Apache Mesos
authorizer.hpp
Go to the documentation of this file.
1 // Licensed to the Apache Software Foundation (ASF) under one
2 // or more contributor license agreements. See the NOTICE file
3 // distributed with this work for additional information
4 // regarding copyright ownership. The ASF licenses this file
5 // to you under the Apache License, Version 2.0 (the
6 // "License"); you may not use this file except in compliance
7 // with the License. You may obtain a copy of the License at
8 //
9 // http://www.apache.org/licenses/LICENSE-2.0
10 //
11 // Unless required by applicable law or agreed to in writing, software
12 // distributed under the License is distributed on an "AS IS" BASIS,
13 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14 // See the License for the specific language governing permissions and
15 // limitations under the License.
16 
17 #ifndef __MESOS_AUTHORIZER_AUTHORIZER_HPP__
18 #define __MESOS_AUTHORIZER_AUTHORIZER_HPP__
19 
20 #include <mesos/mesos.hpp>
21 
22 // ONLY USEFUL AFTER RUNNING PROTOC.
23 #include <mesos/authorizer/authorizer.pb.h>
24 
25 #include <process/future.hpp>
26 
27 #include <stout/nothing.hpp>
28 #include <stout/option.hpp>
29 #include <stout/try.hpp>
30 
31 namespace mesos {
32 
33 class ACLs;
34 
47 class ObjectApprover
48 {
49 public:
50  // This object has a 1:1 relationship with `authorization::Object`.
51  // We need to ensure that the fields in this object are in sync
52  // with the fields in `authorization::Object`.
53  struct Object
54  {
55  Object()
56  : value(nullptr),
57  framework_info(nullptr),
58  task(nullptr),
59  task_info(nullptr),
60  executor_info(nullptr),
61  quota_info(nullptr),
62  weight_info(nullptr),
63  resource(nullptr),
64  command_info(nullptr),
65  container_id(nullptr),
66  machine_id(nullptr) {}
67 
68  Object(const std::string& _value)
69  : value(&_value),
70  framework_info(nullptr),
71  task(nullptr),
72  task_info(nullptr),
73  executor_info(nullptr),
74  quota_info(nullptr),
75  weight_info(nullptr),
76  resource(nullptr),
77  command_info(nullptr),
78  container_id(nullptr),
79  machine_id(nullptr) {}
80 
81  Object(const ContainerID& _container_id)
82  : value(nullptr),
83  framework_info(nullptr),
84  task(nullptr),
85  task_info(nullptr),
86  executor_info(nullptr),
87  quota_info(nullptr),
88  weight_info(nullptr),
89  resource(nullptr),
90  command_info(nullptr),
91  container_id(&_container_id),
92  machine_id(nullptr) {}
93 
94  Object(const MachineID& _machine_id)
95  : value(nullptr),
96  framework_info(nullptr),
97  task(nullptr),
98  task_info(nullptr),
99  executor_info(nullptr),
100  quota_info(nullptr),
101  weight_info(nullptr),
102  resource(nullptr),
103  command_info(nullptr),
104  container_id(nullptr),
105  machine_id(&_machine_id) {}
106 
107  Object(const FrameworkInfo& _framework_info)
108  : value(nullptr),
109  framework_info(&_framework_info),
110  task(nullptr),
111  task_info(nullptr),
112  executor_info(nullptr),
113  quota_info(nullptr),
114  weight_info(nullptr),
115  resource(nullptr),
116  command_info(nullptr),
117  container_id(nullptr),
118  machine_id(nullptr) {}
119 
120  Object(const ExecutorInfo& _executor_info,
121  const FrameworkInfo& _framework_info)
122  : value(nullptr),
123  framework_info(&_framework_info),
124  task(nullptr),
125  task_info(nullptr),
126  executor_info(&_executor_info),
127  quota_info(nullptr),
128  weight_info(nullptr),
129  resource(nullptr),
130  command_info(nullptr),
131  container_id(nullptr),
132  machine_id(nullptr) {}
133 
134  Object(const TaskInfo& _task_info, const FrameworkInfo& _framework_info)
135  : value(nullptr),
136  framework_info(&_framework_info),
137  task(nullptr),
138  task_info(&_task_info),
139  executor_info(nullptr),
140  quota_info(nullptr),
141  weight_info(nullptr),
142  resource(nullptr),
143  command_info(nullptr),
144  container_id(nullptr),
