You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@mesos.apache.org by gr...@apache.org on 2017/07/14 03:53:21 UTC
[1/2] mesos git commit: Added constructors for ObjectApprover::Object.
Repository: mesos
Updated Branches:
refs/heads/master f9a80a067 -> 9e208293b
Added constructors for ObjectApprover::Object.
Added new constructors and updated all places where
ObjectApprover::Objects are constructed to use new
constructors.
Review: https://reviews.apache.org/r/60279/
Project: http://git-wip-us.apache.org/repos/asf/mesos/repo
Commit: http://git-wip-us.apache.org/repos/asf/mesos/commit/15656be2
Tree: http://git-wip-us.apache.org/repos/asf/mesos/tree/15656be2
Diff: http://git-wip-us.apache.org/repos/asf/mesos/diff/15656be2
Branch: refs/heads/master
Commit: 15656be2f65cc4eeaf053b47133ca0bd43d5c166
Parents: f9a80a0
Author: Quinn Leng <qu...@gmail.com>
Authored: Thu Jul 13 17:43:59 2017 -0700
Committer: Greg Mann <gr...@gmail.com>
Committed: Thu Jul 13 20:41:24 2017 -0700
----------------------------------------------------------------------
include/mesos/authorizer/authorizer.hpp | 112 +++++++++++++++++++++++++++
src/common/http.cpp | 36 +++------
src/master/http.cpp | 23 ++----
src/slave/http.cpp | 68 +++++++---------
4 files changed, 157 insertions(+), 82 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/mesos/blob/15656be2/include/mesos/authorizer/authorizer.hpp
----------------------------------------------------------------------
diff --git a/include/mesos/authorizer/authorizer.hpp b/include/mesos/authorizer/authorizer.hpp
index 95cbcf3..40790f5 100644
--- a/include/mesos/authorizer/authorizer.hpp
+++ b/include/mesos/authorizer/authorizer.hpp
@@ -58,6 +58,118 @@ public:
container_id(nullptr),
machine_id(nullptr) {}
+ Object(const std::string& _value)
+ : value(&_value),
+ framework_info(nullptr),
+ task(nullptr),
+ task_info(nullptr),
+ executor_info(nullptr),
+ quota_info(nullptr),
+ weight_info(nullptr),
+ resource(nullptr),
+ command_info(nullptr),
+ container_id(nullptr),
+ machine_id(nullptr) {}
+
+ Object(const MachineID& _machine_id)
+ : value(nullptr),
+ framework_info(nullptr),
+ task(nullptr),
+ task_info(nullptr),
+ executor_info(nullptr),
+ quota_info(nullptr),
+ weight_info(nullptr),
+ resource(nullptr),
+ command_info(nullptr),
+ container_id(nullptr),
+ machine_id(&_machine_id) {}
+
+ Object(const FrameworkInfo& _framework_info)
+ : value(nullptr),
+ framework_info(&_framework_info),
+ task(nullptr),
+ task_info(nullptr),
+ executor_info(nullptr),
+ quota_info(nullptr),
+ weight_info(nullptr),
+ resource(nullptr),
+ command_info(nullptr),
+ container_id(nullptr),
+ machine_id(nullptr) {}
+
+ Object(const ExecutorInfo& _executor_info,
+ const FrameworkInfo& _framework_info)
+ : value(nullptr),
+ framework_info(&_framework_info),
+ task(nullptr),
+ task_info(nullptr),
+ executor_info(&_executor_info),
+ quota_info(nullptr),
+ weight_info(nullptr),
+ resource(nullptr),
+ command_info(nullptr),
+ container_id(nullptr),
+ machine_id(nullptr) {}
+
+ Object(const TaskInfo& _task_info, const FrameworkInfo& _framework_info)
+ : value(nullptr),
+ framework_info(&_framework_info),
+ task(nullptr),
+ task_info(&_task_info),
+ executor_info(nullptr),
+ quota_info(nullptr),
