Merge pull request #1758 from HubSpot/master_auth

Enable framework auth over http api

Docs/reference/configuration.md

@@ -162,14 +162,15 @@ These settings should live under the "mesos" field inside the root configuration
 #### Framework ####
 | Parameter | Default | Description | Type |
 |-----------|---------|-------------|------|
-| master | null | A comma separated list of mesos master `host:port` | string |
-| frameworkName | null | | string |
-| frameworkId | null | | string |
+| master | null | A comma separated list of mesos master `host:port` | String |
+| mesosUsername | | Username to authenticate with the mesos master when using basic auth | String |
+| mesosPassword | | Password to authenticate with the mesos master when using basic auth | String |
+| frameworkName | null | | String |
+| frameworkId | null | | String |
 | frameworkFailoverTimeout | 0.0 | | double |
 | frameworkRole | null | Specify framework's desired role when Singularity registers with the master | String |
 | checkpoint | true | | boolean |
-| credentialPrincipal | | Enable framework auth by setting both this and credentialSecret | String |
-| credentialSecret | | Enable framework auth by setting both this and credentialPrincipal | String |
+| credentialPrincipal | | Used to enable authorization based on the authenticated principal | String |
 
 #### Resource Limits ####
 | Parameter | Default | Description | Type |

SingularityService/src/main/java/com/hubspot/singularity/config/MesosConfiguration.java

@@ -13,6 +13,8 @@ public class MesosConfiguration {
   @NotNull
   private String master;
   @NotNull
+  private String masterProtocol = "http";
+  @NotNull
   private String frameworkName;
   @NotNull
   private String frameworkId;
@@ -51,7 +53,8 @@ public class MesosConfiguration {
   private int maxDiskMbPerRequest = 3000000;
 
   private Optional<String> credentialPrincipal = Optional.absent();
-  private Optional<String> credentialSecret = Optional.absent();
+  private Optional<String> mesosUsername = Optional.absent();
+  private Optional<String> mesosPassword = Optional.absent();
 
   private long rxEventBufferSize = 10000;
   private int statusUpdateConcurrencyLimit = 500;
@@ -140,6 +143,14 @@ public String getMaster() {
     return master;
   }
 
+  public String getMasterProtocol() {
+    return masterProtocol;
+  }
+
+  public void setMasterProtocol(String masterProtocol) {
+    this.masterProtocol = masterProtocol;
+  }
+
   public String getFrameworkId() {
     return frameworkId;
   }
@@ -224,12 +235,20 @@ public void setCredentialPrincipal(Optional<String> credentialPrincipal) {
     this.credentialPrincipal = credentialPrincipal;
   }
 
-  public Optional<String> getCredentialSecret() {
-    return credentialSecret;
+  public Optional<String> getMesosUsername() {
+    return mesosUsername;
+  }
+
+  public void setMesosUsername(Optional<String> mesosUsername) {
+    this.mesosUsername = mesosUsername;
+  }
+
+  public Optional<String> getMesosPassword() {
+    return mesosPassword;
   }
 
-  public void setCredentialSecret(Optional<String> credentialSecret) {
-    this.credentialSecret = credentialSecret;
+  public void setMesosPassword(Optional<String> mesosPassword) {
+    this.mesosPassword = mesosPassword;
   }
 
   public int getDefaultDisk() {

SingularityService/src/main/java/com/hubspot/singularity/mesos/SingularityMesosSchedulerClient.java

@@ -119,6 +119,10 @@ private FrameworkInfo buildFrameworkInfo() {
         .setId(FrameworkID.newBuilder().setValue(mesosConfiguration.getFrameworkId()))
         .setUser(mesosConfiguration.getFrameworkUser()); // https://issues.apache.org/jira/browse/MESOS-3747
 
+    if (configuration.getMesosConfiguration().getCredentialPrincipal().isPresent()) {
+      frameworkInfoBuilder.setPrincipal(configuration.getMesosConfiguration().getCredentialPrincipal().get());
+    }
+
     if (configuration.getHostname().isPresent()) {
       frameworkInfoBuilder.setHostname(configuration.getHostname().get());
     }

SingularityService/src/main/java/com/hubspot/singularity/mesos/SingularityMesosSchedulerImpl.java

@@ -50,6 +50,7 @@
 import com.hubspot.singularity.SingularityTaskDestroyFrameworkMessage;
 import com.hubspot.singularity.SingularityTaskId;
 import com.hubspot.singularity.TaskCleanupType;
+import com.hubspot.singularity.config.MesosConfiguration;
 import com.hubspot.singularity.config.SingularityConfiguration;
 import com.hubspot.singularity.data.DisasterManager;
 import com.hubspot.singularity.data.TaskManager;
@@ -67,7 +68,8 @@
 public class SingularityMesosSchedulerImpl extends SingularityMesosScheduler {
 
   private static final Logger LOG = LoggerFactory.getLogger(SingularityMesosScheduler.class);
-  private static final String SCHEDULER_API_URL_FORMAT = "http://%s/api/v1/scheduler";
+  private static final String SCHEDULER_API_URL_FORMAT = "%s://%s/api/v1/scheduler";
+  private static final String SCHEDULER_API_URL_CREDENTIALS_FORMAT = "%s://%s:%s@%s/api/v1/scheduler";
 
   private final SingularityExceptionNotifier exceptionNotifier;
 
@@ -362,9 +364,16 @@ public long getEventBufferSize() {
   }
 
   public void start() throws Exception {
+    MesosConfiguration mesosConfiguration = configuration.getMesosConfiguration();
     // If more than one host is provided choose at random, we will be redirected if the host is not the master
-    List<String> masters = Arrays.asList(configuration.getMesosConfiguration().getMaster().split(","));
-    String masterUrl = String.format(SCHEDULER_API_URL_FORMAT, masters.get(new Random().nextInt(masters.size())));
+    List<String> masters = Arrays.asList(mesosConfiguration.getMaster().split(","));
+    String masterUrl;
+    if (mesosConfiguration.getMesosUsername().isPresent() && mesosConfiguration.getMesosPassword().isPresent()) {
+      masterUrl = String.format(SCHEDULER_API_URL_CREDENTIALS_FORMAT, mesosConfiguration.getMasterProtocol(), mesosConfiguration.getMesosUsername().get(),
+          mesosConfiguration.getMesosPassword().get(), masters.get(new Random().nextInt(masters.size())));
+    } else {
+      masterUrl = String.format(SCHEDULER_API_URL_FORMAT, mesosConfiguration.getMasterProtocol(), masters.get(new Random().nextInt(masters.size())));
+    }
     mesosSchedulerClient.subscribe(masterUrl, this);
   }