Apache Mesos
validation.hpp
Go to the documentation of this file.
1 // Licensed to the Apache Software Foundation (ASF) under one
2 // or more contributor license agreements. See the NOTICE file
3 // distributed with this work for additional information
4 // regarding copyright ownership. The ASF licenses this file
5 // to you under the Apache License, Version 2.0 (the
6 // "License"); you may not use this file except in compliance
7 // with the License. You may obtain a copy of the License at
8 //
9 // http://www.apache.org/licenses/LICENSE-2.0
10 //
11 // Unless required by applicable law or agreed to in writing, software
12 // distributed under the License is distributed on an "AS IS" BASIS,
13 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14 // See the License for the specific language governing permissions and
15 // limitations under the License.
16 
17 #ifndef __MASTER_VALIDATION_HPP__
18 #define __MASTER_VALIDATION_HPP__
19 
20 #include <vector>
21 
22 #include <google/protobuf/repeated_field.h>
23 
24 #include <mesos/mesos.hpp>
25 #include <mesos/resources.hpp>
26 
28 
29 #include <mesos/master/master.hpp>
30 
32 
33 #include <stout/error.hpp>
34 #include <stout/option.hpp>
35 
37 
38 namespace mesos {
39 namespace internal {
40 namespace master {
41 
42 class Master;
43 
44 struct Framework;
45 struct Slave;
46 
47 namespace validation {
48 
49 namespace master {
50 namespace call {
51 
52 // Validates that a master:Call is well-formed.
53 //
54 // TODO(bmahler): Note that this does not validate the fields within
55 // the nested messages (e.g. `ReserveResources`) which is unintuitive.
56 // Consider moving all `master::Call` validation that does not require
57 // master state into this function.
58 //
59 // TODO(bmahler): Add unit tests.
61 
62 } // namespace call {
63 
64 namespace message {
65 
66 // Validation helpers for internal Mesos protocol messages. This is a
67 // best-effort validation, intended to prevent trivial attacks on the
68 // protocol in deployments where the network between master and agents
69 // is not secured. The longer term remedy for this is to make security
70 // guarantees at the libprocess level that would prevent arbitrary UPID
71 // impersonation (MESOS-7424).
72 
73 Option<Error> registerSlave(const RegisterSlaveMessage& message);
74 Option<Error> reregisterSlave(const ReregisterSlaveMessage& message);
75 
76 } // namespace message {
77 } // namespace master {
78 
79 
80 namespace framework {
81 namespace internal {
82 
83 // Validates the roles in given FrameworkInfo. Role, roles and
84 // MULTI_ROLE should be set according to following matrix. Also,
85 // roles should not contain duplicate entries.
86 //
87 // -- MULTI_ROLE is NOT set --
88 // +-------+-------+---------+
89 // | |Roles |No Roles |
90 // +-------+-------+---------+
91 // |Role | Error | None |
92 // +-------+-------+---------+
93 // |No Role| Error | None |
94 // +-------+-------+---------+
95 //
96 // ---- MULTI_ROLE is set ----
97 // +-------+-------+---------+
98 // | |Roles |No Roles |
99 // +-------+-------+---------+
100 // |Role | Error | Error |
101 // +-------+-------+---------+
102 // |No Role| None | None |
103 // +-------+-------+---------+
104 Option<Error> validateRoles(const mesos::FrameworkInfo& frameworkInfo);
105 
106 } // namespace internal {
107 
108 // Validate a FrameworkInfo.
109 //
110 // TODO(jay_guo): This currently only validates
111 // the role(s), validate more fields!
112 Option<Error> validate(const mesos::FrameworkInfo& frameworkInfo);
113 
114 } // namespace framework {
115 
116 
117 namespace scheduler {
118 namespace call {
119 
120 // Validates that a scheduler::Call is well-formed.
121 // TODO(bmahler): Add unit tests.
123  const mesos::scheduler::Call& call,
125 
126 } // namespace call {
127 } // namespace scheduler {
128 
129 
130 namespace resource {
131 
132 // Functions in this namespace are only exposed for testing.
133 namespace internal {
134 
136  const google::protobuf::RepeatedPtrField<Resource>& resources);
137 
138 } // namespace internal {
139 
140 // Validates resources specified by frameworks.
