mesos-reviews mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Alexander Rojas" <alexan...@mesosphere.io>
Subject Re: Review Request 33295: Added firewall mechanism to control access on libprocess http endpoints.
Date Wed, 24 Jun 2015 14:23:30 GMT


> On June 9, 2015, 2:32 a.m., Ben Mahler wrote:
> > 3rdparty/libprocess/src/process.cpp, line 1986
> > <https://reviews.apache.org/r/33295/diff/10/?file=980631#file980631line1986>
> >
> >     We've generally avoided looping using references, although I see why you did
here. Was there a reason that you needed apply to be non-const?
> >     
> >     ```
> >     foreach (const Owned<FirewallRule>& rule, firewallRules) {
> >     
> >     }
> >     ```

Since `rule` is an interface, we cannot guarantee that the rule doesn't keep an state. I can
think of rules of the type: Allow this endpoint _n_ times, which will require a counter. In
such cases, we cannot use `const` here.


> On June 9, 2015, 2:32 a.m., Ben Mahler wrote:
> > 3rdparty/libprocess/src/tests/process_tests.cpp, lines 1923-1927
> > <https://reviews.apache.org/r/33295/diff/10/?file=980632#file980632line1923>
> >
> >     Any plan to add initializer list support for hashset?

A Jira entry was created for this MESOS-2924


- Alexander


-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/33295/#review87100
-----------------------------------------------------------


On June 8, 2015, 12:09 p.m., Alexander Rojas wrote:
> 
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/33295/
> -----------------------------------------------------------
> 
> (Updated June 8, 2015, 12:09 p.m.)
> 
> 
> Review request for mesos, Adam B, Benjamin Hindman, Bernd Mathiske, and Till Toenshoff.
> 
> 
> Bugs: MESOS-2620
>     https://issues.apache.org/jira/browse/MESOS-2620
> 
> 
> Repository: mesos
> 
> 
> Description
> -------
> 
> Introduces the interface `FirewallRule` which will be matched against incoming connections
in order to allow them to be served or being blocked. For details, check the [design doc](https://docs.google.com/document/d/1JSJTJMJ6ZXLkCSmvOIabTLrjtqqr0E-u99Rx2BHR1hs/edit).
> 
> 
> Diffs
> -----
> 
>   3rdparty/libprocess/include/Makefile.am f45e7c5c0fad063cc0b34ec7977cef685c2909d3 
>   3rdparty/libprocess/include/process/firewall.hpp PRE-CREATION 
>   3rdparty/libprocess/include/process/process.hpp 79d1719932a3fdc90b6247d3a77adee123e72435

>   3rdparty/libprocess/src/process.cpp d1b4d469a11abc618c1406bce602300dd9793b58 
>   3rdparty/libprocess/src/tests/process_tests.cpp 7b9ba9e70e1fe7a22b26444b3bd928208fecd491

> 
> Diff: https://reviews.apache.org/r/33295/diff/
> 
> 
> Testing
> -------
> 
> make check
> 
> 
> Thanks,
> 
> Alexander Rojas
> 
>


Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message