This is an automated email from the ASF dual-hosted git repository.
asekretenko pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/mesos.git
commit 4d9013ddca1b08b2069141eb83365a6eabdf2b5c
Author: Andrei Sekretenko <asekrete...@apache.org>
AuthorDate: Fri Feb 21 11:40:59 2020 +0100
Added test for removal of ObjectApprovers of disconnected framework.
As per MESOS-10056, authorizer is now responsible for keeping
`ObjectApprover`s valid throughout their lifetime, which might be quite
expensive for custom authorizer implementations that get permissions
from an external IAM.
This test makes sure that ObjectApprovers of a disconnected framework
are removed.
Review: https://reviews.apache.org/r/72170
---
src/tests/master_authorization_tests.cpp | 51 ++++++++++++++++++++++++++++++++
1 file changed, 51 insertions(+)
diff --git a/src/tests/master_authorization_tests.cpp
b/src/tests/master_authorization_tests.cpp
index 2d8fa7c..76f884f 100644
--- a/src/tests/master_authorization_tests.cpp
+++ b/src/tests/master_authorization_tests.cpp
@@ -70,6 +70,7 @@
namespace http = process::http;
using std::shared_ptr;
+using std::weak_ptr;
using google::protobuf::RepeatedPtrField;
@@ -107,6 +108,7 @@ using testing::DoAll;
using testing::Eq;
using testing::Ne;
using testing::Invoke;
+using testing::InvokeWithoutArgs;
using testing::Return;
using testing::Truly;
@@ -471,6 +473,55 @@ static shared_ptr<const ObjectApprover>
getAcceptingObjectApprover()
return std::make_shared<AcceptingObjectApprover>();
}
+
+// This test verifies that disconnected frameworks do not own
+// `ObjectApprover`s.
+TEST_F(MasterAuthorizationTest, ObjectApproversDeletedOnDisconnection)
+{
+ shared_ptr<const ObjectApprover> approver = getAcceptingObjectApprover();
+
+ MockAuthorizer authorizer;
+ const weak_ptr<const ObjectApprover> weakApprover {approver};
+
+ EXPECT_CALL(authorizer, getApprover(_, _))
+ .WillRepeatedly(InvokeWithoutArgs([weakApprover]() {
+ auto approver = weakApprover.lock();
+ CHECK(approver);
+ return approver;
+ }));
+
+ const Try<Owned<cluster::Master>> master = StartMaster(&authorizer);
+ ASSERT_SOME(master);
+
+ FrameworkInfo frameworkInfo = DEFAULT_FRAMEWORK_INFO;
+ frameworkInfo.set_failover_timeout(Weeks(2).secs());
+
+ MockScheduler sched;
+ MesosSchedulerDriver driver(
+ &sched, frameworkInfo, master.get()->pid, DEFAULT_CREDENTIAL);
+
+ Future<Nothing> registered;
+ EXPECT_CALL(sched, registered(&driver, _, _))
+ .WillOnce(FutureSatisfy(®istered));
+
+ driver.start();
+
+ AWAIT_READY(registered);
+
+ // Disconnect framework but do not tear it down.
+ driver.stop(true);
+ driver.join();
+
+ Clock::pause();
+ Clock::settle();
+
+ // Make sure that the test itself doesn't store approver anymore.
+ approver.reset();
+
+ ASSERT_TRUE(weakApprover.expired());
+}
+
+
// This test verifies that an authentication request that comes from
// the same instance of the framework (e.g., ZK blip) before
// 'Master::_registerFramework()' from an earlier attempt, causes the
