mesos-reviews mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Alexander Rojas <alexan...@mesosphere.io>
Subject Re: Review Request 58964: Added authorization support for operator endpoints.
Date Mon, 22 May 2017 16:05:18 GMT


> On May 17, 2017, 11:57 a.m., Adam B wrote:
> > include/mesos/authorizer/acls.proto
> > Line 354 (original), 354 (patched)
> > <https://reviews.apache.org/r/58964/diff/3/?file=1716675#file1716675line354>
> >
> >     Should this be `agents` plural?
> 
> Alexander Rojas wrote:
>     Probably, but if we want to change it it should be a blocker for 1.3.0. Once it lands
we will have to go through a six months deprecation cycle.

I created [r/59453/](https://reviews.apache.org/r/59453/), and I am talking with the release
admins to see if we can change it before release.


> On May 17, 2017, 11:57 a.m., Adam B wrote:
> > include/mesos/authorizer/authorizer.proto
> > Lines 58 (patched)
> > <https://reviews.apache.org/r/58964/diff/3/?file=1716676#file1716676line58>
> >
> >     Unused?!?
> 
> Alexander Rojas wrote:
>     sorry, original I was planning to have the request use the machine ID to be authorized.
I still think it makes sense to give the machine ID, which the authorizer could ignore. Let's
decide on that.

Well, I just modify it so authorization depends on the machine id, although the local authorizer
doesn't use it.


- Alexander


-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/58964/#review175224
-----------------------------------------------------------


On May 22, 2017, 6:05 p.m., Alexander Rojas wrote:
> 
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/58964/
> -----------------------------------------------------------
> 
> (Updated May 22, 2017, 6:05 p.m.)
> 
> 
> Review request for mesos, Adam B and Greg Mann.
> 
> 
> Bugs: MESOS-7415
>     https://issues.apache.org/jira/browse/MESOS-7415
> 
> 
> Repository: mesos
> 
> 
> Description
> -------
> 
> Adds the actions `UPDATE_MAINTENANCE_SCHEDULE`,
> `GET_MAINTENANCE_SCHEDULE`, `START_MAINTENANCE`, `STOP_MAINTENANCE`
> and `GET_MAINTENANCE_STATUS` to the authorizer API as well as the
> necesary code to handle these new actions.
> 
> While the interface `mesos::Authorizer` takes an object with type
> `MachineID` to perform authorization; the default implementation of
> the interface `mesos::LocalAuthorizer` ignores the object choosing the
> semantics of allow maintenance on all nodes or none. This was done to
> extend the capacities of custom authorizers which may have special
> rules for authorization.
> 
> 
> Diffs
> -----
> 
>   include/mesos/authorizer/acls.proto ae0b1ea2e6417d186b1606542d75f3a20e0811db 
>   include/mesos/authorizer/authorizer.hpp 4a7376fb6ca2be0a513ad54f56eea3cf8cdd024d 
>   include/mesos/authorizer/authorizer.proto c9184d151befa4cea9bdebb36a315c760e6424b2

>   src/authorizer/local/authorizer.cpp 89aaf4b712d337d519445c922606789c334e5101 
>   src/tests/authorization_tests.cpp 32aa6ac4db7854507127ea2fb88b3e92daa277c0 
> 
> 
> Diff: https://reviews.apache.org/r/58964/diff/4/
> 
> 
> Testing
> -------
> 
> make check
> 
> 
> Thanks,
> 
> Alexander Rojas
> 
>


Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message