You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@mesos.apache.org by ti...@apache.org on 2016/01/20 22:41:34 UTC
[1/4] mesos git commit: Changed HTTP responses from Unauthorized
(401) to Forbidden (403).
Repository: mesos
Updated Branches:
refs/heads/master 6af5f0597 -> cde429dd2
Changed HTTP responses from Unauthorized (401) to Forbidden (403).
It is a common pattern within Mesos to return an HTTP 401
(Unauthorized) response whenever the request is invalid for whatever
reason. However, according to the [RFC-2617 Section 1.2]
(https://tools.ietf.org/html/rfc2617#section-1.2):
> The 401 (Unauthorized) response message is used by an origin server
> to challenge the authorization of a user agent. This response MUST
> include a WWW-Authenticate header field containing at least one
> challenge applicable to the requested resource.
Meaning that despite the confusing name, the status code
_401 Unauthorized_ should be used only for authentication purposes.
On the other hand, the [RFC-2616 Section 10.4.4]
(http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html#sec10.4.4)
states:
> _(403 Forbidden is returned when)_ The server understood the
> request, but is refusing to fulfill it. Authorization will not help
> and the request SHOULD NOT be repeated. If the request method was
> not HEAD and the server wishes to make public why the request has
> not been fulfilled, it SHOULD describe the reason for the refusal
> in the entity. If the server does not wish to make this information
> available to the client, the status code 404 (Not Found) can be used
> instead.
As such, _403 (Forbidden)_ seems to be a better return code when
replying inside endpoint handlers, while _401 (Unauthorized)_ should
be left to the HTTP authenticators only.
Review: https://reviews.apache.org/r/42027/
Project: http://git-wip-us.apache.org/repos/asf/mesos/repo
Commit: http://git-wip-us.apache.org/repos/asf/mesos/commit/51f05b17
Tree: http://git-wip-us.apache.org/repos/asf/mesos/tree/51f05b17
Diff: http://git-wip-us.apache.org/repos/asf/mesos/diff/51f05b17
Branch: refs/heads/master
Commit: 51f05b172139d45058700c9ffa69e9bdf593ee3e
Parents: 6af5f05
Author: Alexander Rojas <al...@mesosphere.io>
Authored: Wed Jan 20 21:56:08 2016 +0100
Committer: Till Toenshoff <to...@me.com>
Committed: Wed Jan 20 21:56:08 2016 +0100
----------------------------------------------------------------------
docs/authorization.md | 2 +-
src/master/http.cpp | 14 ++++++--------
src/master/quota_handler.cpp | 6 +++---
src/tests/master_quota_tests.cpp | 5 +++--
src/tests/persistent_volume_endpoints_tests.cpp | 9 +++------
src/tests/reservation_endpoints_tests.cpp | 9 +++------
src/tests/scheduler_http_api_tests.cpp | 6 ++----
src/tests/teardown_tests.cpp | 5 ++---
8 files changed, 23 insertions(+), 33 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/mesos/blob/51f05b17/docs/authorization.md
----------------------------------------------------------------------
diff --git a/docs/authorization.md b/docs/authorization.md
index a928f17..016ab65 100644
--- a/docs/authorization.md
+++ b/docs/authorization.md
@@ -60,7 +60,7 @@ For example, when a framework (re-)registers with the master, "register_framewor
Similarly, when a framework launches a task, "run_tasks" ACLs are checked to see if the framework (`FrameworkInfo.principal`) is authorized to run the task/executor as the given user. If not authorized, the launch is rejected and the framework gets a TASK_LOST.
-In the same vein, when a user/principal attempts to shutdown a framework using the "/teardown" HTTP endpoint on the master, "shutdown_frameworks" ACLs are checked to see if the principal is authorized to shutdown the given framework. If not authorized, the shutdown is rejected and the user receives an `Unauthorized` HTTP response.
+In the same vein, when a user/principal attempts to shutdown a framework using the "/teardown" HTTP endpoint on the master, "shutdown_frameworks" ACLs are checked to see if the principal is authorized to shutdown the given framework. If not authorized, the shutdown is rejected and the user receives a `Forbidden` HTTP response.