145  machine_id(nullptr) {}
146 
147  Object(const Task& _task, const FrameworkInfo& _framework_info)
148  : value(nullptr),
149  framework_info(&_framework_info),
150  task(&_task),
151  task_info(nullptr),
152  executor_info(nullptr),
153  quota_info(nullptr),
154  weight_info(nullptr),
155  resource(nullptr),
156  command_info(nullptr),
157  container_id(nullptr),
158  machine_id(nullptr) {}
159 
160  Object(
161  const ExecutorInfo& _executor_info,
162  const FrameworkInfo& _framework_info,
163  const CommandInfo& _command_info,
164  const ContainerID& _container_id)
165  : value(nullptr),
166  framework_info(&_framework_info),
167  task(nullptr),
168  task_info(nullptr),
169  executor_info(&_executor_info),
170  quota_info(nullptr),
171  weight_info(nullptr),
172  resource(nullptr),
173  command_info(&_command_info),
174  container_id(&_container_id),
175  machine_id(nullptr) {}
176 
177  Object(
178  const ExecutorInfo& _executor_info,
179  const FrameworkInfo& _framework_info,
180  const ContainerID& _container_id)
181  : value(nullptr),
182  framework_info(&_framework_info),
183  task(nullptr),
184  task_info(nullptr),
185  executor_info(&_executor_info),
186  quota_info(nullptr),
187  weight_info(nullptr),
188  resource(nullptr),
189  command_info(nullptr),
190  container_id(&_container_id),
191  machine_id(nullptr) {}
192 
193  Object(const authorization::Object& object)
194  : value(object.has_value() ? &object.value() : nullptr),
195  framework_info(
196  object.has_framework_info() ? &object.framework_info() : nullptr),
197  task(object.has_task() ? &object.task() : nullptr),
198  task_info(object.has_task_info() ? &object.task_info() : nullptr),
199  executor_info(
200  object.has_executor_info() ? &object.executor_info() : nullptr),
201  quota_info(object.has_quota_info() ? &object.quota_info() : nullptr),
202  weight_info(object.has_weight_info() ? &object.weight_info() : nullptr),
203  resource(object.has_resource() ? &object.resource() : nullptr),
204  command_info(
205  object.has_command_info() ? &object.command_info() : nullptr),
206  container_id(
207  object.has_container_id() ? &object.container_id() : nullptr),
208  machine_id(object.has_machine_id() ? &object.machine_id() : nullptr) {}
209 
210  const std::string* value;
211  const FrameworkInfo* framework_info;
212  const Task* task;
213  const TaskInfo* task_info;
214  const ExecutorInfo* executor_info;
215  const quota::QuotaInfo* quota_info;
216  const WeightInfo* weight_info;
217  const Resource* resource;
218  const CommandInfo* command_info;
219  const ContainerID* container_id;
220  const MachineID* machine_id;
221  };
222 
246  virtual Try<bool> approved(const Option<Object>& object) const noexcept = 0;
247 
248  virtual ~ObjectApprover() = default;
249 };
250 
251 
268 class Authorizer
269 {
270 public:
282  static Try<Authorizer*> create(const std::string &name);
283 
292  static Try<Authorizer*> create(const ACLs& acls);
293 
294  virtual ~Authorizer() {}
295 
311  virtual process::Future<bool> authorized(
312  const authorization::Request& request) = 0;
313 
333  virtual process::Future<std::shared_ptr<const ObjectApprover>>
334  getApprover(
335  const Option<authorization::Subject>& subject,
336  const authorization::Action& action) = 0;
337 
338 protected:
339  Authorizer() {}
340 };
341 
342 } // namespace mesos {
343 
344 #endif // __MESOS_AUTHORIZER_AUTHORIZER_HPP__
mesos::ObjectApprover::Object::Object
Object(const authorization::Object &object)
Definition: authorizer.hpp:193
mesos::ObjectApprover::Object::value
const std::string * value
Definition: authorizer.hpp:210
mesos::ObjectApprover::Object::machine_id
const MachineID * machine_id
Definition: authorizer.hpp:220
process::http::request
Future< Response > request(const Request &request, bool streamedResponse=false)
Asynchronously sends an HTTP request to the process and returns the HTTP response once the entire res...
