Apache Mesos
validation.hpp
Go to the documentation of this file.
1 // Licensed to the Apache Software Foundation (ASF) under one
2 // or more contributor license agreements. See the NOTICE file
3 // distributed with this work for additional information
4 // regarding copyright ownership. The ASF licenses this file
5 // to you under the Apache License, Version 2.0 (the
6 // "License"); you may not use this file except in compliance
7 // with the License. You may obtain a copy of the License at
8 //
9 // http://www.apache.org/licenses/LICENSE-2.0
10 //
11 // Unless required by applicable law or agreed to in writing, software
12 // distributed under the License is distributed on an "AS IS" BASIS,
13 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14 // See the License for the specific language governing permissions and
15 // limitations under the License.
16 
17 #ifndef __MASTER_VALIDATION_HPP__
18 #define __MASTER_VALIDATION_HPP__
19 
20 #include <vector>
21 
22 #include <google/protobuf/repeated_field.h>
23 
24 #include <mesos/mesos.hpp>
25 #include <mesos/resources.hpp>
26 
28 
29 #include <mesos/master/master.hpp>
30 
32 
33 #include <stout/error.hpp>
34 #include <stout/option.hpp>
35 
37 
38 namespace mesos {
39 namespace internal {
40 namespace master {
41 
42 class Master;
43 
44 struct Framework;
45 struct Slave;
46 
47 namespace validation {
48 
49 namespace master {
50 namespace call {
51 
52 // Validates that a master:Call is well-formed.
53 // TODO(bmahler): Add unit tests.
55  const mesos::master::Call& call,
57 
58 } // namespace call {
59 
60 namespace message {
61 
62 // Validation helpers for internal Mesos protocol messages. This is a
63 // best-effort validation, intended to prevent trivial attacks on the
64 // protocol in deployments where the network between master and agents
65 // is not secured. The longer term remedy for this is to make security
66 // guarantees at the libprocess level that would prevent arbitrary UPID
67 // impersonation (MESOS-7424).
68 
69 Option<Error> registerSlave(const RegisterSlaveMessage& message);
70 Option<Error> reregisterSlave(const ReregisterSlaveMessage& message);
71 
72 } // namespace message {
73 } // namespace master {
74 
75 
76 namespace framework {
77 namespace internal {
78 
79 // Validates the roles in given FrameworkInfo. Role, roles and
80 // MULTI_ROLE should be set according to following matrix. Also,
81 // roles should not contain duplicate entries.
82 //
83 // -- MULTI_ROLE is NOT set --
84 // +-------+-------+---------+
85 // | |Roles |No Roles |
86 // +-------+-------+---------+
87 // |Role | Error | None |
88 // +-------+-------+---------+
89 // |No Role| Error | None |
90 // +-------+-------+---------+
91 //
92 // ---- MULTI_ROLE is set ----
93 // +-------+-------+---------+
94 // | |Roles |No Roles |
95 // +-------+-------+---------+
96 // |Role | Error | Error |
97 // +-------+-------+---------+
98 // |No Role| None | None |
99 // +-------+-------+---------+
100 Option<Error> validateRoles(const mesos::FrameworkInfo& frameworkInfo);
101 
102 } // namespace internal {
103 
104 // Validate a FrameworkInfo.
105 //
106 // TODO(jay_guo): This currently only validates
107 // the role(s), validate more fields!
108 Option<Error> validate(const mesos::FrameworkInfo& frameworkInfo);
109 
110 } // namespace framework {
111 
112 
113 namespace scheduler {
114 namespace call {
115 
116 // Validates that a scheduler::Call is well-formed.
117 // TODO(bmahler): Add unit tests.
119  const mesos::scheduler::Call& call,
121 
122 } // namespace call {
123 } // namespace scheduler {
124 
125 
126 namespace resource {
127 
128 // Functions in this namespace are only exposed for testing.
129 namespace internal {
130 
132  const google::protobuf::RepeatedPtrField<Resource>& resources);
133 
134 } // namespace internal {
135 
136 // Validates resources specified by frameworks.
137 // NOTE: We cannot take 'Resources' here because invalid resources are
138 // silently ignored within its constructor.
