You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@mesos.apache.org by ch...@apache.org on 2018/09/04 17:43:48 UTC

[mesos] 02/05: Implicitly authorized `VIEW_STANDALONE_CONTAINER` for SLRPs.

This is an automated email from the ASF dual-hosted git repository.

chhsiao pushed a commit to branch slrp
in repository https://gitbox.apache.org/repos/asf/mesos.git

commit be6809a6fb440b3573328e93badee78b7db64848
Author: Chun-Hung Hsiao <ch...@mesosphere.io>
AuthorDate: Mon Sep 3 14:52:10 2018 -0700

    Implicitly authorized `VIEW_STANDALONE_CONTAINER` for SLRPs.
    
    Review: https://reviews.apache.org/r/68614
---
 src/authorizer/local/authorizer.cpp | 6 ++++--
 src/slave/http.cpp                  | 2 +-
 2 files changed, 5 insertions(+), 3 deletions(-)

diff --git a/src/authorizer/local/authorizer.cpp b/src/authorizer/local/authorizer.cpp
index 3ab1b3b..83944b9 100644
--- a/src/authorizer/local/authorizer.cpp
+++ b/src/authorizer/local/authorizer.cpp
@@ -1089,7 +1089,8 @@ public:
           (action == authorization::LAUNCH_STANDALONE_CONTAINER ||
            action == authorization::WAIT_STANDALONE_CONTAINER ||
            action == authorization::KILL_STANDALONE_CONTAINER ||
-           action == authorization::REMOVE_STANDALONE_CONTAINER));
+           action == authorization::REMOVE_STANDALONE_CONTAINER ||
+           action == authorization::VIEW_STANDALONE_CONTAINER));
 
     Option<string> subjectPrefix;
     foreach (const Label& claim, subject->claims().labels()) {
@@ -1136,7 +1137,8 @@ public:
       if (action == authorization::LAUNCH_STANDALONE_CONTAINER ||
           action == authorization::WAIT_STANDALONE_CONTAINER ||
           action == authorization::KILL_STANDALONE_CONTAINER ||
-          action == authorization::REMOVE_STANDALONE_CONTAINER) {
+          action == authorization::REMOVE_STANDALONE_CONTAINER ||
+          action == authorization::VIEW_STANDALONE_CONTAINER) {
         return getImplicitResourceProviderObjectApprover(subject, action);
       }
     }
diff --git a/src/slave/http.cpp b/src/slave/http.cpp
index d0f6e1c..f8199af 100644
--- a/src/slave/http.cpp
+++ b/src/slave/http.cpp
@@ -2232,7 +2232,7 @@ Future<JSON::Array> Http::__containers(
         }
 
         if (isRootContainerStandalone &&
-            !approvers->approved<VIEW_STANDALONE_CONTAINER>()) {
+            !approvers->approved<VIEW_STANDALONE_CONTAINER>(rootContainerId)) {
           continue;
         }