mesos-reviews mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Adam B <a...@mesosphere.io>
Subject Re: Review Request 57473: Added support for authorization of Hierachical roles.
Date Tue, 11 Apr 2017 06:21:56 GMT

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/57473/#review171392
-----------------------------------------------------------



Minor comments, but it looks pretty close to shippable to me.


src/authorizer/local/authorizer.cpp
Line 202 (original), 202 (patched)
<https://reviews.apache.org/r/57473/#comment244300>

    If GET_ENDPOINT_WITH_PATH is the only one now, then you can update the comment here to
be less generic.



src/authorizer/local/authorizer.cpp
Line 458 (original), 405 (patched)
<https://reviews.apache.org/r/57473/#comment244299>

    Why isn't this a `return Error();` too?



src/authorizer/local/authorizer.cpp
Lines 517-519 (patched)
<https://reviews.apache.org/r/57473/#comment244301>

    Why are these the only checks with the `!= nullptr`? These checks weren't written that
way before, and now we're inconsistent. I'd leave it out unless there's some reason to include
it everywhere.



src/authorizer/local/authorizer.cpp
Lines 601 (patched)
<https://reviews.apache.org/r/57473/#comment244473>

    Unnecessary `break` after a `return`



src/authorizer/local/authorizer.cpp
Lines 677 (patched)
<https://reviews.apache.org/r/57473/#comment244474>

    Sounds like reason for an assert, not a mere comment.


- Adam B


On April 10, 2017, 3:11 a.m., Alexander Rojas wrote:
> 
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/57473/
> -----------------------------------------------------------
> 
> (Updated April 10, 2017, 3:11 a.m.)
> 
> 
> Review request for mesos, Adam B and Benjamin Bannier.
> 
> 
> Repository: mesos
> 
> 
> Description
> -------
> 
> Adds mechanisms to support authorization of hierarchical roles,
> that is, it allows operators to write ACLs of the form `role/%`
> which will enforce the rule for any nested role, e.g. `role/a`,
> `role/b` and such.
> 
> 
> Diffs
> -----
> 
>   src/authorizer/local/authorizer.cpp e241edf4afa48d35dbbbb94d72e8e8690f5bedfc 
> 
> 
> Diff: https://reviews.apache.org/r/57473/diff/6/
> 
> 
> Testing
> -------
> 
> `make check`
> 
> 
> Thanks,
> 
> Alexander Rojas
> 
>


Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message