+ weight_info(nullptr),
+ resource(nullptr),
+ command_info(nullptr),
+ container_id(nullptr),
+ machine_id(nullptr) {}
+
+ Object(const Task& _task, const FrameworkInfo& _framework_info)
+ : value(nullptr),
+ framework_info(&_framework_info),
+ task(&_task),
+ task_info(nullptr),
+ executor_info(nullptr),
+ quota_info(nullptr),
+ weight_info(nullptr),
+ resource(nullptr),
+ command_info(nullptr),
+ container_id(nullptr),
+ machine_id(nullptr) {}
+
+ Object(
+ const ExecutorInfo& _executor_info,
+ const FrameworkInfo& _framework_info,
+ const CommandInfo& _command_info,
+ const ContainerID& _container_id)
+ : value(nullptr),
+ framework_info(&_framework_info),
+ task(nullptr),
+ task_info(nullptr),
+ executor_info(&_executor_info),
+ quota_info(nullptr),
+ weight_info(nullptr),
+ resource(nullptr),
+ command_info(&_command_info),
+ container_id(&_container_id),
+ machine_id(nullptr) {}
+
+ Object(
+ const ExecutorInfo& _executor_info,
+ const FrameworkInfo& _framework_info,
+ const ContainerID& _container_id)
+ : value(nullptr),
+ framework_info(&_framework_info),
+ task(nullptr),
+ task_info(nullptr),
+ executor_info(&_executor_info),
+ quota_info(nullptr),
+ weight_info(nullptr),
+ resource(nullptr),
+ command_info(nullptr),
+ container_id(&_container_id),
+ machine_id(nullptr) {}
+
Object(const authorization::Object& object)
: value(object.has_value() ? &object.value() : nullptr),
framework_info(
http://git-wip-us.apache.org/repos/asf/mesos/blob/15656be2/src/common/http.cpp
----------------------------------------------------------------------
diff --git a/src/common/http.cpp b/src/common/http.cpp
index 7dce4cd..a9c2a4a 100644
--- a/src/common/http.cpp
+++ b/src/common/http.cpp
@@ -847,10 +847,8 @@ bool approveViewFrameworkInfo(
const Owned<ObjectApprover>& frameworksApprover,
const FrameworkInfo& frameworkInfo)
{
- ObjectApprover::Object object;
- object.framework_info = &frameworkInfo;
-
- Try<bool> approved = frameworksApprover->approved(object);
+ Try<bool> approved =
+ frameworksApprover->approved(ObjectApprover::Object(frameworkInfo));
if (approved.isError()) {
LOG(WARNING) << "Error during FrameworkInfo authorization: "
<< approved.error();
@@ -866,11 +864,8 @@ bool approveViewExecutorInfo(
const ExecutorInfo& executorInfo,
const FrameworkInfo& frameworkInfo)
{
- ObjectApprover::Object object;
- object.executor_info = &executorInfo;
- object.framework_info = &frameworkInfo;
-
- Try<bool> approved = executorsApprover->approved(object);
+ Try<bool> approved = executorsApprover->approved(
+ ObjectApprover::Object(executorInfo, frameworkInfo));
if (approved.isError()) {
LOG(WARNING) << "Error during ExecutorInfo authorization: "
<< approved.error();
@@ -886,11 +881,8 @@ bool approveViewTaskInfo(
const TaskInfo& taskInfo,
const FrameworkInfo& frameworkInfo)
{
- ObjectApprover::Object object;
- object.task_info = &taskInfo;
- object.framework_info = &frameworkInfo;
-
- Try<bool> approved = tasksApprover->approved(object);
+ Try<bool> approved =
+ tasksApprover->approved(ObjectApprover::Object(taskInfo, frameworkInfo));
if (approved.isError()) {
LOG(WARNING) << "Error during TaskInfo authorization: " << approved.error();
// TODO(joerg84): Consider exposing these errors to the caller.
