----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/47530/ -----------------------------------------------------------
(Updated May 18, 2016, 7:59 p.m.) Review request for mesos, Adam B, Alexander Rukletsov, Greg Mann, Jan Schlicht, and Till Toenshoff. Bugs: MESOS-5317 https://issues.apache.org/jira/browse/MESOS-5317 Repository: mesos Description (updated) ------- Added authorization to agent's '/containers' endpoint. Diffs (updated) ----- docs/endpoints/slave/containers.md 959f40b9db4de4b6cea456ecf7bcb402f7a94f05 src/slave/http.cpp fb48ec61e2fe0c83f80d3b8aa4c2ef5a96b748ae src/slave/slave.hpp 209f071448e3c52d16d3366d564003ee36b1d2e0 src/tests/slave_authorization_tests.cpp 843cf1c631e0a25125ca1c0c0028ad1a920c2c2f Diff: https://reviews.apache.org/r/47530/diff/ Testing ------- ## Unit tests. On ubuntu 16.04: `sudo GTEST_FILTER="*SlaveEndpointTest*.*" make -j2 check` ## Manual testing. 1. Ran master with: ``` sudo ./bin/mesos-master.sh --ip=127.0.0.1 --work_dir=/var/lib/mesos ``` 2. ACL File: ``` { "get_endpoints": [ { "principals": { "type": "NONE" }, "paths": { "values": ["/flags", "/monitor/statistics", "/containers"] } } ] } ``` 3. Ran slave with: ``` sudo ./bin/mesos-slave.sh --master=127.0.0.1:5050 --ip=0.0.0.0 --acls=file:///home/abhishek/testAcl ``` 4. Ran toy-framework with: ``` sudo ./no-executor-framework --master=master@127.0.0.1:5050 --command="echo hello" ``` 5. Output while hitting "http://127.0.0.1:5051/slave(1)/containers" - HTTP error 403: Forbidden 6. Changed ACL to: ``` { "get_endpoints": [ { "principals": { "type": "ANY" }, "paths": { "values": ["/flags", "/monitor/statistics", "/containers"] } } ] } ``` 7. Ran slave and framework again. 8. Output: ``` [{"container_id":"9b8a6a51-68be-4763-9c7d-b67e85fccb4a","executor_id":"42","executor_name":"Command Executor (Task: 42) (Command: sh -c 'echo hello')","framework_id":"52....... ``` Thanks, Abhishek Dasgupta