You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@mesos.apache.org by me...@apache.org on 2016/12/14 03:37:24 UTC

[4/4] mesos git commit: Enabled authorization in SET_LOG_LEVEL API call.

Enabled authorization in SET_LOG_LEVEL API call.

Adds the stub which allows only authorized users to change the log
level of Mesos using the HTTP API v1.

Review: https://reviews.apache.org/r/54662/


Project: http://git-wip-us.apache.org/repos/asf/mesos/repo
Commit: http://git-wip-us.apache.org/repos/asf/mesos/commit/959b97e9
Tree: http://git-wip-us.apache.org/repos/asf/mesos/tree/959b97e9
Diff: http://git-wip-us.apache.org/repos/asf/mesos/diff/959b97e9

Branch: refs/heads/master
Commit: 959b97e90b17ecefd9f4e4708288f30e94391e2c
Parents: 77b66ba
Author: Alexander Rojas <al...@mesosphere.io>
Authored: Tue Dec 13 17:31:43 2016 -0800
Committer: Adam B <ad...@mesosphere.io>
Committed: Tue Dec 13 17:34:39 2016 -0800

----------------------------------------------------------------------
 src/slave/http.cpp | 33 ++++++++++++++++++++++++++++++---
 1 file changed, 30 insertions(+), 3 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/mesos/blob/959b97e9/src/slave/http.cpp
----------------------------------------------------------------------
diff --git a/src/slave/http.cpp b/src/slave/http.cpp
index 6784fc5..56c2879 100644
--- a/src/slave/http.cpp
+++ b/src/slave/http.cpp
@@ -895,9 +895,36 @@ Future<Response> Slave::Http::setLoggingLevel(
   Duration duration =
     Nanoseconds(call.set_logging_level().duration().nanoseconds());
 
-  return dispatch(process::logging(), &Logging::set_level, level, duration)
-      .then([]() -> Response {
-        return OK();
+  Future<Owned<ObjectApprover>> approver;
+
+  if (slave->authorizer.isSome()) {
+    authorization::Subject subject;
+    if (principal.isSome()) {
+      subject.set_value(principal.get());
+    }
+
+    approver = slave->authorizer.get()->getObjectApprover(
+        subject, authorization::SET_LOG_LEVEL);
+  } else {
+    approver = Owned<ObjectApprover>(new AcceptingObjectApprover());
+  }
+
+  return approver.then(
+      [level, duration](
+          const Owned<ObjectApprover>& approver) -> Future<Response> {
+        Try<bool> approved = approver->approved((ObjectApprover::Object()));
+
+        if (approved.isError()) {
+          return InternalServerError(approved.error());
+        } else if (!approved.get()) {
+          return Forbidden();
+        }
+
+        return dispatch(
+            process::logging(), &Logging::set_level, level, duration)
+          .then([]() -> Response {
+            return OK();
+          });
       });
 }