Return-Path: <reviews-return-62404-archive-asf-public=cust-asf.ponee.io@mesos.apache.org>
X-Original-To: archive-asf-public-internal@cust-asf2.ponee.io
Delivered-To: archive-asf-public-internal@cust-asf2.ponee.io
Received: from cust-asf.ponee.io (cust-asf.ponee.io [163.172.22.183])
	by cust-asf2.ponee.io (Postfix) with ESMTP id 7CE9A200CAE
	for <archive-asf-public-internal@cust-asf2.ponee.io>; Wed, 21 Jun 2017 20:00:28 +0200 (CEST)
Received: by cust-asf.ponee.io (Postfix)
	id 7AFAF160BD5; Wed, 21 Jun 2017 18:00:28 +0000 (UTC)
Delivered-To: archive-asf-public@cust-asf.ponee.io
Received: from mail.apache.org (hermes.apache.org [140.211.11.3])
	by cust-asf.ponee.io (Postfix) with SMTP id C1A58160BD0
	for <archive-asf-public@cust-asf.ponee.io>; Wed, 21 Jun 2017 20:00:27 +0200 (CEST)
Received: (qmail 59808 invoked by uid 500); 21 Jun 2017 18:00:27 -0000
Mailing-List: contact reviews-help@mesos.apache.org; run by ezmlm
Precedence: bulk
List-Help: <mailto:reviews-help@mesos.apache.org>
List-Unsubscribe: <mailto:reviews-unsubscribe@mesos.apache.org>
List-Post: <mailto:reviews@mesos.apache.org>
List-Id: <reviews.mesos.apache.org>
Reply-To: reviews@mesos.apache.org
Delivered-To: mailing list reviews@mesos.apache.org
Received: (qmail 59789 invoked by uid 99); 21 Jun 2017 18:00:26 -0000
Received: from pnap-us-west-generic-nat.apache.org (HELO spamd1-us-west.apache.org) (209.188.14.142)
    by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 21 Jun 2017 18:00:26 +0000
Received: from localhost (localhost [127.0.0.1])
	by spamd1-us-west.apache.org (ASF Mail Server at spamd1-us-west.apache.org) with ESMTP id 5ACC1CEEBF;
	Wed, 21 Jun 2017 18:00:26 +0000 (UTC)
X-Virus-Scanned: Debian amavisd-new at spamd1-us-west.apache.org
X-Spam-Flag: NO
X-Spam-Score: 4.442
X-Spam-Level: ****
X-Spam-Status: No, score=4.442 tagged_above=-999 required=6.31
	tests=[DKIM_ADSP_CUSTOM_MED=0.001, FREEMAIL_REPLYTO_END_DIGIT=0.25,
	HEADER_FROM_DIFFERENT_DOMAINS=0.001, HTML_MESSAGE=2,
	KAM_LAZY_DOMAIN_SECURITY=1, NML_ADSP_CUSTOM_MED=1.2,
	T_RP_MATCHES_RCVD=-0.01] autolearn=disabled
Received: from mx1-lw-eu.apache.org ([10.40.0.8])
	by localhost (spamd1-us-west.apache.org [10.40.0.7]) (amavisd-new, port 10024)
	with ESMTP id DGUNUHmDLqpF; Wed, 21 Jun 2017 18:00:25 +0000 (UTC)
Received: from mailrelay1-us-west.apache.org (mailrelay1-us-west.apache.org [209.188.14.139])
	by mx1-lw-eu.apache.org (ASF Mail Server at mx1-lw-eu.apache.org) with ESMTP id B899D5FB7F;
	Wed, 21 Jun 2017 18:00:24 +0000 (UTC)
Received: from reviews.apache.org (unknown [10.41.0.12])
	by mailrelay1-us-west.apache.org (ASF Mail Server at mailrelay1-us-west.apache.org) with ESMTP id 19BA6E0069;
	Wed, 21 Jun 2017 18:00:24 +0000 (UTC)
Received: from reviews-vm2.apache.org (localhost [IPv6:::1])
	by reviews.apache.org (ASF Mail Server at reviews-vm2.apache.org) with ESMTP id 199BDC404B8;
	Wed, 21 Jun 2017 18:00:24 +0000 (UTC)
Content-Type: multipart/alternative;
 boundary="===============0147339864580020920=="
MIME-Version: 1.0
Subject: Re: Review Request 58096: Added authorization for frameworks in /roles
 endpoint.
From: Jay Guo <guojiannan1101@gmail.com>
To: Adam B <adam@mesosphere.io>, Benjamin Mahler <bmahler@apache.org>,
 Alexander Rojas <alexander@mesosphere.io>
Cc: Jay Guo <guojiannan1101@gmail.com>, mesos <reviews@mesos.apache.org>
Date: Wed, 21 Jun 2017 18:00:24 -0000
Message-ID: <20170621180024.12058.35802@reviews-vm2.apache.org>
X-ReviewBoard-URL: https://reviews.apache.org/
Auto-Submitted: auto-generated
Sender: Jay Guo <noreply@reviews.apache.org>
X-ReviewGroup: mesos
X-Auto-Response-Suppress: DR, RN, OOF, AutoReply
X-ReviewRequest-URL: https://reviews.apache.org/r/58096/
X-Sender: Jay Guo <noreply@reviews.apache.org>
References: <20170510163300.14549.36667@reviews-vm2.apache.org>
In-Reply-To: <20170510163300.14549.36667@reviews-vm2.apache.org>
Reply-To: Jay Guo <guojiannan1101@gmail.com>
X-ReviewRequest-Repository: mesos
archived-at: Wed, 21 Jun 2017 18:00:28 -0000

--===============0147339864580020920==
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit


-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/58096/
-----------------------------------------------------------

(Updated June 22, 2017, 2 a.m.)


Review request for mesos, Adam B, Alexander Rojas, and Benjamin Mahler.


Changes
-------

rebase & address comments


Bugs: MESOS-7260
    https://issues.apache.org/jira/browse/MESOS-7260


Repository: mesos


Description
-------

While /roles displays a list of frameworksIds that register with
a role, it did NOT filter them based on VIEW_FRAMEWORK ACL, which
impose a security risk. This patch fixed this issue by taking a
frameworksApprover in `Master::Http::roles()` which is used to
filter framework IDs.


Diffs (updated)
-----

  src/master/http.cpp 4dd43fd7c3fb986f4eed78bce574b6d3af156b67 


Diff: https://reviews.apache.org/r/58096/diff/8/

Changes: https://reviews.apache.org/r/58096/diff/7-8/


Testing
-------

see next patch in the chain.


Thanks,

Jay Guo


--===============0147339864580020920==--