You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@mesos.apache.org by vi...@apache.org on 2016/03/11 22:48:13 UTC
[2/4] mesos git commit: Moved authorizer.proto to acls.proto.
Moved authorizer.proto to acls.proto.
This is the first step towards separating the language used to define
the ACLs from the mechanism to query them.
Review: https://reviews.apache.org/r/44320/
Project: http://git-wip-us.apache.org/repos/asf/mesos/repo
Commit: http://git-wip-us.apache.org/repos/asf/mesos/commit/24c242f6
Tree: http://git-wip-us.apache.org/repos/asf/mesos/tree/24c242f6
Diff: http://git-wip-us.apache.org/repos/asf/mesos/diff/24c242f6
Branch: refs/heads/master
Commit: 24c242f6c9b0c5563d1cbd2c8c1748f02e4d4cee
Parents: fb28db3
Author: Alexander Rojas <al...@mesosphere.io>
Authored: Fri Mar 11 16:47:22 2016 -0500
Committer: Vinod Kone <vi...@gmail.com>
Committed: Fri Mar 11 16:47:22 2016 -0500
----------------------------------------------------------------------
include/mesos/authorizer/acls.hpp | 34 ++++
include/mesos/authorizer/acls.proto | 186 ++++++++++++++++++++++
include/mesos/authorizer/authorizer.hpp | 9 +-
include/mesos/authorizer/authorizer.proto | 184 ---------------------
src/CMakeLists.txt | 5 +-
src/Makefile.am | 16 +-
src/authorizer/acls.cpp | 30 ++++
src/authorizer/authorizer.cpp | 8 -
src/common/parse.hpp | 2 +-
src/examples/persistent_volume_framework.cpp | 2 +-
src/examples/test_authorizer_module.cpp | 1 +
src/master/flags.hpp | 2 +-
src/master/quota_handler.cpp | 2 +
13 files changed, 269 insertions(+), 212 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/mesos/blob/24c242f6/include/mesos/authorizer/acls.hpp
----------------------------------------------------------------------
diff --git a/include/mesos/authorizer/acls.hpp b/include/mesos/authorizer/acls.hpp
new file mode 100644
index 0000000..c201cf7
--- /dev/null
+++ b/include/mesos/authorizer/acls.hpp
@@ -0,0 +1,34 @@
+// Licensed to the Apache Software Foundation (ASF) under one
+// or more contributor license agreements. See the NOTICE file
+// distributed with this work for additional information
+// regarding copyright ownership. The ASF licenses this file
+// to you under the Apache License, Version 2.0 (the
+// "License"); you may not use this file except in compliance
+// with the License. You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+#ifndef __MESOS_AUTHORIZER_ACLS_HPP__
+#define __MESOS_AUTHORIZER_ACLS_HPP__
+
+// TODO(arojas): Consider removing this file from the public interface.
+
+#include <iosfwd>
+#include <string>
+
+// ONLY USEFUL AFTER RUNNING PROTOC.
+#include <mesos/authorizer/acls.pb.h>
+
+namespace mesos {
+
+std::ostream& operator<<(std::ostream& stream, const ACLs& acls);
+
+} // namespace mesos {
+
+#endif // __MESOS_AUTHORIZER_ACLS_HPP__
http://git-wip-us.apache.org/repos/asf/mesos/blob/24c242f6/include/mesos/authorizer/acls.proto
----------------------------------------------------------------------
diff --git a/include/mesos/authorizer/acls.proto b/include/mesos/authorizer/acls.proto
new file mode 100644
index 0000000..c50deeb
--- /dev/null
+++ b/include/mesos/authorizer/acls.proto
@@ -0,0 +1,186 @@
+// Licensed to the Apache Software Foundation (ASF) under one
+// or more contributor license agreements. See the NOTICE file
+// distributed with this work for additional information
+// regarding copyright ownership. The ASF licenses this file
+// to you under the Apache License, Version 2.0 (the
+// "License"); you may not use this file except in compliance
+// with the License. You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+// TODO(arojas): Consider removing this file from the public interface.