140  const google::protobuf::RepeatedPtrField<Resource>& resources);
141 
142 } // namespace resource {
143 
144 
145 namespace executor {
146 
147 // Functions in this namespace are only exposed for testing.
148 namespace internal {
149 
150 Option<Error> validateExecutorID(const ExecutorInfo& executor);
151 
152 // Validates that fields are properly set depending on the type of the executor.
153 Option<Error> validateType(const ExecutorInfo& executor);
154 
155 // Validates resources of the executor.
156 Option<Error> validateResources(const ExecutorInfo& executor);
157 
158 } // namespace internal {
159 
160 Option<Error> validate(const ExecutorInfo& executor);
161 
162 } // namespace executor {
163 
164 
165 namespace task {
166 
167 // Validates a task that a framework attempts to launch within the
168 // offered resources. Returns an optional error which will cause the
169 // master to send a `TASK_ERROR` status update back to the framework.
170 //
171 // NOTE: This function must be called sequentially for each task, and
172 // each task needs to be launched before the next can be validated.
174  const TaskInfo& task,
175  Framework* framework,
176  Slave* slave,
177  const Resources& offered);
178 
179 
180 // Functions in this namespace are only exposed for testing.
181 namespace internal {
182 
183 // Validates resources of the task.
184 Option<Error> validateResources(const TaskInfo& task);
185 
186 // Validates resources of the task and its executor.
187 Option<Error> validateTaskAndExecutorResources(const TaskInfo& task);
188 
189 // Validates the kill policy of the task.
190 Option<Error> validateKillPolicy(const TaskInfo& task);
191 
192 // Validates `max_completion_time` of the task.
193 Option<Error> validateMaxCompletionTime(const TaskInfo& task);
194 
195 // Validates the check of the task.
196 Option<Error> validateCheck(const TaskInfo& task);
197 
198 // Validates the health check of the task.
199 Option<Error> validateHealthCheck(const TaskInfo& task);
200 
201 } // namespace internal {
202 
203 namespace group {
204 
205 // Validates a task group that a framework attempts to launch within the
206 // offered resources. Returns an optional error which will cause the
207 // master to send a `TASK_ERROR` status updates for *all* the tasks in
208 // the task group back to the framework.
209 //
210 // NOTE: Validation error of *any* task will cause all the tasks in the task
211 // group to be rejected by the master.
213  const TaskGroupInfo& taskGroup,
214  const ExecutorInfo& executor,
215  Framework* framework,
216  Slave* slave,
217  const Resources& offered);
218 
219 
220 // Functions in this namespace are only exposed for testing.
221 namespace internal {
222 
223 // Validates that the resources specified by
224 // the task group and its executor are valid.
225 //
226 // TODO(vinod): Consolidate this with `validateTaskAndExecutorResources()`.
228  const TaskGroupInfo& taskGroup,
229  const ExecutorInfo& executor);
230 
231 } // namespace internal {
232 
233 } // namespace group {
234 
235 } // namespace task {
236 
237 
238 namespace offer {
239 
240 // NOTE: These two functions are placed in the header file because we
241 // need to declare them as friends of Master.
242 Offer* getOffer(Master* master, const OfferID& offerId);
243 InverseOffer* getInverseOffer(Master* master, const OfferID& offerId);
244 Slave* getSlave(Master* master, const SlaveID& slaveId);
245 
246 
247 // Validates the given offers.
249  const google::protobuf::RepeatedPtrField<OfferID>& offerIds,
250  Master* master,
251  Framework* framework);
252 
253 
254 // Validates the given inverse offers.
256  const google::protobuf::RepeatedPtrField<OfferID>& offerIds,
257  Master* master,
258  Framework* framework);
259 
260 } // namespace offer {
261 
262 
263 namespace operation {
264 
265 // Validates the RESERVE operation.
267  const Offer::Operation::Reserve& reserve,
269  const protobuf::slave::Capabilities& agentCapabilities,
270  const Option<FrameworkInfo>& frameworkInfo = None());
271 
272 
273 // Validates the UNRESERVE operation.