If no user/principal is provided in a request to an HTTP endpoint and authentication is disabled, the `ANY` subject is used in the authorization.
http://git-wip-us.apache.org/repos/asf/mesos/blob/51f05b17/src/master/http.cpp
----------------------------------------------------------------------
diff --git a/src/master/http.cpp b/src/master/http.cpp
index 34a70ee..12c1fe5 100644
--- a/src/master/http.cpp
+++ b/src/master/http.cpp
@@ -92,7 +92,6 @@ using process::http::OK;
using process::http::Pipe;
using process::http::ServiceUnavailable;
using process::http::TemporaryRedirect;
-using process::http::Unauthorized;
using process::http::UnsupportedMediaType;
using process::metrics::internal::MetricsProcess;
@@ -547,8 +546,7 @@ Future<Response> Master::Http::scheduler(const Request& request) const
}
if (master->flags.authenticate_frameworks) {
- return Unauthorized(
- "Mesos master",
+ return Forbidden(
"HTTP schedulers are not supported when authentication is required");
}
@@ -788,7 +786,7 @@ Future<Response> Master::Http::createVolumes(
return master->authorizeCreateVolume(operation.create(), principal)
.then(defer(master->self(), [=](bool authorized) -> Future<Response> {
if (!authorized) {
- return Unauthorized("Mesos master");
+ return Forbidden();
}
// The resources required for this operation are equivalent to the
@@ -879,7 +877,7 @@ Future<Response> Master::Http::destroyVolumes(
return master->authorizeDestroyVolume(operation.destroy(), principal)
.then(defer(master->self(), [=](bool authorized) -> Future<Response> {
if (!authorized) {
- return Unauthorized("Mesos master");
+ return Forbidden();
}
return _operation(slaveId, volumes, operation);
@@ -1208,7 +1206,7 @@ Future<Response> Master::Http::reserve(
return master->authorizeReserveResources(operation.reserve(), principal)
.then(defer(master->self(), [=](bool authorized) -> Future<Response> {
if (!authorized) {
- return Unauthorized("Mesos master");
+ return Forbidden();
}
// NOTE: `flatten()` is important. To make a dynamic reservation,
@@ -1853,7 +1851,7 @@ Future<Response> Master::Http::teardown(
return master->authorizer.get()->authorize(shutdown)
.then(defer(master->self(), [=](bool authorized) -> Future<Response> {
if (!authorized) {
- return Unauthorized("Mesos master");
+ return Forbidden();
}
return _teardown(id);
}));
@@ -2481,7 +2479,7 @@ Future<Response> Master::Http::unreserve(
return master->authorizeUnreserveResources(operation.unreserve(), principal)
.then(defer(master->self(), [=](bool authorized) -> Future<Response> {
if (!authorized) {
- return Unauthorized("Mesos master");
+ return Forbidden();
}
return _operation(slaveId, resources, operation);
http://git-wip-us.apache.org/repos/asf/mesos/blob/51f05b17/src/master/quota_handler.cpp
----------------------------------------------------------------------
diff --git a/src/master/quota_handler.cpp b/src/master/quota_handler.cpp
index f44736c..aa06cbc 100644
--- a/src/master/quota_handler.cpp
+++ b/src/master/quota_handler.cpp
@@ -47,8 +47,8 @@ using google::protobuf::RepeatedPtrField;
using http::Accepted;
using http::BadRequest;
using http::Conflict;
+using http::Forbidden;
using http::OK;
-using http::Unauthorized;
using mesos::quota::QuotaInfo;
using mesos::quota::QuotaStatus;
@@ -341,7 +341,7 @@ Future<http::Response> Master::QuotaHandler::set(
return authorizeSetQuota(principal, quotaInfo.role())
.then(defer(master->self(), [=](bool authorized) -> Future<http::Response> {
if (!authorized) {
- return Unauthorized("Mesos master");
+ return Forbidden();
}
return _set(quotaInfo, forced);
@@ -450,7 +450,7 @@ Future<http::Response> Master::QuotaHandler::remove(
return authorizeRemoveQuota(principal, quota_principal)
.then(defer(master->self(), [=](bool authorized) -> Future<http::Response> {
if (!authorized) {
- return Unauthorized("Mesos master");
+ return Forbidden();
}
return _remove(role);
http://git-wip-us.apache.org/repos/asf/mesos/blob/51f05b17/src/tests/master_quota_tests.cpp
----------------------------------------------------------------------
diff --git a/src/tests/master_quota_tests.cpp b/src/tests/master_quota_tests.cpp
index e8cb074..c22b91f 100644
--- a/src/tests/master_quota_tests.cpp
+++ b/src/tests/master_quota_tests.cpp
@@ -53,6 +53,7 @@ using process::PID;
using process::http::BadRequest;
using process::http::Conflict;
+using process::http::Forbidden;
using process::http::OK;
using process::http::Response;
using process::http::Unauthorized;
@@ -1190,7 +1191,7 @@ TEST_F(MasterQuotaTest, AuthorizeQuotaRequests)
createRequestBody(ROLE1, quotaResources, FORCE));
AWAIT_EXPECT_RESPONSE_STATUS_EQ(
- Unauthorized("Mesos master").status, response) << response.get().body;
+ Forbidden().status, response) << response.get().body;
}
// Request quota using the default principal.
