You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@aurora.apache.org by ma...@apache.org on 2014/10/03 02:04:19 UTC
git commit: Adding authz check into descheduleCronJob RPC.
Repository: incubator-aurora
Updated Branches:
refs/heads/master dcaec498a -> 725f543c9
Adding authz check into descheduleCronJob RPC.
Bugs closed: AURORA-566
Reviewed at https://reviews.apache.org/r/26283/
Project: http://git-wip-us.apache.org/repos/asf/incubator-aurora/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-aurora/commit/725f543c
Tree: http://git-wip-us.apache.org/repos/asf/incubator-aurora/tree/725f543c
Diff: http://git-wip-us.apache.org/repos/asf/incubator-aurora/diff/725f543c
Branch: refs/heads/master
Commit: 725f543c969e5b4b49da9329ae17491211fe1e96
Parents: dcaec49
Author: Maxim Khutornenko <ma...@apache.org>
Authored: Thu Oct 2 17:03:57 2014 -0700
Committer: Maxim Khutornenko <ma...@apache.org>
Committed: Thu Oct 2 17:03:57 2014 -0700
----------------------------------------------------------------------
.../aurora/scheduler/thrift/SchedulerThriftInterface.java | 4 ++++
.../scheduler/thrift/SchedulerThriftInterfaceTest.java | 10 ++++++++++
2 files changed, 14 insertions(+)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/incubator-aurora/blob/725f543c/src/main/java/org/apache/aurora/scheduler/thrift/SchedulerThriftInterface.java
----------------------------------------------------------------------
diff --git a/src/main/java/org/apache/aurora/scheduler/thrift/SchedulerThriftInterface.java b/src/main/java/org/apache/aurora/scheduler/thrift/SchedulerThriftInterface.java
index 23115fb..5dcae4a 100644
--- a/src/main/java/org/apache/aurora/scheduler/thrift/SchedulerThriftInterface.java
+++ b/src/main/java/org/apache/aurora/scheduler/thrift/SchedulerThriftInterface.java
@@ -389,6 +389,8 @@ class SchedulerThriftInterface implements AuroraAdmin.Iface {
SessionKey session) {
try {
+ sessionValidator.checkAuthenticated(session, ImmutableSet.of(mutableJobKey.getRole()));
+
IJobKey jobKey = JobKeys.assertValid(IJobKey.build(mutableJobKey));
lockManager.validateIfLocked(
ILockKey.build(LockKey.job(jobKey.newBuilder())),
@@ -398,6 +400,8 @@ class SchedulerThriftInterface implements AuroraAdmin.Iface {
return invalidResponse("Job " + jobKey + " is not scheduled with cron");
}
return okEmptyResponse();
+ } catch (AuthFailedException e) {
+ return errorResponse(AUTH_FAILED, e);
} catch (LockException e) {
return errorResponse(LOCK_ERROR, e);
}
http://git-wip-us.apache.org/repos/asf/incubator-aurora/blob/725f543c/src/test/java/org/apache/aurora/scheduler/thrift/SchedulerThriftInterfaceTest.java
----------------------------------------------------------------------
diff --git a/src/test/java/org/apache/aurora/scheduler/thrift/SchedulerThriftInterfaceTest.java b/src/test/java/org/apache/aurora/scheduler/thrift/SchedulerThriftInterfaceTest.java
index b21dce6..02cd8f7 100644
--- a/src/test/java/org/apache/aurora/scheduler/thrift/SchedulerThriftInterfaceTest.java
+++ b/src/test/java/org/apache/aurora/scheduler/thrift/SchedulerThriftInterfaceTest.java
@@ -1084,6 +1084,7 @@ public class SchedulerThriftInterfaceTest extends EasyMockTest {
@Test
public void testDescheduleCronJob() throws Exception {
+ expectAuth(ROLE, true);
lockManager.validateIfLocked(LOCK_KEY, Optional.<ILock>absent());
expect(cronJobManager.deleteJob(JOB_KEY)).andReturn(true);
control.replay();
@@ -1091,7 +1092,16 @@ public class SchedulerThriftInterfaceTest extends EasyMockTest {
}
@Test
+ public void testDescheduleCronJobFailsAuth() throws Exception {
+ expectAuth(ROLE, false);
+ control.replay();
+ assertResponse(AUTH_FAILED,
+ thrift.descheduleCronJob(CRON_JOB.getKey(), DEFAULT_LOCK, SESSION));
+ }
+
+ @Test
public void testDescheduleCronJobWithError() throws Exception {
+ expectAuth(ROLE, true);
lockManager.validateIfLocked(LOCK_KEY, Optional.<ILock>absent());
expect(cronJobManager.deleteJob(JOB_KEY)).andReturn(false);
control.replay();