[GitHub] spark pull request #19437: [SPARK-22131][MESOS] Mesos driver secrets

Mon, 09 Oct 2017 02:11:19 -0700 

Github user skonto commented on a diff in the pull request:

    https://github.com/apache/spark/pull/19437#discussion_r143415419
  
    --- Diff: 
resource-managers/mesos/src/main/scala/org/apache/spark/scheduler/cluster/mesos/MesosSchedulerBackendUtil.scala
 ---
    @@ -170,9 +174,122 @@ private[mesos] object MesosSchedulerBackendUtil 
extends Logging {
           containerInfo.addNetworkInfos(info)
         }
     
    +    getSecretVolume(conf, secretConfig).foreach { volume =>
    +      if (volume.getSource.getSecret.getReference.isInitialized) {
    +        logInfo(s"Setting reference secret 
${volume.getSource.getSecret.getReference.getName}" +
    +          s"on file ${volume.getContainerPath}")
    +      } else {
    +        logInfo(s"Setting secret on file name=${volume.getContainerPath}")
    +      }
    +      containerInfo.addVolumes(volume)
    +    }
    +
         containerInfo
       }
     
    +  def addSecretEnvVar(
    +      envBuilder: Environment.Builder,
    +      conf: SparkConf,
    +      secretConfig: MesosSecretConfig): Unit = {
    +    getSecretEnvVar(conf, secretConfig).foreach { variable =>
    +      if (variable.getSecret.getReference.isInitialized) {
    +        logInfo(s"Setting reference secret 
${variable.getSecret.getReference.getName}" +
    +          s"on file ${variable.getName}")
    +      } else {
    +        logInfo(s"Setting secret on environment variable 
name=${variable.getName}")
    +      }
    +      envBuilder.addVariables(variable)
    +    }
    +  }
    +
    +  private def getSecrets(conf: SparkConf, secretConfig: MesosSecretConfig):
    +  Seq[Secret] = {
    +    def createValueSecret(data: String): Secret = {
    +      Secret.newBuilder()
    +        .setType(Secret.Type.VALUE)
    +        
.setValue(Secret.Value.newBuilder().setData(ByteString.copyFrom(data.getBytes)))
    +        .build()
    +    }
    +
    +    def createReferenceSecret(name: String): Secret = {
    +      Secret.newBuilder()
    +        .setReference(Secret.Reference.newBuilder().setName(name))
    +        .setType(Secret.Type.REFERENCE)
    +        .build()
    +    }
    +
    +    val referenceSecrets: Seq[Secret] =
    +      conf.get(secretConfig.SECRET_NAME).getOrElse(Nil).map(s => 
createReferenceSecret(s))
    +
    +    val valueSecrets: Seq[Secret] = {
    +      conf.get(secretConfig.SECRET_VALUE).getOrElse(Nil).map(s => 
createValueSecret(s))
    +    }
    +
    +    if (valueSecrets.nonEmpty && referenceSecrets.nonEmpty) {
    +      throw new SparkException("Cannot specify VALUE type secrets and 
REFERENCE types ones")
    +    }
    +
    +    if (referenceSecrets.nonEmpty) referenceSecrets else valueSecrets
    +  }
    +
    +  private def illegalSecretInput(dest: Seq[String], s: Seq[Secret]): 
Boolean = {
    +    if (dest.isEmpty) {  // no destination set (ie not using secrets of 
this type
    --- End diff --
    
    I think this is redundant, it is covered by the last false statement anyway.


---

---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to