@@ -1236,7 +1237,7 @@ TEST_F(MasterQuotaTest, AuthorizeQuotaRequests)
createBasicAuthHeaders(DEFAULT_CREDENTIAL_2));
AWAIT_EXPECT_RESPONSE_STATUS_EQ(
- Unauthorized("Mesos master").status, response) << response.get().body;
+ Forbidden().status, response) << response.get().body;
}
// Remove the previously requested quota using the default principal.
http://git-wip-us.apache.org/repos/asf/mesos/blob/51f05b17/src/tests/persistent_volume_endpoints_tests.cpp
----------------------------------------------------------------------
diff --git a/src/tests/persistent_volume_endpoints_tests.cpp b/src/tests/persistent_volume_endpoints_tests.cpp
index f0cce19..92b1467 100644
--- a/src/tests/persistent_volume_endpoints_tests.cpp
+++ b/src/tests/persistent_volume_endpoints_tests.cpp
@@ -55,6 +55,7 @@ using process::PID;
using process::http::BadRequest;
using process::http::Conflict;
+using process::http::Forbidden;
using process::http::OK;
using process::http::Response;
using process::http::Unauthorized;
@@ -896,9 +897,7 @@ TEST_F(PersistentVolumeEndpointsTest, BadCreateAndDestroyACL)
createBasicAuthHeaders(DEFAULT_CREDENTIAL),
createRequestBody(slaveId.get(), "volumes", volume));
- AWAIT_EXPECT_RESPONSE_STATUS_EQ(
- Unauthorized("Mesos master").status,
- createResponse);
+ AWAIT_EXPECT_RESPONSE_STATUS_EQ(Forbidden().status, createResponse);
// The successful creation attempt.
createResponse = process::http::post(
@@ -941,9 +940,7 @@ TEST_F(PersistentVolumeEndpointsTest, BadCreateAndDestroyACL)
createBasicAuthHeaders(DEFAULT_CREDENTIAL),
createRequestBody(slaveId.get(), "volumes", volume));
- AWAIT_EXPECT_RESPONSE_STATUS_EQ(
- Unauthorized("Mesos master").status,
- destroyResponse);
+ AWAIT_EXPECT_RESPONSE_STATUS_EQ(Forbidden().status, destroyResponse);
driver.stop();
driver.join();
http://git-wip-us.apache.org/repos/asf/mesos/blob/51f05b17/src/tests/reservation_endpoints_tests.cpp
----------------------------------------------------------------------
diff --git a/src/tests/reservation_endpoints_tests.cpp b/src/tests/reservation_endpoints_tests.cpp
index b8edd6f..025ed7f 100644
--- a/src/tests/reservation_endpoints_tests.cpp
+++ b/src/tests/reservation_endpoints_tests.cpp
@@ -51,6 +51,7 @@ using process::PID;
using process::http::BadRequest;
using process::http::Conflict;
+using process::http::Forbidden;
using process::http::OK;
using process::http::Response;
using process::http::Unauthorized;
@@ -929,9 +930,7 @@ TEST_F(ReservationEndpointsTest, BadReserveACL)
createRequestBody(slaveId.get(), dynamicallyReserved));
// Expect a failed authorization.
- AWAIT_EXPECT_RESPONSE_STATUS_EQ(
- Unauthorized("Mesos master").status,
- response);
+ AWAIT_EXPECT_RESPONSE_STATUS_EQ(Forbidden().status, response);
Shutdown();
}
@@ -1000,9 +999,7 @@ TEST_F(ReservationEndpointsTest, BadUnreserveACL)
createRequestBody(slaveId.get(), dynamicallyReserved));
// Expect a failed authorization.
