From reviews-return-5293-apmail-mesos-reviews-archive=mesos.apache.org@mesos.apache.org Fri Jul 17 09:56:56 2015 Return-Path: X-Original-To: apmail-mesos-reviews-archive@minotaur.apache.org Delivered-To: apmail-mesos-reviews-archive@minotaur.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id 5F7EC17B2B for ; Fri, 17 Jul 2015 09:56:56 +0000 (UTC) Received: (qmail 1342 invoked by uid 500); 17 Jul 2015 09:56:56 -0000 Delivered-To: apmail-mesos-reviews-archive@mesos.apache.org Received: (qmail 1314 invoked by uid 500); 17 Jul 2015 09:56:56 -0000 Mailing-List: contact reviews-help@mesos.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: reviews@mesos.apache.org Delivered-To: mailing list reviews@mesos.apache.org Received: (qmail 1288 invoked by uid 99); 17 Jul 2015 09:56:56 -0000 Received: from reviews-vm.apache.org (HELO reviews.apache.org) (140.211.11.40) by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 17 Jul 2015 09:56:56 +0000 Received: from reviews.apache.org (localhost [127.0.0.1]) by reviews.apache.org (Postfix) with ESMTP id D3DE6BD28E; Fri, 17 Jul 2015 09:56:54 +0000 (UTC) Content-Type: multipart/alternative; boundary="===============7820533654831805992==" MIME-Version: 1.0 Subject: Re: Review Request 36049: Added support for modularized Authorizer From: "Alexander Rojas" To: "Till Toenshoff" , "Adam B" Cc: "Alexander Rojas" , "mesos" Date: Fri, 17 Jul 2015 09:56:54 -0000 Message-ID: <20150717095654.17362.73555@reviews.apache.org> X-ReviewBoard-URL: https://reviews.apache.org/ Auto-Submitted: auto-generated Sender: "Alexander Rojas" X-ReviewGroup: mesos X-Auto-Response-Suppress: DR, RN, OOF, AutoReply X-ReviewRequest-URL: https://reviews.apache.org/r/36049/ X-Sender: "Alexander Rojas" References: <20150707221240.1573.85152@reviews.apache.org> In-Reply-To: <20150707221240.1573.85152@reviews.apache.org> Reply-To: "Alexander Rojas" X-ReviewRequest-Repository: mesos --===============7820533654831805992== MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 7bit > On July 8, 2015, 12:12 a.m., Till Toenshoff wrote: > > src/local/local.cpp, line 241 > > > > > > I am assuming that the `LocalAuthorizer` should be considered unusable should its initialize function ever fail. > > > > My most favored solution here would be to log the failure and make sure that `authorizer` remains unset so that we can operate without any authorization. That would be following the approach of the authenticator `initialize` failure handling. > > > > ``` > > Try initialize = authorizer.get()->initialize(flags.acls.get()); > > > > if (initialize.isError()) { > > // A failure to initialize the authorizer does lead to unusable authorization > > // but allows actions to skip authorization. > > LOG(WARNING) << "Authorization is disabled: Failed to initialize '" > > << flags.authorizers << "' authorizer: " << initialize.error(); > > delete authorizer.get(); > > authorizer = None(); > > } > > ``` > > > > Inherited from https://github.com/apache/mesos/blob/master/src/master/master.cpp#L484 As a note, please don't use links to the master branch, use a specific review since any update on the master invalidates the line you want to show. e.g. https://github.com/apache/mesos/blob/bfe6c07b79550bb3d1f2ab6f5344d740e6eb6f60/src/master/master.cpp#L484 - Alexander ----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/36049/#review90774 ----------------------------------------------------------- On July 7, 2015, 9:34 a.m., Alexander Rojas wrote: > > ----------------------------------------------------------- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/36049/ > ----------------------------------------------------------- > > (Updated July 7, 2015, 9:34 a.m.) > > > Review request for mesos, Adam B and Till Toenshoff. > > > Bugs: MESOS-2947 > https://issues.apache.org/jira/browse/MESOS-2947 > > > Repository: mesos > > > Description > ------- > > Adds and integrates helper classes needed to support an `Authorizer` module. Also adds a flag to the master, allowing the selection of an `Authorizer` module. > > > Diffs > ----- > > include/mesos/authorizer/authorizer.hpp PRE-CREATION > include/mesos/module/authorizer.hpp PRE-CREATION > src/Makefile.am addb63f615f16ae6b25f745b2e79fd9fc0e27851 > src/authorizer/authorizer.cpp PRE-CREATION > src/local/local.cpp 1953d84c75a83f4ace944d6243456235d8a193ff > src/master/constants.hpp 7cec18b7fdfd3b96cde42a30d217c026b2695dce > src/master/constants.cpp fbcae60c43e835f96ec061bd0e9f7961e31fc341 > src/master/flags.hpp f2cd19a6edfaa4e5bb31f024ef8d5beda32fbc2f > src/master/flags.cpp 60ac64d98d53f74f904846b27a3833a7c44a9756 > src/master/main.cpp 2624b7ea4920a534c98f5dfbf9286c54c50f11a9 > src/module/manager.cpp 909ca56eea85d365cb9ebe1b3cce43051cabb670 > src/tests/cluster.hpp cfe7ef0c7a6dc62cddc3e5f5b5b28c8bcb2bed26 > > Diff: https://reviews.apache.org/r/36049/diff/ > > > Testing > ------- > > make check > > > Thanks, > > Alexander Rojas > > --===============7820533654831805992==--