-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/47530/
-----------------------------------------------------------
(Updated May 18, 2016, 7:59 p.m.)
Review request for mesos, Adam B, Alexander Rukletsov, Greg Mann, Jan Schlicht,
and Till Toenshoff.
Bugs: MESOS-5317
https://issues.apache.org/jira/browse/MESOS-5317
Repository: mesos
Description (updated)
-------
Added authorization to agent's '/containers' endpoint.
Diffs (updated)
-----
docs/endpoints/slave/containers.md 959f40b9db4de4b6cea456ecf7bcb402f7a94f05
src/slave/http.cpp fb48ec61e2fe0c83f80d3b8aa4c2ef5a96b748ae
src/slave/slave.hpp 209f071448e3c52d16d3366d564003ee36b1d2e0
src/tests/slave_authorization_tests.cpp
843cf1c631e0a25125ca1c0c0028ad1a920c2c2f
Diff: https://reviews.apache.org/r/47530/diff/
Testing
-------
## Unit tests.
On ubuntu 16.04:
`sudo GTEST_FILTER="*SlaveEndpointTest*.*" make -j2 check`
## Manual testing.
1. Ran master with:
```
sudo ./bin/mesos-master.sh --ip=127.0.0.1 --work_dir=/var/lib/mesos
```
2. ACL File:
```
{
"get_endpoints": [
{
"principals": { "type": "NONE" },
"paths": { "values": ["/flags", "/monitor/statistics", "/containers"] }
}
]
}
```
3. Ran slave with:
```
sudo ./bin/mesos-slave.sh --master=127.0.0.1:5050 --ip=0.0.0.0
--acls=file:///home/abhishek/testAcl
```
4. Ran toy-framework with:
```
sudo ./no-executor-framework --master=master@127.0.0.1:5050 --command="echo
hello"
```
5. Output while hitting "http://127.0.0.1:5051/slave(1)/containers" - HTTP
error 403: Forbidden
6. Changed ACL to:
```
{
"get_endpoints": [
{
"principals": { "type": "ANY" },
"paths": { "values": ["/flags", "/monitor/statistics", "/containers"] }
}
]
}
```
7. Ran slave and framework again.
8. Output:
```
[{"container_id":"9b8a6a51-68be-4763-9c7d-b67e85fccb4a","executor_id":"42","executor_name":"Command
Executor (Task: 42) (Command: sh -c 'echo hello')","framework_id":"52.......
```
Thanks,
Abhishek Dasgupta