@@ -905,11 +897,8 @@ bool approveViewTask(
const Task& task,
const FrameworkInfo& frameworkInfo)
{
- ObjectApprover::Object object;
- object.task = &task;
- object.framework_info = &frameworkInfo;
-
- Try<bool> approved = tasksApprover->approved(object);
+ Try<bool> approved =
+ tasksApprover->approved(ObjectApprover::Object(task, frameworkInfo));
if (approved.isError()) {
LOG(WARNING) << "Error during Task authorization: " << approved.error();
// TODO(joerg84): Consider exposing these errors to the caller.
@@ -922,9 +911,7 @@ bool approveViewTask(
bool approveViewFlags(
const Owned<ObjectApprover>& flagsApprover)
{
- ObjectApprover::Object object;
-
- Try<bool> approved = flagsApprover->approved(object);
+ Try<bool> approved = flagsApprover->approved(ObjectApprover::Object());
if (approved.isError()) {
LOG(WARNING) << "Error during Flags authorization: " << approved.error();
// TODO(joerg84): Consider exposing these errors to the caller.
@@ -980,10 +967,7 @@ bool approveViewRole(
const Owned<ObjectApprover>& rolesApprover,
const string& role)
{
- ObjectApprover::Object object;
- object.value = &role;
-
- Try<bool> approved = rolesApprover->approved(object);
+ Try<bool> approved = rolesApprover->approved(ObjectApprover::Object(role));
if (approved.isError()) {
LOG(WARNING) << "Error during Roles authorization: " << approved.error();
// TODO(joerg84): Consider exposing these errors to the caller.
http://git-wip-us.apache.org/repos/asf/mesos/blob/15656be2/src/master/http.cpp
----------------------------------------------------------------------
diff --git a/src/master/http.cpp b/src/master/http.cpp
index 948aa11..4ec275f 100644
--- a/src/master/http.cpp
+++ b/src/master/http.cpp
@@ -4239,10 +4239,8 @@ mesos::maintenance::Schedule Master::Http::_getMaintenanceSchedule(
mesos::maintenance::Window window_;
foreach (const MachineID& machine_id, window.machine_ids()) {
- ObjectApprover::Object object;
- object.machine_id = &machine_id;
-
- Try<bool> approved = approver->approved(object);
+ Try<bool> approved =
+ approver->approved(ObjectApprover::Object(machine_id));
if (approved.isError()) {
LOG(WARNING) << "Error during MachineID authorization: "
@@ -4306,10 +4304,7 @@ Future<Response> Master::Http::__updateMaintenanceSchedule(
{
foreach (const mesos::maintenance::Window& window, schedule.windows()) {
foreach (const MachineID& machine, window.machine_ids()) {
- ObjectApprover::Object object;
- object.machine_id = &machine;
-
- Try<bool> approved = approver->approved(object);
+ Try<bool> approved = approver->approved(ObjectApprover::Object(machine));
if (approved.isError()) {
return InternalServerError("Authorization error: " + approved.error());
@@ -4548,9 +4543,7 @@ Future<Response> Master::Http::_startMaintenance(
"' is not in DRAINING mode and cannot be brought down");
}
- ObjectApprover::Object object;
- object.machine_id = &id;
- Try<bool> approved = approver->approved(object);
+ Try<bool> approved = approver->approved(ObjectApprover::Object(id));
if (approved.isError()) {
return InternalServerError("Authorization error: " + approved.error());
@@ -4730,9 +4723,7 @@ Future<Response> Master::Http::_stopMaintenance(
"' is not in DOWN mode and cannot be brought up");
}
- ObjectApprover::Object object;
- object.machine_id = &id;
- Try<bool> approved = approver->approved(object);
+ Try<bool> approved = approver->approved(ObjectApprover::Object(id));
if (approved.isError()) {
return InternalServerError("Authorization error: " + approved.error());
@@ -4905,9 +4896,7 @@ Future<mesos::maintenance::ClusterStatus> Master::Http::_getMaintenanceStatus(
const MachineID& id,
const Machine& machine,
master->machines) {
- ObjectApprover::Object object;
- object.machine_id = &id;
- Try<bool> approved = approver->approved(object);
+ Try<bool> approved = approver->approved(ObjectApprover::Object(id));
if (approved.isError()) {
LOG(WARNING) << "Error during MachineID authorization: "
http://git-wip-us.apache.org/repos/asf/mesos/blob/15656be2/src/slave/http.cpp
----------------------------------------------------------------------