+
+import "mesos/mesos.proto";
+
+package mesos;
+
+option java_package = "org.apache.mesos";
+option java_outer_classname = "Protos";
+
+
+/**
+ * ACLs used for local authorization (See authorization.md file in the docs).
+ */
+message ACL {
+ // Entity is used to describe a subject(s) or an object(s) of an ACL.
+ // NOTE:
+ // To allow everyone access to an Entity set its type to 'ANY'.
+ // To deny access to an Entity set its type to 'NONE'.
+ message Entity {
+ enum Type {
+ SOME = 0;
+ ANY = 1;
+ NONE = 2;
+ }
+ optional Type type = 1 [default = SOME];
+ repeated string values = 2; // Ignored for ANY/NONE.
+ }
+
+ // ACLs.
+ message RegisterFramework {
+ // Subjects: Framework principals.
+ required Entity principals = 1;
+
+ // Objects: Roles for resource offers.
+ required Entity roles = 2;
+ }
+
+ message RunTask {
+ // Subjects: Framework principals.
+ required Entity principals = 1;
+
+ // Objects: Users to run the tasks/executors as.
+ required Entity users = 2;
+ }
+
+ // Which principals are authorized to shutdown frameworks of other
+ // principals.
+ // TODO(gyliu513): Remove this message at the end of the deprecation
+ // cycle which started with 0.27. It will be fully replaced by
+ // TeardownFramework then.
+ message ShutdownFramework {
+ // Subjects.
+ required Entity principals = 1;
+
+ // Objects.
+ required Entity framework_principals = 2;
+ }
+
+ // Which principals are authorized to teardown frameworks of other
+ // principals.
+ message TeardownFramework {
+ // Subjects.
+ required Entity principals = 1;
+
+ // Objects.
+ required Entity framework_principals = 2;
+ }
+
+ // Specifies which roles a principal can reserve resources for.
+ message ReserveResources {
+ // Subjects: Framework principal or Operator username.
+ required Entity principals = 1;
+
+ // Objects: The principal(s) can reserve resources for these roles.
+ required Entity roles = 2;
+ }
+
+ // Specifies which principals can unreserve which principals'
+ // reserved resources.
+ message UnreserveResources {
+ // Subjects: Framework principal or Operator username.
+ required Entity principals = 1;
+
+ // Objects: Principal of the entity that reserved the resources.
+ required Entity reserver_principals = 2;
+ }
+
+ // Specifies which roles a principal can create volumes for.
+ message CreateVolume {
+ // Subjects: Framework principal or Operator username.
+ required Entity principals = 1;
+
+ // Objects: The principal(s) can create volumes for these roles.
+ required Entity roles = 2;
+ }
+
+ // Specifies which principals can destroy volumes
+ // created by which other principals.
+ message DestroyVolume {
+ // Subjects: Framework principal or Operator username.
+ required Entity principals = 1;
+
+ // Objects: Principal of the entity that created the volume.
+ required Entity creator_principals = 2;
+ }
+
+ // Which principals are authorized to set quotas for given roles.
+ message SetQuota {
+ // Subjects: Operator username.
+ required Entity principals = 1;
+
+ // Objects: The list of roles for which a quota can be set.
+ required Entity roles = 2;
+ }
+
+ // Which principals can remove quotas set by which other principals.
+ message RemoveQuota {
+ // Subjects: Operator username.
+ required Entity principals = 1;
+
+ // Objects: Principal of the entity that set the quota.
+ required Entity quota_principals = 2;
+ }
+
+ // Which principals are authorized to update weights for the given roles.
+ message UpdateWeights {
+ // Subjects: Operator username.
+ required Entity principals = 1;
+
+ // Objects: The list of roles whose weights can be updated.
+ optional Entity roles = 2;
+ }
+}
+
+
+/**
+ * Collection of ACL.
