Repository: mesos Updated Branches: refs/heads/master acde41af9 -> a5ce87b26
Added a LoggingTest with authorization. A new test, `LoggingTest.ToggleAuthorizationEnabled`, was added which checks that the '/logging/toggle' endpoint correctly rejects unauthorized requests. Review: https://reviews.apache.org/r/46882/ Project: http://git-wip-us.apache.org/repos/asf/mesos/repo Commit: http://git-wip-us.apache.org/repos/asf/mesos/commit/a5ce87b2 Tree: http://git-wip-us.apache.org/repos/asf/mesos/tree/a5ce87b2 Diff: http://git-wip-us.apache.org/repos/asf/mesos/diff/a5ce87b2 Branch: refs/heads/master Commit: a5ce87b268bbb9eb0c7fc8e32873d62dcb05d9e4 Parents: 1140f6e Author: Greg Mann <[email protected]> Authored: Wed May 11 22:45:52 2016 -0400 Committer: Kapil Arya <[email protected]> Committed: Thu May 12 01:50:20 2016 -0400 ---------------------------------------------------------------------- src/tests/logging_tests.cpp | 49 ++++++++++++++++++++++++++++++++++++++++ 1 file changed, 49 insertions(+) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/mesos/blob/a5ce87b2/src/tests/logging_tests.cpp ---------------------------------------------------------------------- diff --git a/src/tests/logging_tests.cpp b/src/tests/logging_tests.cpp index 5412744..8712d33 100644 --- a/src/tests/logging_tests.cpp +++ b/src/tests/logging_tests.cpp @@ -18,12 +18,16 @@ #include <mesos/authentication/http/basic_authenticator_factory.hpp> +#include <mesos/authorizer/authorizer.hpp> + #include <process/future.hpp> #include <process/gtest.hpp> #include <process/http.hpp> #include <process/pid.hpp> #include <process/process.hpp> +#include "common/http.hpp" + #include "logging/logging.hpp" #include "tests/mesos.hpp" @@ -33,6 +37,7 @@ namespace authentication = process::http::authentication; using mesos::http::authentication::BasicAuthenticatorFactory; using process::http::BadRequest; +using process::http::Forbidden; using process::http::OK; using process::http::Response; using process::http::Unauthorized; @@ -72,6 +77,10 @@ protected: realms.clear(); + // In case libprocess-level authorization was enabled in the test, we unset + // the libprocess authorization callbacks. + process::http::authorization::unsetCallbacks(); + MesosTest::TearDown(); } @@ -147,6 +156,46 @@ TEST_F(LoggingTest, ToggleAuthenticationEnabled) AWAIT_EXPECT_RESPONSE_STATUS_EQ(Unauthorized({}).status, response); } + +// Tests that the `/logging/toggle` endpoint rejects unauthorized requests when +// authorization is enabled. +TEST_F(LoggingTest, ToggleAuthorizationEnabled) +{ + Credentials credentials; + credentials.add_credentials()->CopyFrom(DEFAULT_CREDENTIAL); + + // Create a basic HTTP authenticator with the specified credentials and set it + // as the authenticator for `DEFAULT_HTTP_AUTHENTICATION_REALM`. + setBasicHttpAuthenticator(DEFAULT_HTTP_AUTHENTICATION_REALM, credentials); + + ACLs acls; + + // This ACL asserts that the principal of `DEFAULT_CREDENTIAL` can GET any + // HTTP endpoints that are authorized with the `GetEndpoint` ACL. + mesos::ACL::GetEndpoint* acl = acls.add_get_endpoints(); + acl->mutable_principals()->add_values(DEFAULT_CREDENTIAL.principal()); + acl->mutable_paths()->set_type(mesos::ACL::Entity::NONE); + + Result<Authorizer*> authorizer = Authorizer::create(acls); + ASSERT_SOME(authorizer); + + // Set authorization callbacks for libprocess-level HTTP endpoints. + process::http::authorization::setCallbacks( + createAuthorizationCallbacks(authorizer.get())); + + process::PID<> pid; + pid.id = "logging"; + pid.address = process::address(); + + process::Future<Response> response = process::http::get( + pid, + "toggle", + None(), + createBasicAuthHeaders(DEFAULT_CREDENTIAL)); + + AWAIT_EXPECT_RESPONSE_STATUS_EQ(Forbidden().status, response); +} + } // namespace tests { } // namespace internal { } // namespace mesos {
