Added test for `prune_images` acl validation. Review: https://reviews.apache.org/r/64865/
Project: http://git-wip-us.apache.org/repos/asf/mesos/repo Commit: http://git-wip-us.apache.org/repos/asf/mesos/commit/e319d1fc Tree: http://git-wip-us.apache.org/repos/asf/mesos/tree/e319d1fc Diff: http://git-wip-us.apache.org/repos/asf/mesos/diff/e319d1fc Branch: refs/heads/1.5.x Commit: e319d1fc77938861c79866da06349261bbae1d92 Parents: 4beb46d Author: Zhitao Li <[email protected]> Authored: Sun Dec 31 18:27:55 2017 +0800 Committer: Gilbert Song <[email protected]> Committed: Sun Dec 31 20:24:29 2017 +0800 ---------------------------------------------------------------------- src/tests/authorization_tests.cpp | 55 ++++++++++++++++++++++++++++++++++ 1 file changed, 55 insertions(+) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/mesos/blob/e319d1fc/src/tests/authorization_tests.cpp ---------------------------------------------------------------------- diff --git a/src/tests/authorization_tests.cpp b/src/tests/authorization_tests.cpp index 4f3da08..a76ad18 100644 --- a/src/tests/authorization_tests.cpp +++ b/src/tests/authorization_tests.cpp @@ -5495,6 +5495,61 @@ TYPED_TEST(AuthorizationTest, ModifyResourceProviderConfig) } } + +// This tests the authorization of requests to prune images. +TYPED_TEST(AuthorizationTest, PruneImages) +{ + ACLs acls; + + { + // "foo" principal can prune any images. + mesos::ACL::PruneImages* acl = acls.add_prune_images(); + acl->mutable_principals()->add_values("foo"); + acl->mutable_images()->set_type(mesos::ACL::Entity::ANY); + } + + { + // Nobody else can prune images. + mesos::ACL::PruneImages* acl = acls.add_prune_images(); + acl->mutable_principals()->set_type(mesos::ACL::Entity::ANY); + acl->mutable_images()->set_type(mesos::ACL::Entity::NONE); + } + + Try<Authorizer*> create = TypeParam::create(parameterize(acls)); + ASSERT_SOME(create); + Owned<Authorizer> authorizer(create.get()); + + { + // "foo" is allowed to prune images. This request should succeed. + authorization::Request request; + request.set_action(authorization::PRUNE_IMAGES); + request.mutable_subject()->set_value("foo"); + + AWAIT_EXPECT_TRUE(authorizer->authorized(request)); + } + + { + // "bar" is not allowed to prune images. The request should fail. + authorization::Request request; + request.set_action(authorization::PRUNE_IMAGES); + request.mutable_subject()->set_value("bar"); + + AWAIT_EXPECT_FALSE(authorizer->authorized(request)); + } + + { + // Test that no authorizer is created with invalid ACLs. + ACLs invalid; + + mesos::ACL::PruneImages* acl = invalid.add_prune_images(); + acl->mutable_principals()->add_values("foo"); + acl->mutable_images()->add_values("yoda"); + + Try<Authorizer*> create = TypeParam::create(parameterize(invalid)); + EXPECT_ERROR(create); + } +} + } // namespace tests { } // namespace internal { } // namespace mesos {
