> On June 19, 2017, 5:30 p.m., Santhosh Kumar Shanmugham wrote: > > Can you show the testing from the Vagrant box?
Added under 'Testing' - Jordan ----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/60173/#review178273 ----------------------------------------------------------- On June 19, 2017, 6:03 p.m., Jordan Ly wrote: > > ----------------------------------------------------------- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/60173/ > ----------------------------------------------------------- > > (Updated June 19, 2017, 6:03 p.m.) > > > Review request for Aurora, David McLaughlin, Santhosh Kumar Shanmugham, > Stephan Erb, and Zameer Manji. > > > Repository: aurora > > > Description > ------- > > Allow for custom Thrift method interceptors to be injected via Guice modules. > Cluster operators might use this feature to inject interceptors that only > allow certain roles to call certain endpoints, or to dynamically check if a > job should be able to use a constraint. > > > Diffs > ----- > > RELEASE-NOTES.md e032f7927a68b00401ea8f073ff52b5def74f3ce > docs/reference/scheduler-configuration.md > 3d53c5a552e06f62a7572591fb0c92ccae42c54b > src/main/java/org/apache/aurora/scheduler/thrift/aop/AopModule.java > f59ee1a0514a6dc52573c0b932cba755e0a10e18 > > > Diff: https://reviews.apache.org/r/60173/diff/2/ > > > Testing > ------- > > Unit + integration tests pass. > > Injected a custom module on a Vagrant box -- added a simple class and > included the module when starting up the scheduler: > ``` > diff --git a/examples/vagrant/upstart/aurora-scheduler.conf > b/examples/vagrant/upstart/aurora-scheduler.conf > index 63fcc87..18521af 100644 > --- a/examples/vagrant/upstart/aurora-scheduler.conf > +++ b/examples/vagrant/upstart/aurora-scheduler.conf > @@ -56,4 +56,5 @@ exec bin/aurora-scheduler \ > -allow_container_volumes=true \ > -offer_filter_duration=0secs \ > -mesos_driver=V1_DRIVER \ > - -unavailability_threshold=1mins > + -unavailability_threshold=1mins \ > + > -thrift_method_interceptor_modules=org.apache.aurora.scheduler.thrift.aop.ThriftWhitelistInterceptorModule > diff --git > a/src/main/java/org/apache/aurora/scheduler/thrift/aop/ThriftWhitelistInterceptorModule.java > > b/src/main/java/org/apache/aurora/scheduler/thrift/aop/ThriftWhitelistInterceptorModule.java > new file mode 100644 > index 0000000..4296f81 > --- /dev/null > +++ > b/src/main/java/org/apache/aurora/scheduler/thrift/aop/ThriftWhitelistInterceptorModule.java > @@ -0,0 +1,46 @@ > +package org.apache.aurora.scheduler.thrift.aop; > + > +import java.util.ArrayList; > +import java.util.List; > + > +import com.google.inject.AbstractModule; > + > +import org.aopalliance.intercept.MethodInterceptor; > +import org.aopalliance.intercept.MethodInvocation; > +import org.apache.aurora.gen.JobConfiguration; > +import org.apache.aurora.gen.Response; > +import org.apache.aurora.gen.ResponseCode; > +import org.apache.aurora.gen.ResponseDetail; > +import org.apache.aurora.gen.TaskConfig; > + > +/** Module that checks if a role is allowed to do a specific action */ > +public class ThriftWhitelistInterceptorModule extends AbstractModule { > + > + @Override > + protected void configure() { > + AopModule.bindThriftDecorator(binder(), AopModule.THRIFT_IFACE_MATCHER, > + new ThriftWhitelistInterceptor()); > + } > + > + private class ThriftWhitelistInterceptor implements MethodInterceptor { > + > + @Override > + public Object invoke(MethodInvocation invocation) throws Throwable { > + Object[] args = invocation.getArguments(); > + switch(invocation.getMethod().getName()) { > + case "createJob": > + JobConfiguration config = (JobConfiguration) args[0]; > + TaskConfig task = config.getTaskConfig(); > + String role = task.getJob().getRole(); > + if (role.equals("vagrant")) { > + ResponseDetail detail = new ResponseDetail("Test response."); > + List<ResponseDetail> details = new ArrayList<>(); > + details.add(detail); > + return new Response(ResponseCode.ERROR, null, details); > + } > + } > + > + return (Response) invocation.proceed(); > + } > + } > +} > ``` > > Tried to create a job with two different roles: > ``` > vagrant@aurora:~$ aurora job create devcluster/vagrant/test/http_example > /vagrant/src/test/sh/org/apache/aurora/e2e/http/http_example.aurora > INFO] Creating job http_example > Job creation failed due to error: > Test response. > > vagrant@aurora:~$ aurora job create devcluster/www-data/test/http_example > /vagrant/src/test/sh/org/apache/aurora/e2e/http/http_example.aurora > INFO] Creating job http_example > INFO] Checking status of devcluster/www-data/test/http_example > Job create succeeded: job > url=http://aurora.local:8081/scheduler/www-data/test/http_example > ``` > > > Thanks, > > Jordan Ly > >
