Apache Mesos
authorizer.hpp
Go to the documentation of this file.
1 // Licensed to the Apache Software Foundation (ASF) under one
2 // or more contributor license agreements. See the NOTICE file
3 // distributed with this work for additional information
4 // regarding copyright ownership. The ASF licenses this file
5 // to you under the Apache License, Version 2.0 (the
6 // "License"); you may not use this file except in compliance
7 // with the License. You may obtain a copy of the License at
8 //
9 // http://www.apache.org/licenses/LICENSE-2.0
10 //
11 // Unless required by applicable law or agreed to in writing, software
12 // distributed under the License is distributed on an "AS IS" BASIS,
13 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14 // See the License for the specific language governing permissions and
15 // limitations under the License.
16 
17 #ifndef __AUTHORIZER_AUTHORIZER_HPP__
18 #define __AUTHORIZER_AUTHORIZER_HPP__
19 
21 
22 #include <process/future.hpp>
23 #include <process/once.hpp>
24 
25 #include <stout/error.hpp>
26 #include <stout/nothing.hpp>
27 #include <stout/option.hpp>
28 #include <stout/try.hpp>
29 
30 namespace mesos {
31 
32 // Forward declaration.
33 class Parameters;
34 class ACLs;
35 
36 namespace internal {
37 
38 // Forward declaration.
39 class LocalAuthorizerProcess;
40 
41 // This Authorizer is constructed with all the required ACLs upfront.
43 {
44 public:
45  // Creates a LocalAuthorizer.
46  // Never returns a nullptr, instead sets the Try to error.
47  //
48  // This factory needs to return a raw pointer so it can be
49  // used in typed tests.
50  static Try<Authorizer*> create(const ACLs& acls);
51 
52  // Creates a LocalAuthorizer.
53  // Never returns a nullptr, instead sets the Try to error.
54  //
55  // This factory needs to return a raw pointer so it can be
56  // used in typed tests.
57  //
58  // It extracts its ACLs from a parameter with key 'acls'.
59  // If such key does not exists or its contents cannot be
60  // parse, an error is returned.
61  static Try<Authorizer*> create(const Parameters& parameters);
62 
63  virtual ~LocalAuthorizer();
64 
66  const authorization::Request& request);
67 
69  const Option<authorization::Subject>& subject,
70  const authorization::Action& action);
71 
72 private:
73  LocalAuthorizer(const ACLs& acls);
74 
75  static Option<Error> validate(const ACLs& acls);
76 
77  LocalAuthorizerProcess* process;
78 };
79 
80 } // namespace internal {
81 } // namespace mesos {
82 
83 #endif // __AUTHORIZER_AUTHORIZER_HPP__
Definition: option.hpp:28
Future< Response > request(const Request &request, bool streamedResponse=false)
Asynchronously sends an HTTP request to the process and returns the HTTP response once the entire res...
Definition: try.hpp:34
virtual process::Future< bool > authorized(const authorization::Request &request)
Checks with the identity server back end whether request is allowed by the policies of the identity s...
Definition: authorizer.hpp:42
static Try< Authorizer * > create(const ACLs &acls)
This interface is used to enable an identity service or any other back end to check authorization pol...
Definition: authorizer.hpp:243
virtual process::Future< process::Owned< ObjectApprover > > getObjectApprover(const Option< authorization::Subject > &subject, const authorization::Action &action)
Creates an ObjectApprover which can synchronously check authorization on an object.