You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@mesos.apache.org by me...@apache.org on 2016/03/08 03:26:50 UTC
[1/3] mesos git commit: Unified/added Future checks for http methods
in tests.
Repository: mesos
Updated Branches:
refs/heads/master e42f740cc -> 83f3db058
Unified/added Future checks for http methods in tests.
Review: https://reviews.apache.org/r/44286/
Project: http://git-wip-us.apache.org/repos/asf/mesos/repo
Commit: http://git-wip-us.apache.org/repos/asf/mesos/commit/83f3db05
Tree: http://git-wip-us.apache.org/repos/asf/mesos/tree/83f3db05
Diff: http://git-wip-us.apache.org/repos/asf/mesos/diff/83f3db05
Branch: refs/heads/master
Commit: 83f3db0580370253df7c914066532d74c6732cac
Parents: 4c09045
Author: Joerg Schad <jo...@mesosphere.io>
Authored: Mon Mar 7 17:29:33 2016 -0800
Committer: Adam B <ad...@mesosphere.io>
Committed: Mon Mar 7 18:25:47 2016 -0800
----------------------------------------------------------------------
src/tests/fault_tolerance_tests.cpp | 16 ++++++++++++++++
src/tests/health_check_tests.cpp | 24 ++++++++++++++++--------
src/tests/master_tests.cpp | 9 ++++++---
3 files changed, 38 insertions(+), 11 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/mesos/blob/83f3db05/src/tests/fault_tolerance_tests.cpp
----------------------------------------------------------------------
diff --git a/src/tests/fault_tolerance_tests.cpp b/src/tests/fault_tolerance_tests.cpp
index f2b8dba..d193897 100644
--- a/src/tests/fault_tolerance_tests.cpp
+++ b/src/tests/fault_tolerance_tests.cpp
@@ -227,6 +227,8 @@ TEST_F(FaultToleranceTest, ReregisterCompletedFrameworks)
// Verify master and slave recognize the running task/framework.
masterState = process::http::get(master.get(), "state");
+ AWAIT_EXPECT_RESPONSE_STATUS_EQ(OK().status, masterState);
+
parse = JSON::parse<JSON::Object>(masterState.get().body);
ASSERT_SOME(parse);
masterJSON = parse.get();
@@ -238,6 +240,8 @@ TEST_F(FaultToleranceTest, ReregisterCompletedFrameworks)
Future<Response> slaveState = process::http::get(slave.get(), "state");
+ AWAIT_EXPECT_RESPONSE_STATUS_EQ(OK().status, slaveState);
+
parse = JSON::parse<JSON::Object>(slaveState.get().body);
ASSERT_SOME(parse);
JSON::Object slaveJSON = parse.get();
@@ -264,6 +268,9 @@ TEST_F(FaultToleranceTest, ReregisterCompletedFrameworks)
// running. This is because the executor has to time-out before
// it exits.
masterState = process::http::get(master.get(), "state");
+
+ AWAIT_EXPECT_RESPONSE_STATUS_EQ(OK().status, masterState);
+
parse = JSON::parse<JSON::Object>(masterState.get().body);
ASSERT_SOME(parse);
masterJSON = parse.get();
@@ -274,6 +281,9 @@ TEST_F(FaultToleranceTest, ReregisterCompletedFrameworks)
masterJSON.values["frameworks"].as<JSON::Array>().values.size());
slaveState = process::http::get(slave.get(), "state");
+
+ AWAIT_EXPECT_RESPONSE_STATUS_EQ(OK().status, slaveState);
+
parse = JSON::parse<JSON::Object>(slaveState.get().body);
ASSERT_SOME(parse);
slaveJSON = parse.get();
@@ -300,6 +310,9 @@ TEST_F(FaultToleranceTest, ReregisterCompletedFrameworks)
// Verify slave sees completed framework.
slaveState = process::http::get(slave.get(), "state");
+
+ AWAIT_EXPECT_RESPONSE_STATUS_EQ(OK().status, slaveState);
+
parse = JSON::parse<JSON::Object>(slaveState.get().body);
ASSERT_SOME(parse);
slaveJSON = parse.get();
@@ -341,6 +354,9 @@ TEST_F(FaultToleranceTest, ReregisterCompletedFrameworks)
Clock::resume();
masterState = process::http::get(master.get(), "state");
+
+ AWAIT_EXPECT_RESPONSE_STATUS_EQ(OK().status, masterState);
+
parse = JSON::parse<JSON::Object>(masterState.get().body);
ASSERT_SOME(parse);
masterJSON = parse.get();
http://git-wip-us.apache.org/repos/asf/mesos/blob/83f3db05/src/tests/health_check_tests.cpp
----------------------------------------------------------------------
diff --git a/src/tests/health_check_tests.cpp b/src/tests/health_check_tests.cpp
index 59ef319..d0fd27f 100644
--- a/src/tests/health_check_tests.cpp
+++ b/src/tests/health_check_tests.cpp
@@ -257,7 +257,8 @@ TEST_F(HealthCheckTest, HealthyTask)
// Verify that task health is exposed in the master's state endpoint.