diff --git a/src/slave/http.cpp b/src/slave/http.cpp
index 3070b3b..60640e5 100644
--- a/src/slave/http.cpp
+++ b/src/slave/http.cpp
@@ -2129,9 +2129,7 @@ Future<JSON::Array> Http::__containers(
Try<bool> authorized = true;
if (approver.isSome()) {
- ObjectApprover::Object object;
- object.executor_info = &info;
- object.framework_info = &(framework->info);
+ ObjectApprover::Object object(info, framework->info);
authorized = approver.get()->approved(object);
@@ -2332,13 +2330,12 @@ Future<Response> Http::_launchNestedContainer(
Framework* framework = slave->getFramework(executor->frameworkId);
CHECK_NOTNULL(framework);
- ObjectApprover::Object object;
- object.executor_info = &(executor->info);
- object.framework_info = &(framework->info);
- object.command_info = &(commandInfo);
- object.container_id = &(containerId);
-
- Try<bool> approved = approver.get()->approved(object);
+ Try<bool> approved = approver.get()->approved(
+ ObjectApprover::Object(
+ executor->info,
+ framework->info,
+ commandInfo,
+ containerId));
if (approved.isError()) {
return Failure(approved.error());
@@ -2435,12 +2432,11 @@ Future<Response> Http::waitNestedContainer(
Framework* framework = slave->getFramework(executor->frameworkId);
CHECK_NOTNULL(framework);
- ObjectApprover::Object object;
- object.executor_info = &(executor->info);
- object.framework_info = &(framework->info);
- object.container_id = &(containerId);
-
- Try<bool> approved = waitApprover.get()->approved(object);
+ Try<bool> approved = waitApprover.get()->approved(
+ ObjectApprover::Object(
+ executor->info,
+ framework->info,
+ containerId));
if (approved.isError()) {
return Failure(approved.error());
@@ -2510,12 +2506,11 @@ Future<Response> Http::killNestedContainer(
Framework* framework = slave->getFramework(executor->frameworkId);
CHECK_NOTNULL(framework);
- ObjectApprover::Object object;
- object.executor_info = &(executor->info);
- object.framework_info = &(framework->info);
- object.container_id = &(containerId);
-
- Try<bool> approved = killApprover.get()->approved(object);
+ Try<bool> approved = killApprover.get()->approved(
+ ObjectApprover::Object(
+ executor->info,
+ framework->info,
+ containerId));
if (approved.isError()) {
return Failure(approved.error());
@@ -2570,12 +2565,11 @@ Future<Response> Http::removeNestedContainer(
Framework* framework = slave->getFramework(executor->frameworkId);
CHECK_NOTNULL(framework);
- ObjectApprover::Object object;
- object.executor_info = &(executor->info);
- object.framework_info = &(framework->info);
- object.container_id = &(containerId);
-
- Try<bool> approved = removeApprover.get()->approved(object);
+ Try<bool> approved = removeApprover.get()->approved(
+ ObjectApprover::Object(
+ executor->info,
+ framework->info,
+ containerId));
if (approved.isError()) {
return Failure(approved.error());
@@ -2711,11 +2705,8 @@ Future<Response> Http::attachContainerInput(
Framework* framework = slave->getFramework(executor->frameworkId);
CHECK_NOTNULL(framework);
- ObjectApprover::Object object;
- object.executor_info = &(executor->info);
- object.framework_info = &(framework->info);
-
- Try<bool> approved = attachInputApprover.get()->approved(object);
+ Try<bool> approved = attachInputApprover.get()->approved(
+ ObjectApprover::Object(executor->info, framework->info));
if (approved.isError()) {
return Failure(approved.error());
@@ -3026,12 +3017,11 @@ Future<Response> Http::attachContainerOutput(
Framework* framework = slave->getFramework(executor->frameworkId);
CHECK_NOTNULL(framework);
- ObjectApprover::Object object;
- object.executor_info = &(executor->info);
- object.framework_info = &(framework->info);
- object.container_id = &(containerId);
-
- Try<bool> approved = attachOutputApprover.get()->approved(object);
+ Try<bool> approved = attachOutputApprover.get()->approved(
+ ObjectApprover::Object(
+ executor->info,
+ framework->info,
+ containerId));
if (approved.isError()) {
return Failure(approved.error());
[2/2] mesos git commit: Refactored authorization acceptors into a
single class.
