::Store { public: - static Try<process::Owned<slave::Store>> create(const Flags& flags); + static Try<process::Owned<slave::Store>> create( + const Flags& flags, + SecretResolver* secretResolver = nullptr); ~Store(); http://git-wip-us.apache.org/repos/asf/mesos/blob/6b835417/src/slave/containerizer/mesos/provisioner/docker/puller.cpp ---------------------------------------------------------------------- diff --git a/src/slave/containerizer/mesos/provisioner/docker/puller.cpp b/src/slave/containerizer/mesos/provisioner/docker/puller.cpp index ac9dae8..d7d8987 100644 --- a/src/slave/containerizer/mesos/provisioner/docker/puller.cpp +++ b/src/slave/containerizer/mesos/provisioner/docker/puller.cpp @@ -14,6 +14,8 @@ // See the License for the specific language governing permissions and // limitations under the License. +#include <mesos/secret/resolver.hpp> + #include <stout/strings.hpp> #include <stout/try.hpp> @@ -31,7 +33,8 @@ namespace docker { Try<Owned<Puller>> Puller::create( const Flags& flags, - const Shared<uri::Fetcher>& fetcher) + const Shared<uri::Fetcher>& fetcher, + SecretResolver* secretResolver) { // TODO(tnachen): Support multiple registries in the puller. if (strings::startsWith(flags.docker_registry, "/")) { @@ -43,7 +46,9 @@ Try<Owned<Puller>> Puller::create( return puller.get(); } - Try<Owned<Puller>> puller = RegistryPuller::create(flags, fetcher); + Try<Owned<Puller>> puller = + RegistryPuller::create(flags, fetcher, secretResolver); + if (puller.isError()) { return Error("Failed to create registry puller: " + puller.error()); } http://git-wip-us.apache.org/repos/asf/mesos/blob/6b835417/src/slave/containerizer/mesos/provisioner/docker/puller.hpp ---------------------------------------------------------------------- diff --git a/src/slave/containerizer/mesos/provisioner/docker/puller.hpp b/src/slave/containerizer/mesos/provisioner/docker/puller.hpp index 6dacdb1..5ff1846 100644 --- a/src/slave/containerizer/mesos/provisioner/docker/puller.hpp +++ b/src/slave/containerizer/mesos/provisioner/docker/puller.hpp @@ -30,6 +30,8 @@ #include <mesos/uri/fetcher.hpp> +#include <mesos/secret/resolver.hpp> + #include "slave/flags.hpp" namespace mesos { @@ -42,7 +44,8 @@ class Puller public: static Try<process::Owned<Puller>> create( const Flags& flags, - const process::Shared<uri::Fetcher>& fetcher); + const process::Shared<uri::Fetcher>& fetcher, + SecretResolver* secretResolver = nullptr); virtual ~Puller() {} http://git-wip-us.apache.org/repos/asf/mesos/blob/6b835417/src/slave/containerizer/mesos/provisioner/docker/registry_puller.cpp ---------------------------------------------------------------------- diff --git a/src/slave/containerizer/mesos/provisioner/docker/registry_puller.cpp b/src/slave/containerizer/mesos/provisioner/docker/registry_puller.cpp index 6db788d..f8c31ae 100644 --- a/src/slave/containerizer/mesos/provisioner/docker/registry_puller.cpp +++ b/src/slave/containerizer/mesos/provisioner/docker/registry_puller.cpp @@ -16,6 +16,8 @@ #include <glog/logging.h> +#include <mesos/secret/resolver.hpp> + #include <process/collect.hpp> #include <process/defer.hpp> #include <process/dispatch.hpp> @@ -62,7 +64,8 @@ public: RegistryPullerProcess( const string& _storeDir, const http::URL& _defaultRegistryUrl, - const Shared<uri::Fetcher>& _fetcher); + const Shared<uri::Fetcher>& _fetcher, + SecretResolver* _secretResolver); Future<vector<string>> pull( const spec::ImageReference& reference, @@ -98,12 +101,14 @@ private: const http::URL defaultRegistryUrl; Shared<uri::Fetcher> fetcher; + SecretResolver* secretResolver; }; Try<Owned<Puller>> RegistryPuller::create( const Flags& flags, - const Shared<uri::Fetcher>& fetcher) + const Shared<uri::Fetcher>& fetcher, + SecretResolver* secretResolver) { Try<http::URL> defaultRegistryUrl = http::URL::parse(flags.docker_registry); if (defaultRegistryUrl.isError()) { @@ -119,7 +124,8 @@ Try<Owned<Puller>> RegistryPuller::create( new RegistryPullerProcess( flags.docker_store_dir, defaultRegistryUrl.get(), - fetcher)); + fetcher, + secretResolver)); return Owned<Puller>(new RegistryPuller(process)); } @@ -156,11 +162,13 @@ Future<vector<string>> RegistryPuller::pull( RegistryPullerProcess::RegistryPullerProcess( const string& _storeDir, const http::URL& _defaultRegistryUrl, - const Shared<uri::Fetcher>& _fetcher) + const