You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@mesos.apache.org by ch...@apache.org on 2018/09/04 17:47:41 UTC
[mesos] 01/04: Implicitly authorized `VIEW_STANDALONE_CONTAINER`
for SLRPs.
This is an automated email from the ASF dual-hosted git repository.
chhsiao pushed a commit to branch 1.7.x
in repository https://gitbox.apache.org/repos/asf/mesos.git
commit 2058ae47c172a89beed541f956c4ec4911449bb1
Author: Chun-Hung Hsiao <ch...@mesosphere.io>
AuthorDate: Mon Sep 3 14:52:10 2018 -0700
Implicitly authorized `VIEW_STANDALONE_CONTAINER` for SLRPs.
Review: https://reviews.apache.org/r/68614
---
src/authorizer/local/authorizer.cpp | 6 ++++--
src/slave/http.cpp | 2 +-
2 files changed, 5 insertions(+), 3 deletions(-)
diff --git a/src/authorizer/local/authorizer.cpp b/src/authorizer/local/authorizer.cpp
index f99b88e..baf0e8d 100644
--- a/src/authorizer/local/authorizer.cpp
+++ b/src/authorizer/local/authorizer.cpp
@@ -1086,7 +1086,8 @@ public:
(action == authorization::LAUNCH_STANDALONE_CONTAINER ||
action == authorization::WAIT_STANDALONE_CONTAINER ||
action == authorization::KILL_STANDALONE_CONTAINER ||
- action == authorization::REMOVE_STANDALONE_CONTAINER));
+ action == authorization::REMOVE_STANDALONE_CONTAINER ||
+ action == authorization::VIEW_STANDALONE_CONTAINER));
Option<string> subjectPrefix;
foreach (const Label& claim, subject->claims().labels()) {
@@ -1133,7 +1134,8 @@ public:
if (action == authorization::LAUNCH_STANDALONE_CONTAINER ||
action == authorization::WAIT_STANDALONE_CONTAINER ||
action == authorization::KILL_STANDALONE_CONTAINER ||
- action == authorization::REMOVE_STANDALONE_CONTAINER) {
+ action == authorization::REMOVE_STANDALONE_CONTAINER ||
+ action == authorization::VIEW_STANDALONE_CONTAINER) {
return getImplicitResourceProviderObjectApprover(subject, action);
}
}
diff --git a/src/slave/http.cpp b/src/slave/http.cpp
index 1b6d266..0d253f0 100644
--- a/src/slave/http.cpp
+++ b/src/slave/http.cpp
@@ -2239,7 +2239,7 @@ Future<JSON::Array> Http::__containers(
}
if (isRootContainerStandalone &&
- !approvers->approved<VIEW_STANDALONE_CONTAINER>()) {
+ !approvers->approved<VIEW_STANDALONE_CONTAINER>(rootContainerId)) {
continue;
}