Posted by gr...@apache.org.
Refactored authorization acceptors into a single class.
Replaced different authorization-related Acceptor classes with one
AuthorizationAcceptor class.
Removed the ObjectAcceptor parent class, since no inheritance features
are provided by it.
Review: https://reviews.apache.org/r/60716/
Project: http://git-wip-us.apache.org/repos/asf/mesos/repo
Commit: http://git-wip-us.apache.org/repos/asf/mesos/commit/9e208293
Tree: http://git-wip-us.apache.org/repos/asf/mesos/tree/9e208293
Diff: http://git-wip-us.apache.org/repos/asf/mesos/diff/9e208293
Branch: refs/heads/master
Commit: 9e208293ba482d843e5c56a40d997ba18e764b58
Parents: 15656be
Author: Quinn Leng <qu...@gmail.com>
Authored: Thu Jul 13 17:44:03 2017 -0700
Committer: Greg Mann <gr...@gmail.com>
Committed: Thu Jul 13 20:41:31 2017 -0700
----------------------------------------------------------------------
src/common/http.cpp | 90 ++++++++----------------------------------------
src/common/http.hpp | 68 +++++++++++++-----------------------
src/master/http.cpp | 22 +++++++-----
3 files changed, 53 insertions(+), 127 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/mesos/blob/9e208293/src/common/http.cpp
----------------------------------------------------------------------
diff --git a/src/common/http.cpp b/src/common/http.cpp
index a9c2a4a..3825a13 100644
--- a/src/common/http.cpp
+++ b/src/common/http.cpp
@@ -1143,50 +1143,25 @@ void logRequest(const process::http::Request& request)
}
-Future<Owned<AuthorizeFrameworkInfoAcceptor>>
- AuthorizeFrameworkInfoAcceptor::create(
- const Option<Principal>& principal,
- const Option<Authorizer*>& authorizer)
-{
- if (authorizer.isNone()) {
- return Owned<AuthorizeFrameworkInfoAcceptor>(
- new AuthorizeFrameworkInfoAcceptor(Owned<ObjectApprover>(
- new AcceptingObjectApprover())));
- }
-
- const Option<authorization::Subject> subject =
- authorization::createSubject(principal);
-
- return authorizer.get()->getObjectApprover(
- subject,
- authorization::VIEW_FRAMEWORK)
- .then([=](const Owned<ObjectApprover>& approver) {
- return Owned<AuthorizeFrameworkInfoAcceptor>(
- new AuthorizeFrameworkInfoAcceptor(approver));
- });
-}
-
-
-Future<Owned<AuthorizeTaskAcceptor>> AuthorizeTaskAcceptor::create(
+Future<Owned<AuthorizationAcceptor>> AuthorizationAcceptor::create(
const Option<Principal>& principal,
- const Option<Authorizer*>& authorizer)
+ const Option<Authorizer*>& authorizer,
+ const authorization::Action& action)
{
- if (authorizer.isNone()) {
- return Owned<AuthorizeTaskAcceptor>(
- new AuthorizeTaskAcceptor(Owned<ObjectApprover>(
- new AcceptingObjectApprover())));
- }
+ if (authorizer.isNone()) {
+ return Owned<AuthorizationAcceptor>(
+ new AuthorizationAcceptor(Owned<ObjectApprover>(
+ new AcceptingObjectApprover())));
+ }
- const Option<authorization::Subject> subject =
- authorization::createSubject(principal);
+ const Option<authorization::Subject> subject =
