Apache Mesos
authorizer.hpp
Go to the documentation of this file.
1 // Licensed to the Apache Software Foundation (ASF) under one
2 // or more contributor license agreements. See the NOTICE file
3 // distributed with this work for additional information
4 // regarding copyright ownership. The ASF licenses this file
5 // to you under the Apache License, Version 2.0 (the
6 // "License"); you may not use this file except in compliance
7 // with the License. You may obtain a copy of the License at
8 //
9 // http://www.apache.org/licenses/LICENSE-2.0
10 //
11 // Unless required by applicable law or agreed to in writing, software
12 // distributed under the License is distributed on an "AS IS" BASIS,
13 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14 // See the License for the specific language governing permissions and
15 // limitations under the License.
16 
17 #ifndef __MESOS_AUTHORIZER_AUTHORIZER_HPP__
18 #define __MESOS_AUTHORIZER_AUTHORIZER_HPP__
19 
20 #include <mesos/mesos.hpp>
21 
22 // ONLY USEFUL AFTER RUNNING PROTOC.
23 #include <mesos/authorizer/authorizer.pb.h>
24 
25 #include <process/future.hpp>
26 
27 #include <stout/nothing.hpp>
28 #include <stout/option.hpp>
29 #include <stout/try.hpp>
30 
31 namespace mesos {
32 
33 class ACLs;
34 
41 {
42 public:
43  // This object has a 1:1 relationship with `authorization::Object`.
44  // We need to ensure that the fields in this object are in sync
45  // with the fields in `authorization::Object`.
46  struct Object
47  {
49  : value(nullptr),
50  framework_info(nullptr),
51  task(nullptr),
52  task_info(nullptr),
53  executor_info(nullptr),
54  quota_info(nullptr),
55  weight_info(nullptr),
56  resource(nullptr),
57  command_info(nullptr),
58  container_id(nullptr),
59  machine_id(nullptr) {}
60 
61  Object(const std::string& _value)
62  : value(&_value),
63  framework_info(nullptr),
64  task(nullptr),
65  task_info(nullptr),
66  executor_info(nullptr),
67  quota_info(nullptr),
68  weight_info(nullptr),
69  resource(nullptr),
70  command_info(nullptr),
71  container_id(nullptr),
72  machine_id(nullptr) {}
73 
74  Object(const ContainerID& _container_id)
75  : value(nullptr),
76  framework_info(nullptr),
77  task(nullptr),
78  task_info(nullptr),
79  executor_info(nullptr),
80  quota_info(nullptr),
81  weight_info(nullptr),
82  resource(nullptr),
83  command_info(nullptr),
84  container_id(&_container_id),
85  machine_id(nullptr) {}
86 
87  Object(const MachineID& _machine_id)
88  : value(nullptr),
89  framework_info(nullptr),
90  task(nullptr),
91  task_info(nullptr),
92  executor_info(nullptr),
93  quota_info(nullptr),
94  weight_info(nullptr),
95  resource(nullptr),
96  command_info(nullptr),
97  container_id(nullptr),
98  machine_id(&_machine_id) {}
99 
100  Object(const FrameworkInfo& _framework_info)
101  : value(nullptr),
102  framework_info(&_framework_info),
103  task(nullptr),
104  task_info(nullptr),
105  executor_info(nullptr),
106  quota_info(nullptr),
107  weight_info(nullptr),
108  resource(nullptr),
109  command_info(nullptr),
110  container_id(nullptr),
111  machine_id(nullptr) {}
112 
113  Object(const ExecutorInfo& _executor_info,
114  const FrameworkInfo& _framework_info)
115  : value(nullptr),
116  framework_info(&_framework_info),
117  task(nullptr),
118  task_info(nullptr),
119  executor_info(&_executor_info),
120  quota_info(nullptr),
121  weight_info(nullptr),
122  resource(nullptr),
123  command_info(nullptr),
124  container_id(nullptr),
125  machine_id(nullptr) {}
126 
127  Object(const TaskInfo& _task_info, const FrameworkInfo& _framework_info)
128  : value(nullptr),
129  framework_info(&_framework_info),
130  task(nullptr),
131  task_info(&_task_info),
132  executor_info(nullptr),
133  quota_info(nullptr),
134  weight_info(nullptr),
135  resource(nullptr),
136  command_info(nullptr),
137  container_id(nullptr),
138  machine_id(nullptr) {}
139 
140  Object(const Task& _task, const FrameworkInfo& _framework_info)
141  : value(nullptr),
142  framework_info(&_framework_info),
143  task(&_task),
144  task_info(nullptr),
145  executor_info(nullptr),
146  quota_info(nullptr),
147  weight_info(nullptr),
148  resource(nullptr),
149  command_info(nullptr),
150  container_id(nullptr),
151  machine_id(nullptr) {}
152 
154  const ExecutorInfo& _executor_info,
155  const FrameworkInfo& _framework_info,
156  const CommandInfo& _command_info,
157  const ContainerID& _container_id)
158  : value(nullptr),
159  framework_info(&_framework_info),
160  task(nullptr),
161  task_info(nullptr),
162  executor_info(&_executor_info),
163  quota_info(nullptr),
164  weight_info(nullptr),
165  resource(nullptr),
166  command_info(&_command_info),
167  container_id(&_container_id),
168  machine_id(nullptr) {}
169 
171  const ExecutorInfo& _executor_info,
172  const FrameworkInfo& _framework_info,
173  const ContainerID& _container_id)
174  : value(nullptr),
175  framework_info(&_framework_info),
176  task(nullptr),
