mesos-reviews mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Adam B <a...@mesosphere.io>
Subject Re: Review Request 47891: Added RUN_TASK authorization action.
Date Sat, 28 May 2016 06:43:23 GMT

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/47891/#review135380
-----------------------------------------------------------




include/mesos/authorizer/authorizer.proto (line 49)
<https://reviews.apache.org/r/47891/#comment200389>

    This is a dangerous setting and should be removed as soon as we no longer need it.
    Please add a TODO comment to remove it when we remove the alias.
    Please add a top-level comment that actions in this enum should be kept in numerical order,
to prevent accidental aliasing.



include/mesos/authorizer/authorizer.proto (lines 91 - 92)
<https://reviews.apache.org/r/47891/#comment200386>

    "// set. For backwards compatibility with the deprecated alias `RUN_TASK_WITH_USER`, the
value will also be set to the operating system user."



include/mesos/authorizer/authorizer.proto (line 93)
<https://reviews.apache.org/r/47891/#comment200387>

    Put the deprecation TODO immediately above the deprecated field.



include/mesos/authorizer/authorizer.proto (line 94)
<https://reviews.apache.org/r/47891/#comment200388>

    Since this is numbered `2`, please put it between 1 and 3.



src/master/master.cpp 
<https://reviews.apache.org/r/47891/#comment200394>

    Interesting that the previous logic favored the TaskInfo.command.user over the ExecutorInfo.command.user.
    I wonder if we should reverse our evaluation ordering in the local authorizer to maintain
behavior, but I can't imagine a scenario where setting both would make a difference.



src/master/master.cpp (line 3036)
<https://reviews.apache.org/r/47891/#comment200395>

    FrameworkInfo.user is the wrong user to pass in. It should be the user calculated by the
code you removed above.


- Adam B


On May 27, 2016, 2:51 p.m., Benjamin Bannier wrote:
> 
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/47891/
> -----------------------------------------------------------
> 
> (Updated May 27, 2016, 2:51 p.m.)
> 
> 
> Review request for mesos, Adam B, Alexander Rojas, Joerg Schad, and Michael Park.
> 
> 
> Bugs: MESOS-5459
>     https://issues.apache.org/jira/browse/MESOS-5459
> 
> 
> Repository: mesos
> 
> 
> Description
> -------
> 
> Authorization requests for RUN_TASK actions can pass `SOME`
> authorization object either in a `FrameworkInfo` holding a user, or a
> `TaskInfo` with optionally a `CommandInfo` which can optionally hold a
> user. If either of these fields is set it will be used as the object;
> otherwise an `ANY` type authorization object will be created.
> 
> `RUN_TASK` aliases `RUN_TASK_WITH_USER` which becomes deprecated with
> 0.29.
> 
> 
> Diffs
> -----
> 
>   include/mesos/authorizer/authorizer.proto 3ff67858a99915e0215f3ffb9966f9ac4a3fba8c

>   src/authorizer/local/authorizer.cpp 7ddb323df09a9b0ea46c6f9543c4af059d184308 
>   src/master/master.cpp 6442762c9fdfa368d5d9d7cd43b97f5addaf7f17 
>   src/tests/authorization_tests.cpp 54bfb46a807677f4a4a2bb88dcb78a358cf5121a 
> 
> Diff: https://reviews.apache.org/r/47891/diff/
> 
> 
> Testing
> -------
> 
> Tested on a range of Linux configurations on internal CI.
> 
> 
> Thanks,
> 
> Benjamin Bannier
> 
>


Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message