----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/47921/#review135122 -----------------------------------------------------------
Patch looks great! Reviews applied: [47794, 47795, 47921] Passed command: export OS='ubuntu:14.04' BUILDTOOL='autotools' COMPILER='gcc' CONFIGURATION='--verbose' ENVIRONMENT='GLOG_v=1 MESOS_VERBOSE=1'; ./support/docker_build.sh - Mesos ReviewBot On May 26, 2016, 10:45 p.m., Alexander Rojas wrote: > > ----------------------------------------------------------- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/47921/ > ----------------------------------------------------------- > > (Updated May 26, 2016, 10:45 p.m.) > > > Review request for mesos, Adam B, Joerg Schad, and Michael Park. > > > Bugs: MESOS-5153 > https://issues.apache.org/jira/browse/MESOS-5153 > > > Repository: mesos > > > Description > ------- > > Uses the authorization primitives in `mesos::internal::Files` to add > protection of the Mesos logs on both master and agents. > > > Diffs > ----- > > include/mesos/authorizer/acls.proto > ace9b698f46e1437911115c82324a87a0d7827fb > include/mesos/authorizer/authorizer.proto > 02d1a01d57cf34b38524f4368187878b03343537 > src/authorizer/local/authorizer.cpp > 3c7c791bde65cfcbcc4e319c9ccc487ab37d8029 > src/master/master.hpp 1a875c32eddfb6d884e3d0dda7f5716ee53966c3 > src/master/master.cpp 0005a29caabcc6a3776037cf86a2b12660e6377b > src/slave/slave.hpp 0de6a570e8b4699771048295ec3fcedf84593495 > src/slave/slave.cpp 470b5c82ea6ff01d799b06245609725853300ef1 > > Diff: https://reviews.apache.org/r/47921/diff/ > > > Testing > ------- > > `make check` > > and the script > > ```bash > #! /usr/bin/env bash > > rm -rf /tmp/mesos/* > > cat <<EOF > /tmp/credentials.txt > foo bar > baz bar > EOF > > cat <<EOF > /tmp/acls.json > { > "permissive": false, > "access_mesos_log" : [ > { > "principals" : { "values" : ["foo"] }, > "logs" : { "type" : "ANY" } > } > ] > } > EOF > > ./bin/mesos-master.sh --work_dir=/tmp/mesos/master \ > --authenticate_http \ > --credentials=file:///tmp/credentials.txt \ > --acls=file:///tmp/acls.json \ > --log_dir=/tmp/mesos/logs/master & > ./bin/mesos-slave.sh --work_dir=/tmp/mesos/agent \ > --master=127.0.0.1:5050 \ > --authenticate_http \ > --http_credentials=file:///tmp/credentials.txt \ > --acls=file:///tmp/acls.json \ > --log_dir=/tmp/mesos/logs/agent & > > # This should yield a 200 OK response > http GET http://127.0.0.1:5051/files/download?path=/slave/log -a foo:bar > > # This should yield a 200 OK response > http GET http://127.0.0.1:5050/files/download?path=/master/log/ -a foo:bar > > > # This shold yield a 403 Forbidden response > http GET http://127.0.0.1:5051/files/download?path=/slave/log -a baz:bar > > # This shold yield a 403 Forbidden response > http GET http://127.0.0.1:5050/files/download?path=/master/log/ -a baz:bar > ``` > > > Thanks, > > Alexander Rojas > >
