mesos-reviews mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Adam B <a...@mesosphere.io>
Subject Re: Review Request 47794: Added authorization support for mesos::internal::Files.
Date Thu, 26 May 2016 09:54:29 GMT

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/47794/#review134949
-----------------------------------------------------------


Fix it, then Ship it!




Question about attaching to "/", but otherwise shippable after fixing a couple nits.


src/files/files.cpp (line 156)
<https://reviews.apache.org/r/47794/#comment199924>

    s/principa/principal/



src/files/files.cpp (line 325)
<https://reviews.apache.org/r/47794/#comment199926>

    This loop exits when `Path(requestedPath).dirname() == requestedPath`, which means the
loop breaks when we get to "/"; but we don't check for `authorizations["/"]`, so we won't
perform authorization if a caller had attached a local directory to virtual path "/" (is that
even possible?)



src/files/files.hpp (lines 70 - 72)
<https://reviews.apache.org/r/47794/#comment199927>

    Not quite sure what the wrapping/indentation here should be, but in `hierarchical_allocator_tests.cpp`,
Joris(/BenH) wraps after `Option<lambda::function<`, followed by a 4-space indent.
    That's great, but then the next line is still 4char over, so I'd wrap `authorized = None());`
onto the next line as you did. But rather than align it with the previous line, I would probably
indent it by another 4 spaces to show that it is a continuation of the previous line, not
another parameter at the same level as the previous line.



src/files/files.cpp (lines 265 - 266)
<https://reviews.apache.org/r/47794/#comment199937>

    Mesos doesn't do it now, but nothing prevents us from attaching "/", which would be cleaned
to "". Is this ok? Should we at least have a check for attaching root/empty path? Let's add
a unit test (can be a separate patch).


- Adam B


On May 25, 2016, 6:07 p.m., Alexander Rojas wrote:
> 
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/47794/
> -----------------------------------------------------------
> 
> (Updated May 25, 2016, 6:07 p.m.)
> 
> 
> Review request for mesos, Adam B, Benjamin Mahler, Joerg Schad, Michael Park, and Vinod
Kone.
> 
> 
> Bugs: MESOS-5153
>     https://issues.apache.org/jira/browse/MESOS-5153
> 
> 
> Repository: mesos
> 
> 
> Description
> -------
> 
> Adds an optional parameter to the `mesos::internal::Files::attach()`
> method. The type of this parameter is a callable object which returns
> a future to a boolean and takes as parameter an optional string
> representing a principal name.
> 
> The parameter is called, if set, whenever one of the routed endpoints
> of the `Files` object is accessed through HTTP. If the callable object
> returns a false boolean, then processing of the request is aborted
> and a `403 Forbidden` response is returned.
> 
> 
> Diffs
> -----
> 
>   src/files/files.hpp 90acb3406c46c164108deb559af71fb109a5773b 
>   src/files/files.cpp e4b0ada00aabba6553810391f4015a896f8a69a5 
>   src/tests/files_tests.cpp 5d6620d13babaf0bb7f9c888bb1b4fa2228b6ccd 
> 
> Diff: https://reviews.apache.org/r/47794/diff/
> 
> 
> Testing
> -------
> 
> On OSX:
> `make check`
> 
> 
> Thanks,
> 
> Alexander Rojas
> 
>


Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message