You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@mesos.apache.org by gi...@apache.org on 2017/12/31 12:17:57 UTC

[2/3] mesos git commit: Added test for `prune_images` acl validation.

Added test for `prune_images` acl validation.

Review: https://reviews.apache.org/r/64865/


Project: http://git-wip-us.apache.org/repos/asf/mesos/repo
Commit: http://git-wip-us.apache.org/repos/asf/mesos/commit/310ba44a
Tree: http://git-wip-us.apache.org/repos/asf/mesos/tree/310ba44a
Diff: http://git-wip-us.apache.org/repos/asf/mesos/diff/310ba44a

Branch: refs/heads/master
Commit: 310ba44a4d48d65e5f28db050fed72e343cde441
Parents: 250a9a5
Author: Zhitao Li <zh...@gmail.com>
Authored: Sun Dec 31 18:27:55 2017 +0800
Committer: Gilbert Song <so...@gmail.com>
Committed: Sun Dec 31 19:40:03 2017 +0800

----------------------------------------------------------------------
 src/tests/authorization_tests.cpp | 55 ++++++++++++++++++++++++++++++++++
 1 file changed, 55 insertions(+)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/mesos/blob/310ba44a/src/tests/authorization_tests.cpp
----------------------------------------------------------------------
diff --git a/src/tests/authorization_tests.cpp b/src/tests/authorization_tests.cpp
index 4f3da08..a76ad18 100644
--- a/src/tests/authorization_tests.cpp
+++ b/src/tests/authorization_tests.cpp
@@ -5495,6 +5495,61 @@ TYPED_TEST(AuthorizationTest, ModifyResourceProviderConfig)
   }
 }
 
+
+// This tests the authorization of requests to prune images.
+TYPED_TEST(AuthorizationTest, PruneImages)
+{
+  ACLs acls;
+
+  {
+    // "foo" principal can prune any images.
+    mesos::ACL::PruneImages* acl = acls.add_prune_images();
+    acl->mutable_principals()->add_values("foo");
+    acl->mutable_images()->set_type(mesos::ACL::Entity::ANY);
+  }
+
+  {
+    // Nobody else can prune images.
+    mesos::ACL::PruneImages* acl = acls.add_prune_images();
+    acl->mutable_principals()->set_type(mesos::ACL::Entity::ANY);
+    acl->mutable_images()->set_type(mesos::ACL::Entity::NONE);
+  }
+
+  Try<Authorizer*> create = TypeParam::create(parameterize(acls));
+  ASSERT_SOME(create);
+  Owned<Authorizer> authorizer(create.get());
+
+  {
+    // "foo" is allowed to prune images. This request should succeed.
+    authorization::Request request;
+    request.set_action(authorization::PRUNE_IMAGES);
+    request.mutable_subject()->set_value("foo");
+
+    AWAIT_EXPECT_TRUE(authorizer->authorized(request));
+  }
+
+  {
+    // "bar" is not allowed to prune images. The request should fail.
+    authorization::Request request;
+    request.set_action(authorization::PRUNE_IMAGES);
+    request.mutable_subject()->set_value("bar");
+
+    AWAIT_EXPECT_FALSE(authorizer->authorized(request));
+  }
+
+  {
+    // Test that no authorizer is created with invalid ACLs.
+    ACLs invalid;
+
+    mesos::ACL::PruneImages* acl = invalid.add_prune_images();
+    acl->mutable_principals()->add_values("foo");
+    acl->mutable_images()->add_values("yoda");
+
+    Try<Authorizer*> create = TypeParam::create(parameterize(invalid));
+    EXPECT_ERROR(create);
+  }
+}
+
 } // namespace tests {
 } // namespace internal {
 } // namespace mesos {