Shared<uri::Fetcher>& _fetcher, + SecretResolver* _secretResolver) : ProcessBase(process::ID::generate("docker-provisioner-registry-puller")), storeDir(_storeDir), defaultRegistryUrl(_defaultRegistryUrl), - fetcher(_fetcher) {} + fetcher(_fetcher), + secretResolver(_secretResolver) {} static spec::ImageReference normalize( http://git-wip-us.apache.org/repos/asf/mesos/blob/6b835417/src/slave/containerizer/mesos/provisioner/docker/registry_puller.hpp ---------------------------------------------------------------------- diff --git a/src/slave/containerizer/mesos/provisioner/docker/registry_puller.hpp b/src/slave/containerizer/mesos/provisioner/docker/registry_puller.hpp index 62ddb7a..0805f3c 100644 --- a/src/slave/containerizer/mesos/provisioner/docker/registry_puller.hpp +++ b/src/slave/containerizer/mesos/provisioner/docker/registry_puller.hpp @@ -24,6 +24,8 @@ #include <mesos/uri/fetcher.hpp> +#include <mesos/secret/resolver.hpp> + #include "slave/containerizer/mesos/provisioner/docker/puller.hpp" #include "slave/flags.hpp" @@ -44,7 +46,8 @@ class RegistryPuller : public Puller public: static Try<process::Owned<Puller>> create( const Flags& flags, - const process::Shared<uri::Fetcher>& fetcher); + const process::Shared<uri::Fetcher>& fetcher, + SecretResolver* secretResolver); ~RegistryPuller(); http://git-wip-us.apache.org/repos/asf/mesos/blob/6b835417/src/slave/containerizer/mesos/provisioner/docker/store.cpp ---------------------------------------------------------------------- diff --git a/src/slave/containerizer/mesos/provisioner/docker/store.cpp b/src/slave/containerizer/mesos/provisioner/docker/store.cpp index 7529afd..b7883b8 100644 --- a/src/slave/containerizer/mesos/provisioner/docker/store.cpp +++ b/src/slave/containerizer/mesos/provisioner/docker/store.cpp @@ -19,6 +19,10 @@ #include <glog/logging.h> +#include <mesos/docker/spec.hpp> + +#include <mesos/secret/resolver.hpp> + #include <stout/hashmap.hpp> #include <stout/json.hpp> #include <stout/os.hpp> @@ -28,8 +32,6 @@ #include <process/dispatch.hpp> #include <process/id.hpp> -#include <mesos/docker/spec.hpp> - #include "slave/containerizer/mesos/provisioner/constants.hpp" #include "slave/containerizer/mesos/provisioner/utils.hpp" @@ -111,7 +113,9 @@ private: }; -Try<Owned<slave::Store>> Store::create(const Flags& flags) +Try<Owned<slave::Store>> Store::create( + const Flags& flags, + SecretResolver* secretResolver) { // TODO(jieyu): We should inject URI fetcher from top level, instead // of creating it here. @@ -127,7 +131,9 @@ Try<Owned<slave::Store>> Store::create(const Flags& flags) return Error("Failed to create the URI fetcher: " + fetcher.error()); } - Try<Owned<Puller>> puller = Puller::create(flags, fetcher->share()); + Try<Owned<Puller>> puller = + Puller::create(flags, fetcher->share(), secretResolver); + if (puller.isError()) { return Error("Failed to create Docker puller: " + puller.error()); } http://git-wip-us.apache.org/repos/asf/mesos/blob/6b835417/src/slave/containerizer/mesos/provisioner/docker/store.hpp ---------------------------------------------------------------------- diff --git a/src/slave/containerizer/mesos/provisioner/docker/store.hpp b/src/slave/containerizer/mesos/provisioner/docker/store.hpp index e1abff1..1cf6866 100644 --- a/src/slave/containerizer/mesos/provisioner/docker/store.hpp +++ b/src/slave/containerizer/mesos/provisioner/docker/store.hpp @@ -17,6 +17,8 @@ #ifndef __PROVISIONER_DOCKER_STORE_HPP__ #define __PROVISIONER_DOCKER_STORE_HPP__ +#include <mesos/secret/resolver.hpp> + #include <process/owned.hpp> #include <stout/try.hpp> @@ -39,7 +41,9 @@ class StoreProcess; class Store : public slave::Store { public: - static Try<process::Owned<slave::Store>> create(const Flags& flags); + static Try<process::Owned<slave::Store>> create( + const Flags& flags, + SecretResolver* secretResolver = nullptr); // This allows the puller to be mocked for testing. static Try<process::Owned<slave::Store>> create( http://git-wip-us.apache.org/repos/asf/mesos/blob/6b835417/src/slave/containerizer/mesos/provisioner/provisioner.cpp ---------------------------------------------------------------------- diff --git a/src/slave/containerizer/mesos/provisioner/provisioner.cpp b/src/slave/containerizer/mesos/provisioner/provisioner.cpp index 6509ee4..3d4da90 100644 --- a/src/slave/containerizer/mesos/provisioner/provisioner.cpp +++ b/src/slave/containerizer/mesos/provisioner/provisioner.cpp @@ -22,6 +22,8 @@ #include <mesos/docker/spec.hpp> +#include <mesos/secret/resolver.hpp> + #include <process/collect.hpp> #include <process/defer.hpp> #include <process/dispatch.hpp> @@ -146,7 +148,9 @@ static Try<Nothing> validateBackend( } -Try<Owned<Provisioner>> Provisioner::create(const Flags& flags) +Try<Owned<Provisioner>> Provisioner::create( + const Flags& flags, + SecretResolver* secretResolver) { const string _rootDir = slave::paths::getProvisionerDir(flags.work_dir); @@ -166,7 +170,9 @@ Try<Owned<Provisioner>> Provisioner::create(const Flags& flags) CHECK_SOME(rootDir); // Can't be None since we just created it. - Try<hashmap<Image::Type, Owned<Store>>> stores = Store::create(flags); + Try<hashmap<Image::Type, Owned<Store>>> stores = + Store::create(flags, secretResolver); + if (stores.isError()) { return Error("Failed to create image stores: " + stores.error()); } http://git-wip-us.apache.org/repos/asf/mesos/blob/6b835417/src/slave/containerizer/mesos/provisioner/provisioner.hpp ---------------------------------------------------------------------- diff --git a/src/slave/containerizer/mesos/provisioner/provisioner.hpp b/src/slave/containerizer/mesos/provisioner/provisioner.hpp index 7d6c1b9..7cba54c 100644 --- a/src/slave/containerizer/mesos/provisioner/provisioner.hpp +++ b/src/slave/containerizer/mesos/provisioner/provisioner.hpp @@ -25,6 +25,8 @@ #include <mesos/docker/v1.hpp> +#include <mesos/secret/resolver.hpp> + #include <mesos/slave/isolator.hpp> // For ContainerState. #include <stout/nothing.hpp> @@ -70,7 +72,9 @@ class Provisioner { public: // Create the provisioner based on the specified flags. - static Try<process::Owned<Provisioner>> create(const Flags& flags); + static Try<process::Owned<Provisioner>> create( + const Flags& flags, + SecretResolver* secretResolver = nullptr); // Available only for testing. explicit Provisioner(process::Owned<ProvisionerProcess> process); http://git-wip-us.apache.org/repos/asf/mesos/blob/6b835417/src/slave/containerizer/mesos/provisioner/store.cpp ---------------------------------------------------------------------- diff --git a/src/slave/containerizer/mesos/provisioner/store.cpp b/src/slave/containerizer/mesos/provisioner/store.cpp index 260a746..cc5cc81 100644 --- a/src/slave/containerizer/mesos/provisioner/store.cpp +++ b/src/slave/containerizer/mesos/provisioner/store.cpp @@ -18,6 +18,8 @@ #include <mesos/type_utils.hpp> +#include <mesos/secret/resolver.hpp> + #include <stout/error.hpp> #include <stout/foreach.hpp> #include <stout/strings.hpp> @@ -36,13 +38,17 @@ namespace mesos { namespace internal { namespace slave { -Try<hashmap<Image::Type, Owned<Store>>> Store::create(const Flags& flags) +Try<hashmap<Image::Type, Owned<Store>>> Store::create( + const Flags& flags, + SecretResolver* secretResolver) { if (flags.image_providers.isNone()) { return hashmap<Image::Type, Owned<Store>>(); } - hashmap<Image::Type, Try<Owned<Store>>(*)(const Flags&)> creators; + hashmap<Image::Type, Try<Owned<Store>>(*)( + const Flags&, SecretResolver*)> creators; + creators.put(Image::APPC, &appc::Store::create); creators.put(Image::DOCKER, &docker::Store::create); @@ -59,7 +65,7 @@ Try<hashmap<Image::Type, Owned<Store>>> Store::create(const Flags& flags) return Error("Unsupported image type '" + type + "'"); } - Try<Owned<Store>> store = creators[imageType](flags); + Try<Owned<Store>> store = creators[imageType](flags, secretResolver); if (store.isError()) { return Error( "Failed to create store for image type '" + http://git-wip-us.apache.org/repos/asf/mesos/blob/6b835417/src/slave/containerizer/mesos/provisioner/store.hpp ---------------------------------------------------------------------- diff --git a/src/slave/containerizer/mesos/provisioner/store.hpp b/src/slave/containerizer/mesos/provisioner/store.hpp index 82a9be6..01ab83d 100644 --- a/src/slave/containerizer/mesos/provisioner/store.hpp +++ b/src/slave/containerizer/mesos/provisioner/store.hpp @@ -26,6 +26,8 @@ #include <mesos/docker/v1.hpp> +#include <mesos/secret/resolver.hpp> + #include <process/future.hpp> #include <process/owned.hpp> @@ -58,7 +60,8 @@ class Store { public: static Try<hashmap<Image::Type, process::Owned<Store>>> create( - const Flags& flags); + const Flags& flags, + SecretResolver* secretResolver = nullptr); virtual ~Store() {}