+ authorization::createSubject(principal);
- return authorizer.get()->getObjectApprover(
- subject,
- authorization::VIEW_TASK)
- .then([=](const Owned<ObjectApprover>& approver) {
- return Owned<AuthorizeTaskAcceptor>(
- new AuthorizeTaskAcceptor(approver));
- });
+ return authorizer.get()->getObjectApprover(subject, action)
+ .then([=](const Owned<ObjectApprover>& approver) {
+ return Owned<AuthorizationAcceptor>(
+ new AuthorizationAcceptor(approver));
+ });
}
@@ -1211,41 +1186,6 @@ TaskIDAcceptor::TaskIDAcceptor(const Option<std::string>& _taskId)
}
-bool AuthorizeFrameworkInfoAcceptor::accept(const FrameworkInfo& frameworkInfo)
-{
- ObjectApprover::Object object;
- object.framework_info = &frameworkInfo;
-
- Try<bool> approved = objectApprover->approved(object);
- if (approved.isError()) {
- LOG(WARNING) << "Error during FrameworkInfo authorization: "
- << approved.error();
- return false;
- }
-
- return approved.get();
-}
-
-
-bool AuthorizeTaskAcceptor::accept(
- const Task& task,
- const FrameworkInfo& frameworkInfo)
-{
- ObjectApprover::Object object;
- object.task = &task;
- object.framework_info = &frameworkInfo;
-
- Try<bool> approved = objectApprover->approved(object);
-
- if (approved.isError()) {
- LOG(WARNING) << "Error during Task authorization: " << approved.error();
- return false;
- }
-
- return approved.get();
-}
-
-
bool FrameworkIDAcceptor::accept(const FrameworkID& _frameworkId)
{
if (frameworkId.isSome()) {
http://git-wip-us.apache.org/repos/asf/mesos/blob/9e208293/src/common/http.hpp
----------------------------------------------------------------------
diff --git a/src/common/http.hpp b/src/common/http.hpp
index 93c9b2e..4822a23 100644
--- a/src/common/http.hpp
+++ b/src/common/http.hpp
@@ -161,21 +161,32 @@ public:
};
-/**
- * Determines which objects will be accepted when filtering results based on
- * authorization or other criteria.
- */
-class ObjectAcceptor
+// Determines which objects will be accepted based on authorization.
+class AuthorizationAcceptor
{
public:
- virtual ~ObjectAcceptor() = default;
-};
+ static process::Future<process::Owned<AuthorizationAcceptor>> create(
+ const Option<process::http::authentication::Principal>& principal,
+ const Option<Authorizer*>& authorizer,
+ const authorization::Action& action);
+ template <typename... Args>
+ bool accept(Args&... args)
+ {
+ Try<bool> approved =
+ objectApprover->approved(ObjectApprover::Object(args...));
+ if (approved.isError()) {
+ LOG(WARNING) << "Error during authorization: " << approved.error();
+ return false;
+ }
+
+ return approved.get();
+ }
-// Parent class for authorization-based acceptors.
-class AuthorizationAcceptor : public ObjectAcceptor
-{
protected:
+ // TODO(qleng): Currently, `Owned` is implemented with `shared_ptr` and allows
+ // copying. In the future, if `Owned` is implemented with `unique_ptr`, we
+ // will need to pass by rvalue reference here instead (see MESOS-5122).
