Allowed the local authorizer to accept subjects with no value. This patch updates checks in the local authorizer to allow subjects which specify `claims` instead of a `value`.
Review: https://reviews.apache.org/r/58252/ Project: http://git-wip-us.apache.org/repos/asf/mesos/repo Commit: http://git-wip-us.apache.org/repos/asf/mesos/commit/02c2d6ff Tree: http://git-wip-us.apache.org/repos/asf/mesos/tree/02c2d6ff Diff: http://git-wip-us.apache.org/repos/asf/mesos/diff/02c2d6ff Branch: refs/heads/master Commit: 02c2d6ff5ca6cd64f33693ab52b7dfed899143d9 Parents: 6d06388 Author: Greg Mann <[email protected]> Authored: Fri Apr 21 10:45:13 2017 -0700 Committer: Vinod Kone <[email protected]> Committed: Fri Apr 21 10:45:13 2017 -0700 ---------------------------------------------------------------------- src/authorizer/local/authorizer.cpp | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/mesos/blob/02c2d6ff/src/authorizer/local/authorizer.cpp ---------------------------------------------------------------------- diff --git a/src/authorizer/local/authorizer.cpp b/src/authorizer/local/authorizer.cpp index 1c1f912..8ca9ae9 100644 --- a/src/authorizer/local/authorizer.cpp +++ b/src/authorizer/local/authorizer.cpp @@ -1058,10 +1058,11 @@ process::Future<bool> LocalAuthorizer::authorized( const authorization::Request& request) { // Request sanity checks. - // A set `subject` should always come with a set `value`. + // A set `subject` should always come with a set `value` or `claims`. CHECK( !request.has_subject() || - (request.has_subject() && request.subject().has_value())); + request.subject().has_value() || + request.subject().has_claims()); // A set `action` is mandatory. CHECK(request.has_action());
