// This test verifies that an unauthorized task launch is rejected.
TEST_F(MasterAuthorizationTest, UnauthorizedTask)
{
// Setup ACLs so that no framework can launch as "foo".
ACLs acls;
mesos::ACL::RunTasks* acl = acls.add_run_tasks();
acl->mutable_principals()->set_type(mesos::ACL::Entity::NONE);
acl->mutable_users()->add_values("foo");
master::Flags flags = CreateMasterFlags();
flags.acls = acls;
Try<PID<Master> > master = StartMaster(flags);
ASSERT_SOME(master);
// Create an unauthorized executor.
ExecutorInfo executor; // Bug in gcc 4.1.*, must assign on next line.
executor = CREATE_EXECUTOR_INFO("test-executor", "exit 1");
executor.mutable_command()->set_user("foo");
MockExecutor exec(executor.executor_id());
Try<PID<Slave> > slave = StartSlave(&exec);
ASSERT_SOME(slave);
MockScheduler sched;
MesosSchedulerDriver driver(
&sched, DEFAULT_FRAMEWORK_INFO, master.get(), DEFAULT_CREDENTIAL);
EXPECT_CALL(sched, registered(&driver, _, _))
.Times(1);
Future<vector<Offer> > offers;
EXPECT_CALL(sched, resourceOffers(&driver, _))
.WillOnce(FutureArg<1>(&offers))
.WillRepeatedly(Return()); // Ignore subsequent offers.
driver.start();
AWAIT_READY(offers);
EXPECT_NE(0u, offers.get().size());
// Create an unauthorized task.
TaskInfo task;
task.set_name("test");
task.mutable_task_id()->set_value("1");
task.mutable_slave_id()->MergeFrom(offers.get()[0].slave_id());
task.mutable_resources()->MergeFrom(offers.get()[0].resources());
task.mutable_executor()->MergeFrom(executor);
vector<TaskInfo> tasks;
tasks.push_back(task);
Future<TaskStatus> status;
EXPECT_CALL(sched, statusUpdate(&driver, _))
.WillOnce(FutureArg<1>(&status));
driver.launchTasks(offers.get()[0].id(), tasks);
AWAIT_READY(status);
EXPECT_EQ(TASK_LOST, status.get().state());
driver.stop();
driver.join();
Shutdown(); // Must shutdown before 'containerizer' gets deallocated.
}
int main(int argc, char** argv)
{
if (argc != 3) {
std::cerr << "Usage: " << argv[0]
<< " <master> <balloon limit in MB>" << std::endl;
return -1;
}
// Verify the balloon limit.
Try<size_t> limit = numify<size_t>(argv[2]);
if (limit.isError()) {
std::cerr << "Balloon limit is not a valid number" << std::endl;
return -1;
}
if (limit.get() < EXECUTOR_MEMORY_MB) {
std::cerr << "Please use a balloon limit bigger than "
<< EXECUTOR_MEMORY_MB << " MB" << std::endl;
}
// Find this executable's directory to locate executor.
string uri;
Option<string> value = os::getenv("MESOS_BUILD_DIR");
if (value.isSome()) {
uri = path::join(value.get(), "src", "balloon-executor");
} else {
uri = path::join(
os::realpath(Path(argv[0]).dirname()).get(),
"balloon-executor");
}
ExecutorInfo executor;
executor.mutable_executor_id()->set_value("default");
executor.mutable_command()->set_value(uri);
executor.set_name("Balloon Executor");
executor.set_source("balloon_test");
Resource* mem = executor.add_resources();
mem->set_name("mem");
mem->set_type(Value::SCALAR);
mem->mutable_scalar()->set_value(EXECUTOR_MEMORY_MB);
BalloonScheduler scheduler(executor, limit.get());
FrameworkInfo framework;
framework.set_user(""); // Have Mesos fill in the current user.
framework.set_name("Balloon Framework (C++)");
value = os::getenv("MESOS_CHECKPOINT");
if (value.isSome()) {
framework.set_checkpoint(
numify<bool>(value.get()).get());
}
MesosSchedulerDriver* driver;
value = os::getenv("MESOS_AUTHENTICATE");
if (value.isSome()) {
cout << "Enabling authentication for the framework" << endl;
value = os::getenv("DEFAULT_PRINCIPAL");
if (value.isNone()) {
EXIT(EXIT_FAILURE)
<< "Expecting authentication principal in the environment";
}
Credential credential;
credential.set_principal(value.get());
framework.set_principal(value.get());
value = os::getenv("DEFAULT_SECRET");
if (value.isNone()) {
EXIT(EXIT_FAILURE)
<< "Expecting authentication secret in the environment";
}
credential.set_secret(value.get());
driver = new MesosSchedulerDriver(
&scheduler, framework, argv[1], credential);
} else {
framework.set_principal("balloon-framework-cpp");
driver = new MesosSchedulerDriver(
&scheduler, framework, argv[1]);
}
int status = driver->run() == DRIVER_STOPPED ? 0 : 1;
// Ensure that the driver process terminates.
driver->stop();
delete driver;
return status;
}