+ *
+ * Each authorization request is evaluated against the ACLs in the order
+ * they are defined.
+ *
+ * For simplicity, the ACLs for a given action are not aggregated even
+ * when they have the same subjects or objects. The first ACL that
+ * matches the request determines whether that request should be
+ * permitted or not. An ACL matches iff both the subjects
+ * (e.g., clients, principals) and the objects (e.g., urls, users,
+ * roles) of the ACL match the request.
+ *
+ * If none of the ACLs match the request, the 'permissive' field
+ * determines whether the request should be permitted or not.
+ *
+ * TODO(vinod): Do aggregation of ACLs when possible.
+ *
+ */
+message ACLs {
+ optional bool permissive = 1 [default = true];
+ repeated ACL.RegisterFramework register_frameworks = 2;
+ repeated ACL.RunTask run_tasks = 3;
+ // TODO(gyliu513): Remove this shutdown_frameworks at the
+ // end of the deprecation cycle which started on 0.27.
+ repeated ACL.ShutdownFramework shutdown_frameworks = 4;
+ repeated ACL.ReserveResources reserve_resources = 5;
+ repeated ACL.UnreserveResources unreserve_resources = 6;
+ repeated ACL.CreateVolume create_volumes = 7;
+ repeated ACL.DestroyVolume destroy_volumes = 8;
+ repeated ACL.SetQuota set_quotas = 9;
+ repeated ACL.RemoveQuota remove_quotas = 10;
+ repeated ACL.TeardownFramework teardown_frameworks = 11;
+ repeated ACL.UpdateWeights update_weights = 12;
+}
http://git-wip-us.apache.org/repos/asf/mesos/blob/24c242f6/include/mesos/authorizer/authorizer.hpp
----------------------------------------------------------------------
diff --git a/include/mesos/authorizer/authorizer.hpp b/include/mesos/authorizer/authorizer.hpp
index bcb1068..3e838fa 100644
--- a/include/mesos/authorizer/authorizer.hpp
+++ b/include/mesos/authorizer/authorizer.hpp
@@ -17,13 +17,9 @@
#ifndef __MESOS_AUTHORIZER_AUTHORIZER_HPP__
#define __MESOS_AUTHORIZER_AUTHORIZER_HPP__
-#include <iosfwd>
-#include <string>
-
#include <mesos/mesos.hpp>
-// ONLY USEFUL AFTER RUNNING PROTOC.
-#include <mesos/authorizer/authorizer.pb.h>
+#include <mesos/authorizer/acls.hpp>
#include <process/future.hpp>
@@ -223,9 +219,6 @@ protected:
Authorizer() {}
};
-
-std::ostream& operator<<(std::ostream& stream, const ACLs& acls);
-
} // namespace mesos {
#endif // __MESOS_AUTHORIZER_AUTHORIZER_HPP__
http://git-wip-us.apache.org/repos/asf/mesos/blob/24c242f6/include/mesos/authorizer/authorizer.proto
----------------------------------------------------------------------
diff --git a/include/mesos/authorizer/authorizer.proto b/include/mesos/authorizer/authorizer.proto
deleted file mode 100644
index d65377c..0000000
--- a/include/mesos/authorizer/authorizer.proto
+++ /dev/null
@@ -1,184 +0,0 @@
-// Licensed to the Apache Software Foundation (ASF) under one
-// or more contributor license agreements. See the NOTICE file
-// distributed with this work for additional information
-// regarding copyright ownership. The ASF licenses this file
-// to you under the Apache License, Version 2.0 (the
-// "License"); you may not use this file except in compliance
-// with the License. You may obtain a copy of the License at
-//
-// http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-import "mesos/mesos.proto";
-
-package mesos;
-
-option java_package = "org.apache.mesos";
-option java_outer_classname = "Protos";
-
-
-/**
- * ACLs used for local authorization (See authorization.md file in the docs).
- */
-message ACL {
- // Entity is used to describe a subject(s) or an object(s) of an ACL.