AuthorizationAcceptor(const process::Owned<ObjectApprover>& approver)
: objectApprover(approver) {}
@@ -183,46 +194,15 @@ protected:
};
-class AuthorizeFrameworkInfoAcceptor : public AuthorizationAcceptor
-{
-public:
- static process::Future<process::Owned<AuthorizeFrameworkInfoAcceptor>> create(
- const Option<process::http::authentication::Principal>& principal,
- const Option<Authorizer*>& authorizer);
-
- bool accept(const FrameworkInfo& frameworkInfo);
-
-protected:
- AuthorizeFrameworkInfoAcceptor(const process::Owned<ObjectApprover>& approver)
- : AuthorizationAcceptor(approver) {}
-};
-
-
-class AuthorizeTaskAcceptor : public AuthorizationAcceptor
-{
-public:
- static process::Future<process::Owned<AuthorizeTaskAcceptor>> create(
- const Option<process::http::authentication::Principal>& principal,
- const Option<Authorizer*>& authorizer);
-
- bool accept(
- const Task& task,
- const FrameworkInfo& frameworkInfo);
-
-protected:
- AuthorizeTaskAcceptor(const process::Owned<ObjectApprover>& approver)
- : AuthorizationAcceptor(approver) {}
-};
-
-
/**
* Filtering results based on framework ID. When no framework ID is specified
* it will accept all inputs.
*/
-class FrameworkIDAcceptor : public ObjectAcceptor
+class FrameworkIDAcceptor
{
public:
FrameworkIDAcceptor(const Option<std::string>& _frameworkId);
+
bool accept(const FrameworkID& frameworkId);
protected:
@@ -234,7 +214,7 @@ protected:
* Filtering results based on task ID. When no task ID is specified
* it will accept all inputs.
*/
-class TaskIDAcceptor : public ObjectAcceptor
+class TaskIDAcceptor
{
public:
TaskIDAcceptor(const Option<std::string>& _taskId);
http://git-wip-us.apache.org/repos/asf/mesos/blob/9e208293/src/master/http.cpp
----------------------------------------------------------------------
diff --git a/src/master/http.cpp b/src/master/http.cpp
index 4ec275f..3ddb54b 100644
--- a/src/master/http.cpp
+++ b/src/master/http.cpp
@@ -3890,10 +3890,16 @@ Future<Response> Master::Http::tasks(
Option<string> order = request.url.query.get("order");
string _order = order.isSome() && (order.get() == "asc") ? "asc" : "des";
- Future<Owned<AuthorizeFrameworkInfoAcceptor>> authorizeFrameworkInfo =
- AuthorizeFrameworkInfoAcceptor::create(principal, master->authorizer);
- Future<Owned<AuthorizeTaskAcceptor>> authorizeTask =
- AuthorizeTaskAcceptor::create(principal, master->authorizer);
+ Future<Owned<AuthorizationAcceptor>> authorizeFrameworkInfo =
+ AuthorizationAcceptor::create(
+ principal,
+ master->authorizer,
+ authorization::VIEW_FRAMEWORK);
+ Future<Owned<AuthorizationAcceptor>> authorizeTask =
+ AuthorizationAcceptor::create(
+ principal,
+ master->authorizer,
+ authorization::VIEW_TASK);
Future<Owned<FrameworkIDAcceptor>> selectFrameworkId =
Owned<FrameworkIDAcceptor>(
new FrameworkIDAcceptor(request.url.query.get("framework_id")));
@@ -3907,12 +3913,12 @@ Future<Response> Master::Http::tasks(
selectTaskId)
.then(defer(
master->self(),
- [=](const tuple<Owned<AuthorizeFrameworkInfoAcceptor>,
- Owned<AuthorizeTaskAcceptor>,
+ [=](const tuple<Owned<AuthorizationAcceptor>,
+ Owned<AuthorizationAcceptor>,
Owned<FrameworkIDAcceptor>,
Owned<TaskIDAcceptor>>& acceptors)-> Future<Response> {
- Owned<AuthorizeFrameworkInfoAcceptor> authorizeFrameworkInfo;
- Owned<AuthorizeTaskAcceptor> authorizeTask;
+ Owned<AuthorizationAcceptor> authorizeFrameworkInfo;
+ Owned<AuthorizationAcceptor> authorizeTask;
Owned<FrameworkIDAcceptor> selectFrameworkId;
Owned<TaskIDAcceptor> selectTaskId;
tie(authorizeFrameworkInfo,