{
Future<http::Response> response = http::get(master.get(), "state");
- AWAIT_READY(response);
+
+ AWAIT_EXPECT_RESPONSE_STATUS_EQ(process::http::OK().status, response);
Try<JSON::Object> parse = JSON::parse<JSON::Object>(response.get().body);
ASSERT_SOME(parse);
@@ -270,7 +271,8 @@ TEST_F(HealthCheckTest, HealthyTask)
// Verify that task health is exposed in the slave's state endpoint.
{
Future<http::Response> response = http::get(slave.get(), "state");
- AWAIT_READY(response);
+
+ AWAIT_EXPECT_RESPONSE_STATUS_EQ(process::http::OK().status, response);
Try<JSON::Object> parse = JSON::parse<JSON::Object>(response.get().body);
ASSERT_SOME(parse);
@@ -544,7 +546,8 @@ TEST_F(HealthCheckTest, HealthStatusChange)
// Verify that task health is exposed in the master's state endpoint.
{
Future<http::Response> response = http::get(master.get(), "state");
- AWAIT_READY(response);
+
+ AWAIT_EXPECT_RESPONSE_STATUS_EQ(process::http::OK().status, response);
Try<JSON::Object> parse = JSON::parse<JSON::Object>(response.get().body);
ASSERT_SOME(parse);
@@ -557,7 +560,8 @@ TEST_F(HealthCheckTest, HealthStatusChange)
// Verify that task health is exposed in the slave's state endpoint.
{
Future<http::Response> response = http::get(slave.get(), "state");
- AWAIT_READY(response);
+
+ AWAIT_EXPECT_RESPONSE_STATUS_EQ(process::http::OK().status, response);
Try<JSON::Object> parse = JSON::parse<JSON::Object>(response.get().body);
ASSERT_SOME(parse);
@@ -575,7 +579,8 @@ TEST_F(HealthCheckTest, HealthStatusChange)
// state endpoint.
{
Future<http::Response> response = http::get(master.get(), "state");
- AWAIT_READY(response);
+
+ AWAIT_EXPECT_RESPONSE_STATUS_EQ(process::http::OK().status, response);
Try<JSON::Object> parse = JSON::parse<JSON::Object>(response.get().body);
ASSERT_SOME(parse);
@@ -589,7 +594,8 @@ TEST_F(HealthCheckTest, HealthStatusChange)
// state endpoint.
{
Future<http::Response> response = http::get(slave.get(), "state");
- AWAIT_READY(response);
+
+ AWAIT_EXPECT_RESPONSE_STATUS_EQ(process::http::OK().status, response);
Try<JSON::Object> parse = JSON::parse<JSON::Object>(response.get().body);
ASSERT_SOME(parse);
@@ -607,7 +613,8 @@ TEST_F(HealthCheckTest, HealthStatusChange)
// healthy state.
{
Future<http::Response> response = http::get(master.get(), "state");
- AWAIT_READY(response);
+
+ AWAIT_EXPECT_RESPONSE_STATUS_EQ(process::http::OK().status, response);
Try<JSON::Object> parse = JSON::parse<JSON::Object>(response.get().body);
ASSERT_SOME(parse);
@@ -621,7 +628,8 @@ TEST_F(HealthCheckTest, HealthStatusChange)
// healthy state.