- // NOTE:
- // To allow everyone access to an Entity set its type to 'ANY'.
- // To deny access to an Entity set its type to 'NONE'.
- message Entity {
- enum Type {
- SOME = 0;
- ANY = 1;
- NONE = 2;
- }
- optional Type type = 1 [default = SOME];
- repeated string values = 2; // Ignored for ANY/NONE.
- }
-
- // ACLs.
- message RegisterFramework {
- // Subjects: Framework principals.
- required Entity principals = 1;
-
- // Objects: Roles for resource offers.
- required Entity roles = 2;
- }
-
- message RunTask {
- // Subjects: Framework principals.
- required Entity principals = 1;
-
- // Objects: Users to run the tasks/executors as.
- required Entity users = 2;
- }
-
- // Which principals are authorized to shutdown frameworks of other
- // principals.
- // TODO(gyliu513): Remove this message at the end of the deprecation
- // cycle which started with 0.27. It will be fully replaced by
- // TeardownFramework then.
- message ShutdownFramework {
- // Subjects.
- required Entity principals = 1;
-
- // Objects.
- required Entity framework_principals = 2;
- }
-
- // Which principals are authorized to teardown frameworks of other
- // principals.
- message TeardownFramework {
- // Subjects.
- required Entity principals = 1;
-
- // Objects.
- required Entity framework_principals = 2;
- }
-
- // Specifies which roles a principal can reserve resources for.
- message ReserveResources {
- // Subjects: Framework principal or Operator username.
- required Entity principals = 1;
-
- // Objects: The principal(s) can reserve resources for these roles.
- required Entity roles = 2;
- }
-
- // Specifies which principals can unreserve which principals'
- // reserved resources.
- message UnreserveResources {
- // Subjects: Framework principal or Operator username.
- required Entity principals = 1;
-
- // Objects: Principal of the entity that reserved the resources.
- required Entity reserver_principals = 2;
- }
-
- // Specifies which roles a principal can create volumes for.
- message CreateVolume {
- // Subjects: Framework principal or Operator username.
- required Entity principals = 1;
-
- // Objects: The principal(s) can create volumes for these roles.
- required Entity roles = 2;
- }
-
- // Specifies which principals can destroy volumes
- // created by which other principals.
- message DestroyVolume {
- // Subjects: Framework principal or Operator username.
- required Entity principals = 1;
-
- // Objects: Principal of the entity that created the volume.
- required Entity creator_principals = 2;
- }
-
- // Which principals are authorized to set quotas for given roles.
- message SetQuota {
- // Subjects: Operator username.
- required Entity principals = 1;
-
- // Objects: The list of roles for which a quota can be set.
- required Entity roles = 2;
- }
-
- // Which principals can remove quotas set by which other principals.
- message RemoveQuota {
- // Subjects: Operator username.
- required Entity principals = 1;
-
- // Objects: Principal of the entity that set the quota.
- required Entity quota_principals = 2;
- }
-
- // Which principals are authorized to update weights for the given roles.
- message UpdateWeights {
- // Subjects: Operator username.
- required Entity principals = 1;
-
- // Objects: The list of roles whose weights can be updated.
- optional Entity roles = 2;
- }
-}
-
-
-/**
- * Collection of ACL.
- *
- * Each authorization request is evaluated against the ACLs in the order
- * they are defined.
- *
- * For simplicity, the ACLs for a given action are not aggregated even
- * when they have the same subjects or objects. The first ACL that
- * matches the request determines whether that request should be
- * permitted or not. An ACL matches iff both the subjects
- * (e.g., clients, principals) and the objects (e.g., urls, users,
- * roles) of the ACL match the request.
- *
- * If none of the ACLs match the request, the 'permissive' field
- * determines whether the request should be permitted or not.
- *
- * TODO(vinod): Do aggregation of ACLs when possible.
