Google Git
Sign in
apache / mesos / refs/tags/1.10.0 / . / src / slave / containerizer / mesos / isolators / environment_secret.cpp
blob: 824b5027e16e1097d2cca31fadd1859bc2aa3e04 [file] [log] [blame]
// Licensed to the Apache Software Foundation (ASF) under one
// or more contributor license agreements. See the NOTICE file
// distributed with this work for additional information
// regarding copyright ownership. The ASF licenses this file
// to you under the Apache License, Version 2.0 (the
// "License"); you may not use this file except in compliance
// with the License. You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
#include "slave/containerizer/mesos/isolators/environment_secret.hpp"
#include <vector>
#include <mesos/secret/resolver.hpp>
#include <process/collect.hpp>
#include <process/future.hpp>
#include <process/id.hpp>
#include <process/owned.hpp>
#include <stout/foreach.hpp>
#include "common/validation.hpp"
using std::vector;
using process::collect;
using process::Failure;
using process::Future;
using process::Owned;
using mesos::slave::ContainerConfig;
using mesos::slave::ContainerLaunchInfo;
using mesos::slave::ContainerState;
using mesos::slave::Isolator;
namespace mesos {
namespace internal {
namespace slave {
Try<Isolator*> EnvironmentSecretIsolatorProcess::create(
const Flags& flags,
SecretResolver* secretResolver)
{
Owned<MesosIsolatorProcess> process(new EnvironmentSecretIsolatorProcess(
flags,
secretResolver));;
return new MesosIsolator(process);
}
EnvironmentSecretIsolatorProcess::EnvironmentSecretIsolatorProcess(
const Flags& _flags,
SecretResolver* _secretResolver)
: ProcessBase(process::ID::generate("environment-secret-isolator")),
flags(_flags),
secretResolver(_secretResolver) {}
EnvironmentSecretIsolatorProcess::~EnvironmentSecretIsolatorProcess() {}
bool EnvironmentSecretIsolatorProcess::supportsNesting()
{
return true;
}
bool EnvironmentSecretIsolatorProcess::supportsStandalone()
{
return true;
}
Future<Option<ContainerLaunchInfo>> EnvironmentSecretIsolatorProcess::prepare(
const ContainerID& containerId,
const ContainerConfig& containerConfig)
{
Option<Error> error = common::validation::validateEnvironment(
containerConfig.command_info().environment());
if (error.isSome()) {
return Failure( "Invalid environment specified: " + error->message);
}
Environment environment;
vector<Future<Environment::Variable>> futures;
foreach (const Environment::Variable& variable,
containerConfig.command_info().environment().variables()) {
if (variable.type() != Environment::Variable::SECRET) {
continue;
}
const Secret& secret = variable.secret();
error = common::validation::validateSecret(secret);
if (error.isSome()) {
return Failure(
"Invalid secret specified in environment '" + variable.name() +
"': " + error->message);
}
if (secretResolver == nullptr) {
return Failure(
"Error: Environment variable '" + variable.name() +
"' contains secret but no secret resolver provided");
}
Future<Environment::Variable> future = secretResolver->resolve(secret)
.then([variable](const Secret::Value& secretValue)
-> Future<Environment::Variable> {
Environment::Variable result;
result.set_name(variable.name());
result.set_value(secretValue.data());
return result;
});
futures.push_back(future);
}
return collect(futures)
.then([](const vector<Environment::Variable>& variables)
-> Future<Option<ContainerLaunchInfo>> {
ContainerLaunchInfo launchInfo;
Environment* environment = launchInfo.mutable_environment();
foreach (const Environment::Variable& variable, variables) {
environment->add_variables()->CopyFrom(variable);
}
launchInfo.mutable_task_environment()->CopyFrom(*environment);
return launchInfo;
});
}
} // namespace slave {
} // namespace internal {
} // namespace mesos {