Apache Mesos
validation.hpp
Go to the documentation of this file.
1 // Licensed to the Apache Software Foundation (ASF) under one
2 // or more contributor license agreements. See the NOTICE file
3 // distributed with this work for additional information
4 // regarding copyright ownership. The ASF licenses this file
5 // to you under the Apache License, Version 2.0 (the
6 // "License"); you may not use this file except in compliance
7 // with the License. You may obtain a copy of the License at
8 //
9 // http://www.apache.org/licenses/LICENSE-2.0
10 //
11 // Unless required by applicable law or agreed to in writing, software
12 // distributed under the License is distributed on an "AS IS" BASIS,
13 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14 // See the License for the specific language governing permissions and
15 // limitations under the License.
16 
17 #ifndef __MASTER_VALIDATION_HPP__
18 #define __MASTER_VALIDATION_HPP__
19 
20 #include <vector>
21 
22 #include <google/protobuf/repeated_field.h>
23 
24 #include <mesos/mesos.hpp>
25 #include <mesos/resources.hpp>
26 
28 
29 #include <mesos/master/master.hpp>
30 
32 
33 #include <stout/error.hpp>
34 #include <stout/option.hpp>
35 
37 
38 namespace mesos {
39 namespace internal {
40 namespace master {
41 
42 class Master;
43 
44 struct Framework;
45 struct Slave;
46 
47 namespace validation {
48 
49 namespace master {
50 namespace call {
51 
52 // Validates that a master:Call is well-formed.
53 // TODO(bmahler): Add unit tests.
55  const mesos::master::Call& call,
57 
58 } // namespace call {
59 
60 namespace message {
61 
62 // Validation helpers for internal Mesos protocol messages. This is a
63 // best-effort validation, intended to prevent trivial attacks on the
64 // protocol in deployments where the network between master and agents
65 // is not secured. The longer term remedy for this is to make security
66 // guarantees at the libprocess level that would prevent arbitrary UPID
67 // impersonation (MESOS-7424).
68 
69 Option<Error> registerSlave(const RegisterSlaveMessage& message);
70 Option<Error> reregisterSlave(const ReregisterSlaveMessage& message);
71 
72 } // namespace message {
73 } // namespace master {
74 
75 
76 namespace framework {
77 namespace internal {
78 
79 // Validates the roles in given FrameworkInfo. Role, roles and
80 // MULTI_ROLE should be set according to following matrix. Also,
81 // roles should not contain duplicate entries.
82 //
83 // -- MULTI_ROLE is NOT set --
84 // +-------+-------+---------+
85 // | |Roles |No Roles |
86 // +-------+-------+---------+
87 // |Role | Error | None |
88 // +-------+-------+---------+
89 // |No Role| Error | None |
90 // +-------+-------+---------+
91 //
92 // ---- MULTI_ROLE is set ----
93 // +-------+-------+---------+
94 // | |Roles |No Roles |
95 // +-------+-------+---------+
96 // |Role | Error | Error |
97 // +-------+-------+---------+
98 // |No Role| None | None |
99 // +-------+-------+---------+
100 Option<Error> validateRoles(const mesos::FrameworkInfo& frameworkInfo);
101 
102 } // namespace internal {
103 
104 // Validate a FrameworkInfo.
105 //
106 // TODO(jay_guo): This currently only validates
107 // the role(s), validate more fields!
108 Option<Error> validate(const mesos::FrameworkInfo& frameworkInfo);
109 
110 } // namespace framework {
111 
112 
113 namespace scheduler {
114 namespace call {
115 
116 // Validates that a scheduler::Call is well-formed.
117 // TODO(bmahler): Add unit tests.
119  const mesos::scheduler::Call& call,
121 
122 } // namespace call {
123 } // namespace scheduler {
124 
125 
126 namespace resource {
127 
128 // Functions in this namespace are only exposed for testing.
129 namespace internal {
130 
132  const google::protobuf::RepeatedPtrField<Resource>& resources);
133 
134 } // namespace internal {
135 
136 // Validates resources specified by frameworks.