- *
- */
-message ACLs {
- optional bool permissive = 1 [default = true];
- repeated ACL.RegisterFramework register_frameworks = 2;
- repeated ACL.RunTask run_tasks = 3;
- // TODO(gyliu513): Remove this shutdown_frameworks at the
- // end of the deprecation cycle which started on 0.27.
- repeated ACL.ShutdownFramework shutdown_frameworks = 4;
- repeated ACL.ReserveResources reserve_resources = 5;
- repeated ACL.UnreserveResources unreserve_resources = 6;
- repeated ACL.CreateVolume create_volumes = 7;
- repeated ACL.DestroyVolume destroy_volumes = 8;
- repeated ACL.SetQuota set_quotas = 9;
- repeated ACL.RemoveQuota remove_quotas = 10;
- repeated ACL.TeardownFramework teardown_frameworks = 11;
- repeated ACL.UpdateWeights update_weights = 12;
-}
http://git-wip-us.apache.org/repos/asf/mesos/blob/24c242f6/src/CMakeLists.txt
----------------------------------------------------------------------
diff --git a/src/CMakeLists.txt b/src/CMakeLists.txt
index e9f7c3a..d101181 100644
--- a/src/CMakeLists.txt
+++ b/src/CMakeLists.txt
@@ -21,9 +21,9 @@ include(MesosProtobuf)
# Build the protobuf structs.
PROTOC_TO_INCLUDE_DIR(MESOS mesos/mesos)
PROTOC_TO_INCLUDE_DIR(V1_MESOS mesos/v1/mesos)
+PROTOC_TO_INCLUDE_DIR(ACLS mesos/authorizer/acls)
PROTOC_TO_INCLUDE_DIR(APPC_SPEC mesos/appc/spec)
PROTOC_TO_INCLUDE_DIR(AUTHENTICATION mesos/authentication/authentication)
-PROTOC_TO_INCLUDE_DIR(AUTHORIZATION mesos/authorizer/authorizer)
PROTOC_TO_INCLUDE_DIR(CONTAINERIZER mesos/containerizer/containerizer)
PROTOC_TO_INCLUDE_DIR(DOCKER_SPEC mesos/docker/spec)
PROTOC_TO_INCLUDE_DIR(DOCKER_V1 mesos/docker/v1)
@@ -53,9 +53,9 @@ PROTOC_TO_SRC_DIR(MESSAGE slave/containerizer/mesos/provisioner/docker/message)
set(MESOS_PROTOBUF_SRC
${MESOS_PROTO_CC}
${V1_MESOS_PROTO_CC}
+ ${ACLS_PROTO_CC}
${APPC_SPEC_PROTO_CC}
${AUTHENTICATION_PROTO_CC}
- ${AUTHORIZATION_PROTO_CC}
${CONTAINERIZER_PROTO_CC}
${DOCKER_SPEC_PROTO_CC}
${DOCKER_V1_PROTO_CC}
@@ -101,6 +101,7 @@ set(AUTHENTICATION_SRC
)
set(AUTHORIZER_SRC
+ authorizer/acls.cpp
authorizer/authorizer.cpp
authorizer/local/authorizer.cpp
)
