Repository: mesos Updated Branches: refs/heads/master f9a80a067 -> 9e208293b
Added constructors for ObjectApprover::Object. Added new constructors and updated all places where ObjectApprover::Objects are constructed to use new constructors. Review: https://reviews.apache.org/r/60279/ Project: http://git-wip-us.apache.org/repos/asf/mesos/repo Commit: http://git-wip-us.apache.org/repos/asf/mesos/commit/15656be2 Tree: http://git-wip-us.apache.org/repos/asf/mesos/tree/15656be2 Diff: http://git-wip-us.apache.org/repos/asf/mesos/diff/15656be2 Branch: refs/heads/master Commit: 15656be2f65cc4eeaf053b47133ca0bd43d5c166 Parents: f9a80a0 Author: Quinn Leng <quinn.leng....@gmail.com> Authored: Thu Jul 13 17:43:59 2017 -0700 Committer: Greg Mann <gregorywm...@gmail.com> Committed: Thu Jul 13 20:41:24 2017 -0700 ---------------------------------------------------------------------- include/mesos/authorizer/authorizer.hpp | 112 +++++++++++++++++++++++++++ src/common/http.cpp | 36 +++------ src/master/http.cpp | 23 ++---- src/slave/http.cpp | 68 +++++++--------- 4 files changed, 157 insertions(+), 82 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/mesos/blob/15656be2/include/mesos/authorizer/authorizer.hpp ---------------------------------------------------------------------- diff --git a/include/mesos/authorizer/authorizer.hpp b/include/mesos/authorizer/authorizer.hpp index 95cbcf3..40790f5 100644 --- a/include/mesos/authorizer/authorizer.hpp +++ b/include/mesos/authorizer/authorizer.hpp @@ -58,6 +58,118 @@ public: container_id(nullptr), machine_id(nullptr) {} + Object(const std::string& _value) + : value(&_value), + framework_info(nullptr), + task(nullptr), + task_info(nullptr), + executor_info(nullptr), + quota_info(nullptr), + weight_info(nullptr), + resource(nullptr), + command_info(nullptr), + container_id(nullptr), + machine_id(nullptr) {} + + Object(const MachineID& _machine_id) + : value(nullptr), + framework_info(nullptr), + task(nullptr), + task_info(nullptr), + executor_info(nullptr), + quota_info(nullptr), + weight_info(nullptr), + resource(nullptr), + command_info(nullptr), + container_id(nullptr), + machine_id(&_machine_id) {} + + Object(const FrameworkInfo& _framework_info) + : value(nullptr), + framework_info(&_framework_info), + task(nullptr), + task_info(nullptr), + executor_info(nullptr), + quota_info(nullptr), + weight_info(nullptr), + resource(nullptr), + command_info(nullptr), + container_id(nullptr), + machine_id(nullptr) {} + + Object(const ExecutorInfo& _executor_info, + const FrameworkInfo& _framework_info) + : value(nullptr), + framework_info(&_framework_info), + task(nullptr), + task_info(nullptr), + executor_info(&_executor_info), + quota_info(nullptr), + weight_info(nullptr), + resource(nullptr), + command_info(nullptr), + container_id(nullptr), + machine_id(nullptr) {} + + Object(const TaskInfo& _task_info, const FrameworkInfo& _framework_info) + : value(nullptr), + framework_info(&_framework_info), + task(nullptr), + task_info(&_task_info), + executor_info(nullptr), + quota_info(nullptr), + weight_info(nullptr), + resource(nullptr), + command_info(nullptr), + container_id(nullptr), + machine_id(nullptr) {} + + Object(const Task& _task, const FrameworkInfo& _framework_info) + : value(nullptr), + framework_info(&_framework_info), + task(&_task), + task_info(nullptr), + executor_info(nullptr), + quota_info(nullptr), + weight_info(nullptr), + resource(nullptr), + command_info(nullptr), + container_id(nullptr), + machine_id(nullptr) {} + + Object( + const ExecutorInfo& _executor_info, + const FrameworkInfo& _framework_info, + const CommandInfo& _command_info, + const ContainerID& _container_id) + : value(nullptr), + framework_info(&_framework_info), + task(nullptr), + task_info(nullptr), + executor_info(&_executor_info), + quota_info(nullptr), + weight_info(nullptr), + resource(nullptr), + command_info(&_command_info), + container_id(&_container_id), + machine_id(nullptr) {} + + Object( + const ExecutorInfo& _executor_info, + const FrameworkInfo& _framework_info, + const ContainerID& _container_id) + : value(nullptr), + framework_info(&_framework_info), + task(nullptr), + task_info(nullptr), + executor_info(&_executor_info), + quota_info(nullptr), + weight_info(nullptr), + resource(nullptr), + command_info(nullptr), + container_id(&_container_id), + machine_id(nullptr) {} + Object(const authorization::Object& object) : value(object.has_value() ? &object.value() : nullptr), framework_info( http://git-wip-us.apache.org/repos/asf/mesos/blob/15656be2/src/common/http.cpp ---------------------------------------------------------------------- diff --git a/src/common/http.cpp b/src/common/http.cpp index 7dce4cd..a9c2a4a 100644 --- a/src/common/http.cpp +++ b/src/common/http.cpp @@ -847,10 +847,8 @@ bool approveViewFrameworkInfo( const Owned<ObjectApprover>& frameworksApprover, const FrameworkInfo& frameworkInfo) { - ObjectApprover::Object object; - object.framework_info = &frameworkInfo; - - Try<bool> approved = frameworksApprover->approved(object); + Try<bool> approved = + frameworksApprover->approved(ObjectApprover::Object(frameworkInfo)); if (approved.isError()) { LOG(WARNING) << "Error during FrameworkInfo authorization: " << approved.error(); @@ -866,11 +864,8 @@ bool approveViewExecutorInfo( const ExecutorInfo& executorInfo, const FrameworkInfo& frameworkInfo) { - ObjectApprover::Object object; - object.executor_info = &executorInfo; - object.framework_info = &frameworkInfo; - - Try<bool> approved = executorsApprover->approved(object); + Try<bool> approved = executorsApprover->approved( + ObjectApprover::Object(executorInfo, frameworkInfo)); if (approved.isError()) { LOG(WARNING) << "Error during ExecutorInfo authorization: " << approved.error(); @@ -886,11 +881,8 @@ bool approveViewTaskInfo( const TaskInfo& taskInfo, const FrameworkInfo& frameworkInfo) { - ObjectApprover::Object object; - object.task_info = &taskInfo; - object.framework_info = &frameworkInfo; - - Try<bool> approved = tasksApprover->approved(object); + Try<bool> approved = + tasksApprover->approved(ObjectApprover::Object(taskInfo, frameworkInfo)); if (approved.isError()) { LOG(WARNING) << "Error during TaskInfo authorization: " << approved.error(); // TODO(joerg84): Consider exposing these errors to the caller. @@ -905,11 +897,8 @@ bool approveViewTask( const Task& task, const FrameworkInfo& frameworkInfo) { - ObjectApprover::Object object; - object.task = &task; - object.framework_info = &frameworkInfo; - - Try<bool> approved = tasksApprover->approved(object); + Try<bool> approved = + tasksApprover->approved(ObjectApprover::Object(task, frameworkInfo)); if (approved.isError()) { LOG(WARNING) << "Error during Task authorization: " << approved.error(); // TODO(joerg84): Consider exposing these errors to the caller. @@ -922,9 +911,7 @@ bool approveViewTask( bool approveViewFlags( const Owned<ObjectApprover>& flagsApprover) { - ObjectApprover::Object object; - - Try<bool> approved = flagsApprover->approved(object); + Try<bool> approved = flagsApprover->approved(ObjectApprover::Object()); if (approved.isError()) { LOG(WARNING) << "Error during Flags authorization: " << approved.error(); // TODO(joerg84): Consider exposing these errors to the caller. @@ -980,10 +967,7 @@ bool approveViewRole( const Owned<ObjectApprover>& rolesApprover, const string& role) { - ObjectApprover::Object object; - object.value = &role; - - Try<bool> approved = rolesApprover->approved(object); + Try<bool> approved = rolesApprover->approved(ObjectApprover::Object(role)); if (approved.isError()) { LOG(WARNING) << "Error during Roles authorization: " << approved.error(); // TODO(joerg84): Consider exposing these errors to the caller. http://git-wip-us.apache.org/repos/asf/mesos/blob/15656be2/src/master/http.cpp ---------------------------------------------------------------------- diff --git a/src/master/http.cpp b/src/master/http.cpp index 948aa11..4ec275f 100644 --- a/src/master/http.cpp +++ b/src/master/http.cpp @@ -4239,10 +4239,8 @@ mesos::maintenance::Schedule Master::Http::_getMaintenanceSchedule( mesos::maintenance::Window window_; foreach (const MachineID& machine_id, window.machine_ids()) { - ObjectApprover::Object object; - object.machine_id = &machine_id; - - Try<bool> approved = approver->approved(object); + Try<bool> approved = + approver->approved(ObjectApprover::Object(machine_id)); if (approved.isError()) { LOG(WARNING) << "Error during MachineID authorization: " @@ -4306,10 +4304,7 @@ Future<Response> Master::Http::__updateMaintenanceSchedule( { foreach (const mesos::maintenance::Window& window, schedule.windows()) { foreach (const MachineID& machine, window.machine_ids()) { - ObjectApprover::Object object; - object.machine_id = &machine; - - Try<bool> approved = approver->approved(object); + Try<bool> approved = approver->approved(ObjectApprover::Object(machine)); if (approved.isError()) { return InternalServerError("Authorization error: " + approved.error()); @@ -4548,9 +4543,7 @@ Future<Response> Master::Http::_startMaintenance( "' is not in DRAINING mode and cannot be brought down"); } - ObjectApprover::Object object; - object.machine_id = &id; - Try<bool> approved = approver->approved(object); + Try<bool> approved = approver->approved(ObjectApprover::Object(id)); if (approved.isError()) { return InternalServerError("Authorization error: " + approved.error()); @@ -4730,9 +4723,7 @@ Future<Response> Master::Http::_stopMaintenance( "' is not in DOWN mode and cannot be brought up"); } - ObjectApprover::Object object; - object.machine_id = &id; - Try<bool> approved = approver->approved(object); + Try<bool> approved = approver->approved(ObjectApprover::Object(id)); if (approved.isError()) { return InternalServerError("Authorization error: " + approved.error()); @@ -4905,9 +4896,7 @@ Future<mesos::maintenance::ClusterStatus> Master::Http::_getMaintenanceStatus( const MachineID& id, const Machine& machine, master->machines) { - ObjectApprover::Object object; - object.machine_id = &id; - Try<bool> approved = approver->approved(object); + Try<bool> approved = approver->approved(ObjectApprover::Object(id)); if (approved.isError()) { LOG(WARNING) << "Error during MachineID authorization: " http://git-wip-us.apache.org/repos/asf/mesos/blob/15656be2/src/slave/http.cpp ---------------------------------------------------------------------- diff --git a/src/slave/http.cpp b/src/slave/http.cpp index 3070b3b..60640e5 100644 --- a/src/slave/http.cpp +++ b/src/slave/http.cpp @@ -2129,9 +2129,7 @@ Future<JSON::Array> Http::__containers( Try<bool> authorized = true; if (approver.isSome()) { - ObjectApprover::Object object; - object.executor_info = &info; - object.framework_info = &(framework->info); + ObjectApprover::Object object(info, framework->info); authorized = approver.get()->approved(object); @@ -2332,13 +2330,12 @@ Future<Response> Http::_launchNestedContainer( Framework* framework = slave->getFramework(executor->frameworkId); CHECK_NOTNULL(framework); - ObjectApprover::Object object; - object.executor_info = &(executor->info); - object.framework_info = &(framework->info); - object.command_info = &(commandInfo); - object.container_id = &(containerId); - - Try<bool> approved = approver.get()->approved(object); + Try<bool> approved = approver.get()->approved( + ObjectApprover::Object( + executor->info, + framework->info, + commandInfo, + containerId)); if (approved.isError()) { return Failure(approved.error()); @@ -2435,12 +2432,11 @@ Future<Response> Http::waitNestedContainer( Framework* framework = slave->getFramework(executor->frameworkId); CHECK_NOTNULL(framework); - ObjectApprover::Object object; - object.executor_info = &(executor->info); - object.framework_info = &(framework->info); - object.container_id = &(containerId); - - Try<bool> approved = waitApprover.get()->approved(object); + Try<bool> approved = waitApprover.get()->approved( + ObjectApprover::Object( + executor->info, + framework->info, + containerId)); if (approved.isError()) { return Failure(approved.error()); @@ -2510,12 +2506,11 @@ Future<Response> Http::killNestedContainer( Framework* framework = slave->getFramework(executor->frameworkId); CHECK_NOTNULL(framework); - ObjectApprover::Object object; - object.executor_info = &(executor->info); - object.framework_info = &(framework->info); - object.container_id = &(containerId); - - Try<bool> approved = killApprover.get()->approved(object); + Try<bool> approved = killApprover.get()->approved( + ObjectApprover::Object( + executor->info, + framework->info, + containerId)); if (approved.isError()) { return Failure(approved.error()); @@ -2570,12 +2565,11 @@ Future<Response> Http::removeNestedContainer( Framework* framework = slave->getFramework(executor->frameworkId); CHECK_NOTNULL(framework); - ObjectApprover::Object object; - object.executor_info = &(executor->info); - object.framework_info = &(framework->info); - object.container_id = &(containerId); - - Try<bool> approved = removeApprover.get()->approved(object); + Try<bool> approved = removeApprover.get()->approved( + ObjectApprover::Object( + executor->info, + framework->info, + containerId)); if (approved.isError()) { return Failure(approved.error()); @@ -2711,11 +2705,8 @@ Future<Response> Http::attachContainerInput( Framework* framework = slave->getFramework(executor->frameworkId); CHECK_NOTNULL(framework); - ObjectApprover::Object object; - object.executor_info = &(executor->info); - object.framework_info = &(framework->info); - - Try<bool> approved = attachInputApprover.get()->approved(object); + Try<bool> approved = attachInputApprover.get()->approved( + ObjectApprover::Object(executor->info, framework->info)); if (approved.isError()) { return Failure(approved.error()); @@ -3026,12 +3017,11 @@ Future<Response> Http::attachContainerOutput( Framework* framework = slave->getFramework(executor->frameworkId); CHECK_NOTNULL(framework); - ObjectApprover::Object object; - object.executor_info = &(executor->info); - object.framework_info = &(framework->info); - object.container_id = &(containerId); - - Try<bool> approved = attachOutputApprover.get()->approved(object); + Try<bool> approved = attachOutputApprover.get()->approved( + ObjectApprover::Object( + executor->info, + framework->info, + containerId)); if (approved.isError()) { return Failure(approved.error());