- AWAIT_EXPECT_RESPONSE_STATUS_EQ(
- Unauthorized("Mesos master").status,
- response);
+ AWAIT_EXPECT_RESPONSE_STATUS_EQ(Forbidden().status, response);
Shutdown();
}
http://git-wip-us.apache.org/repos/asf/mesos/blob/51f05b17/src/tests/scheduler_http_api_tests.cpp
----------------------------------------------------------------------
diff --git a/src/tests/scheduler_http_api_tests.cpp b/src/tests/scheduler_http_api_tests.cpp
index 143bd41..9eb1de7 100644
--- a/src/tests/scheduler_http_api_tests.cpp
+++ b/src/tests/scheduler_http_api_tests.cpp
@@ -52,12 +52,12 @@ using process::Future;
using process::PID;
using process::http::BadRequest;
+using process::http::Forbidden;
using process::http::MethodNotAllowed;
using process::http::NotAcceptable;
using process::http::OK;
using process::http::Pipe;
using process::http::Response;
-using process::http::Unauthorized;
using process::http::UnsupportedMediaType;
using recordio::Decoder;
@@ -135,9 +135,7 @@ TEST_F(SchedulerHttpApiTest, AuthenticationRequired)
None(),
None());
- AWAIT_EXPECT_RESPONSE_STATUS_EQ(
- Unauthorized("Mesos master").status,
- response);
+ AWAIT_EXPECT_RESPONSE_STATUS_EQ(Forbidden().status, response);
}
http://git-wip-us.apache.org/repos/asf/mesos/blob/51f05b17/src/tests/teardown_tests.cpp
----------------------------------------------------------------------
diff --git a/src/tests/teardown_tests.cpp b/src/tests/teardown_tests.cpp
index 97cc89b..a41ecf4 100644
--- a/src/tests/teardown_tests.cpp
+++ b/src/tests/teardown_tests.cpp
@@ -45,6 +45,7 @@ using process::Future;
using process::PID;
using process::http::BadRequest;
+using process::http::Forbidden;
using process::http::OK;
using process::http::Response;
using process::http::Unauthorized;
@@ -229,9 +230,7 @@ TEST_F(TeardownTest, TeardownEndpointBadACLs)
"frameworkId=" + frameworkId.get().value());
AWAIT_READY(response);
- AWAIT_EXPECT_RESPONSE_STATUS_EQ(
- Unauthorized("Mesos master").status,
- response);
+ AWAIT_EXPECT_RESPONSE_STATUS_EQ(Forbidden().status, response);
driver.stop();
driver.join();
[4/4] mesos git commit: Removed deprecated constructor of
http::Unauthorized in Mesos.
Posted by ti...@apache.org.
Removed deprecated constructor of http::Unauthorized in Mesos.
The constructor of `process::http::Unauthorized(const std::string&)`
is marked as deprecated. This patch fully removes the constructor and
cleans up its usage in the Mesos codebase.
This change also allows to use initializer lists on the
`process::http::Unauthorized(const std::vector<std::string>&)`
constructor since there is no longer an ambiguity.
Review: https://reviews.apache.org/r/42140/
Project: http://git-wip-us.apache.org/repos/asf/mesos/repo
Commit: http://git-wip-us.apache.org/repos/asf/mesos/commit/cde429dd
Tree: http://git-wip-us.apache.org/repos/asf/mesos/tree/cde429dd
Diff: http://git-wip-us.apache.org/repos/asf/mesos/diff/cde429dd
Branch: refs/heads/master
Commit: cde429dd2e1b7ba28923b53dd754b7494373d850
Parents: 8351fe5
Author: Alexander Rojas <al...@mesosphere.io>
Authored: Wed Jan 20 22:01:31 2016 +0100
Committer: Till Toenshoff <to...@me.com>
Committed: Wed Jan 20 22:01:31 2016 +0100
----------------------------------------------------------------------
src/tests/http_authentication_tests.cpp | 8 ++++----
src/tests/master_quota_tests.cpp | 4 ++--
src/tests/persistent_volume_endpoints_tests.cpp | 12 ++++++------
src/tests/reservation_endpoints_tests.cpp | 8 ++++----
src/tests/teardown_tests.cpp | 12 ++----------
5 files changed, 18 insertions(+), 26 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/mesos/blob/cde429dd/src/tests/http_authentication_tests.cpp
----------------------------------------------------------------------
diff --git a/src/tests/http_authentication_tests.cpp b/src/tests/http_authentication_tests.cpp
index 3d6da53..bd62257 100644
--- a/src/tests/http_authentication_tests.cpp
+++ b/src/tests/http_authentication_tests.cpp
