mesos-reviews mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Benjamin Bannier <benjamin.bann...@mesosphere.io>
Subject Re: Review Request 57166: Updated role validation for hierarchical roles.
Date Wed, 01 Mar 2017 10:43:16 GMT

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/57166/#review167254
-----------------------------------------------------------



I wonder if it would make sense to introduce some more knowledge about role hierarchies here
to give the user clearer diagnostics; a role `A/B` could be though of as semantically a role
`B` with a parent role `A` and as a user it might make sense to think of both `A` and `B`
as roles (this picture works as long we are in the hierarchy below `A`, and do not have roles
like `C/B` in the picture).

With that we wouldn't talk of _path components_ when validating, but instead directly call
each element a role. I believe this might possibly also simplify the implementation, e.g.,
(pseudocode)

    def validate(role):
      # Split `role` keeping empty elements
      for element in strings.split(role, '/'):
        # validate `element` with existing non-hierarchical role validation

With that validation e.g., a role `A/../B` would yield an `Error("Role name '..' is invalid")`,
or a role `A//B` an `Error("Empty role name is invalid")`.

- Benjamin Bannier


On Feb. 28, 2017, 9:23 p.m., Neil Conway wrote:
> 
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/57166/
> -----------------------------------------------------------
> 
> (Updated Feb. 28, 2017, 9:23 p.m.)
> 
> 
> Review request for mesos, Benjamin Bannier and Michael Park.
> 
> 
> Repository: mesos
> 
> 
> Description
> -------
> 
> Role names can now contain forward slashes. Each component in a role
> name must now be validated separately.
> 
> 
> Diffs
> -----
> 
>   src/common/roles.cpp 31774a9b8f99f5efeed35b1c3e3486e05ca00f6a 
>   src/tests/role_tests.cpp 77f3d46a544a51ba71476e2f0735bb32758dd9e1 
> 
> 
> Diff: https://reviews.apache.org/r/57166/diff/1/
> 
> 
> Testing
> -------
> 
> `make check`
> 
> 
> Thanks,
> 
> Neil Conway
> 
>


Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message