137 // NOTE: We cannot take 'Resources' here because invalid resources are
138 // silently ignored within its constructor.
140  const google::protobuf::RepeatedPtrField<Resource>& resources);
141 
142 } // namespace resource {
143 
144 
145 namespace executor {
146 
147 // Functions in this namespace are only exposed for testing.
148 namespace internal {
149 
150 Option<Error> validateExecutorID(const ExecutorInfo& executor);
151 
152 // Validates that fields are properly set depending on the type of the executor.
153 Option<Error> validateType(const ExecutorInfo& executor);
154 
155 // Validates resources of the executor.
156 Option<Error> validateResources(const ExecutorInfo& executor);
157 
158 } // namespace internal {
159 
160 Option<Error> validate(const ExecutorInfo& executor);
161 
162 } // namespace executor {
163 
164 
165 namespace task {
166 
167 // Validates a task that a framework attempts to launch within the
168 // offered resources. Returns an optional error which will cause the
169 // master to send a `TASK_ERROR` status update back to the framework.
170 //
171 // NOTE: This function must be called sequentially for each task, and
172 // each task needs to be launched before the next can be validated.
174  const TaskInfo& task,
175  Framework* framework,
176  Slave* slave,
177  const Resources& offered);
178 
179 
180 // Functions in this namespace are only exposed for testing.
181 namespace internal {
182 
183 // Validates resources of the task.
184 Option<Error> validateResources(const TaskInfo& task);
185 
186 // Validates resources of the task and its executor.
187 Option<Error> validateTaskAndExecutorResources(const TaskInfo& task);
188 
189 // Validates the kill policy of the task.
190 Option<Error> validateKillPolicy(const TaskInfo& task);
191 
192 // Validates the check of the task.
193 Option<Error> validateCheck(const TaskInfo& task);
194 
195 // Validates the health check of the task.
196 Option<Error> validateHealthCheck(const TaskInfo& task);
197 
198 } // namespace internal {
199 
200 namespace group {
201 
202 // Validates a task group that a framework attempts to launch within the
203 // offered resources. Returns an optional error which will cause the
204 // master to send a `TASK_ERROR` status updates for *all* the tasks in
205 // the task group back to the framework.
206 //
207 // NOTE: Validation error of *any* task will cause all the tasks in the task
208 // group to be rejected by the master.
210  const TaskGroupInfo& taskGroup,
211  const ExecutorInfo& executor,
212  Framework* framework,
213  Slave* slave,
214  const Resources& offered);
215 
216 
217 // Functions in this namespace are only exposed for testing.
218 namespace internal {
219 
220 // Validates that the resources specified by
221 // the task group and its executor are valid.
222 //
223 // TODO(vinod): Consolidate this with `validateTaskAndExecutorResources()`.
225  const TaskGroupInfo& taskGroup,
226  const ExecutorInfo& executor);
227 
228 } // namespace internal {
229 
230 } // namespace group {
231 
232 } // namespace task {
233 
234 
235 namespace offer {
236 
237 // NOTE: These two functions are placed in the header file because we
238 // need to declare them as friends of Master.
239 Offer* getOffer(Master* master, const OfferID& offerId);
240 InverseOffer* getInverseOffer(Master* master, const OfferID& offerId);
241 Slave* getSlave(Master* master, const SlaveID& slaveId);
242 
243 
244 // Validates the given offers.
246  const google::protobuf::RepeatedPtrField<OfferID>& offerIds,
247  Master* master,
248  Framework* framework);
249 
250 
251 // Validates the given inverse offers.
253  const google::protobuf::RepeatedPtrField<OfferID>& offerIds,
254  Master* master,
255  Framework* framework);
256 
257 } // namespace offer {
258 
259 
260 namespace operation {
261 
262 // Validates the RESERVE operation.
264  const Offer::Operation::Reserve& reserve,
266  const protobuf::slave::Capabilities& agentCapabilities,
267  const Option<FrameworkInfo>& frameworkInfo = None());
268 
269 
270 // Validates the UNRESERVE operation.