http://git-wip-us.apache.org/repos/asf/mesos/blob/24c242f6/src/Makefile.am
----------------------------------------------------------------------
diff --git a/src/Makefile.am b/src/Makefile.am
index b24f0f5..24d5ba1 100644
--- a/src/Makefile.am
+++ b/src/Makefile.am
@@ -155,10 +155,10 @@ endif
# First, let's define necessary protocol buffer files.
+ACLS_PROTO = $(top_srcdir)/include/mesos/authorizer/acls.proto
ALLOCATOR_PROTO = $(top_srcdir)/include/mesos/master/allocator.proto
APPC_SPEC_PROTO = $(top_srcdir)/include/mesos/appc/spec.proto
AUTHENTICATION_PROTO = $(top_srcdir)/include/mesos/authentication/authentication.proto
-AUTHORIZATION_PROTO = $(top_srcdir)/include/mesos/authorizer/authorizer.proto
CONTAINERIZER_PROTO = $(top_srcdir)/include/mesos/containerizer/containerizer.proto
DOCKER_SPEC_PROTO = $(top_srcdir)/include/mesos/docker/spec.proto
DOCKER_V1_PROTO = $(top_srcdir)/include/mesos/docker/v1.proto
@@ -185,8 +185,8 @@ CXX_PROTOS = \
../include/mesos/appc/spec.pb.h \
../include/mesos/authentication/authentication.pb.cc \
../include/mesos/authentication/authentication.pb.h \
- ../include/mesos/authorizer/authorizer.pb.cc \
- ../include/mesos/authorizer/authorizer.pb.h \
+ ../include/mesos/authorizer/acls.pb.cc \
+ ../include/mesos/authorizer/acls.pb.h \
../include/mesos/containerizer/containerizer.pb.cc \
../include/mesos/containerizer/containerizer.pb.h \
../include/mesos/docker/spec.pb.cc \
@@ -406,11 +406,12 @@ nodist_authentication_HEADERS = \
authorizerdir = $(pkgincludedir)/authorizer
authorizer_HEADERS = \
- $(top_srcdir)/include/mesos/authorizer/authorizer.hpp \
- $(top_srcdir)/include/mesos/authorizer/authorizer.proto
+ $(top_srcdir)/include/mesos/authorizer/acls.hpp \
+ $(top_srcdir)/include/mesos/authorizer/acls.proto \
+ $(top_srcdir)/include/mesos/authorizer/authorizer.hpp
nodist_authorizer_HEADERS = \
- ../include/mesos/authorizer/authorizer.pb.h
+ ../include/mesos/authorizer/acls.pb.h
containerizerdir = $(pkgincludedir)/containerizer
@@ -591,6 +592,7 @@ libmesos_no_3rdparty_la_SOURCES += \
authentication/cram_md5/authenticator.cpp \
authentication/cram_md5/auxprop.cpp \
authentication/http/basic_authenticator_factory.cpp \
+ authorizer/acls.cpp \
authorizer/authorizer.cpp \
authorizer/local/authorizer.cpp \
common/attributes.cpp \
@@ -1031,10 +1033,10 @@ lib_LTLIBRARIES += libmesos.la
# Include as part of the distribution.
libmesos_la_SOURCES = \
+ $(ACLS_PROTO) \
$(ALLOCATOR_PROTO) \
$(APPC_SPEC_PROTO) \
$(AUTHENTICATION_PROTO) \
- $(AUTHORIZATION_PROTO) \
$(CONTAINERIZER_PROTO) \
$(EXECUTOR_PROTO) \
$(DOCKER_SPEC_PROTO) \
http://git-wip-us.apache.org/repos/asf/mesos/blob/24c242f6/src/authorizer/acls.cpp
----------------------------------------------------------------------
diff --git a/src/authorizer/acls.cpp b/src/authorizer/acls.cpp
new file mode 100644
index 0000000..fde971b
--- /dev/null
+++ b/src/authorizer/acls.cpp
@@ -0,0 +1,30 @@
+// Licensed to the Apache Software Foundation (ASF) under one
+// or more contributor license agreements. See the NOTICE file
+// distributed with this work for additional information
+// regarding copyright ownership. The ASF licenses this file
+// to you under the Apache License, Version 2.0 (the
+// "License"); you may not use this file except in compliance
+// with the License. You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+#include <mesos/authorizer/acls.hpp>
+
+#include <ostream>
+
+using std::ostream;
+
+namespace mesos {
+
+ostream& operator<<(ostream& stream, const ACLs& acls)
+{
+ return stream << acls.DebugString();
+}
+
+} // namespace mesos {
http://git-wip-us.apache.org/repos/asf/mesos/blob/24c242f6/src/authorizer/authorizer.cpp
----------------------------------------------------------------------
diff --git a/src/authorizer/authorizer.cpp b/src/authorizer/authorizer.cpp
index 74dfccd..752c25d 100644
--- a/src/authorizer/authorizer.cpp
+++ b/src/authorizer/authorizer.cpp
@@ -14,8 +14,6 @@
// See the License for the specific language governing permissions and
// limitations under the License.