141 // NOTE: We cannot take 'Resources' here because invalid resources are
142 // silently ignored within its constructor.
144  const google::protobuf::RepeatedPtrField<Resource>& resources);
145 
146 } // namespace resource {
147 
148 
149 namespace executor {
150 
151 // Functions in this namespace are only exposed for testing.
152 namespace internal {
153 
154 Option<Error> validateExecutorID(const ExecutorInfo& executor);
155 
156 // Validates that fields are properly set depending on the type of the executor.
157 Option<Error> validateType(const ExecutorInfo& executor);
158 
159 // Validates resources of the executor.
160 Option<Error> validateResources(const ExecutorInfo& executor);
161 
162 } // namespace internal {
163 
164 Option<Error> validate(const ExecutorInfo& executor);
165 
166 } // namespace executor {
167 
168 
169 namespace task {
170 
171 // Validates a task that a framework attempts to launch within the
172 // offered resources. Returns an optional error which will cause the
173 // master to send a `TASK_ERROR` status update back to the framework.
174 //
175 // NOTE: This function must be called sequentially for each task, and
176 // each task needs to be launched before the next can be validated.
178  const TaskInfo& task,
179  Framework* framework,
180  Slave* slave,
181  const Resources& offered);
182 
183 
184 // Functions in this namespace are only exposed for testing.
185 namespace internal {
186 
187 // Validates resources of the task.
188 Option<Error> validateResources(const TaskInfo& task);
189 
190 // Validates resources of the task and its executor.
191 Option<Error> validateTaskAndExecutorResources(const TaskInfo& task);
192 
193 // Validates the kill policy of the task.
194 Option<Error> validateKillPolicy(const TaskInfo& task);
195 
196 // Validates `max_completion_time` of the task.
197 Option<Error> validateMaxCompletionTime(const TaskInfo& task);
198 
199 // Validates the check of the task.
200 Option<Error> validateCheck(const TaskInfo& task);
201 
202 // Validates the health check of the task.
203 Option<Error> validateHealthCheck(const TaskInfo& task);
204 
205 } // namespace internal {
206 
207 namespace group {
208 
209 // Validates a task group that a framework attempts to launch within the
210 // offered resources. Returns an optional error which will cause the
211 // master to send a `TASK_ERROR` status updates for *all* the tasks in
212 // the task group back to the framework.
213 //
214 // NOTE: Validation error of *any* task will cause all the tasks in the task
215 // group to be rejected by the master.
217  const TaskGroupInfo& taskGroup,
218  const ExecutorInfo& executor,
219  Framework* framework,
220  Slave* slave,
221  const Resources& offered);
222 
223 
224 // Functions in this namespace are only exposed for testing.
225 namespace internal {
226 
227 // Validates that the resources specified by
228 // the task group and its executor are valid.
229 //
230 // TODO(vinod): Consolidate this with `validateTaskAndExecutorResources()`.
232  const TaskGroupInfo& taskGroup,
233  const ExecutorInfo& executor);
234 
235 } // namespace internal {
236 
237 } // namespace group {
238 
239 } // namespace task {
240 
241 
242 namespace offer {
243 
244 // NOTE: These two functions are placed in the header file because we
245 // need to declare them as friends of Master.
246 Offer* getOffer(Master* master, const OfferID& offerId);
247 InverseOffer* getInverseOffer(Master* master, const OfferID& offerId);
248 Slave* getSlave(Master* master, const SlaveID& slaveId);
249 
250 
251 // Validates the given offers.
253  const google::protobuf::RepeatedPtrField<OfferID>& offerIds,
254  Master* master,
255  Framework* framework);
256 
257 
258 // Validates the given inverse offers.
260  const google::protobuf::RepeatedPtrField<OfferID>& offerIds,
261  Master* master,
262  Framework* framework);
263 
264 } // namespace offer {
265 
266 
267 namespace operation {
268 
269 // Validates the RESERVE operation.
271  const Offer::Operation::Reserve& reserve,
273  const protobuf::slave::Capabilities& agentCapabilities,
274  const Option<FrameworkInfo>& frameworkInfo = None());
275 
276 
277 // Validates the UNRESERVE operation.
