mesos-reviews mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jan Schlicht <...@mesosphere.io>
Subject Re: Review Request 46203: Added authorization of the '/flags' endpoint.
Date Wed, 27 Apr 2016 12:44:58 GMT


> On April 27, 2016, 11:29 a.m., Adam B wrote:
> > src/authorizer/local/authorizer.cpp, line 213
> > <https://reviews.apache.org/r/46203/diff/18/?file=1362273#file1362273line213>
> >
> >     Does this only match exact strings, or endpoints nested under this path as well?
> >     For example, could I set an ACL that allows Dan to access "/monitor", and then
he's implicitly allowed to access "/monitor/statistics"?
> >     Maybe not necessary for LocalAuthorizer MVP, but seems valuable.

It only matches exact strings. Doing matching of "layers" like you're suggesting above would
require more effort and IMO shouldn't be part of this patch.


- Jan


-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/46203/#review130736
-----------------------------------------------------------


On April 27, 2016, 11:20 a.m., Jan Schlicht wrote:
> 
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/46203/
> -----------------------------------------------------------
> 
> (Updated April 27, 2016, 11:20 a.m.)
> 
> 
> Review request for mesos, Adam B, Alexander Rojas, and Benjamin Bannier.
> 
> 
> Bugs: MESOS-5142
>     https://issues.apache.org/jira/browse/MESOS-5142
> 
> 
> Repository: mesos
> 
> 
> Description
> -------
> 
> See summary.
> 
> 
> Diffs
> -----
> 
>   docs/configuration.md 2796a812b72f2089999b1ae2d65a4ba843b50d70 
>   include/mesos/authorizer/acls.proto c50deeb5565dfd5b3e5e7210283d9a36a3bfd579 
>   include/mesos/authorizer/authorizer.proto 40d93ea257d1df8d22eee8a21667db90d579a8fe

>   src/Makefile.am e024c6d65608a55765e527a8668c415723dcfcca 
>   src/authorizer/local/authorizer.cpp 0a3805fe4ce8eb89e096e8cd4326035513ba892b 
>   src/slave/flags.cpp a319d60c006d1104836c1c40f3617ceac9cb7b1e 
>   src/slave/http.cpp 537736d1fe42e8150bad91326299ef9a17041a8e 
>   src/slave/slave.hpp 57b18882e30e44dcc40449b0e3be8ee970c45bc8 
>   src/tests/slave_authorization_tests.cpp PRE-CREATION 
> 
> Diff: https://reviews.apache.org/r/46203/diff/
> 
> 
> Testing
> -------
> 
> make check
> 
> 
> Thanks,
> 
> Jan Schlicht
> 
>


Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message