{
Future<http::Response> response = http::get(slave.get(), "state");
- AWAIT_READY(response);
+
+ AWAIT_EXPECT_RESPONSE_STATUS_EQ(process::http::OK().status, response);
Try<JSON::Object> parse = JSON::parse<JSON::Object>(response.get().body);
ASSERT_SOME(parse);
http://git-wip-us.apache.org/repos/asf/mesos/blob/83f3db05/src/tests/master_tests.cpp
----------------------------------------------------------------------
diff --git a/src/tests/master_tests.cpp b/src/tests/master_tests.cpp
index 3659577..2f4d820 100644
--- a/src/tests/master_tests.cpp
+++ b/src/tests/master_tests.cpp
@@ -3453,7 +3453,8 @@ TEST_F(MasterTest, SlaveActiveEndpoint)
// Verify slave is inactive.
response = process::http::get(master.get(), "state");
- AWAIT_READY(response);
+
+ AWAIT_EXPECT_RESPONSE_STATUS_EQ(OK().status, response);
parse = JSON::parse<JSON::Object>(response.get().body);
ASSERT_SOME(parse);
@@ -3988,7 +3989,8 @@ TEST_F(MasterTest, MaxCompletedFrameworksFlag)
Future<process::http::Response> response =
process::http::get(master.get(), "state");
- AWAIT_READY(response);
+
+ AWAIT_EXPECT_RESPONSE_STATUS_EQ(OK().status, response);
Try<JSON::Object> parse = JSON::parse<JSON::Object>(response->body);
ASSERT_SOME(parse);
@@ -4082,7 +4084,8 @@ TEST_F(MasterTest, MaxCompletedTasksPerFrameworkFlag)
Future<process::http::Response> response =
process::http::get(master.get(), "state");
- AWAIT_READY(response);
+
+ AWAIT_EXPECT_RESPONSE_STATUS_EQ(OK().status, response);
Try<JSON::Object> parse = JSON::parse<JSON::Object>(response->body);
ASSERT_SOME(parse);
[3/3] mesos git commit: Removed internal usage of deprecated
ACL::ShutdownFramework.
Posted by me...@apache.org.
Removed internal usage of deprecated ACL::ShutdownFramework.
The protobuf message `ACL::ShutdownFramework` is marked as deprecated
since Mesos 0.27.0 in favor of the `ACL::TeardownFramework` message.
This patch prepares for the eventual removal of the Shutdown message
by limiting its usage to the definition of the ACLs, so that no
Mesos code actually uses the message.
Users can still define ACLs using the Shutdown message, in such
cases the following rules apply:
- If both Shutdown and Teardown are used, a warning message is
printed informing of the deprecation and only the Teardown
contents are used.
- If only Shutdown is used, a warning message is printed
informing about deprecation, the contents of Shutdown are
moved over to Teardown and Teardown contents are used.
- If only Teardown is used, no further action is taken.
Review: https://reviews.apache.org/r/44318/
Project: http://git-wip-us.apache.org/repos/asf/mesos/repo
Commit: http://git-wip-us.apache.org/repos/asf/mesos/commit/334cb7c8
Tree: http://git-wip-us.apache.org/repos/asf/mesos/tree/334cb7c8
Diff: http://git-wip-us.apache.org/repos/asf/mesos/diff/334cb7c8
Branch: refs/heads/master
Commit: 334cb7c8ffcd5330637b0073710ea8693a708307
Parents: e42f740
Author: Alexander Rojas <al...@mesosphere.io>
Authored: Mon Mar 7 16:28:24 2016 -0800
Committer: Adam B <ad...@mesosphere.io>
Committed: Mon Mar 7 18:25:47 2016 -0800
----------------------------------------------------------------------
include/mesos/authorizer/authorizer.hpp | 10 +++---
include/mesos/authorizer/authorizer.proto | 5 +--
src/authorizer/local/authorizer.cpp | 47 ++++++++++++++++----------
src/authorizer/local/authorizer.hpp | 2 +-
src/master/http.cpp | 12 +++----
src/tests/mesos.cpp | 2 +-
src/tests/mesos.hpp | 2 +-
src/tests/teardown_tests.cpp | 4 +--
8 files changed, 49 insertions(+), 35 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/mesos/blob/334cb7c8/include/mesos/authorizer/authorizer.hpp
----------------------------------------------------------------------
diff --git a/include/mesos/authorizer/authorizer.hpp b/include/mesos/authorizer/authorizer.hpp
index 5ee3c7a..ec6c992 100644
--- a/include/mesos/authorizer/authorizer.hpp
+++ b/include/mesos/authorizer/authorizer.hpp
@@ -104,19 +104,19 @@ public:
const ACL::RunTask& request) = 0;
/**
- * Verifies whether a principal can shutdown a framework launched by another
+ * Verifies whether a principal can teardown a framework launched by another
* principal.