279  const Offer::Operation::Unreserve& unreserve,
280  const Option<FrameworkInfo>& frameworkInfo = None());
281 
282 
283 // Validates the CREATE operation. We need slave's checkpointed resources so
284 // that we can validate persistence ID uniqueness, and we need the principal to
285 // verify that it's equal to the one in `DiskInfo.Persistence.principal`.
286 // We need the FrameworkInfo (unless the operation is requested by the
287 // operator) to ensure shared volumes are created by frameworks with the
288 // appropriate capability.
290  const Offer::Operation::Create& create,
291  const Resources& checkpointedResources,
293  const protobuf::slave::Capabilities& agentCapabilities,
294  const Option<FrameworkInfo>& frameworkInfo = None());
295 
296 
297 // Validates the DESTROY operation. We need slave's checkpointed
298 // resources to validate that the volumes to destroy actually exist.
299 // We also check that the volumes are not being used, or not assigned
300 // to any pending task.
302  const Offer::Operation::Destroy& destroy,
303  const Resources& checkpointedResources,
304  const hashmap<FrameworkID, Resources>& usedResources,
305  const hashmap<FrameworkID, hashmap<TaskID, TaskInfo>>& pendingTasks,
306  const Option<FrameworkInfo>& frameworkInfo = None());
307 
308 
310  const Offer::Operation::GrowVolume& growVolume,
311  const protobuf::slave::Capabilities& agentCapabilities);
312 
313 
315  const Offer::Operation::ShrinkVolume& shrinkVolume,
316  const protobuf::slave::Capabilities& agentCapabilities);
317 
318 
319 Option<Error> validate(const Offer::Operation::CreateDisk& createDisk);
320 
321 
322 Option<Error> validate(const Offer::Operation::DestroyDisk& destroyDisk);
323 
324 } // namespace operation {
325 
326 } // namespace validation {
327 } // namespace master {
328 } // namespace internal {
329 } // namespace mesos {
330 
331 #endif // __MASTER_VALIDATION_HPP__
Option< Error > validateExecutorID(const ExecutorInfo &executor)
Definition: master.hpp:27
Option< Error > validateMaxCompletionTime(const TaskInfo &task)
Definition: protobuf_utils.hpp:261
InverseOffer * getInverseOffer(Master *master, const OfferID &offerId)
mesos::v1::scheduler::Call Call
Definition: mesos.hpp:2616
Definition: resources.hpp:81
Slave * getSlave(Master *master, const SlaveID &slaveId)
Option< Error > validateResources(const TaskInfo &task)
Option< Error > reregisterSlave(const ReregisterSlaveMessage &message)
Definition: hashmap.hpp:38
Option< Error > validateInverseOffers(const google::protobuf::RepeatedPtrField< OfferID > &offerIds, Master *master, Framework *framework)
Option< Error > validateKillPolicy(const TaskInfo &task)
Option< Error > validateRoles(const mesos::FrameworkInfo &frameworkInfo)
Definition: spec.hpp:26
Option< Error > validateType(const ExecutorInfo &executor)
process::Future< Nothing > destroy(const std::string &hierarchy, const std::string &cgroup="/")
Option< Error > validateTaskGroupAndExecutorResources(const TaskGroupInfo &taskGroup, const ExecutorInfo &executor)
Option< Error > validateCheck(const TaskInfo &task)
Definition: grp.hpp:26
Definition: none.hpp:27
Definition: attributes.hpp:24
Option< Error > validateHealthCheck(const TaskInfo &task)
Definition: master.hpp:116
Option< Error > validate(const mesos::master::Call &call)
Option< Error > validateTaskAndExecutorResources(const TaskInfo &task)
Offer * getOffer(Master *master, const OfferID &offerId)
Option< Error > validateSingleResourceProvider(const google::protobuf::RepeatedPtrField< Resource > &resources)
Try< Nothing > create(const std::string &hierarchy, const std::string &cgroup, bool recursive=false)
Definition: master.hpp:2361
Definition: master.hpp:433
Option< Error > registerSlave(const RegisterSlaveMessage &message)