----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/47530/#review133897 -----------------------------------------------------------
Fix it, then Ship it! I'll take care of the outstanding issues and commit this for you in a jiffy. src/slave/http.cpp (line 769) <https://reviews.apache.org/r/47530/#comment198570> This looks fishy. I understand why you do this, but we should resolve https://issues.apache.org/jira/browse/MESOS-5293 ASAP src/slave/http.cpp (lines 781 - 785) <https://reviews.apache.org/r/47530/#comment198572> Why do you need to move `.repair` here? src/slave/slave.hpp (line 23) <https://reviews.apache.org/r/47530/#comment198571> We don't need it here any more. Move it back to cpp. - Alexander Rukletsov On May 18, 2016, 8 p.m., Abhishek Dasgupta wrote: > > ----------------------------------------------------------- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/47530/ > ----------------------------------------------------------- > > (Updated May 18, 2016, 8 p.m.) > > > Review request for mesos, Adam B, Alexander Rukletsov, Greg Mann, Jan > Schlicht, and Till Toenshoff. > > > Bugs: MESOS-5317 > https://issues.apache.org/jira/browse/MESOS-5317 > > > Repository: mesos > > > Description > ------- > > Used GET_ENDPOINT_WITH_PATH coarse-grained authz on agent's > '/containers' endpoint to enable authorization on this endpoint. > Updated docs and testcases as well. > > > Diffs > ----- > > docs/endpoints/slave/containers.md 959f40b9db4de4b6cea456ecf7bcb402f7a94f05 > src/slave/http.cpp fb48ec61e2fe0c83f80d3b8aa4c2ef5a96b748ae > src/slave/slave.hpp 209f071448e3c52d16d3366d564003ee36b1d2e0 > src/tests/slave_authorization_tests.cpp > 843cf1c631e0a25125ca1c0c0028ad1a920c2c2f > > Diff: https://reviews.apache.org/r/47530/diff/ > > > Testing > ------- > > ## Unit tests. > > On ubuntu 16.04: > `sudo GTEST_FILTER="*SlaveEndpointTest*.*" make -j2 check` > > ## Manual testing. > > 1. Ran master with: > ``` > sudo ./bin/mesos-master.sh --ip=127.0.0.1 --work_dir=/var/lib/mesos > ``` > > 2. ACL File: > ``` > { > "get_endpoints": [ > { > "principals": { "type": "NONE" }, > "paths": { "values": ["/flags", "/monitor/statistics", "/containers"] > } > } > ] > } > ``` > > 3. Ran slave with: > ``` > sudo ./bin/mesos-slave.sh --master=127.0.0.1:5050 --ip=0.0.0.0 > --acls=file:///home/abhishek/testAcl > ``` > > 4. Ran toy-framework with: > ``` > sudo ./no-executor-framework --master=master@127.0.0.1:5050 --command="echo > hello" > ``` > > 5. Output while hitting "http://127.0.0.1:5051/slave(1)/containers" - HTTP > error 403: Forbidden > > 6. Changed ACL to: > ``` > { > "get_endpoints": [ > { > "principals": { "type": "ANY" }, > "paths": { "values": ["/flags", "/monitor/statistics", "/containers"] > } > } > ] > } > ``` > > 7. Ran slave and framework again. > > 8. Output: > ``` > > [{"container_id":"9b8a6a51-68be-4763-9c7d-b67e85fccb4a","executor_id":"42","executor_name":"Command > Executor (Task: 42) (Command: sh -c 'echo hello')","framework_id":"52....... > ``` > > > Thanks, > > Abhishek Dasgupta > >
