Apache Mesos
validation.hpp
Go to the documentation of this file.
1 // Licensed to the Apache Software Foundation (ASF) under one
2 // or more contributor license agreements. See the NOTICE file
3 // distributed with this work for additional information
4 // regarding copyright ownership. The ASF licenses this file
5 // to you under the Apache License, Version 2.0 (the
6 // "License"); you may not use this file except in compliance
7 // with the License. You may obtain a copy of the License at
8 //
9 // http://www.apache.org/licenses/LICENSE-2.0
10 //
11 // Unless required by applicable law or agreed to in writing, software
12 // distributed under the License is distributed on an "AS IS" BASIS,
13 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14 // See the License for the specific language governing permissions and
15 // limitations under the License.
16 
17 #ifndef __MASTER_VALIDATION_HPP__
18 #define __MASTER_VALIDATION_HPP__
19 
20 #include <vector>
21 
22 #include <google/protobuf/repeated_field.h>
23 
24 #include <mesos/mesos.hpp>
25 #include <mesos/resources.hpp>
26 
28 
29 #include <mesos/master/master.hpp>
30 
32 
33 #include <stout/error.hpp>
34 #include <stout/option.hpp>
35 
37 
38 namespace mesos {
39 namespace internal {
40 namespace master {
41 
42 class Master;
43 
44 struct Framework;
45 struct Slave;
46 
47 namespace validation {
48 
49 namespace master {
50 namespace call {
51 
52 // Validates that a master:Call is well-formed.
53 //
54 // TODO(bmahler): Note that this does not validate the fields within
55 // the nested messages (e.g. `ReserveResources`) which is unintuitive.
56 // Consider moving all `master::Call` validation that does not require
57 // master state into this function.
58 //
59 // TODO(bmahler): Add unit tests.
61 
62 } // namespace call {
63 
64 namespace message {
65 
66 // Validation helpers for internal Mesos protocol messages. This is a
67 // best-effort validation, intended to prevent trivial attacks on the
68 // protocol in deployments where the network between master and agents
69 // is not secured. The longer term remedy for this is to make security
70 // guarantees at the libprocess level that would prevent arbitrary UPID
71 // impersonation (MESOS-7424).
72 
73 Option<Error> registerSlave(const RegisterSlaveMessage& message);
74 Option<Error> reregisterSlave(const ReregisterSlaveMessage& message);
75 
76 } // namespace message {
77 } // namespace master {
78 
79 
80 namespace framework {
81 namespace internal {
82 
83 // Validates the roles in given FrameworkInfo. Role, roles and
84 // MULTI_ROLE should be set according to following matrix. Also,
85 // roles should not contain duplicate entries.
86 //
87 // -- MULTI_ROLE is NOT set --
88 // +-------+-------+---------+
89 // | |Roles |No Roles |
90 // +-------+-------+---------+
91 // |Role | Error | None |
92 // +-------+-------+---------+
93 // |No Role| Error | None |
94 // +-------+-------+---------+
95 //
96 // ---- MULTI_ROLE is set ----
97 // +-------+-------+---------+
98 // | |Roles |No Roles |
99 // +-------+-------+---------+
100 // |Role | Error | Error |
101 // +-------+-------+---------+
102 // |No Role| None | None |
103 // +-------+-------+---------+
104 Option<Error> validateRoles(const mesos::FrameworkInfo& frameworkInfo);
105 
106 Option<Error> validateFrameworkId(const mesos::FrameworkInfo& frameworkInfo);
107 
108 } // namespace internal {
109 
110 // Validate a FrameworkInfo.
111 //
112 // TODO(jay_guo): This currently only validates
113 // the role(s), validate more fields!
114 Option<Error> validate(const mesos::FrameworkInfo& frameworkInfo);
115 
116 } // namespace framework {
117 
118 
119 namespace scheduler {
120 namespace call {
121 
122 // Validates that a scheduler::Call is well-formed.
123 // TODO(bmahler): Add unit tests.
125  const mesos::scheduler::Call& call,
127 
128 } // namespace call {
129 } // namespace scheduler {
130 
131 
132 namespace resource {
133 
134 // Functions in this namespace are only exposed for testing.