272  const Offer::Operation::Unreserve& unreserve,
273  const Option<FrameworkInfo>& frameworkInfo = None());
274 
275 
276 // Validates the CREATE operation. We need slave's checkpointed resources so
277 // that we can validate persistence ID uniqueness, and we need the principal to
278 // verify that it's equal to the one in `DiskInfo.Persistence.principal`.
279 // We need the FrameworkInfo (unless the operation is requested by the
280 // operator) to ensure shared volumes are created by frameworks with the
281 // appropriate capability.
283  const Offer::Operation::Create& create,
284  const Resources& checkpointedResources,
286  const protobuf::slave::Capabilities& agentCapabilities,
287  const Option<FrameworkInfo>& frameworkInfo = None());
288 
289 
290 // Validates the DESTROY operation. We need slave's checkpointed
291 // resources to validate that the volumes to destroy actually exist.
292 // We also check that the volumes are not being used, or not assigned
293 // to any pending task.
295  const Offer::Operation::Destroy& destroy,
296  const Resources& checkpointedResources,
297  const hashmap<FrameworkID, Resources>& usedResources,
298  const hashmap<FrameworkID, hashmap<TaskID, TaskInfo>>& pendingTasks,
299  const Option<FrameworkInfo>& frameworkInfo = None());
300 
301 
302 Option<Error> validate(const Offer::Operation::CreateVolume& createVolume);
303 Option<Error> validate(const Offer::Operation::DestroyVolume& destroyVolume);
304 Option<Error> validate(const Offer::Operation::CreateBlock& createBlock);
305 Option<Error> validate(const Offer::Operation::DestroyBlock& destroyBlock);
306 
307 } // namespace operation {
308 
309 } // namespace validation {
310 } // namespace master {
311 } // namespace internal {
312 } // namespace mesos {
313 
314 #endif // __MASTER_VALIDATION_HPP__
Option< Error > validateExecutorID(const ExecutorInfo &executor)
Definition: master.hpp:27
Definition: protobuf_utils.hpp:261
InverseOffer * getInverseOffer(Master *master, const OfferID &offerId)
mesos::v1::scheduler::Call Call
Definition: mesos.hpp:2555
Definition: resources.hpp:79
Slave * getSlave(Master *master, const SlaveID &slaveId)
Option< Error > validateResources(const TaskInfo &task)
Option< Error > reregisterSlave(const ReregisterSlaveMessage &message)
Definition: hashmap.hpp:38
Option< Error > validateInverseOffers(const google::protobuf::RepeatedPtrField< OfferID > &offerIds, Master *master, Framework *framework)
Option< Error > validateKillPolicy(const TaskInfo &task)
Option< Error > validateRoles(const mesos::FrameworkInfo &frameworkInfo)
Definition: spec.hpp:30
Option< Error > validateType(const ExecutorInfo &executor)
process::Future< Nothing > destroy(const std::string &hierarchy, const std::string &cgroup="/")
Option< Error > validateTaskGroupAndExecutorResources(const TaskGroupInfo &taskGroup, const ExecutorInfo &executor)
Option< Error > validateCheck(const TaskInfo &task)
Definition: grp.hpp:26
Definition: none.hpp:27
Definition: attributes.hpp:24
Option< Error > validateHealthCheck(const TaskInfo &task)
Definition: master.hpp:117
Option< Error > validate(const mesos::master::Call &call, const Option< process::http::authentication::Principal > &principal=None())
Option< Error > validateTaskAndExecutorResources(const TaskInfo &task)
Offer * getOffer(Master *master, const OfferID &offerId)
Option< Error > validateSingleResourceProvider(const google::protobuf::RepeatedPtrField< Resource > &resources)
Try< Nothing > create(const std::string &hierarchy, const std::string &cgroup, bool recursive=false)
Definition: master.hpp:2170
Definition: master.hpp:426
Option< Error > registerSlave(const RegisterSlaveMessage &message)