You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@mesos.apache.org by me...@apache.org on 2016/12/14 03:37:24 UTC
[4/4] mesos git commit: Enabled authorization in SET_LOG_LEVEL API
call.
Enabled authorization in SET_LOG_LEVEL API call.
Adds the stub which allows only authorized users to change the log
level of Mesos using the HTTP API v1.
Review: https://reviews.apache.org/r/54662/
Project: http://git-wip-us.apache.org/repos/asf/mesos/repo
Commit: http://git-wip-us.apache.org/repos/asf/mesos/commit/959b97e9
Tree: http://git-wip-us.apache.org/repos/asf/mesos/tree/959b97e9
Diff: http://git-wip-us.apache.org/repos/asf/mesos/diff/959b97e9
Branch: refs/heads/master
Commit: 959b97e90b17ecefd9f4e4708288f30e94391e2c
Parents: 77b66ba
Author: Alexander Rojas <al...@mesosphere.io>
Authored: Tue Dec 13 17:31:43 2016 -0800
Committer: Adam B <ad...@mesosphere.io>
Committed: Tue Dec 13 17:34:39 2016 -0800
----------------------------------------------------------------------
src/slave/http.cpp | 33 ++++++++++++++++++++++++++++++---
1 file changed, 30 insertions(+), 3 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/mesos/blob/959b97e9/src/slave/http.cpp
----------------------------------------------------------------------
diff --git a/src/slave/http.cpp b/src/slave/http.cpp
index 6784fc5..56c2879 100644
--- a/src/slave/http.cpp
+++ b/src/slave/http.cpp
@@ -895,9 +895,36 @@ Future<Response> Slave::Http::setLoggingLevel(
Duration duration =
Nanoseconds(call.set_logging_level().duration().nanoseconds());
- return dispatch(process::logging(), &Logging::set_level, level, duration)
- .then([]() -> Response {
- return OK();
+ Future<Owned<ObjectApprover>> approver;
+
+ if (slave->authorizer.isSome()) {
+ authorization::Subject subject;
+ if (principal.isSome()) {
+ subject.set_value(principal.get());
+ }
+
+ approver = slave->authorizer.get()->getObjectApprover(
+ subject, authorization::SET_LOG_LEVEL);
+ } else {
+ approver = Owned<ObjectApprover>(new AcceptingObjectApprover());
+ }
+
+ return approver.then(
+ [level, duration](
+ const Owned<ObjectApprover>& approver) -> Future<Response> {
+ Try<bool> approved = approver->approved((ObjectApprover::Object()));
+
+ if (approved.isError()) {
+ return InternalServerError(approved.error());
+ } else if (!approved.get()) {
+ return Forbidden();
+ }
+
+ return dispatch(
+ process::logging(), &Logging::set_level, level, duration)
+ .then([]() -> Response {
+ return OK();
+ });
});
}