You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@mesos.apache.org by gr...@apache.org on 2017/08/02 22:45:09 UTC
[2/2] mesos git commit: Added full authz for non summarized fields of
`/slaves` endpoint.
Added full authz for non summarized fields of `/slaves` endpoint.
Fields were authorized based on partial elements of each
resource. Moreover, some fields which required authorization were not
being authorized at all. This patch enables full authorization of all
fields.
Review: https://reviews.apache.org/r/61257/
Project: http://git-wip-us.apache.org/repos/asf/mesos/repo
Commit: http://git-wip-us.apache.org/repos/asf/mesos/commit/e87569b2
Tree: http://git-wip-us.apache.org/repos/asf/mesos/tree/e87569b2
Diff: http://git-wip-us.apache.org/repos/asf/mesos/diff/e87569b2
Branch: refs/heads/master
Commit: e87569b2ae3c7f8303ce146f882c340b4fdd5ca4
Parents: 2fe2562
Author: Alexander Rojas <al...@mesosphere.io>
Authored: Wed Aug 2 13:14:07 2017 -0700
Committer: Greg Mann <gr...@gmail.com>
Committed: Wed Aug 2 15:35:29 2017 -0700
----------------------------------------------------------------------
src/master/http.cpp | 22 +++++++++++++---------
1 file changed, 13 insertions(+), 9 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/mesos/blob/e87569b2/src/master/http.cpp
----------------------------------------------------------------------
diff --git a/src/master/http.cpp b/src/master/http.cpp
index e589829..959091c 100644
--- a/src/master/http.cpp
+++ b/src/master/http.cpp
@@ -484,10 +484,13 @@ struct SlavesWriter
const Resources& resources,
reserved) {
if (authorizeRole_->accept(role)) {
- writer->field(role, [&resources](JSON::ArrayWriter* writer) {
+ writer->field(role, [&resources, this](
+ JSON::ArrayWriter* writer) {
foreach (Resource resource, resources) {
- convertResourceFormat(&resource, ENDPOINT);
- writer->element(JSON::Protobuf(resource));
+ if (authorizeResource(resource, authorizeRole_)) {
+ convertResourceFormat(&resource, ENDPOINT);
+ writer->element(JSON::Protobuf(resource));
+ }
}
});
}
@@ -498,10 +501,12 @@ struct SlavesWriter
writer->field(
"unreserved_resources_full",
- [&unreservedResources](JSON::ArrayWriter* writer) {
+ [&unreservedResources, this](JSON::ArrayWriter* writer) {
foreach (Resource resource, unreservedResources) {
- convertResourceFormat(&resource, ENDPOINT);
- writer->element(JSON::Protobuf(resource));
+ if (authorizeResource(resource, authorizeRole_)) {
+ convertResourceFormat(&resource, ENDPOINT);
+ writer->element(JSON::Protobuf(resource));
+ }
}
});
@@ -511,8 +516,7 @@ struct SlavesWriter
"used_resources_full",
[&usedResources, this](JSON::ArrayWriter* writer) {
foreach (Resource resource, usedResources) {
- if (authorizeRole_->accept(resource.role()) &&
- authorizeRole_->accept(resource.allocation_info().role())) {
+ if (authorizeResource(resource, authorizeRole_)) {
convertResourceFormat(&resource, ENDPOINT);
writer->element(JSON::Protobuf(resource));
}
@@ -525,7 +529,7 @@ struct SlavesWriter
"offered_resources_full",
[&offeredResources, this](JSON::ArrayWriter* writer) {
foreach (Resource resource, offeredResources) {
- if (authorizeRole_->accept(resource.role())) {
+ if (authorizeResource(resource, authorizeRole_)) {
convertResourceFormat(&resource, ENDPOINT);
writer->element(JSON::Protobuf(resource));
}