This is an automated email from the ASF dual-hosted git repository. grag pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/mesos.git
The following commit(s) were added to refs/heads/master by this push: new 22ecccc Fixed a bug in CSI server initialization. 22ecccc is described below commit 22ecccc50813597edd2cbb0304823ca56e5f2d25 Author: Greg Mann <g...@mesosphere.io> AuthorDate: Mon Aug 24 17:51:17 2020 -0700 Fixed a bug in CSI server initialization. Previously, the CSI server would initialize the service managers before the auth token was generated, meaning that requests made by the service managers to an agent which requires HTTP authentication would fail. This patch changes the order of initialization so that the service managers will be initialized with a valid auth token when necessary. Review: https://reviews.apache.org/r/72799/ --- src/slave/csi_server.cpp | 71 ++++++++++++++++++++++++++---------------------- 1 file changed, 39 insertions(+), 32 deletions(-) diff --git a/src/slave/csi_server.cpp b/src/slave/csi_server.cpp index 0ffe020..3f29a81 100644 --- a/src/slave/csi_server.cpp +++ b/src/slave/csi_server.cpp @@ -311,44 +311,51 @@ Future<Nothing> CSIServerProcess::start(const SlaveID& _agentId) agentId = _agentId; - // Load all CSI plugin configurations found. - Try<Nothing> init = initializePlugin(); - if (init.isError()) { - return Failure( - "CSI server failed to initialize CSI plugins: " + init.error()); - } - - if (!secretGenerator) { - return Nothing(); + Future<Nothing> result = Nothing(); + + if (secretGenerator) { + // The contents of this principal are arbitrary. We choose to avoid a + // principal with a 'value' string so that we do not unintentionally collide + // with another real principal with restricted permissions. + Principal principal(Option<string>::none(), {{"key", "csi-server"}}); + + result = secretGenerator->generate(principal) + .then(defer(self(), [=](const Secret& secret) -> Future<Nothing> { + Option<Error> error = common::validation::validateSecret(secret); + if (error.isSome()) { + return Failure( + "CSI server failed to validate generated secret: " + + error->message); + } + + if (secret.type() != Secret::VALUE) { + return Failure( + "CSI server expecting generated secret to be of VALUE type " + "instead of " + stringify(secret.type()) + " type; " + + "only VALUE type secrets are supported at this time"); + } + + CHECK(secret.has_value()); + + authToken = secret.value().data(); + + return Nothing(); + })); } - // The contents of this principal are arbitrary. We choose to avoid a - // principal with a 'value' string so that we do not unintentionally collide - // with another real principal with restricted permissions. - Principal principal(Option<string>::none(), {{"key", "csi-server"}}); - - return secretGenerator->generate(principal) - .then([=](const Secret& secret) -> Future<Nothing> { - Option<Error> error = common::validation::validateSecret(secret); - if (error.isSome()) { + return result + .then(defer(self(), [=]() -> Future<Nothing> { + // Load all CSI plugin configurations found. + // NOTE: `initializePlugin()` requires that the `authToken` has already + // been set, so the order of these continuations matters. + Try<Nothing> init = initializePlugin(); + if (init.isError()) { return Failure( - "CSI server failed to validate generated secret: " + - error->message); + "CSI server failed to initialize CSI plugins: " + init.error()); } - if (secret.type() != Secret::VALUE) { - return Failure( - "CSI server expecting generated secret to be of VALUE type " - "instead of " + stringify(secret.type()) + " type; " + - "only VALUE type secrets are supported at this time"); - } - - CHECK(secret.has_value()); - - authToken = secret.value().data(); - return Nothing(); - }); + })); }