177  task_info(nullptr),
178  executor_info(&_executor_info),
179  quota_info(nullptr),
180  weight_info(nullptr),
181  resource(nullptr),
182  command_info(nullptr),
183  container_id(&_container_id),
184  machine_id(nullptr) {}
185 
186  Object(const authorization::Object& object)
187  : value(object.has_value() ? &object.value() : nullptr),
189  object.has_framework_info() ? &object.framework_info() : nullptr),
190  task(object.has_task() ? &object.task() : nullptr),
191  task_info(object.has_task_info() ? &object.task_info() : nullptr),
193  object.has_executor_info() ? &object.executor_info() : nullptr),
194  quota_info(object.has_quota_info() ? &object.quota_info() : nullptr),
195  weight_info(object.has_weight_info() ? &object.weight_info() : nullptr),
196  resource(object.has_resource() ? &object.resource() : nullptr),
197  command_info(
198  object.has_command_info() ? &object.command_info() : nullptr),
199  container_id(
200  object.has_container_id() ? &object.container_id() : nullptr),
201  machine_id(object.has_machine_id() ? &object.machine_id() : nullptr) {}
202 
203  const std::string* value;
204  const FrameworkInfo* framework_info;
205  const Task* task;
206  const TaskInfo* task_info;
207  const ExecutorInfo* executor_info;
208  const quota::QuotaInfo* quota_info;
209  const WeightInfo* weight_info;
210  const Resource* resource;
211  const CommandInfo* command_info;
212  const ContainerID* container_id;
213  const MachineID* machine_id;
214  };
215 
220  virtual Try<bool> approved(
221  const Option<Object>& object) const noexcept = 0;
222 
223  virtual ~ObjectApprover() = default;
224 };
225 
226 
244 {
245 public:
257  static Try<Authorizer*> create(const std::string &name);
258 
267  static Try<Authorizer*> create(const ACLs& acls);
268 
269  virtual ~Authorizer() {}
270 
286  virtual process::Future<bool> authorized(
287  const authorization::Request& request) = 0;
288 
301  virtual process::Future<process::Owned<ObjectApprover>> getObjectApprover(
302  const Option<authorization::Subject>& subject,
303  const authorization::Action& action) = 0;
304 
305 protected:
307 };
308 
309 } // namespace mesos {
310 
311 #endif // __MESOS_AUTHORIZER_AUTHORIZER_HPP__
Object(const authorization::Object &object)
Definition: authorizer.hpp:186
const std::string * value
Definition: authorizer.hpp:203
const MachineID * machine_id
Definition: authorizer.hpp:213
Definition: option.hpp:28
Future< Response > request(const Request &request, bool streamedResponse=false)
Asynchronously sends an HTTP request to the process and returns the HTTP response once the entire res...
Definition: authorizer.hpp:46
Definition: check.hpp:33
Object(const ExecutorInfo &_executor_info, const FrameworkInfo &_framework_info, const CommandInfo &_command_info, const ContainerID &_container_id)
Definition: authorizer.hpp:153
virtual Try< bool > approved(const Option< Object > &object) const noexcept=0
NOTE: As this function can be used synchronously by actors it is essential that it does not block! ...
Object(const ExecutorInfo &_executor_info, const FrameworkInfo &_framework_info, const ContainerID &_container_id)
Definition: authorizer.hpp:170
Object(const FrameworkInfo &_framework_info)
Definition: authorizer.hpp:100
const Resource * resource
Definition: authorizer.hpp:210
const CommandInfo * command_info
Definition: authorizer.hpp:211
virtual ~ObjectApprover()=default
Object(const MachineID &_machine_id)
Definition: authorizer.hpp:87
Object(const std::string &_value)
Definition: authorizer.hpp:61
This interface is used to enable an identity service or any other back end to check authorization pol...
Definition: authorizer.hpp:243
const FrameworkInfo * framework_info
Definition: authorizer.hpp:204
Definition: spec.hpp:26
Object(const ExecutorInfo &_executor_info, const FrameworkInfo &_framework_info)
Definition: authorizer.hpp:113
Object(const Task &_task, const FrameworkInfo &_framework_info)
Definition: authorizer.hpp:140
Object(const ContainerID &_container_id)
Definition: authorizer.hpp:74
const quota::QuotaInfo * quota_info
Definition: authorizer.hpp:208
Object()
Definition: authorizer.hpp:48
virtual ~Authorizer()
Definition: authorizer.hpp:269
const Task * task
Definition: authorizer.hpp:205
const TaskInfo * task_info
Definition: authorizer.hpp:206
Try< Nothing > create(const std::string &hierarchy, const std::string &cgroup, bool recursive=false)
This interface represents a function object returned by the authorizer which can be used locally (and...
Definition: authorizer.hpp:40
Object(const TaskInfo &_task_info, const FrameworkInfo &_framework_info)
Definition: authorizer.hpp:127
const ContainerID * container_id
Definition: authorizer.hpp:212
const WeightInfo * weight_info
Definition: authorizer.hpp:209
constexpr const char * name
Definition: shell.hpp:43
Authorizer()
Definition: authorizer.hpp:306
const ExecutorInfo * executor_info
Definition: authorizer.hpp:207