@@ -112,7 +112,7 @@ TYPED_TEST(HttpAuthenticationTest, BasicWithoutCredentialsTest)
{
AuthenticationResult unauthorized;
unauthorized.unauthorized =
- Unauthorized(vector<string>({"Basic realm=\"mesos\""}));
+ Unauthorized({"Basic realm=\"mesos\""});
Request request;
@@ -128,7 +128,7 @@ TYPED_TEST(HttpAuthenticationTest, BasicWithoutCredentialsTest)
AuthenticationResult unauthorized;
unauthorized.unauthorized =
- Unauthorized(vector<string>({"Basic realm=\"mesos\""}));
+ Unauthorized({"Basic realm=\"mesos\""});
AWAIT_EXPECT_EQ(unauthorized, authenticator->authenticate(request));
}
@@ -156,7 +156,7 @@ TYPED_TEST(HttpAuthenticationTest, BasicWithCredentialsTest)
AuthenticationResult unauthorized;
unauthorized.unauthorized =
- Unauthorized(vector<string>({"Basic realm=\"mesos\""}));
+ Unauthorized({"Basic realm=\"mesos\""});
AWAIT_EXPECT_EQ(unauthorized, authenticator->authenticate(request));
}
@@ -171,7 +171,7 @@ TYPED_TEST(HttpAuthenticationTest, BasicWithCredentialsTest)
AuthenticationResult unauthorized;
unauthorized.unauthorized =
- Unauthorized(vector<string>({"Basic realm=\"mesos\""}));
+ Unauthorized({"Basic realm=\"mesos\""});
AWAIT_EXPECT_EQ(unauthorized, authenticator->authenticate(request));
}
http://git-wip-us.apache.org/repos/asf/mesos/blob/cde429dd/src/tests/master_quota_tests.cpp
----------------------------------------------------------------------
diff --git a/src/tests/master_quota_tests.cpp b/src/tests/master_quota_tests.cpp
index c22b91f..7d07be3 100644
--- a/src/tests/master_quota_tests.cpp
+++ b/src/tests/master_quota_tests.cpp
@@ -1119,7 +1119,7 @@ TEST_F(MasterQuotaTest, UnauthenticatedQuotaRequest)
createRequestBody(ROLE1, quotaResources));
AWAIT_EXPECT_RESPONSE_STATUS_EQ(
- Unauthorized(vector<string>()).status, response) << response.get().body;
+ Unauthorized({}).status, response) << response.get().body;
}
// The absense of credentials leads to authentication failure as well.
@@ -1131,7 +1131,7 @@ TEST_F(MasterQuotaTest, UnauthenticatedQuotaRequest)
createRequestBody(ROLE1, quotaResources));
AWAIT_EXPECT_RESPONSE_STATUS_EQ(
- Unauthorized(vector<string>()).status, response) << response.get().body;
+ Unauthorized({}).status, response) << response.get().body;
}
Shutdown();
http://git-wip-us.apache.org/repos/asf/mesos/blob/cde429dd/src/tests/persistent_volume_endpoints_tests.cpp
----------------------------------------------------------------------
diff --git a/src/tests/persistent_volume_endpoints_tests.cpp b/src/tests/persistent_volume_endpoints_tests.cpp
index 92b1467..22e1875 100644
--- a/src/tests/persistent_volume_endpoints_tests.cpp
+++ b/src/tests/persistent_volume_endpoints_tests.cpp
@@ -639,7 +639,7 @@ TEST_F(PersistentVolumeEndpointsTest, NoHeader)
createRequestBody(slaveId.get(), "volumes", volume));
AWAIT_EXPECT_RESPONSE_STATUS_EQ(
- Unauthorized("Mesos master").status,
+ Unauthorized({}).status,
response);
response = process::http::post(
@@ -649,7 +649,7 @@ TEST_F(PersistentVolumeEndpointsTest, NoHeader)
createRequestBody(slaveId.get(), "volumes", volume));
AWAIT_EXPECT_RESPONSE_STATUS_EQ(
- Unauthorized("Mesos master").status,
+ Unauthorized({}).status,
response);
Shutdown();
@@ -695,14 +695,14 @@ TEST_F(PersistentVolumeEndpointsTest, BadCredentials)
process::http::post(master.get(), "create-volumes", headers, body);
AWAIT_EXPECT_RESPONSE_STATUS_EQ(
- Unauthorized("Mesos master").status,
+ Unauthorized({}).status,
response);
response =
process::http::post(master.get(), "destroy-volumes", headers, body);
AWAIT_EXPECT_RESPONSE_STATUS_EQ(
- Unauthorized("Mesos master").status,
+ Unauthorized({}).status,
response);
Shutdown();
@@ -1021,7 +1021,7 @@ TEST_F(PersistentVolumeEndpointsTest, GoodCreateAndDestroyACLBadCredential)
createRequestBody(slaveId.get(), "volumes", volume));
AWAIT_EXPECT_RESPONSE_STATUS_EQ(
- Unauthorized("Mesos master").status,
+ Unauthorized({}).status,
createResponse);
// The successful creation attempt.
