Esempi in C++ (Cpp) per ACLs::add_destroy_volumes

Linguaggio di programmazione: C++ (Cpp)

Classe/tipologia: ACLs

Metodo/funzione: add_destroy_volumes

Esempi su hotexamples.com: 2

ACLs::add_destroy_volumes in C++ (Cpp): 2 esempi trovati. Questi sono i migliori esempi reali in C++ (Cpp) per ACLs::add_destroy_volumes, estratti da progetti open source. Li puoi valutare, per aiutarci a migliorare la qualità dei nostri esempi.

Metodi utilizzati di frequente

Mostra Nascondi

set_permissive(13)

add_register_frameworks(13)

add_run_tasks(6)

add_set_quotas(3)

add_remove_quotas(3)

add_update_quotas(2)

add_unreserve_resources(2)

add_teardown_frameworks(2)

add_create_volumes(2)

add_destroy_volumes(2)

add_reserve_resources(2)

add_get_endpoints(2)

add_shutdown_frameworks(2)

add_receive_offers(1)

add_view_executors(1)

add_view_flags(1)

add_view_frameworks(1)

add_view_roles(1)

add_view_tasks(1)

Esempio n. 1

Mostra file

File: authorization_tests.cpp Progetto: 447327642/mesos

// This tests the authorization of ACLs used for destruction
// operations on persistent volumes.
TYPED_TEST(AuthorizationTest, DestroyVolume)
{
  ACLs acls;

  // "foo" principal can destroy its own volumes.
  mesos::ACL::DestroyVolume* acl1 = acls.add_destroy_volumes();
  acl1->mutable_principals()->add_values("foo");
  acl1->mutable_creator_principals()->add_values("foo");

  // "bar" principal cannot destroy anyone's volumes.
  mesos::ACL::DestroyVolume* acl2 = acls.add_destroy_volumes();
  acl2->mutable_principals()->add_values("bar");
  acl2->mutable_creator_principals()->set_type(mesos::ACL::Entity::NONE);

  // "ops" principal can destroy anyone's volumes.
  mesos::ACL::DestroyVolume* acl3 = acls.add_destroy_volumes();
  acl3->mutable_principals()->add_values("ops");
  acl3->mutable_creator_principals()->set_type(mesos::ACL::Entity::ANY);

  // No other principals can destroy volumes.
  mesos::ACL::DestroyVolume* acl4 = acls.add_destroy_volumes();
  acl4->mutable_principals()->set_type(mesos::ACL::Entity::ANY);
  acl4->mutable_creator_principals()->set_type(mesos::ACL::Entity::NONE);

  // Create an Authorizer with the ACLs.
  Try<Authorizer*> create = TypeParam::create();
  ASSERT_SOME(create);
  Owned<Authorizer> authorizer(create.get());

  Try<Nothing> initialized = authorizer.get()->initialize(acls);
  ASSERT_SOME(initialized);

  // Principal "foo" can destroy its own volumes, so this will pass.
  mesos::ACL::DestroyVolume request1;
  request1.mutable_principals()->add_values("foo");
  request1.mutable_creator_principals()->add_values("foo");
  AWAIT_EXPECT_TRUE(authorizer.get()->authorize(request1));

  // Principal "bar" cannot destroy anyone's
  // volumes, so requests 2 and 3 will fail.
  mesos::ACL::DestroyVolume request2;
  request2.mutable_principals()->add_values("bar");
  request2.mutable_creator_principals()->add_values("foo");
  AWAIT_EXPECT_FALSE(authorizer.get()->authorize(request2));

  mesos::ACL::DestroyVolume request3;
  request3.mutable_principals()->add_values("bar");
  request3.mutable_creator_principals()->add_values("bar");
  AWAIT_EXPECT_FALSE(authorizer.get()->authorize(request3));

  // Principal "ops" can destroy anyone's volumes,
  // so requests 4 and 5 will succeed.
  mesos::ACL::DestroyVolume request4;
  request4.mutable_principals()->add_values("ops");
  request4.mutable_creator_principals()->add_values("foo");
  AWAIT_EXPECT_TRUE(authorizer.get()->authorize(request4));

  mesos::ACL::DestroyVolume request5;
  request5.mutable_principals()->add_values("ops");
  request5.mutable_creator_principals()->add_values("bar");
  request5.mutable_creator_principals()->add_values("ops");
  AWAIT_EXPECT_TRUE(authorizer.get()->authorize(request5));

