You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@mesos.apache.org by gi...@apache.org on 2017/12/31 12:17:57 UTC
[2/3] mesos git commit: Added test for `prune_images` acl validation.
Added test for `prune_images` acl validation.
Review: https://reviews.apache.org/r/64865/
Project: http://git-wip-us.apache.org/repos/asf/mesos/repo
Commit: http://git-wip-us.apache.org/repos/asf/mesos/commit/310ba44a
Tree: http://git-wip-us.apache.org/repos/asf/mesos/tree/310ba44a
Diff: http://git-wip-us.apache.org/repos/asf/mesos/diff/310ba44a
Branch: refs/heads/master
Commit: 310ba44a4d48d65e5f28db050fed72e343cde441
Parents: 250a9a5
Author: Zhitao Li <zh...@gmail.com>
Authored: Sun Dec 31 18:27:55 2017 +0800
Committer: Gilbert Song <so...@gmail.com>
Committed: Sun Dec 31 19:40:03 2017 +0800
----------------------------------------------------------------------
src/tests/authorization_tests.cpp | 55 ++++++++++++++++++++++++++++++++++
1 file changed, 55 insertions(+)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/mesos/blob/310ba44a/src/tests/authorization_tests.cpp
----------------------------------------------------------------------
diff --git a/src/tests/authorization_tests.cpp b/src/tests/authorization_tests.cpp
index 4f3da08..a76ad18 100644
--- a/src/tests/authorization_tests.cpp
+++ b/src/tests/authorization_tests.cpp
@@ -5495,6 +5495,61 @@ TYPED_TEST(AuthorizationTest, ModifyResourceProviderConfig)
}
}
+
+// This tests the authorization of requests to prune images.
+TYPED_TEST(AuthorizationTest, PruneImages)
+{
+ ACLs acls;
+
+ {
+ // "foo" principal can prune any images.
+ mesos::ACL::PruneImages* acl = acls.add_prune_images();
+ acl->mutable_principals()->add_values("foo");
+ acl->mutable_images()->set_type(mesos::ACL::Entity::ANY);
+ }
+
+ {
+ // Nobody else can prune images.
+ mesos::ACL::PruneImages* acl = acls.add_prune_images();
+ acl->mutable_principals()->set_type(mesos::ACL::Entity::ANY);
+ acl->mutable_images()->set_type(mesos::ACL::Entity::NONE);
+ }
+
+ Try<Authorizer*> create = TypeParam::create(parameterize(acls));
+ ASSERT_SOME(create);
+ Owned<Authorizer> authorizer(create.get());
+
+ {
+ // "foo" is allowed to prune images. This request should succeed.
+ authorization::Request request;
+ request.set_action(authorization::PRUNE_IMAGES);
+ request.mutable_subject()->set_value("foo");
+
+ AWAIT_EXPECT_TRUE(authorizer->authorized(request));
+ }
+
+ {
+ // "bar" is not allowed to prune images. The request should fail.
+ authorization::Request request;
+ request.set_action(authorization::PRUNE_IMAGES);
+ request.mutable_subject()->set_value("bar");
+
+ AWAIT_EXPECT_FALSE(authorizer->authorized(request));
+ }
+
+ {
+ // Test that no authorizer is created with invalid ACLs.
+ ACLs invalid;
+
+ mesos::ACL::PruneImages* acl = invalid.add_prune_images();
+ acl->mutable_principals()->add_values("foo");
+ acl->mutable_images()->add_values("yoda");
+
+ Try<Authorizer*> create = TypeParam::create(parameterize(invalid));
+ EXPECT_ERROR(create);
+ }
+}
+
} // namespace tests {
} // namespace internal {
} // namespace mesos {