mesos::ObjectApprover::Object
Definition: authorizer.hpp:53
Try
Definition: check.hpp:33
mesos::ObjectApprover::Object::Object
Object(const ExecutorInfo &_executor_info, const FrameworkInfo &_framework_info, const CommandInfo &_command_info, const ContainerID &_container_id)
Definition: authorizer.hpp:160
mesos::ObjectApprover::approved
virtual Try< bool > approved(const Option< Object > &object) const noexcept=0
This method returns whether access to the specified object is authorized or not, or Error...
mesos::ObjectApprover::Object::Object
Object(const ExecutorInfo &_executor_info, const FrameworkInfo &_framework_info, const ContainerID &_container_id)
Definition: authorizer.hpp:177
mesos::ObjectApprover::Object::Object
Object(const FrameworkInfo &_framework_info)
Definition: authorizer.hpp:107
mesos::ObjectApprover::Object::resource
const Resource * resource
Definition: authorizer.hpp:217
mesos::ObjectApprover::Object::command_info
const CommandInfo * command_info
Definition: authorizer.hpp:218
mesos::ObjectApprover::~ObjectApprover
virtual ~ObjectApprover()=default
mesos::ObjectApprover::Object::Object
Object(const MachineID &_machine_id)
Definition: authorizer.hpp:94
mesos::ObjectApprover::Object::Object
Object(const std::string &_value)
Definition: authorizer.hpp:68
mesos::Authorizer
This interface is used to enable an identity service or any other back end to check authorization pol...
Definition: authorizer.hpp:268
mesos::ObjectApprover::Object::framework_info
const FrameworkInfo * framework_info
Definition: authorizer.hpp:211
mesos
Definition: agent.hpp:25
mesos::ObjectApprover::Object::Object
Object(const ExecutorInfo &_executor_info, const FrameworkInfo &_framework_info)
Definition: authorizer.hpp:120
mesos::ObjectApprover::Object::Object
Object(const Task &_task, const FrameworkInfo &_framework_info)
Definition: authorizer.hpp:147
mesos::ObjectApprover::Object::Object
Object(const ContainerID &_container_id)
Definition: authorizer.hpp:81
mesos::ObjectApprover::Object::quota_info
const quota::QuotaInfo * quota_info
Definition: authorizer.hpp:215
mesos::ObjectApprover::Object::Object
Object()
Definition: authorizer.hpp:55
mesos::Authorizer::~Authorizer
virtual ~Authorizer()
Definition: authorizer.hpp:294
mesos::ObjectApprover::Object::task
const Task * task
Definition: authorizer.hpp:212
mesos::ObjectApprover::Object::task_info
const TaskInfo * task_info
Definition: authorizer.hpp:213
cgroups::create
Try< Nothing > create(const std::string &hierarchy, const std::string &cgroup, bool recursive=false)
mesos::ObjectApprover
This interface represents a function object returned by the authorizer which can be used locally (and...
Definition: authorizer.hpp:47
mesos::ObjectApprover::Object::Object
Object(const TaskInfo &_task_info, const FrameworkInfo &_framework_info)
Definition: authorizer.hpp:134
mesos::ObjectApprover::Object::container_id
const ContainerID * container_id
Definition: authorizer.hpp:219
mesos::ObjectApprover::Object::weight_info
const WeightInfo * weight_info
Definition: authorizer.hpp:216
os::Shell::name
constexpr const char * name
Definition: shell.hpp:41
mesos::Authorizer::Authorizer
Authorizer()
Definition: authorizer.hpp:339
mesos::ObjectApprover::Object::executor_info
const ExecutorInfo * executor_info
Definition: authorizer.hpp:214
Generated by   doxygen 1.8.11