From reviews-return-57517-apmail-mesos-reviews-archive=mesos.apache.org@mesos.apache.org Wed Mar 15 10:42:36 2017 Return-Path: X-Original-To: apmail-mesos-reviews-archive@minotaur.apache.org Delivered-To: apmail-mesos-reviews-archive@minotaur.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id 94D9B19C79 for ; Wed, 15 Mar 2017 10:42:36 +0000 (UTC) Received: (qmail 39729 invoked by uid 500); 15 Mar 2017 10:42:36 -0000 Delivered-To: apmail-mesos-reviews-archive@mesos.apache.org Received: (qmail 39694 invoked by uid 500); 15 Mar 2017 10:42:34 -0000 Mailing-List: contact reviews-help@mesos.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: reviews@mesos.apache.org Delivered-To: mailing list reviews@mesos.apache.org Received: (qmail 39683 invoked by uid 99); 15 Mar 2017 10:42:34 -0000 Received: from pnap-us-west-generic-nat.apache.org (HELO spamd3-us-west.apache.org) (209.188.14.142) by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 15 Mar 2017 10:42:34 +0000 Received: from localhost (localhost [127.0.0.1]) by spamd3-us-west.apache.org (ASF Mail Server at spamd3-us-west.apache.org) with ESMTP id 80509182177; Wed, 15 Mar 2017 10:42:33 +0000 (UTC) X-Virus-Scanned: Debian amavisd-new at spamd3-us-west.apache.org X-Spam-Flag: NO X-Spam-Score: 3.25 X-Spam-Level: *** X-Spam-Status: No, score=3.25 tagged_above=-999 required=6.31 tests=[HEADER_FROM_DIFFERENT_DOMAINS=0.001, HTML_MESSAGE=2, KAM_LAZY_DOMAIN_SECURITY=1, KAM_LOTSOFHASH=0.25, RP_MATCHES_RCVD=-0.001] autolearn=disabled Received: from mx1-lw-us.apache.org ([10.40.0.8]) by localhost (spamd3-us-west.apache.org [10.40.0.10]) (amavisd-new, port 10024) with ESMTP id Vl1vkrDOS-Mj; Wed, 15 Mar 2017 10:42:32 +0000 (UTC) Received: from mailrelay1-us-west.apache.org (mailrelay1-us-west.apache.org [209.188.14.139]) by mx1-lw-us.apache.org (ASF Mail Server at mx1-lw-us.apache.org) with ESMTP id 2E4E65F238; Wed, 15 Mar 2017 10:42:32 +0000 (UTC) Received: from reviews.apache.org (unknown [10.41.0.12]) by mailrelay1-us-west.apache.org (ASF Mail Server at mailrelay1-us-west.apache.org) with ESMTP id 97217E026E; Wed, 15 Mar 2017 10:42:31 +0000 (UTC) Received: from reviews-vm2.apache.org (localhost [IPv6:::1]) by reviews.apache.org (ASF Mail Server at reviews-vm2.apache.org) with ESMTP id 84843C4047A; Wed, 15 Mar 2017 10:42:31 +0000 (UTC) Content-Type: multipart/alternative; boundary="===============6068146022705687706==" MIME-Version: 1.0 Subject: Re: Review Request 57427: Added authorization for PULL_CONTAINER_IMAGE agent API call. From: Ilya Pronin To: Anand Mazumdar , Jie Yu , Vinod Kone , Gilbert Song Cc: Mesos Reviewbot , mesos , Ilya Pronin Date: Wed, 15 Mar 2017 10:42:31 -0000 Message-ID: <20170315104231.7929.88807@reviews-vm2.apache.org> X-ReviewBoard-URL: https://reviews.apache.org/ Auto-Submitted: auto-generated Sender: Ilya Pronin X-ReviewGroup: mesos X-Auto-Response-Suppress: DR, RN, OOF, AutoReply X-ReviewRequest-URL: https://reviews.apache.org/r/57427/ X-Sender: Ilya Pronin References: <20170314175717.7928.59574@reviews-vm2.apache.org> In-Reply-To: <20170314175717.7928.59574@reviews-vm2.apache.org> Reply-To: Ilya Pronin X-ReviewRequest-Repository: mesos --===============6068146022705687706== MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 7bit ----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/57427/ ----------------------------------------------------------- (Updated March 15, 2017, 10:42 a.m.) Review request for mesos, Anand Mazumdar, Gilbert Song, Jie Yu, and Vinod Kone. Changes ------- Rebased. Bugs: MESOS-2824 https://issues.apache.org/jira/browse/MESOS-2824 Repository: mesos Description ------- Added authorization for PULL_CONTAINER_IMAGE agent API call. Diffs (updated) ----- include/mesos/authorizer/acls.proto e75e1879435f1c2bce47a86e9feebf9d051e969b include/mesos/authorizer/authorizer.proto 736f76d552956f2351ffd40fc51d088dff83f8c8 src/authorizer/local/authorizer.cpp be8037299601427e5d5e79f58f77eea3f89579d0 src/slave/http.cpp 1ab6f9475af287a6ac09bc615fa466223a52c97d src/tests/api_tests.cpp 29ae1bcf660fb0e03af1d2192484c9ec739f3ef6 src/tests/authorization_tests.cpp cd15add7d7b01c2b316ac946e017a4d0b502237f Diff: https://reviews.apache.org/r/57427/diff/2/ Changes: https://reviews.apache.org/r/57427/diff/1-2/ Testing ------- Added `AuthorizationTest.PullContainerImage` and `AgentAPITest.PullContainerImageUnauthorized` tests. Ran `make check`. Verified manually by starting the agent with `--authenticate_http_readwrite` and sending a call with curl as a principal that is allowed to `pull_container_image`. Thanks, Ilya Pronin --===============6068146022705687706==--