  // Principal "zelda" is not mentioned in the ACLs of the Authorizer, so it
  // will be caught by the final ACL, which provides a default case that denies
  // access for all other principals. This case will fail.
  mesos::ACL::DestroyVolume request6;
  request6.mutable_principals()->add_values("zelda");
  request6.mutable_creator_principals()->add_values("foo");
  AWAIT_EXPECT_FALSE(authorizer.get()->authorize(request6));
}

Esempio n. 2

Mostra file

File: authorization_tests.cpp Progetto: Califax/mesos

// This tests the authorization of ACLs used for destruction
// operations on persistent volumes.
TYPED_TEST(AuthorizationTest, DestroyVolume)
{
  ACLs acls;

  {
    // "foo" principal can destroy its own volumes.
    mesos::ACL::DestroyVolume* acl = acls.add_destroy_volumes();
    acl->mutable_principals()->add_values("foo");
    acl->mutable_creator_principals()->add_values("foo");
  }

  {
    // "bar" principal cannot destroy anyone's volumes.
    mesos::ACL::DestroyVolume* acl = acls.add_destroy_volumes();
    acl->mutable_principals()->add_values("bar");
    acl->mutable_creator_principals()->set_type(mesos::ACL::Entity::NONE);
  }

  {
    // "ops" principal can destroy anyone's volumes.
    mesos::ACL::DestroyVolume* acl = acls.add_destroy_volumes();
    acl->mutable_principals()->add_values("ops");
    acl->mutable_creator_principals()->set_type(mesos::ACL::Entity::ANY);
  }

  {
    // No other principals can destroy volumes.
    mesos::ACL::DestroyVolume* acl = acls.add_destroy_volumes();
    acl->mutable_principals()->set_type(mesos::ACL::Entity::ANY);
    acl->mutable_creator_principals()->set_type(mesos::ACL::Entity::NONE);
  }

  // Create an `Authorizer` with the ACLs.
  Try<Authorizer*> create = TypeParam::create(parameterize(acls));
  ASSERT_SOME(create);
  Owned<Authorizer> authorizer(create.get());

  // Principal "foo" can destroy its own volumes, so this will pass.
  {
    authorization::Request request;
    request.set_action(authorization::DESTROY_VOLUME_WITH_PRINCIPAL);
    request.mutable_subject()->set_value("foo");
    request.mutable_object()->set_value("foo");
    AWAIT_EXPECT_TRUE(authorizer.get()->authorized(request));
  }

  // Principal "bar" cannot destroy anyone's
  // volumes, so requests 2 and 3 will fail.
  {
    authorization::Request request;
    request.set_action(authorization::DESTROY_VOLUME_WITH_PRINCIPAL);
    request.mutable_subject()->set_value("bar");
    request.mutable_object()->set_value("foo");
    AWAIT_EXPECT_FALSE(authorizer.get()->authorized(request));
  }

  {
    authorization::Request request;
    request.set_action(authorization::DESTROY_VOLUME_WITH_PRINCIPAL);
    request.mutable_subject()->set_value("bar");
    request.mutable_object()->set_value("bar");
    AWAIT_EXPECT_FALSE(authorizer.get()->authorized(request));
  }

  // Principal "ops" can destroy anyone's volumes,
  // so requests 4 and 5 will succeed.
  {
    authorization::Request request;
    request.set_action(authorization::DESTROY_VOLUME_WITH_PRINCIPAL);
    request.mutable_subject()->set_value("ops");
    request.mutable_object()->set_value("foo");
    AWAIT_EXPECT_TRUE(authorizer.get()->authorized(request));
  }

  {
    authorization::Request request;
    request.set_action(authorization::DESTROY_VOLUME_WITH_PRINCIPAL);
    request.mutable_subject()->set_value("ops");
    request.mutable_object()->set_value("ops");
    AWAIT_EXPECT_TRUE(authorizer.get()->authorized(request));
  }
  {
    authorization::Request request;
    request.set_action(authorization::DESTROY_VOLUME_WITH_PRINCIPAL);
    request.mutable_subject()->set_value("ops");
    request.mutable_object()->set_value("bar");
    AWAIT_EXPECT_TRUE(authorizer.get()->authorized(request));
  }

  // Principal "zelda" is not mentioned in the ACLs of the Authorizer, so it
  // will be caught by the final ACL, which provides a default case that denies
  // access for all other principals. This case will fail.
  {
    authorization::Request request;
    request.set_action(authorization::DESTROY_VOLUME_WITH_PRINCIPAL);
    request.mutable_subject()->set_value("zelda");
    request.mutable_object()->set_value("foo");
    AWAIT_EXPECT_FALSE(authorizer.get()->authorized(request));
  }
}