135 namespace internal {
136 
138  const google::protobuf::RepeatedPtrField<Resource>& resources);
139 
140 } // namespace internal {
141 
142 // Validates resources specified by frameworks.
143 // NOTE: We cannot take 'Resources' here because invalid resources are
144 // silently ignored within its constructor.
146  const google::protobuf::RepeatedPtrField<Resource>& resources);
147 
148 } // namespace resource {
149 
150 
151 namespace executor {
152 
153 // Functions in this namespace are only exposed for testing.
154 namespace internal {
155 
156 Option<Error> validateExecutorID(const ExecutorInfo& executor);
157 
158 // Validates that fields are properly set depending on the type of the executor.
159 Option<Error> validateType(const ExecutorInfo& executor);
160 
161 // Validates resources of the executor.
162 Option<Error> validateResources(const ExecutorInfo& executor);
163 
164 } // namespace internal {
165 
166 Option<Error> validate(const ExecutorInfo& executor);
167 
168 } // namespace executor {
169 
170 
171 namespace task {
172 
173 // Validates a task that a framework attempts to launch within the
174 // offered resources. Returns an optional error which will cause the
175 // master to send a `TASK_ERROR` status update back to the framework.
176 //
177 // NOTE: This function must be called sequentially for each task, and
178 // each task needs to be launched before the next can be validated.
180  const TaskInfo& task,
181  Framework* framework,
182  Slave* slave,
183  const Resources& offered);
184 
185 
186 // Functions in this namespace are only exposed for testing.
187 namespace internal {
188 
189 // Validates resources of the task.
190 Option<Error> validateResources(const TaskInfo& task);
191 
192 // Validates resources of the task and its executor.
193 Option<Error> validateTaskAndExecutorResources(const TaskInfo& task);
194 
195 // Validates the kill policy of the task.
196 Option<Error> validateKillPolicy(const TaskInfo& task);
197 
198 // Validates `max_completion_time` of the task.
199 Option<Error> validateMaxCompletionTime(const TaskInfo& task);
200 
201 // Validates the check of the task.
202 Option<Error> validateCheck(const TaskInfo& task);
203 
204 // Validates the health check of the task.
205 Option<Error> validateHealthCheck(const TaskInfo& task);
206 
207 } // namespace internal {
208 
209 namespace group {
210 
211 // Validates a task group that a framework attempts to launch within the
212 // offered resources. Returns an optional error which will cause the
213 // master to send a `TASK_ERROR` status updates for *all* the tasks in
214 // the task group back to the framework.
215 //
216 // NOTE: Validation error of *any* task will cause all the tasks in the task
217 // group to be rejected by the master.
219  const TaskGroupInfo& taskGroup,
220  const ExecutorInfo& executor,
221  Framework* framework,
222  Slave* slave,
223  const Resources& offered);
224 
225 
226 // Functions in this namespace are only exposed for testing.
227 namespace internal {
228 
229 // Validates that the resources specified by
230 // the task group and its executor are valid.
231 //
232 // TODO(vinod): Consolidate this with `validateTaskAndExecutorResources()`.
234  const TaskGroupInfo& taskGroup,
235  const ExecutorInfo& executor);
236 
237 } // namespace internal {
238 
239 } // namespace group {
240 
241 } // namespace task {
242 
243 
244 namespace offer {
245 
246 // NOTE: These two functions are placed in the header file because we
247 // need to declare them as friends of Master.
248 Offer* getOffer(Master* master, const OfferID& offerId);
249 InverseOffer* getInverseOffer(Master* master, const OfferID& offerId);
250 Slave* getSlave(Master* master, const SlaveID& slaveId);
251 
252 
253 // Validates the given offers.
255  const google::protobuf::RepeatedPtrField<OfferID>& offerIds,
256  Master* master,
257  Framework* framework);
258 
259 
260 // Validates the given inverse offers.
262  const google::protobuf::RepeatedPtrField<OfferID>& offerIds,
263  Master* master,
264  Framework* framework);
265 
266 } // namespace offer {
267 
268 
269 namespace operation {
270 
271 // Validates the RESERVE operation.
273  const Offer::Operation::Reserve& reserve,
275  const protobuf::slave::Capabilities& agentCapabilities,
276  const Option<FrameworkInfo>& frameworkInfo = None());
277 
278 
279 // Validates the UNRESERVE operation.