275  const Offer::Operation::Unreserve& unreserve,
276  const Option<FrameworkInfo>& frameworkInfo = None());
277 
278 
279 // Validates the CREATE operation. We need slave's checkpointed resources so
280 // that we can validate persistence ID uniqueness, and we need the principal to
281 // verify that it's equal to the one in `DiskInfo.Persistence.principal`.
282 // We need the FrameworkInfo (unless the operation is requested by the
283 // operator) to ensure shared volumes are created by frameworks with the
284 // appropriate capability.
286  const Offer::Operation::Create& create,
287  const Resources& checkpointedResources,
289  const protobuf::slave::Capabilities& agentCapabilities,
290  const Option<FrameworkInfo>& frameworkInfo = None());
291 
292 
293 // Validates the DESTROY operation. We need slave's checkpointed
294 // resources to validate that the volumes to destroy actually exist.
295 // We also check that the volumes are not being used, or not assigned
296 // to any pending task.
298  const Offer::Operation::Destroy& destroy,
299  const Resources& checkpointedResources,
300  const hashmap<FrameworkID, Resources>& usedResources,
301  const hashmap<FrameworkID, hashmap<TaskID, TaskInfo>>& pendingTasks,
302  const Option<FrameworkInfo>& frameworkInfo = None());
303 
304 
306  const Offer::Operation::GrowVolume& growVolume,
307  const protobuf::slave::Capabilities& agentCapabilities);
308 
309 
311  const Offer::Operation::ShrinkVolume& shrinkVolume,
312  const protobuf::slave::Capabilities& agentCapabilities);
313 
314 
315 Option<Error> validate(const Offer::Operation::CreateDisk& createDisk);
316 
317 
318 Option<Error> validate(const Offer::Operation::DestroyDisk& destroyDisk);
319 
320 } // namespace operation {
321 
322 } // namespace validation {
323 } // namespace master {
324 } // namespace internal {
325 } // namespace mesos {
326 
327 #endif // __MASTER_VALIDATION_HPP__
Option< Error > validateExecutorID(const ExecutorInfo &executor)
Definition: master.hpp:27
Option< Error > validateMaxCompletionTime(const TaskInfo &task)
Definition: protobuf_utils.hpp:261
InverseOffer * getInverseOffer(Master *master, const OfferID &offerId)
mesos::v1::scheduler::Call Call
Definition: mesos.hpp:2611
Definition: resources.hpp:79
Slave * getSlave(Master *master, const SlaveID &slaveId)
Option< Error > validateResources(const TaskInfo &task)
Option< Error > reregisterSlave(const ReregisterSlaveMessage &message)
Definition: hashmap.hpp:38
Option< Error > validateInverseOffers(const google::protobuf::RepeatedPtrField< OfferID > &offerIds, Master *master, Framework *framework)
Option< Error > validateKillPolicy(const TaskInfo &task)
Option< Error > validateRoles(const mesos::FrameworkInfo &frameworkInfo)
Definition: spec.hpp:30
Option< Error > validateType(const ExecutorInfo &executor)
process::Future< Nothing > destroy(const std::string &hierarchy, const std::string &cgroup="/")
Option< Error > validateTaskGroupAndExecutorResources(const TaskGroupInfo &taskGroup, const ExecutorInfo &executor)
Option< Error > validateCheck(const TaskInfo &task)
Definition: grp.hpp:26
Definition: none.hpp:27
Definition: attributes.hpp:24
Option< Error > validateHealthCheck(const TaskInfo &task)
Definition: master.hpp:117
Option< Error > validate(const mesos::master::Call &call, const Option< process::http::authentication::Principal > &principal=None())
Option< Error > validateTaskAndExecutorResources(const TaskInfo &task)
Offer * getOffer(Master *master, const OfferID &offerId)
Option< Error > validateSingleResourceProvider(const google::protobuf::RepeatedPtrField< Resource > &resources)
Try< Nothing > create(const std::string &hierarchy, const std::string &cgroup, bool recursive=false)
Definition: master.hpp:2257
Definition: master.hpp:426
Option< Error > registerSlave(const RegisterSlaveMessage &message)