@@ -1066,7 +1066,7 @@ TEST_F(PersistentVolumeEndpointsTest, GoodCreateAndDestroyACLBadCredential)
createRequestBody(slaveId.get(), "volumes", volume));
AWAIT_EXPECT_RESPONSE_STATUS_EQ(
- Unauthorized("Mesos master").status,
+ Unauthorized({}).status,
destroyResponse);
driver.stop();
http://git-wip-us.apache.org/repos/asf/mesos/blob/cde429dd/src/tests/reservation_endpoints_tests.cpp
----------------------------------------------------------------------
diff --git a/src/tests/reservation_endpoints_tests.cpp b/src/tests/reservation_endpoints_tests.cpp
index 025ed7f..a471f85 100644
--- a/src/tests/reservation_endpoints_tests.cpp
+++ b/src/tests/reservation_endpoints_tests.cpp
@@ -737,7 +737,7 @@ TEST_F(ReservationEndpointsTest, NoHeader)
createRequestBody(slaveId.get(), dynamicallyReserved));
AWAIT_EXPECT_RESPONSE_STATUS_EQ(
- Unauthorized("Mesos master").status,
+ Unauthorized({}).status,
response);
response = process::http::post(
@@ -747,7 +747,7 @@ TEST_F(ReservationEndpointsTest, NoHeader)
createRequestBody(slaveId.get(), dynamicallyReserved));
AWAIT_EXPECT_RESPONSE_STATUS_EQ(
- Unauthorized("Mesos master").status,
+ Unauthorized({}).status,
response);
Shutdown();
@@ -788,13 +788,13 @@ TEST_F(ReservationEndpointsTest, BadCredentials)
process::http::post(master.get(), "reserve", headers, body);
AWAIT_EXPECT_RESPONSE_STATUS_EQ(
- Unauthorized("Mesos master").status,
+ Unauthorized({}).status,
response);
response = process::http::post(master.get(), "unreserve", headers, body);
AWAIT_EXPECT_RESPONSE_STATUS_EQ(
- Unauthorized("Mesos master").status,
+ Unauthorized({}).status,
response);
Shutdown();
http://git-wip-us.apache.org/repos/asf/mesos/blob/cde429dd/src/tests/teardown_tests.cpp
----------------------------------------------------------------------
diff --git a/src/tests/teardown_tests.cpp b/src/tests/teardown_tests.cpp
index a41ecf4..d979e07 100644
--- a/src/tests/teardown_tests.cpp
+++ b/src/tests/teardown_tests.cpp
@@ -14,8 +14,6 @@
// See the License for the specific language governing permissions and
// limitations under the License.
-#include <string>
-
#include <gmock/gmock.h>
#include <mesos/executor.hpp>
@@ -36,8 +34,6 @@
#include "tests/mesos.hpp"
#include "tests/utils.hpp"
-using std::string;
-
using mesos::internal::master::Master;
using mesos::internal::slave::Slave;
@@ -131,9 +127,7 @@ TEST_F(TeardownTest, TeardownEndpointBadCredentials)
"frameworkId=" + frameworkId.get().value());
AWAIT_READY(response);
- AWAIT_EXPECT_RESPONSE_STATUS_EQ(
- Unauthorized("Mesos master").status,
- response);
+ AWAIT_EXPECT_RESPONSE_STATUS_EQ(Unauthorized({}).status, response);
driver.stop();
driver.join();
@@ -298,9 +292,7 @@ TEST_F(TeardownTest, TeardownEndpointNoHeader)
"frameworkId=" + frameworkId.get().value());
AWAIT_READY(response);
- AWAIT_EXPECT_RESPONSE_STATUS_EQ(
- Unauthorized("Mesos master").status,
- response);
+ AWAIT_EXPECT_RESPONSE_STATUS_EQ(Unauthorized({}).status, response);
driver.stop();
driver.join();
[2/4] mesos git commit: Removed HTTPTest.Auth test.
Posted by ti...@apache.org.
Removed HTTPTest.Auth test.
Manual HTTP authentication is being phased out in favor of the HTTP
authentication support built-in into libprocess, hence this test is no
longer necessary.