281  const Offer::Operation::Unreserve& unreserve,
282  const Option<FrameworkInfo>& frameworkInfo = None());
283 
284 
285 // Validates the CREATE operation. We need slave's checkpointed resources so
286 // that we can validate persistence ID uniqueness, and we need the principal to
287 // verify that it's equal to the one in `DiskInfo.Persistence.principal`.
288 // We need the FrameworkInfo (unless the operation is requested by the
289 // operator) to ensure shared volumes are created by frameworks with the
290 // appropriate capability.
292  const Offer::Operation::Create& create,
293  const Resources& checkpointedResources,
295  const protobuf::slave::Capabilities& agentCapabilities,
296  const Option<FrameworkInfo>& frameworkInfo = None());
297 
298 
299 // Validates the DESTROY operation. We need slave's checkpointed
300 // resources to validate that the volumes to destroy actually exist.
301 // We also check that the volumes are not being used, or not assigned
302 // to any pending task.
304  const Offer::Operation::Destroy& destroy,
305  const Resources& checkpointedResources,
306  const hashmap<FrameworkID, Resources>& usedResources,
307  const hashmap<FrameworkID, hashmap<TaskID, TaskInfo>>& pendingTasks,
308  const Option<FrameworkInfo>& frameworkInfo = None());
309 
310 
312  const Offer::Operation::GrowVolume& growVolume,
313  const protobuf::slave::Capabilities& agentCapabilities);
314 
315 
317  const Offer::Operation::ShrinkVolume& shrinkVolume,
318  const protobuf::slave::Capabilities& agentCapabilities);
319 
320 
321 Option<Error> validate(const Offer::Operation::CreateDisk& createDisk);
322 
323 
324 Option<Error> validate(const Offer::Operation::DestroyDisk& destroyDisk);
325 
326 } // namespace operation {
327 
328 } // namespace validation {
329 } // namespace master {
330 } // namespace internal {
331 } // namespace mesos {
332 
333 #endif // __MASTER_VALIDATION_HPP__
Option< Error > validateExecutorID(const ExecutorInfo &executor)
Option< Error > validateFrameworkId(const mesos::FrameworkInfo &frameworkInfo)
Definition: master.hpp:27
Option< Error > validateMaxCompletionTime(const TaskInfo &task)
Definition: protobuf_utils.hpp:263
InverseOffer * getInverseOffer(Master *master, const OfferID &offerId)
mesos::v1::scheduler::Call Call
Definition: mesos.hpp:2641
Definition: resources.hpp:83
Slave * getSlave(Master *master, const SlaveID &slaveId)
Option< Error > validateResources(const TaskInfo &task)
Option< Error > reregisterSlave(const ReregisterSlaveMessage &message)
Definition: hashmap.hpp:38
Option< Error > validateInverseOffers(const google::protobuf::RepeatedPtrField< OfferID > &offerIds, Master *master, Framework *framework)
Option< Error > validateKillPolicy(const TaskInfo &task)
Option< Error > validateRoles(const mesos::FrameworkInfo &frameworkInfo)
Definition: spec.hpp:26
Option< Error > validateType(const ExecutorInfo &executor)
process::Future< Nothing > destroy(const std::string &hierarchy, const std::string &cgroup="/")
Option< Error > validateTaskGroupAndExecutorResources(const TaskGroupInfo &taskGroup, const ExecutorInfo &executor)
Option< Error > validateCheck(const TaskInfo &task)
Definition: grp.hpp:26
Definition: none.hpp:27
Definition: attributes.hpp:24
Option< Error > validateHealthCheck(const TaskInfo &task)
Definition: master.hpp:118
Option< Error > validate(const mesos::master::Call &call)
Option< Error > validateTaskAndExecutorResources(const TaskInfo &task)
Offer * getOffer(Master *master, const OfferID &offerId)
Option< Error > validateSingleResourceProvider(const google::protobuf::RepeatedPtrField< Resource > &resources)
Try< Nothing > create(const std::string &hierarchy, const std::string &cgroup, bool recursive=false)
Definition: master.hpp:2267
Definition: master.hpp:332
Option< Error > registerSlave(const RegisterSlaveMessage &message)