You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@mesos.apache.org by me...@apache.org on 2016/12/14 03:37:23 UTC
[3/4] mesos git commit: Enabled authorization for the GET_FLAGS API
Call.
Enabled authorization for the GET_FLAGS API Call.
Adds the stub which allows for restriction of users when attempting
to access the `GET_FLAGS` API v1 call.
Review: https://reviews.apache.org/r/54661/
Project: http://git-wip-us.apache.org/repos/asf/mesos/repo
Commit: http://git-wip-us.apache.org/repos/asf/mesos/commit/77b66ba1
Tree: http://git-wip-us.apache.org/repos/asf/mesos/tree/77b66ba1
Diff: http://git-wip-us.apache.org/repos/asf/mesos/diff/77b66ba1
Branch: refs/heads/master
Commit: 77b66ba1b4826ce5f84f675ad2363b8bc3b5d73f
Parents: 982abdb
Author: Alexander Rojas <al...@mesosphere.io>
Authored: Tue Dec 13 17:29:13 2016 -0800
Committer: Adam B <ad...@mesosphere.io>
Committed: Tue Dec 13 17:30:26 2016 -0800
----------------------------------------------------------------------
src/slave/http.cpp | 31 +++++++++++++++++++++++++++++--
1 file changed, 29 insertions(+), 2 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/mesos/blob/77b66ba1/src/slave/http.cpp
----------------------------------------------------------------------
diff --git a/src/slave/http.cpp b/src/slave/http.cpp
index 0210379..6784fc5 100644
--- a/src/slave/http.cpp
+++ b/src/slave/http.cpp
@@ -755,9 +755,36 @@ Future<Response> Slave::Http::getFlags(
{
CHECK_EQ(agent::Call::GET_FLAGS, call.type());
- return OK(serialize(acceptType,
- evolve<v1::agent::Response::GET_FLAGS>(_flags())),
+ Future<Owned<ObjectApprover>> approver;
+
+ if (slave->authorizer.isSome()) {
+ authorization::Subject subject;
+ if (principal.isSome()) {
+ subject.set_value(principal.get());
+ }
+
+ approver = slave->authorizer.get()->getObjectApprover(
+ subject, authorization::VIEW_FLAGS);
+ } else {
+ approver = Owned<ObjectApprover>(new AcceptingObjectApprover());
+ }
+
+ return approver.then(defer(slave->self(),
+ [this, acceptType](
+ const Owned<ObjectApprover>& approver) -> Future<Response> {
+ Try<bool> approved = approver->approved(ObjectApprover::Object());
+
+ if (approved.isError()) {
+ return InternalServerError(approved.error());
+ } else if (!approved.get()) {
+ return Forbidden();
+ }
+
+ return OK(
+ serialize(
+ acceptType, evolve<v1::agent::Response::GET_FLAGS>(_flags())),
stringify(acceptType));
+ }));
}