*
- * @param request `ACL::ShutdownFramework` packing all the parameters needed
- * to verify the given principal can shutdown a framework originally
+ * @param request `ACL::TeardownFramework` packing all the parameters needed
+ * to verify the given principal can teardown a framework originally
* registered by a (potentially different) framework principal.
*
- * @return true if the principal can shutdown a framework registered by the
+ * @return true if the principal can teardown a framework registered by the
* framework principal, false otherwise. A failed future indicates a
* problem processing the request; the request can be retried.
*/
virtual process::Future<bool> authorize(
- const ACL::ShutdownFramework& request) = 0;
+ const ACL::TeardownFramework& request) = 0;
/**
* Verifies whether a principal can reserve particular resources.
http://git-wip-us.apache.org/repos/asf/mesos/blob/334cb7c8/include/mesos/authorizer/authorizer.proto
----------------------------------------------------------------------
diff --git a/include/mesos/authorizer/authorizer.proto b/include/mesos/authorizer/authorizer.proto
index 84d2cb3..723da93 100644
--- a/include/mesos/authorizer/authorizer.proto
+++ b/include/mesos/authorizer/authorizer.proto
@@ -60,7 +60,8 @@ message ACL {
// Which principals are authorized to shutdown frameworks of other
// principals.
// TODO(gyliu513): Remove this message at the end of the deprecation
- // cycle on 0.27. It will be replaced by TeardownFramework then.
+ // cycle which started with 0.27. It will be fully replaced by
+ // TeardownFramework then.
message ShutdownFramework {
// Subjects.
required Entity principals = 1;
@@ -161,7 +162,7 @@ message ACLs {
repeated ACL.RegisterFramework register_frameworks = 2;
repeated ACL.RunTask run_tasks = 3;
// TODO(gyliu513): Remove this shutdown_frameworks at the
- // end of the deprecation cycle on 0.27.
+ // end of the deprecation cycle which started on 0.27.
repeated ACL.ShutdownFramework shutdown_frameworks = 4;
repeated ACL.ReserveResources reserve_resources = 5;
repeated ACL.UnreserveResources unreserve_resources = 6;
http://git-wip-us.apache.org/repos/asf/mesos/blob/334cb7c8/src/authorizer/local/authorizer.cpp
----------------------------------------------------------------------
diff --git a/src/authorizer/local/authorizer.cpp b/src/authorizer/local/authorizer.cpp
index a1486bd..4e5c2c2 100644
--- a/src/authorizer/local/authorizer.cpp
+++ b/src/authorizer/local/authorizer.cpp
@@ -42,6 +42,33 @@ public:
LocalAuthorizerProcess(const ACLs& _acls)
: ProcessBase(process::ID::generate("authorizer")), acls(_acls) {}
+ virtual void initialize()
+ {
+ // TODO(arojas): Remove the following two if blocks once
+ // ShutdownFramework reaches the end of deprecation cycle
+ // which started with 0.27.0.
+ if (acls.shutdown_frameworks_size() > 0 &&
+ acls.teardown_frameworks_size() > 0) {
+ LOG(WARNING) << "ACLs defined for both ShutdownFramework and "
+ << "TeardownFramework; only the latter will be used";
+ return;
+ }
+
+ // Move contents of `acls.shutdown_frameworks` to
+ // `acls.teardown_frameworks`
+ if (acls.shutdown_frameworks_size() > 0) {
+ LOG(WARNING) << "ShutdownFramework ACL is deprecated; please use "
+ << "TeardownFramework";
+ foreach (const ACL::ShutdownFramework& acl, acls.shutdown_frameworks()) {
+ ACL::TeardownFramework* teardown = acls.add_teardown_frameworks();
+ teardown->mutable_principals()->CopyFrom(acl.principals());
+ teardown->mutable_framework_principals()->CopyFrom(
+ acl.framework_principals());
+ }
+ }
+ acls.clear_shutdown_frameworks();
+ }
+
Future<bool> authorize(const ACL::RegisterFramework& request)
{
foreach (const ACL::RegisterFramework& acl, acls.register_frameworks()) {
@@ -72,22 +99,8 @@ public:
return acls.permissive(); // None of the ACLs match.
}
- Future<bool> authorize(const ACL::ShutdownFramework& request)
+ Future<bool> authorize(const ACL::TeardownFramework& request)
{
- // TODO(gyliu513): Remove this shutdown_frameworks acl logic at the
- // end of the deprecation cycle on 0.27.
- foreach (const ACL::ShutdownFramework& acl, acls.shutdown_frameworks()) {
- // ACL matches if both subjects and objects match.
