----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/49201/#review140283 -----------------------------------------------------------
Fix it, then Ship it! src/common/http.cpp (line 73) <https://reviews.apache.org/r/49201/#comment205659> Can you add a comment about what this hashset represents? src/common/http.cpp (line 79) <https://reviews.apache.org/r/49201/#comment205660> extra blank line. src/common/http.cpp (line 614) <https://reviews.apache.org/r/49201/#comment205658> s/does/is/ src/common/http.cpp (line 719) <https://reviews.apache.org/r/49201/#comment205663> const & ? src/common/http.cpp (line 738) <https://reviews.apache.org/r/49201/#comment205661> s/does/is/ - Vinod Kone On June 29, 2016, 3:33 p.m., Alexander Rojas wrote: > > ----------------------------------------------------------- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/49201/ > ----------------------------------------------------------- > > (Updated June 29, 2016, 3:33 p.m.) > > > Review request for mesos, Adam B, Jan Schlicht, and Till Toenshoff. > > > Bugs: MESOS-5707 > https://issues.apache.org/jira/browse/MESOS-5707 > > > Repository: mesos > > > Description > ------- > > The fact that not all endpoints can be secure through ACLs, yet > the ACL is called `get_endpoints`, can be confusing for operators. > Therefore, if an operator tries to launch an agent/master with an > invalid configuration an error is generated. > > > Diffs > ----- > > src/authorizer/local/authorizer.cpp > 3fade4168face1cb80b30c9b69b31d9eb4126222 > src/common/http.hpp 55bd0ac81af80c656a4a80766a3e4b21db9cf0cf > src/common/http.cpp 95e8fb672b49a00860c64f818cc734fa22cf3516 > src/slave/http.cpp 44d8cc98c0c1ada9d5313a3fe5c66029c9c373c6 > src/slave/slave.hpp 2afd7d152dcd2f5390014cd7bd4e926b62c292d1 > src/tests/authorization_tests.cpp 9b99da138fa27a725738d70bd99e889b108b44ae > src/tests/scheduler_driver_tests.cpp > 217185780e3576faf633dd9629ae93a275fac284 > > Diff: https://reviews.apache.org/r/49201/diff/ > > > Testing > ------- > > `make check` and following scripts: > > ```sh > #! /usr/bin/env bash > > rm -rf /tmp/mesos/* > > cat <<EOF > /tmp/credentials.txt > foo bar > baz bar > EOF > > cat <<EOF > /tmp/acls.json > { > "permissive": false, > "get_endpoints" : [ > { > "principals" : { "values" : ["foo"] }, > "paths" : { "values" : ["/frameworks"] } > } > ] > } > EOF > > # Fails to start up with a message saying that `/frameworks` > # ins't supported. > ./bin/mesos-slave.sh --work_dir=/tmp/mesos/slave \ > --master=127.0.0.1:5050 \ > --authenticate_http \ > --http_credentials=file:///tmp/credentials.txt \ > --acls=file:///tmp/acls.json & > > ``` > > and > > > ```sh > #! /usr/bin/env bash > > rm -rf /tmp/mesos/* > > cat <<EOF > /tmp/credentials.txt > foo bar > baz bar > EOF > > cat <<EOF > /tmp/acls.json > { > "permissive": false, > "get_endpoints" : [ > { > "principals" : { "values" : ["foo"] }, > "paths" : { "values" : ["/monitor/statistics", > "/monitor/statistics.json", "/containers"] } > } > ] > } > EOF > > ./bin/mesos-master.sh --work_dir=/tmp/mesos/master \ > --authenticate_http \ > --log_dir=/tmp/mesos/logs/master \ > --http_credentials=file:///tmp/credentials.txt \ > --acls=file:///tmp/acls.json & > ./bin/mesos-slave.sh --work_dir=/tmp/mesos/slave \ > --master=127.0.0.1:5050 \ > --authenticate_http \ > --http_credentials=file:///tmp/credentials.txt \ > --acls=file:///tmp/acls.json & > > # Following requests succeed (200 OK response) > http http://localhost:5051/monitor/statistics -a foo:bar > http http://localhost:5051/monitor/statistics.json -a foo:bar > http http://localhost:5051/monitor/containers -a foo:bar > > # Following requests fail (403 forbidden response) > http http://localhost:5051/monitor/statistics -a baz:bar > http http://localhost:5051/monitor/statistics.json -a baz:bar > http http://localhost:5051/monitor/containers -a baz:bar > > ``` > > > Thanks, > > Alexander Rojas > >
