mesos-reviews mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Adam B <a...@mesosphere.io>
Subject Re: Review Request 48497: Added documentation on starting to use acls.
Date Wed, 15 Jun 2016 06:50:22 GMT

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/48497/#review137673
-----------------------------------------------------------



I like it. Simple, but effective. It gives admins an easy starting point for authz, and a
path to gradually tightening their authz restrictions.


support/acls_template.json (lines 2 - 4)
<https://reviews.apache.org/r/48497/#comment202858>

    Inconsistent tabbing. In fact, you should probably just let `jq` pretty-print this for
you. Example:
    ```
    {
      "register_frameworks": [
        {
          "roles": {
            "type": "ANY"
          },
          "principals": {
            "type": "ANY"
          }
        }
      ],
      "permissive": false
    }
    ```
    (but you can move permissive back to the top if you like)



support/acls_template.json (lines 26 - 35)
<https://reviews.apache.org/r/48497/#comment202861>

    Remove duplicate (this may have once been shutdown_frameworks)


- Adam B


On June 14, 2016, 6:20 a.m., Joerg Schad wrote:
> 
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/48497/
> -----------------------------------------------------------
> 
> (Updated June 14, 2016, 6:20 a.m.)
> 
> 
> Review request for mesos, Adam B and Neil Conway.
> 
> 
> Bugs: MESOS-5583
>     https://issues.apache.org/jira/browse/MESOS-5583
> 
> 
> Repository: mesos
> 
> 
> Description
> -------
> 
> A common problem for a users starting to use
> acls is that once they set `permissive = false`  and
> not add acls allowing common operations (e.g.,
> register_framework) their Mesos cluster don't
> behave as expected. This patch adds some
> documentation and a sample acls template to
> help users to avoid this problem.
> 
> 
> Diffs
> -----
> 
>   docs/authorization.md dcf2160424771c513579063911cc14792f464821 
>   support/acls_template.json PRE-CREATION 
> 
> Diff: https://reviews.apache.org/r/48497/diff/
> 
> 
> Testing
> -------
> 
> viewed via website container.
> 
> 
> Thanks,
> 
> Joerg Schad
> 
>


Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message