mesos-reviews mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Joerg Schad <jo...@mesosphere.io>
Subject Re: Review Request 46613: Introduced filtering relevant actions and acls.
Date Wed, 25 May 2016 20:57:32 GMT

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/46613/#review134813
-----------------------------------------------------------




include/mesos/authorizer/acls.proto (line 200)
<https://reviews.apache.org/r/46613/#comment199723>

    task only



include/mesos/authorizer/acls.proto (line 211)
<https://reviews.apache.org/r/46613/#comment199724>

    executor only



include/mesos/authorizer/authorizer.proto (line 73)
<https://reviews.apache.org/r/46613/#comment199726>

    `VIEW_FRAMEWORK` will FwkInfo set.  
    
    add blank lines in between.



include/mesos/authorizer/authorizer.proto (line 75)
<https://reviews.apache.org/r/46613/#comment199727>

    `VIEW_TASK` will have (Task or TINFO) and FWKInf set



include/mesos/authorizer/authorizer.proto (line 76)
<https://reviews.apache.org/r/46613/#comment199732>

    .. and Fwkinfo for the case



src/authorizer/local/authorizer.cpp (line 57)
<https://reviews.apache.org/r/46613/#comment199735>

    static



src/authorizer/local/authorizer.cpp (line 108)
<https://reviews.apache.org/r/46613/#comment199736>

    static



src/authorizer/local/authorizer.cpp (line 170)
<https://reviews.apache.org/r/46613/#comment199739>

    _acls/acls



src/authorizer/local/authorizer.cpp (line 174)
<https://reviews.apache.org/r/46613/#comment199738>

    members receive trailing underscore



src/authorizer/local/authorizer.cpp (line 178)
<https://reviews.apache.org/r/46613/#comment199740>

    { next line



src/authorizer/local/authorizer.cpp (line 180)
<https://reviews.apache.org/r/46613/#comment199741>

    check indentation



src/authorizer/local/authorizer.cpp (line 192)
<https://reviews.apache.org/r/46613/#comment199742>

    make this CHECK



src/authorizer/local/authorizer.cpp (line 204)
<https://reviews.apache.org/r/46613/#comment199743>

    identation



src/authorizer/local/authorizer.cpp (line 218)
<https://reviews.apache.org/r/46613/#comment199745>

    move &&



src/authorizer/local/authorizer.cpp (line 238)
<https://reviews.apache.org/r/46613/#comment199747>

    indentation



src/authorizer/local/authorizer.cpp (line 239)
<https://reviews.apache.org/r/46613/#comment199748>

    else if


- Joerg Schad


On May 25, 2016, 4:55 p.m., Joerg Schad wrote:
> 
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/46613/
> -----------------------------------------------------------
> 
> (Updated May 25, 2016, 4:55 p.m.)
> 
> 
> Review request for mesos, Adam B, Alexander Rojas, and Michael Park.
> 
> 
> Bugs: MESOS-5169
>     https://issues.apache.org/jira/browse/MESOS-5169
> 
> 
> Repository: mesos
> 
> 
> Description
> -------
> 
> In order to allow for framework and task level filtering we introduce
> the following authorizer actions:
> * VIEW_FRAMEWORK
> * VIEW_TASK
> * VIEW_EXECUTOR
> 
> Note that we need different actions for authorizing a tasks
> based on the object being authorized.
> 
> We also introduce the following acls for the local authorizer:
> * ViewFramework  (giving access to frameworks running under
>   a specific OS user)
> * ViewTask  (giving access to Tasks run under a
>     specific OS user)
> * ViewExecutors (giving access to Executors run under a
>     specific OS user)
> 
> 
> Diffs
> -----
> 
>   include/mesos/authorizer/acls.proto b178f53a299a2941afc073af963f6aff26af1ca8 
>   include/mesos/authorizer/authorizer.proto 911a2271211249a41c4467f6754e9996f640bf38

>   src/authorizer/local/authorizer.cpp dc53bc4374aea98b5ed41ade5617374d2447229b 
> 
> Diff: https://reviews.apache.org/r/46613/diff/
> 
> 
> Testing
> -------
> 
> make check (OSX)
> 
> 
> Thanks,
> 
> Joerg Schad
> 
>


Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message