mesos-reviews mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Greg Mann" <g...@mesosphere.io>
Subject Re: Review Request 39988: [4/5] Added authorization for dynamic reservation master endpoints.
Date Wed, 02 Dec 2015 22:49:11 GMT


> On Dec. 2, 2015, 3:05 p.m., Alexander Rukletsov wrote:
> > src/master/http.cpp, lines 1035-1038
> > <https://reviews.apache.org/r/39988/diff/11/?file=1150203#file1150203line1035>
> >
> >     Let's leave a comment here, that `principal` matches `reservation().principal()`
for each resource in `operation.reserve().resources()`, hence it's OK to authorize for `principal`
and use `reservation().principal()` in `unreserve()`. Maybe a symmetrical comment in `unreserve()`
path would also make sense.
> >     
> >     Maybe if you validate before authorizing it will be more easy to understand?
> 
> Jie Yu wrote:
>     +1 on validate before authorizing. That could save us a big comment here.

I changed the order of validation with respect to authorization; hopefully that does enough
to improve readability. Let me know if you think we would benefit from an additional comment
when we validate, we can add one if necessary.


- Greg


-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/39988/#review108653
-----------------------------------------------------------


On Dec. 2, 2015, 10:47 p.m., Greg Mann wrote:
> 
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/39988/
> -----------------------------------------------------------
> 
> (Updated Dec. 2, 2015, 10:47 p.m.)
> 
> 
> Review request for mesos, Adam B, Jie Yu, Michael Park, and Till Toenshoff.
> 
> 
> Bugs: MESOS-3062
>     https://issues.apache.org/jira/browse/MESOS-3062
> 
> 
> Repository: mesos
> 
> 
> Description
> -------
> 
> Added authorization for dynamic reservation master endpoints.
> Note: this review is continued from https://reviews.apache.org/r/37126/
> 
> 
> Diffs
> -----
> 
>   src/master/http.cpp 9d729ef7f7d7ad6185934648f833e4f8a4f0a123 
>   src/tests/reservation_endpoints_tests.cpp f30ff8bc6a3e9773437fa7fd7c8f569b7d7e2d9d

> 
> Diff: https://reviews.apache.org/r/39988/diff/
> 
> 
> Testing
> -------
> 
> This is the fourth in a chain of 5 patches. Added new reservation endpoints tests to
validate authorization of reserve and unreserve operations using ACLs. `make check` was run
to test after all patches were applied.
> 
> 
> Thanks,
> 
> Greg Mann
> 
>


Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message