- if (matches(request.principals(), acl.principals()) &&
- matches(request.framework_principals(),
- acl.framework_principals())) {
- // ACL is allowed if both subjects and objects are allowed.
- return allows(request.principals(), acl.principals()) &&
- allows(request.framework_principals(),
- acl.framework_principals());
- }
- }
-
foreach (const ACL::TeardownFramework& acl, acls.teardown_frameworks()) {
// ACL matches if both subjects and objects match.
if (matches(request.principals(), acl.principals()) &&
@@ -381,7 +394,7 @@ Future<bool> LocalAuthorizer::authorize(const ACL::RunTask& request)
}
-Future<bool> LocalAuthorizer::authorize(const ACL::ShutdownFramework& request)
+Future<bool> LocalAuthorizer::authorize(const ACL::TeardownFramework& request)
{
if (process == NULL) {
return Failure("Authorizer not initialized");
@@ -389,7 +402,7 @@ Future<bool> LocalAuthorizer::authorize(const ACL::ShutdownFramework& request)
// Necessary to disambiguate.
typedef Future<bool>(LocalAuthorizerProcess::*F)(
- const ACL::ShutdownFramework&);
+ const ACL::TeardownFramework&);
return dispatch(
process, static_cast<F>(&LocalAuthorizerProcess::authorize), request);
http://git-wip-us.apache.org/repos/asf/mesos/blob/334cb7c8/src/authorizer/local/authorizer.hpp
----------------------------------------------------------------------
diff --git a/src/authorizer/local/authorizer.hpp b/src/authorizer/local/authorizer.hpp
index c7321c2..96baf77 100644
--- a/src/authorizer/local/authorizer.hpp
+++ b/src/authorizer/local/authorizer.hpp
@@ -56,7 +56,7 @@ public:
virtual process::Future<bool> authorize(
const ACL::RunTask& request);
virtual process::Future<bool> authorize(
- const ACL::ShutdownFramework& request);
+ const ACL::TeardownFramework& request);
virtual process::Future<bool> authorize(
const ACL::ReserveResources& request);
virtual process::Future<bool> authorize(
http://git-wip-us.apache.org/repos/asf/mesos/blob/334cb7c8/src/master/http.cpp
----------------------------------------------------------------------
diff --git a/src/master/http.cpp b/src/master/http.cpp
index 8276baa..a3ad57a 100644
--- a/src/master/http.cpp
+++ b/src/master/http.cpp
@@ -1775,22 +1775,22 @@ Future<Response> Master::Http::teardown(
return _teardown(id);
}
- mesos::ACL::ShutdownFramework shutdown;
+ mesos::ACL::TeardownFramework teardown;
if (principal.isSome()) {
- shutdown.mutable_principals()->add_values(principal.get());
+ teardown.mutable_principals()->add_values(principal.get());
} else {
- shutdown.mutable_principals()->set_type(ACL::Entity::ANY);
+ teardown.mutable_principals()->set_type(ACL::Entity::ANY);
}
if (framework->info.has_principal()) {
- shutdown.mutable_framework_principals()->add_values(
+ teardown.mutable_framework_principals()->add_values(
framework->info.principal());
} else {
- shutdown.mutable_framework_principals()->set_type(ACL::Entity::ANY);
+ teardown.mutable_framework_principals()->set_type(ACL::Entity::ANY);
}
- return master->authorizer.get()->authorize(shutdown)
+ return master->authorizer.get()->authorize(teardown)
.then(defer(master->self(), [=](bool authorized) -> Future<Response> {
if (!authorized) {
return Forbidden();
http://git-wip-us.apache.org/repos/asf/mesos/blob/334cb7c8/src/tests/mesos.cpp
----------------------------------------------------------------------
diff --git a/src/tests/mesos.cpp b/src/tests/mesos.cpp
index e0f641c..395b23d 100644
--- a/src/tests/mesos.cpp
+++ b/src/tests/mesos.cpp
@@ -741,7 +741,7 @@ MockAuthorizer::MockAuthorizer()
EXPECT_CALL(*this, authorize(An<const mesos::ACL::RunTask&>()))
.WillRepeatedly(Return(true));
- EXPECT_CALL(*this, authorize(An<const mesos::ACL::ShutdownFramework&>()))
+ EXPECT_CALL(*this, authorize(An<const mesos::ACL::TeardownFramework&>()))
.WillRepeatedly(Return(true));
EXPECT_CALL(*this, authorize(An<const mesos::ACL::ReserveResources&>()))
http://git-wip-us.apache.org/repos/asf/mesos/blob/334cb7c8/src/tests/mesos.hpp
