[mesos] 05/05: Added test for ACCESS_MESOS_LOG authorization.

Tue, 20 Nov 2018 07:47:15 -0800 

This is an automated email from the ASF dual-hosted git repository.

tillt pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/mesos.git

commit 45bd70f02d9d3c9c5c9067169f020dafc4437f8b
Author: Till Toenshoff <toensh...@me.com>
AuthorDate: Tue Nov 20 14:46:25 2018 +0100

    Added test for ACCESS_MESOS_LOG authorization.
    
    Review: https://reviews.apache.org/r/69386/
---
 src/tests/authorization_tests.cpp | 54 +++++++++++++++++++++++++++++++++++++++
 1 file changed, 54 insertions(+)

diff --git a/src/tests/authorization_tests.cpp 
b/src/tests/authorization_tests.cpp
index ac52181..e85cdb6 100644
--- a/src/tests/authorization_tests.cpp
+++ b/src/tests/authorization_tests.cpp
@@ -6997,6 +6997,60 @@ TYPED_TEST(AuthorizationTest, DestroyMountDisk)
   }
 }
 
+
+// This tests the authorization to access Mesos logs.
+TYPED_TEST(AuthorizationTest, LogAccess)
+{
+  // Setup ACLs.
+  ACLs acls;
+
+  {
+    // "foo" principal can access the logs.
+    mesos::ACL::AccessMesosLog* acl = acls.add_access_mesos_logs();
+    acl->mutable_principals()->add_values("foo");
+    acl->mutable_logs()->set_type(mesos::ACL::Entity::ANY);
+  }
+
+  {
+    // Nobody else can access the logs.
+    mesos::ACL::AccessMesosLog* acl = acls.add_access_mesos_logs();
+    acl->mutable_principals()->set_type(mesos::ACL::Entity::ANY);
+    acl->mutable_logs()->set_type(mesos::ACL::Entity::NONE);
+  }
+
+  // Create an `Authorizer` with the ACLs.
+  Try<Authorizer*> create = TypeParam::create(parameterize(acls));
+  ASSERT_SOME(create);
+  Owned<Authorizer> authorizer(create.get());
+
+  {
+    authorization::Request request;
+    request.set_action(authorization::ACCESS_MESOS_LOG);
+    request.mutable_subject()->set_value("foo");
+
+    AWAIT_EXPECT_TRUE(authorizer->authorized(request));
+  }
+
+  {
+    authorization::Request request;
+    request.set_action(authorization::ACCESS_MESOS_LOG);
+    request.mutable_subject()->set_value("bar");
+    AWAIT_EXPECT_FALSE(authorizer->authorized(request));
+  }
+
+  // Test that no authorizer is created with invalid flags.
+  {
+    ACLs invalid;
+
+    mesos::ACL::AccessMesosLog* acl = invalid.add_access_mesos_logs();
+    acl->mutable_principals()->add_values("foo");
+    acl->mutable_logs()->add_values("yoda");
+
+    Try<Authorizer*> create = TypeParam::create(parameterize(invalid));
+    EXPECT_ERROR(create);
+  }
+}
+
 } // namespace tests {
 } // namespace internal {
 } // namespace mesos {

Reply via email to