mesos-reviews mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Adam B <a...@mesosphere.io>
Subject Re: Review Request 45922: Added agent authorization flags.
Date Wed, 20 Apr 2016 07:26:33 GMT

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/45922/#review129694
-----------------------------------------------------------



Looks great. So very close! Just an unnecessary slave::start() parameter in cluster.hpp, and
dubious error when authorization is completely disabled in a test.
I'll review the /flags authz now, so I can see how these flags/APIs will be used.


docs/configuration.md (line 889)
<https://reviews.apache.org/r/45922/#comment193214>

    `s/flag --authorizer/--authorizer flag/`



docs/configuration.md (line 890)
<https://reviews.apache.org/r/45922/#comment193213>

    s/different/other/



docs/configuration.md (line 932)
<https://reviews.apache.org/r/45922/#comment193215>

    `s/flag --authorizer/--authorizer flag/`



docs/configuration.md (line 933)
<https://reviews.apache.org/r/45922/#comment193222>

    s/different/other/



docs/configuration.md (line 935)
<https://reviews.apache.org/r/45922/#comment193219>

    "See the ACLs protobuf in authorizer.proto for the expected format." (like in the flags)
    Or is this really "acls.proto" now?



src/slave/flags.cpp (line 453)
<https://reviews.apache.org/r/45922/#comment193217>

    `s/flag --authorizer/--authorizer flag/`



src/slave/flags.cpp (line 454)
<https://reviews.apache.org/r/45922/#comment193218>

    s/different/other/



src/slave/flags.cpp (line 457)
<https://reviews.apache.org/r/45922/#comment193229>

    Isn't this acls.proto now?



src/slave/flags.cpp (line 733)
<https://reviews.apache.org/r/45922/#comment193220>

    `--authorizer flag`



src/slave/flags.cpp (line 734)
<https://reviews.apache.org/r/45922/#comment193221>

    s/different/other/



src/slave/main.cpp (line 291)
<https://reviews.apache.org/r/45922/#comment193223>

    `s/flag --foo/--foo flag/g`



src/slave/main.cpp (line 292)
<https://reviews.apache.org/r/45922/#comment193224>

    "non-default"
    s/it will be used and //



src/tests/cluster.hpp (line 151)
<https://reviews.apache.org/r/45922/#comment193225>

    Why do you even need the overload for the authorizer here? Seems like most tests will
either provide --acls and use the default, or set the modules/authorizer flags. We can leave
this part out until a test needs it.



src/tests/cluster.cpp (lines 406 - 412)
<https://reviews.apache.org/r/45922/#comment193228>

    Why is it an error to start an agent with no authorizer and no ACLs? What if I don't want
to do any authorization?



src/tests/mesos.cpp (line 179)
<https://reviews.apache.org/r/45922/#comment193226>

    "Set default (permissive) ACLs."



src/tests/mesos.cpp (line 180)
<https://reviews.apache.org/r/45922/#comment193227>

    This assumes we separate master and agent ACLs in the local authorizer, which your next
patch seems to ignore


- Adam B


On April 18, 2016, 2:49 a.m., Jan Schlicht wrote:
> 
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/45922/
> -----------------------------------------------------------
> 
> (Updated April 18, 2016, 2:49 a.m.)
> 
> 
> Review request for mesos, Adam B and Alexander Rojas.
> 
> 
> Bugs: MESOS-5142
>     https://issues.apache.org/jira/browse/MESOS-5142
> 
> 
> Repository: mesos
> 
> 
> Description
> -------
> 
> See summary.
> 
> 
> Diffs
> -----
> 
>   docs/configuration.md cd9733002a0940f44edd4e56593a0ca3fe9f77f5 
>   src/local/local.cpp df72ac52110b75d63df1076496b48e63d06d42ce 
>   src/slave/constants.hpp 9978c11fec40055dd42f19c20cd3e9fef4e78cea 
>   src/slave/flags.hpp ee520acc459564fe68272950948fc80c5e24513a 
>   src/slave/flags.cpp 10d2974bd2b6e79255fc894979607f0d2d00c315 
>   src/slave/main.cpp 38bd00584dd9c6a872398678b2288edeed1cd2a4 
>   src/slave/slave.hpp f78c1b4e4d5378ef7223c6eb3ea45491c30fb4c1 
>   src/slave/slave.cpp d82dec2b10d496065013eb4ad6a35dc054b72553 
>   src/tests/cluster.hpp 887342acc72b33b4c904d610da47394f9a7d7188 
>   src/tests/cluster.cpp 31d2556a078429dd45315aa74cd21ad436372d31 
>   src/tests/mesos.hpp e4b63d41d883807ac39846799468b80e88c84e0b 
>   src/tests/mesos.cpp b5937af7713e1ee2af475518b3e968b2defa8beb 
> 
> Diff: https://reviews.apache.org/r/45922/diff/
> 
> 
> Testing
> -------
> 
> make check
> 
> 
> Thanks,
> 
> Jan Schlicht
> 
>


Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message