You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@mesos.apache.org by ti...@apache.org on 2015/12/18 21:02:04 UTC
[6/7] mesos git commit: Quota: Verified quota requests succeed when
authn and authz are disabled.
Quota: Verified quota requests succeed when authn and authz are disabled.
Review: https://reviews.apache.org/r/41544/
Project: http://git-wip-us.apache.org/repos/asf/mesos/repo
Commit: http://git-wip-us.apache.org/repos/asf/mesos/commit/8e9469df
Tree: http://git-wip-us.apache.org/repos/asf/mesos/tree/8e9469df
Diff: http://git-wip-us.apache.org/repos/asf/mesos/diff/8e9469df
Branch: refs/heads/master
Commit: 8e9469df884ad148bdc7070f7347f4fcef4dcd10
Parents: 38a18c4
Author: Alexander Rukletsov <ru...@gmail.com>
Authored: Fri Dec 18 17:46:07 2015 +0100
Committer: Till Toenshoff <to...@me.com>
Committed: Fri Dec 18 20:52:30 2015 +0100
----------------------------------------------------------------------
src/tests/master_quota_tests.cpp | 78 +++++++++++++++++++++++++++++++++++
1 file changed, 78 insertions(+)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/mesos/blob/8e9469df/src/tests/master_quota_tests.cpp
----------------------------------------------------------------------
diff --git a/src/tests/master_quota_tests.cpp b/src/tests/master_quota_tests.cpp
index ce2ecee..d855a0e 100644
--- a/src/tests/master_quota_tests.cpp
+++ b/src/tests/master_quota_tests.cpp
@@ -980,6 +980,84 @@ TEST_F(MasterQuotaTest, AvailableResourcesAfterRescinding)
// These tests verify the authentication and authorization of quota requests.
+// Checks that quota set and remove requests succeed if both authentication
+// and authorization are disabled.
+TEST_F(MasterQuotaTest, NoAuthenticationNoAuthorization)
+{
+ TestAllocator<> allocator;
+ EXPECT_CALL(allocator, initialize(_, _, _, _));
+
+ // Disable authentication and authorization by providing neither
+ // credentials nor ACLs.
+ // TODO(alexr): Setting master `--acls` flag to `ACLs()` or `None()` seems
+ // to be semantically equal, however, the test harness currently does not
+ // allow `None()`. Once MESOS-4196 is resolved, use `None()` for clarity.
+ master::Flags masterFlags = CreateMasterFlags();
+ masterFlags.credentials = None();
+ masterFlags.acls = ACLs();
+
+ Try<PID<Master>> master = StartMaster(&allocator, masterFlags);
+ ASSERT_SOME(master);
+
+ // Start an agent and wait until it registers.
+ Future<Resources> agentTotalResources;
+ EXPECT_CALL(allocator, addSlave(_, _, _, _, _))
+ .WillOnce(DoAll(InvokeAddSlave(&allocator),
+ FutureArg<3>(&agentTotalResources)));
+
+ Try<PID<Slave>> agent = StartSlave();
+ ASSERT_SOME(agent);
+
+ AWAIT_READY(agentTotalResources);
+ EXPECT_EQ(defaultAgentResources, agentTotalResources.get());
+
+ // Check whether quota can be set.
+ {
+ // Request quota for a portion of the resources available on the agent.
+ Resources quotaResources = Resources::parse("cpus:1;mem:512", ROLE1).get();
+ EXPECT_TRUE(agentTotalResources.get().contains(quotaResources.flatten()));
+
+ Future<QuotaInfo> receivedSetRequest;
+ EXPECT_CALL(allocator, setQuota(Eq(ROLE1), _))
+ .WillOnce(DoAll(InvokeSetQuota(&allocator),
+ FutureArg<1>(&receivedSetRequest)));
+
+ // Send a set quota request with absent credentials.
+ Future<Response> response = process::http::post(
+ master.get(),
+ "quota",
+ None(),
+ createRequestBody(quotaResources));
+
+ // Quota request succeeds and reaches the allocator.
+ AWAIT_READY(receivedSetRequest);
+ AWAIT_EXPECT_RESPONSE_STATUS_EQ(OK().status, response)
+ << response.get().body;
+ }
+
+ // Check whether quota can be removed.
+ {
+ Future<Nothing> receivedRemoveRequest;
+ EXPECT_CALL(allocator, removeQuota(Eq(ROLE1)))
+ .WillOnce(DoAll(InvokeRemoveQuota(&allocator),
+ FutureSatisfy(&receivedRemoveRequest)));
+
+ // Send a remove quota request with absent credentials.
+ Future<Response> response = process::http::requestDelete(
+ master.get(),
+ "quota/" + ROLE1,
+ None());
+
+ // Quota request succeeds and reaches the allocator.
+ AWAIT_READY(receivedRemoveRequest);
+ AWAIT_EXPECT_RESPONSE_STATUS_EQ(OK().status, response)
+ << response.get().body;
+ }
+
+ Shutdown();
+}
+
+
// Checks that a set quota request is rejected for unauthenticated principals.
TEST_F(MasterQuotaTest, UnauthenticatedQuotaRequest)
{