mesos-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From g...@apache.org
Subject [mesos] branch master updated: Fixed a bug in CSI server initialization.
Date Tue, 25 Aug 2020 01:02:21 GMT
This is an automated email from the ASF dual-hosted git repository.

grag pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/mesos.git


The following commit(s) were added to refs/heads/master by this push:
     new 22ecccc  Fixed a bug in CSI server initialization.
22ecccc is described below

commit 22ecccc50813597edd2cbb0304823ca56e5f2d25
Author: Greg Mann <greg@mesosphere.io>
AuthorDate: Mon Aug 24 17:51:17 2020 -0700

    Fixed a bug in CSI server initialization.
    
    Previously, the CSI server would initialize the service
    managers before the auth token was generated, meaning
    that requests made by the service managers to an agent
    which requires HTTP authentication would fail.
    
    This patch changes the order of initialization so that
    the service managers will be initialized with a valid
    auth token when necessary.
    
    Review: https://reviews.apache.org/r/72799/
---
 src/slave/csi_server.cpp | 71 ++++++++++++++++++++++++++----------------------
 1 file changed, 39 insertions(+), 32 deletions(-)

diff --git a/src/slave/csi_server.cpp b/src/slave/csi_server.cpp
index 0ffe020..3f29a81 100644
--- a/src/slave/csi_server.cpp
+++ b/src/slave/csi_server.cpp
@@ -311,44 +311,51 @@ Future<Nothing> CSIServerProcess::start(const SlaveID& _agentId)
 
   agentId = _agentId;
 
-  // Load all CSI plugin configurations found.
-  Try<Nothing> init = initializePlugin();
-  if (init.isError()) {
-    return Failure(
-        "CSI server failed to initialize CSI plugins: " + init.error());
-  }
-
-  if (!secretGenerator) {
-    return Nothing();
+  Future<Nothing> result = Nothing();
+
+  if (secretGenerator) {
+    // The contents of this principal are arbitrary. We choose to avoid a
+    // principal with a 'value' string so that we do not unintentionally collide
+    // with another real principal with restricted permissions.
+    Principal principal(Option<string>::none(), {{"key", "csi-server"}});
+
+    result = secretGenerator->generate(principal)
+      .then(defer(self(), [=](const Secret& secret) -> Future<Nothing> {
+        Option<Error> error = common::validation::validateSecret(secret);
+        if (error.isSome()) {
+          return Failure(
+              "CSI server failed to validate generated secret: " +
+              error->message);
+        }
+
+        if (secret.type() != Secret::VALUE) {
+          return Failure(
+              "CSI server expecting generated secret to be of VALUE type "
+              "instead of " + stringify(secret.type()) + " type; " +
+              "only VALUE type secrets are supported at this time");
+        }
+
+        CHECK(secret.has_value());
+
+        authToken = secret.value().data();
+
+        return Nothing();
+    }));
   }
 
-  // The contents of this principal are arbitrary. We choose to avoid a
-  // principal with a 'value' string so that we do not unintentionally collide
-  // with another real principal with restricted permissions.
-  Principal principal(Option<string>::none(), {{"key", "csi-server"}});
-
-  return secretGenerator->generate(principal)
-    .then([=](const Secret& secret) -> Future<Nothing> {
-      Option<Error> error = common::validation::validateSecret(secret);
-      if (error.isSome()) {
+  return result
+    .then(defer(self(), [=]() -> Future<Nothing> {
+      // Load all CSI plugin configurations found.
+      // NOTE: `initializePlugin()` requires that the `authToken` has already
+      // been set, so the order of these continuations matters.
+      Try<Nothing> init = initializePlugin();
+      if (init.isError()) {
         return Failure(
-            "CSI server failed to validate generated secret: " +
-            error->message);
+            "CSI server failed to initialize CSI plugins: " + init.error());
       }
 
-      if (secret.type() != Secret::VALUE) {
-        return Failure(
-            "CSI server expecting generated secret to be of VALUE type "
-            "instead of " + stringify(secret.type()) + " type; " +
-            "only VALUE type secrets are supported at this time");
-      }
-
-      CHECK(secret.has_value());
-
-      authToken = secret.value().data();
-
       return Nothing();
-  });
+    }));
 }
 
 


Mime
View raw message