mesos-reviews mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Adam B <a...@mesosphere.io>
Subject Re: Review Request 44322: Implemented a generalized interface for the authorizer.
Date Wed, 09 Mar 2016 09:18:00 GMT

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/44322/#review122699
-----------------------------------------------------------



A couple of quick thoughts on your WIP so far.
Also, I committed the /weights endpoint, so there'll be 1 more ACL to refactor once you rebase.
Sorry.


include/mesos/authorizer/authorizer.hpp (line 82)
<https://reviews.apache.org/r/44322/#comment184804>

    Can we get a comment?



include/mesos/authorizer/authorizer.proto (lines 34 - 41)
<https://reviews.apache.org/r/44322/#comment184803>

    s/AS/WITH/
    s/OF/WITH/
    s/FOR/WITH/



src/authorizer/local/authorizer.hpp (line 55)
<https://reviews.apache.org/r/44322/#comment184805>

    Update comment, since it no longer applies to a block of `authorize` methods.



src/master/master.cpp (line 2793)
<https://reviews.apache.org/r/44322/#comment184806>

    Someday we may want to return something besides a bool, so that the client can get back
a more meaningful error than "Forbidden", e.g. which of the N roles specified was disallowed?
    Any ideas how we would do that for the operator endpoints?



src/master/master.cpp (line 2826)
<https://reviews.apache.org/r/44322/#comment184807>

    When would this ever be empty? Shouldn't we have validated somewhere prior that the Reserve
operation is reserving at least one resource/role? I'd think this could be a CHECK.


- Adam B


On March 8, 2016, 9:07 p.m., Alexander Rojas wrote:
> 
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/44322/
> -----------------------------------------------------------
> 
> (Updated March 8, 2016, 9:07 p.m.)
> 
> 
> Review request for mesos, Adam B, Joerg Schad, and Vinod Kone.
> 
> 
> Bugs: MESOS-2950
>     https://issues.apache.org/jira/browse/MESOS-2950
> 
> 
> Repository: mesos
> 
> 
> Description
> -------
> 
> **WIP: Do not commit**
> 
> Implements the later [Generic Authorizer Interface v 0.3.1](https://docs.google.com/document/d/1-XARWJFUq0r_TgRHz_472NvLZNjbqE4G8c2JL44OSMQ)
> proposal.
> 
> It still lacks some parts:
> 
> - [ ] Doxygen in the interface.
> - [ ] Updating `authorizer.md`
> 
> Still the basic functionality is there and I don't expect it to change
> much. As I mentioned, comments aren't there yet but feel free to point
> where they are missed, at this point focusing in the actual content
> may not be relevant as the patch may change from its current form.
> 
> 
> Diffs
> -----
> 
>   include/mesos/authorizer/authorizer.hpp ec6c9928c55c3096c7de634f900419abbdd00886 
>   include/mesos/authorizer/authorizer.proto PRE-CREATION 
>   src/CMakeLists.txt 8f57a5701073bf1eaaa223383e928cf5db8f8ae4 
>   src/Makefile.am a41e95ddeb838fdebf4ced953c4a29181916e261 
>   src/authorizer/authorizer.cpp 54278b022118c40d3b976794fd472ce8d8b6a5e2 
>   src/authorizer/local/authorizer.hpp 96baf77709cf721caf46b6c2c096a843c1b5d9c0 
>   src/authorizer/local/authorizer.cpp 4e5c2c2869823ec957735cebfc80dc850d40f9eb 
>   src/master/http.cpp a3ad57a1c3f8a01aa609b28c12825670bb243387 
>   src/master/master.cpp 57ff4a39039f573b8586bc03f873f97826b97f6f 
>   src/master/quota_handler.cpp a41c91f10bc0eedc754425b4de1b3e184c4ffb08 
>   src/tests/authorization_tests.cpp 2b2297036550412a955ff479f6ec9d7dad8cb0e3 
>   src/tests/master_authorization_tests.cpp 29c89fb11da792c3e71eb880a19657ea225b3cc8 
>   src/tests/mesos.hpp 9c62833e0a64cfd62fce8cffd04f9cdd933646c8 
>   src/tests/mesos.cpp 395b23d32b2d03aef446858e197cb9788644eefa 
>   src/tests/reconciliation_tests.cpp 97112c4d64c75a16fdd7bbefd517a039fbf55b64 
> 
> Diff: https://reviews.apache.org/r/44322/diff/
> 
> 
> Testing
> -------
> 
> make -j4 check
> 
> 
> Thanks,
> 
> Alexander Rojas
> 
>


Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message