Review: https://reviews.apache.org/r/42143/
Project: http://git-wip-us.apache.org/repos/asf/mesos/repo
Commit: http://git-wip-us.apache.org/repos/asf/mesos/commit/17766711
Tree: http://git-wip-us.apache.org/repos/asf/mesos/tree/17766711
Diff: http://git-wip-us.apache.org/repos/asf/mesos/diff/17766711
Branch: refs/heads/master
Commit: 177667115d492cc8391cce748967649a5a1b8984
Parents: 51f05b1
Author: Alexander Rojas <al...@mesosphere.io>
Authored: Wed Jan 20 22:00:21 2016 +0100
Committer: Till Toenshoff <to...@me.com>
Committed: Wed Jan 20 22:00:21 2016 +0100
----------------------------------------------------------------------
3rdparty/libprocess/src/tests/http_tests.cpp | 52 -----------------------
1 file changed, 52 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/mesos/blob/17766711/3rdparty/libprocess/src/tests/http_tests.cpp
----------------------------------------------------------------------
diff --git a/3rdparty/libprocess/src/tests/http_tests.cpp b/3rdparty/libprocess/src/tests/http_tests.cpp
index c23d0bf..7e1567f 100644
--- a/3rdparty/libprocess/src/tests/http_tests.cpp
+++ b/3rdparty/libprocess/src/tests/http_tests.cpp
@@ -89,7 +89,6 @@ public:
protected:
virtual void initialize()
{
- route("/auth", None(), &HttpProcess::auth);
route("/body", None(), &HttpProcess::body);
route("/pipe", None(), &HttpProcess::pipe);
route("/get", None(), &HttpProcess::get);
@@ -99,16 +98,6 @@ protected:
route("/a/b/c", None(), &HttpProcess::abc);
route("/authenticated", "realm", None(), &HttpProcess::authenticated);
}
-
- Future<http::Response> auth(const http::Request& request)
- {
- string encodedAuth = base64::encode("testuser:testpass");
- Option<string> authHeader = request.headers.get("Authorization");
- if (!authHeader.isSome() || (authHeader.get() != "Basic " + encodedAuth)) {
- return http::Unauthorized("testrealm");
- }
- return http::OK();
- }
};
@@ -132,47 +121,6 @@ public:
// TODO(vinod): Use AWAIT_EXPECT_RESPONSE_STATUS_EQ in the tests.
-TEST(HTTPTest, Auth)
-{
- Http http;
-
- // Test the case where there is no auth.
- Future<http::Response> noAuthFuture = http::get(http.process->self(), "auth");
-
- AWAIT_READY(noAuthFuture);
- EXPECT_EQ(http::Status::UNAUTHORIZED, noAuthFuture->code);
- EXPECT_EQ(http::Status::string(http::Status::UNAUTHORIZED),
- noAuthFuture->status);
- ASSERT_SOME_EQ("Basic realm=\"testrealm\"",
- noAuthFuture->headers.get("WWW-authenticate"));
-
- // Now test passing wrong auth header.
- http::Headers headers;
- headers["Authorization"] = "Basic " + base64::encode("testuser:wrongpass");
-
- Future<http::Response> wrongAuthFuture =
- http::get(http.process->self(), "auth", None(), headers);
-
- AWAIT_READY(wrongAuthFuture);
- EXPECT_EQ(http::Status::UNAUTHORIZED, wrongAuthFuture->code);
- EXPECT_EQ(http::Status::string(http::Status::UNAUTHORIZED),
- wrongAuthFuture->status);
-
- ASSERT_SOME_EQ("Basic realm=\"testrealm\"",
- wrongAuthFuture->headers.get("WWW-authenticate"));
-
- // Now test passing right auth header.
- headers["Authorization"] = "Basic " + base64::encode("testuser:testpass");
-
- Future<http::Response> rightAuthFuture =
- http::get(http.process->self(), "auth", None(), headers);
-
- AWAIT_READY(rightAuthFuture);
- EXPECT_EQ(http::Status::OK, rightAuthFuture->code);
- EXPECT_EQ(http::Status::string(http::Status::OK),
- rightAuthFuture->status);
-}
-
TEST(HTTPTest, Endpoints)
{
[3/4] mesos git commit: Removed deprecated constructor of
http::Unauthorized in libprocess.
Posted by ti...@apache.org.
Removed deprecated constructor of http::Unauthorized in libprocess.
The constructor of `process::http::Unauthorized(const std::string&)`
is marked as deprecated. This patch fully removes the constructor and
cleans up its usage in the libprocess codebase.
This change also allows to use initializer lists on the
`process::http::Unauthorized(const std::vector<std::string>&)`
constructor since there is no longer an ambiguity.
