This is an automated email from the ASF dual-hosted git repository. tillt pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/mesos.git
commit 45bd70f02d9d3c9c5c9067169f020dafc4437f8b Author: Till Toenshoff <toensh...@me.com> AuthorDate: Tue Nov 20 14:46:25 2018 +0100 Added test for ACCESS_MESOS_LOG authorization. Review: https://reviews.apache.org/r/69386/ --- src/tests/authorization_tests.cpp | 54 +++++++++++++++++++++++++++++++++++++++ 1 file changed, 54 insertions(+) diff --git a/src/tests/authorization_tests.cpp b/src/tests/authorization_tests.cpp index ac52181..e85cdb6 100644 --- a/src/tests/authorization_tests.cpp +++ b/src/tests/authorization_tests.cpp @@ -6997,6 +6997,60 @@ TYPED_TEST(AuthorizationTest, DestroyMountDisk) } } + +// This tests the authorization to access Mesos logs. +TYPED_TEST(AuthorizationTest, LogAccess) +{ + // Setup ACLs. + ACLs acls; + + { + // "foo" principal can access the logs. + mesos::ACL::AccessMesosLog* acl = acls.add_access_mesos_logs(); + acl->mutable_principals()->add_values("foo"); + acl->mutable_logs()->set_type(mesos::ACL::Entity::ANY); + } + + { + // Nobody else can access the logs. + mesos::ACL::AccessMesosLog* acl = acls.add_access_mesos_logs(); + acl->mutable_principals()->set_type(mesos::ACL::Entity::ANY); + acl->mutable_logs()->set_type(mesos::ACL::Entity::NONE); + } + + // Create an `Authorizer` with the ACLs. + Try<Authorizer*> create = TypeParam::create(parameterize(acls)); + ASSERT_SOME(create); + Owned<Authorizer> authorizer(create.get()); + + { + authorization::Request request; + request.set_action(authorization::ACCESS_MESOS_LOG); + request.mutable_subject()->set_value("foo"); + + AWAIT_EXPECT_TRUE(authorizer->authorized(request)); + } + + { + authorization::Request request; + request.set_action(authorization::ACCESS_MESOS_LOG); + request.mutable_subject()->set_value("bar"); + AWAIT_EXPECT_FALSE(authorizer->authorized(request)); + } + + // Test that no authorizer is created with invalid flags. + { + ACLs invalid; + + mesos::ACL::AccessMesosLog* acl = invalid.add_access_mesos_logs(); + acl->mutable_principals()->add_values("foo"); + acl->mutable_logs()->add_values("yoda"); + + Try<Authorizer*> create = TypeParam::create(parameterize(invalid)); + EXPECT_ERROR(create); + } +} + } // namespace tests { } // namespace internal { } // namespace mesos {