Return-Path: X-Original-To: archive-asf-public-internal@cust-asf2.ponee.io Delivered-To: archive-asf-public-internal@cust-asf2.ponee.io Received: from cust-asf.ponee.io (cust-asf.ponee.io [163.172.22.183]) by cust-asf2.ponee.io (Postfix) with ESMTP id 7A510200C61 for ; Tue, 11 Apr 2017 08:22:02 +0200 (CEST) Received: by cust-asf.ponee.io (Postfix) id 78EF7160BA5; Tue, 11 Apr 2017 06:22:02 +0000 (UTC) Delivered-To: archive-asf-public@cust-asf.ponee.io Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by cust-asf.ponee.io (Postfix) with SMTP id C0BC6160B99 for ; Tue, 11 Apr 2017 08:22:01 +0200 (CEST) Received: (qmail 67574 invoked by uid 500); 11 Apr 2017 06:22:00 -0000 Mailing-List: contact reviews-help@mesos.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: reviews@mesos.apache.org Delivered-To: mailing list reviews@mesos.apache.org Received: (qmail 67563 invoked by uid 99); 11 Apr 2017 06:22:00 -0000 Received: from pnap-us-west-generic-nat.apache.org (HELO spamd4-us-west.apache.org) (209.188.14.142) by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 11 Apr 2017 06:22:00 +0000 Received: from localhost (localhost [127.0.0.1]) by spamd4-us-west.apache.org (ASF Mail Server at spamd4-us-west.apache.org) with ESMTP id 2CA71C023E; Tue, 11 Apr 2017 06:22:00 +0000 (UTC) X-Virus-Scanned: Debian amavisd-new at spamd4-us-west.apache.org X-Spam-Flag: NO X-Spam-Score: 3 X-Spam-Level: *** X-Spam-Status: No, score=3 tagged_above=-999 required=6.31 tests=[HEADER_FROM_DIFFERENT_DOMAINS=0.001, HTML_MESSAGE=2, KAM_LAZY_DOMAIN_SECURITY=1, RP_MATCHES_RCVD=-0.001] autolearn=disabled Received: from mx1-lw-us.apache.org ([10.40.0.8]) by localhost (spamd4-us-west.apache.org [10.40.0.11]) (amavisd-new, port 10024) with ESMTP id wmRut6wmw6Db; Tue, 11 Apr 2017 06:21:58 +0000 (UTC) Received: from mailrelay1-us-west.apache.org (mailrelay1-us-west.apache.org [209.188.14.139]) by mx1-lw-us.apache.org (ASF Mail Server at mx1-lw-us.apache.org) with ESMTP id CB9A25FAF3; Tue, 11 Apr 2017 06:21:57 +0000 (UTC) Received: from reviews.apache.org (unknown [10.41.0.12]) by mailrelay1-us-west.apache.org (ASF Mail Server at mailrelay1-us-west.apache.org) with ESMTP id 65631E00A7; Tue, 11 Apr 2017 06:21:57 +0000 (UTC) Received: from reviews-vm2.apache.org (localhost [IPv6:::1]) by reviews.apache.org (ASF Mail Server at reviews-vm2.apache.org) with ESMTP id 1ED66C401AA; Tue, 11 Apr 2017 06:21:57 +0000 (UTC) Content-Type: multipart/alternative; boundary="===============5653271942649094901==" MIME-Version: 1.0 Subject: Re: Review Request 57473: Added support for authorization of Hierachical roles. From: Adam B To: Benjamin Bannier , Adam B Cc: mesos , Alexander Rojas Date: Tue, 11 Apr 2017 06:21:56 -0000 Message-ID: <20170411062156.15481.96313@reviews-vm2.apache.org> X-ReviewBoard-URL: https://reviews.apache.org/ Auto-Submitted: auto-generated Sender: Adam B X-ReviewGroup: mesos X-Auto-Response-Suppress: DR, RN, OOF, AutoReply X-ReviewRequest-URL: https://reviews.apache.org/r/57473/ X-Sender: Adam B References: <20170410101102.31743.79892@reviews-vm2.apache.org> In-Reply-To: <20170410101102.31743.79892@reviews-vm2.apache.org> Reply-To: Adam B X-ReviewRequest-Repository: mesos archived-at: Tue, 11 Apr 2017 06:22:02 -0000 --===============5653271942649094901== MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 7bit ----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/57473/#review171392 ----------------------------------------------------------- Minor comments, but it looks pretty close to shippable to me. src/authorizer/local/authorizer.cpp Line 202 (original), 202 (patched) If GET_ENDPOINT_WITH_PATH is the only one now, then you can update the comment here to be less generic. src/authorizer/local/authorizer.cpp Line 458 (original), 405 (patched) Why isn't this a `return Error();` too? src/authorizer/local/authorizer.cpp Lines 517-519 (patched) Why are these the only checks with the `!= nullptr`? These checks weren't written that way before, and now we're inconsistent. I'd leave it out unless there's some reason to include it everywhere. src/authorizer/local/authorizer.cpp Lines 601 (patched) Unnecessary `break` after a `return` src/authorizer/local/authorizer.cpp Lines 677 (patched) Sounds like reason for an assert, not a mere comment. - Adam B On April 10, 2017, 3:11 a.m., Alexander Rojas wrote: > > ----------------------------------------------------------- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/57473/ > ----------------------------------------------------------- > > (Updated April 10, 2017, 3:11 a.m.) > > > Review request for mesos, Adam B and Benjamin Bannier. > > > Repository: mesos > > > Description > ------- > > Adds mechanisms to support authorization of hierarchical roles, > that is, it allows operators to write ACLs of the form `role/%` > which will enforce the rule for any nested role, e.g. `role/a`, > `role/b` and such. > > > Diffs > ----- > > src/authorizer/local/authorizer.cpp e241edf4afa48d35dbbbb94d72e8e8690f5bedfc > > > Diff: https://reviews.apache.org/r/57473/diff/6/ > > > Testing > ------- > > `make check` > > > Thanks, > > Alexander Rojas > > --===============5653271942649094901==--