Review: https://reviews.apache.org/r/42144/
Project: http://git-wip-us.apache.org/repos/asf/mesos/repo
Commit: http://git-wip-us.apache.org/repos/asf/mesos/commit/8351fe53
Tree: http://git-wip-us.apache.org/repos/asf/mesos/tree/8351fe53
Diff: http://git-wip-us.apache.org/repos/asf/mesos/diff/8351fe53
Branch: refs/heads/master
Commit: 8351fe5308de69f52dfa18cff145abfc63b4f2e0
Parents: 1776671
Author: Alexander Rojas <al...@mesosphere.io>
Authored: Wed Jan 20 22:00:52 2016 +0100
Committer: Till Toenshoff <to...@me.com>
Committed: Wed Jan 20 22:00:52 2016 +0100
----------------------------------------------------------------------
3rdparty/libprocess/include/process/http.hpp | 13 -------------
3rdparty/libprocess/src/authenticator.cpp | 2 +-
3rdparty/libprocess/src/tests/http_tests.cpp | 10 +++++-----
3 files changed, 6 insertions(+), 19 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/mesos/blob/8351fe53/3rdparty/libprocess/include/process/http.hpp
----------------------------------------------------------------------
diff --git a/3rdparty/libprocess/include/process/http.hpp b/3rdparty/libprocess/include/process/http.hpp
index 1d9a944..bcba304 100644
--- a/3rdparty/libprocess/include/process/http.hpp
+++ b/3rdparty/libprocess/include/process/http.hpp
@@ -548,19 +548,6 @@ struct Unauthorized : Response
// same header.
headers["WWW-Authenticate"] = strings::join(", ", challenges);
}
-
- // TODO(arojas): Remove this in favor of the
- // explicit challenge constructor above.
- explicit Unauthorized(const std::string& realm)
- : Unauthorized(
- std::vector<std::string>{"Basic realm=\"" + realm + "\""}) {}
-
- // TODO(arojas): Remove this in favor of the
- // explicit challenge constructor above.
- Unauthorized(const std::string& realm, const std::string& body)
- : Unauthorized(
- std::vector<std::string>{"Basic realm=\"" + realm + "\""},
- body) {}
};
http://git-wip-us.apache.org/repos/asf/mesos/blob/8351fe53/3rdparty/libprocess/src/authenticator.cpp
----------------------------------------------------------------------
diff --git a/3rdparty/libprocess/src/authenticator.cpp b/3rdparty/libprocess/src/authenticator.cpp
index 7371a62..16b48cd 100644
--- a/3rdparty/libprocess/src/authenticator.cpp
+++ b/3rdparty/libprocess/src/authenticator.cpp
@@ -61,7 +61,7 @@ Future<AuthenticationResult> BasicAuthenticatorProcess::authenticate(
{
AuthenticationResult unauthorized;
unauthorized.unauthorized =
- Unauthorized(vector<string>({"Basic realm=\"" + realm_ + "\""}));
+ Unauthorized({"Basic realm=\"" + realm_ + "\""});
Option<string> credentials = request.headers.get("Authorization");
http://git-wip-us.apache.org/repos/asf/mesos/blob/8351fe53/3rdparty/libprocess/src/tests/http_tests.cpp
----------------------------------------------------------------------
diff --git a/3rdparty/libprocess/src/tests/http_tests.cpp b/3rdparty/libprocess/src/tests/http_tests.cpp
index 7e1567f..5a66d84 100644
--- a/3rdparty/libprocess/src/tests/http_tests.cpp
+++ b/3rdparty/libprocess/src/tests/http_tests.cpp
@@ -1246,7 +1246,7 @@ TEST_F(HttpAuthenticationTest, Unauthorized)
AuthenticationResult authentication;
authentication.unauthorized =
- http::Unauthorized(vector<string>({"Basic realm=\"realm\""}));
+ http::Unauthorized({"Basic realm=\"realm\""});
EXPECT_CALL(*authenticator, authenticate(_))
.WillOnce(Return(authentication));
@@ -1255,7 +1255,7 @@ TEST_F(HttpAuthenticationTest, Unauthorized)
http::get(http.process->self(), "authenticated");
AWAIT_EXPECT_RESPONSE_STATUS_EQ(
- http::Unauthorized(vector<string>()).status,
+ http::Unauthorized({}).status,
response);
EXPECT_EQ(
@@ -1390,7 +1390,7 @@ TEST_F(HttpAuthenticationTest, Basic)
Future<http::Response> response = http::get(*http.process, "authenticated");
AWAIT_EXPECT_RESPONSE_STATUS_EQ(
- http::Unauthorized(vector<string>()).status,
+ http::Unauthorized({}).status,
response);
}
@@ -1404,7 +1404,7 @@ TEST_F(HttpAuthenticationTest, Basic)
http::get(http.process->self(), "authenticated", None(), headers);
AWAIT_EXPECT_RESPONSE_STATUS_EQ(
- http::Unauthorized(vector<string>()).status,
+ http::Unauthorized({}).status,
response);
}
@@ -1418,7 +1418,7 @@ TEST_F(HttpAuthenticationTest, Basic)
http::get(http.process->self(), "authenticated", None(), headers);
AWAIT_EXPECT_RESPONSE_STATUS_EQ(
- http::Unauthorized(vector<string>()).status,
+ http::Unauthorized({}).status,
response);
}