Apache Mesos
credentials.hpp
Go to the documentation of this file.
1 // Licensed to the Apache Software Foundation (ASF) under one
2 // or more contributor license agreements. See the NOTICE file
3 // distributed with this work for additional information
4 // regarding copyright ownership. The ASF licenses this file
5 // to you under the Apache License, Version 2.0 (the
6 // "License"); you may not use this file except in compliance
7 // with the License. You may obtain a copy of the License at
8 //
9 // http://www.apache.org/licenses/LICENSE-2.0
10 //
11 // Unless required by applicable law or agreed to in writing, software
12 // distributed under the License is distributed on an "AS IS" BASIS,
13 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14 // See the License for the specific language governing permissions and
15 // limitations under the License.
16 
17 #ifndef __CREDENTIALS_HPP__
18 #define __CREDENTIALS_HPP__
19 
20 #include <string>
21 #include <vector>
22 
23 #include <stout/option.hpp>
24 #include <stout/path.hpp>
25 #include <stout/protobuf.hpp>
26 #include <stout/try.hpp>
27 
28 #include <stout/os/permissions.hpp>
29 #include <stout/os/read.hpp>
30 
31 namespace mesos {
32 namespace internal {
33 namespace credentials {
34 
36 {
37  LOG(INFO) << "Loading credentials for authentication from '" << path << "'";
38 
40  if (read.isError()) {
41  return Error("Failed to read credentials file '" + path.string() +
42  "': " + read.error());
43  } else if (read->empty()) {
44  return None();
45  }
46 
48  if (permissions.isError()) {
49  LOG(WARNING) << "Failed to stat credentials file '" << path
50  << "': " << permissions.error();
51  } else if (permissions->others.rwx) {
52  LOG(WARNING) << "Permissions on credentials file '" << path
53  << "' are too open; it is recommended that your"
54  << " credentials file is NOT accessible by others";
55  }
56 
57  Try<JSON::Object> json = JSON::parse<JSON::Object>(read.get());
58  if (json.isError()) {
59  return Error("Invalid json format: " + json.error());
60  }
61 
62  Try<Credentials> credentials = ::protobuf::parse<Credentials>(json.get());
63  if (credentials.isError()) {
64  return Error("Failed to parse credentials: "
65  + credentials.error());
66  }
67  return credentials.get();
68 }
69 
70 
72 {
73  LOG(INFO) << "Loading credential for authentication from '" << path << "'";
74 
76  if (read.isError()) {
77  return Error("Failed to read credential file '" + path.string() +
78  "': " + read.error());
79  } else if (read->empty()) {
80  return None();
81  }
82 
84  if (permissions.isError()) {
85  LOG(WARNING) << "Failed to stat credential file '" << path
86  << "': " << permissions.error();
87  } else if (permissions->others.rwx) {
88  LOG(WARNING) << "Permissions on credential file '" << path
89  << "' are too open; it is recommended that your"
90  << " credential file is NOT accessible by others";
91  }
92 
93  Try<JSON::Object> json = JSON::parse<JSON::Object>(read.get());
94  if (json.isError()) {
95  return Error("Invalid json format: " + json.error());
96  }
97 
98  Try<Credential> credential = ::protobuf::parse<Credential>(json.get());
99  if (credential.isError()) {
100  return Error("Failed to parse credential: "
101  + credential.error());
102  }
103  return credential.get();
104 }
105 
106 } // namespace credentials {
107 } // namespace internal {
108 } // namespace mesos {
109 
110 #endif // __CREDENTIALS_HPP__
Definition: path.hpp:29
Definition: errorbase.hpp:36
T & get()&
Definition: try.hpp:80
Definition: check.hpp:33
Try< Permissions > permissions(const std::string &path)
Definition: permissions.hpp:61
Definition: check.hpp:30
bool rwx
Definition: permissions.hpp:52
void json(JSON::ObjectWriter *writer, const asV1Protobuf &protobuf)
Represents a POSIX or Windows file system path and offers common path manipulations.
Definition: path.hpp:212
Definition: agent.hpp:25
struct os::Permissions::@21 others
static Try error(const E &e)
Definition: try.hpp:43
Result< std::string > read(int_fd fd, size_t size)
Definition: read.hpp:55
Result< Credential > readCredential(const Path &path)
Definition: credentials.hpp:71
Definition: none.hpp:27
Definition: attributes.hpp:24
bool isError() const
Definition: try.hpp:78
Result< Credentials > read(const Path &path)
Definition: credentials.hpp:35
const std::string & string() const
Definition: path.hpp:387