-#include <ostream>
-
#include <mesos/authorizer/authorizer.hpp>
#include <mesos/module/authorizer.hpp>
@@ -47,10 +45,4 @@ Try<Authorizer*> Authorizer::create(const ACLs& acls)
return LocalAuthorizer::create(acls);
}
-
-ostream& operator<<(ostream& stream, const ACLs& acls)
-{
- return stream << acls.DebugString();
-}
-
} // namespace mesos {
http://git-wip-us.apache.org/repos/asf/mesos/blob/24c242f6/src/common/parse.hpp
----------------------------------------------------------------------
diff --git a/src/common/parse.hpp b/src/common/parse.hpp
index 78c7cf1..9535fad 100644
--- a/src/common/parse.hpp
+++ b/src/common/parse.hpp
@@ -15,7 +15,7 @@
#include <mesos/mesos.hpp>
-#include <mesos/authorizer/authorizer.hpp>
+#include <mesos/authorizer/acls.hpp>
#include <mesos/module/module.hpp>
http://git-wip-us.apache.org/repos/asf/mesos/blob/24c242f6/src/examples/persistent_volume_framework.cpp
----------------------------------------------------------------------
diff --git a/src/examples/persistent_volume_framework.cpp b/src/examples/persistent_volume_framework.cpp
index 4218b15..3848e24 100644
--- a/src/examples/persistent_volume_framework.cpp
+++ b/src/examples/persistent_volume_framework.cpp
@@ -26,7 +26,7 @@
#include <mesos/scheduler.hpp>
#include <mesos/type_utils.hpp>
-#include <mesos/authorizer/authorizer.hpp>
+#include <mesos/authorizer/acls.hpp>
#include <stout/flags.hpp>
#include <stout/format.hpp>
http://git-wip-us.apache.org/repos/asf/mesos/blob/24c242f6/src/examples/test_authorizer_module.cpp
----------------------------------------------------------------------
diff --git a/src/examples/test_authorizer_module.cpp b/src/examples/test_authorizer_module.cpp
index 1f0a770..19ec7cd 100644
--- a/src/examples/test_authorizer_module.cpp
+++ b/src/examples/test_authorizer_module.cpp
@@ -19,6 +19,7 @@
#include <mesos/mesos.hpp>
#include <mesos/module.hpp>
+#include <mesos/authorizer/acls.hpp>
#include <mesos/authorizer/authorizer.hpp>
#include <mesos/module/authorizer.hpp>
http://git-wip-us.apache.org/repos/asf/mesos/blob/24c242f6/src/master/flags.hpp
----------------------------------------------------------------------
diff --git a/src/master/flags.hpp b/src/master/flags.hpp
index 6f53099..f8d2cc4 100644
--- a/src/master/flags.hpp
+++ b/src/master/flags.hpp
@@ -25,7 +25,7 @@
#include <mesos/mesos.hpp>
-#include <mesos/authorizer/authorizer.hpp>
+#include <mesos/authorizer/acls.hpp>
#include <mesos/module/module.hpp>
http://git-wip-us.apache.org/repos/asf/mesos/blob/24c242f6/src/master/quota_handler.cpp
----------------------------------------------------------------------
diff --git a/src/master/quota_handler.cpp b/src/master/quota_handler.cpp
index a41c91f..f361abb 100644
--- a/src/master/quota_handler.cpp
+++ b/src/master/quota_handler.cpp
@@ -22,6 +22,8 @@
#include <mesos/resources.hpp>
+#include <mesos/authorizer/authorizer.hpp>
+
#include <mesos/quota/quota.hpp>
#include <process/defer.hpp>