----------------------------------------------------------------------
diff --git a/src/tests/mesos.hpp b/src/tests/mesos.hpp
index d36840f..9c62833 100644
--- a/src/tests/mesos.hpp
+++ b/src/tests/mesos.hpp
@@ -1641,7 +1641,7 @@ public:
MOCK_METHOD1(
authorize, process::Future<bool>(const ACL::RunTask& request));
MOCK_METHOD1(
- authorize, process::Future<bool>(const ACL::ShutdownFramework& request));
+ authorize, process::Future<bool>(const ACL::TeardownFramework& request));
MOCK_METHOD1(
authorize, process::Future<bool>(const ACL::ReserveResources& request));
MOCK_METHOD1(
http://git-wip-us.apache.org/repos/asf/mesos/blob/334cb7c8/src/tests/teardown_tests.cpp
----------------------------------------------------------------------
diff --git a/src/tests/teardown_tests.cpp b/src/tests/teardown_tests.cpp
index 6e9e2e6..2b8e687 100644
--- a/src/tests/teardown_tests.cpp
+++ b/src/tests/teardown_tests.cpp
@@ -222,9 +222,9 @@ TEST_F(TeardownTest, TeardownEndpointGoodDeprecatedACLs)
// Testing route with bad ACLs.
TEST_F(TeardownTest, TeardownEndpointBadACLs)
{
- // Setup ACLs so that no principal can do teardown the framework.
+ // Setup ACLs so that no principal can teardown the framework.
ACLs acls;
- mesos::ACL::ShutdownFramework* acl = acls.add_shutdown_frameworks();
+ mesos::ACL::TeardownFramework* acl = acls.add_teardown_frameworks();
acl->mutable_principals()->set_type(mesos::ACL::Entity::NONE);
acl->mutable_framework_principals()->add_values(
DEFAULT_CREDENTIAL.principal());
[2/3] mesos git commit: Wrapped TASK_LOST with `` in authorization.md.
Posted by me...@apache.org.
Wrapped TASK_LOST with `` in authorization.md.
Review: https://reviews.apache.org/r/43802/
Project: http://git-wip-us.apache.org/repos/asf/mesos/repo
Commit: http://git-wip-us.apache.org/repos/asf/mesos/commit/4c090451
Tree: http://git-wip-us.apache.org/repos/asf/mesos/tree/4c090451
Diff: http://git-wip-us.apache.org/repos/asf/mesos/diff/4c090451
Branch: refs/heads/master
Commit: 4c090451b6bb8a292dc02fb7aba955e53cfa0f15
Parents: 334cb7c
Author: Klaus Ma <kl...@gmail.com>
Authored: Mon Mar 7 17:24:18 2016 -0800
Committer: Adam B <ad...@mesosphere.io>
Committed: Mon Mar 7 18:25:47 2016 -0800
----------------------------------------------------------------------
docs/authorization.md | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/mesos/blob/4c090451/docs/authorization.md
----------------------------------------------------------------------
diff --git a/docs/authorization.md b/docs/authorization.md
index a865b6b..c4449d5 100644
--- a/docs/authorization.md
+++ b/docs/authorization.md
@@ -57,7 +57,7 @@ The Mesos master checks the ACLs to verify whether a request is authorized or no
For example, when a framework (re-)registers with the master, "register_frameworks" ACLs are checked to see if the framework (`FrameworkInfo.principal`) is authorized to receive offers for the given resource role (`FrameworkInfo.role`). If not authorized, the framework is not allowed to (re-)register and gets an `Error` message back (which aborts the scheduler driver).
-Similarly, when a framework launches a task, "run_tasks" ACLs are checked to see if the framework (`FrameworkInfo.principal`) is authorized to run the task/executor as the given user. If not authorized, the launch is rejected and the framework gets a TASK_LOST.
+Similarly, when a framework launches a task, "run_tasks" ACLs are checked to see if the framework (`FrameworkInfo.principal`) is authorized to run the task/executor as the given user. If not authorized, the launch is rejected and the framework gets a `TASK_LOST`.
In the same vein, when a user/principal attempts to teardown a framework using the "/teardown" HTTP endpoint on the master, "teardown_frameworks" ACLs are checked to see if the principal is authorized to teardown the given framework. If not authorized, the teardown is rejected and the user receives a `Forbidden` HTTP response.