mesos-reviews mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Benjamin Bannier <benjamin.bann...@mesosphere.io>
Subject Re: Review Request 56178: Enabled the authorizer to work with MULTI_ROLE frameworks.
Date Fri, 03 Feb 2017 12:10:42 GMT


> On Feb. 3, 2017, 11:26 a.m., Adam B wrote:
> > src/authorizer/local/authorizer.cpp, line 241
> > <https://reviews.apache.org/r/56178/diff/1/?file=1621348#file1621348line241>
> >
> >     Does this return a list with a single role, if the framework fills in `framework_info.role`
instead of `framework_info.roles`?
> >     
> >     Is there a reason you can't just use `framework_info.roles()` here instead of
using the protobuf util?

Yes, this helper returns single element lists for  single-role frameworks.

The helper is used here since it frees us from introducing extra logic here to either examine
`role` or `roles`, depending on the framework's capabilities.


> On Feb. 3, 2017, 11:26 a.m., Adam B wrote:
> > src/authorizer/local/authorizer.cpp, line 244
> > <https://reviews.apache.org/r/56178/diff/1/?file=1621348#file1621348line244>
> >
> >     Seems like framework_info is always set, so how/why would we ever fall through
to the other cases?

Yes, this is currently dead code. I was also wondering whether it should be removed, but decided
against it since it provides some level of redundancy as long as `value` still exists and
code in the master and in authorizers might not evolve consistently.

Do you believe it should be removed?


- Benjamin


-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/56178/#review164109
-----------------------------------------------------------


On Feb. 3, 2017, 1:10 p.m., Benjamin Bannier wrote:
> 
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/56178/
> -----------------------------------------------------------
> 
> (Updated Feb. 3, 2017, 1:10 p.m.)
> 
> 
> Review request for mesos, Adam B, Alexander Rojas, and Benjamin Mahler.
> 
> 
> Bugs: MESOS-7022
>     https://issues.apache.org/jira/browse/MESOS-7022
> 
> 
> Repository: mesos
> 
> 
> Description
> -------
> 
> This updates the local authorizer so that MULTI_ROLE frameworks can be
> authorized.
> 
> For non-MULTI_ROLE frameworks we continue to support use of the
> deprecated 'value' field in the authorization request's 'Object';
> however for MULTI_ROLE frameworks the 'value' field will not be set,
> and authorizers still relying on it should be updated to instead use
> the object's 'framework_info' field to extract roles to authorize
> against from.
> 
> 
> Diffs
> -----
> 
>   src/authorizer/local/authorizer.cpp b98e1fcdf2ee5ec1f6ac0be6f8accdefaa390a09 
>   src/master/master.cpp 284566ca72bd5c6bd581db9b65d404f86aa7bf61 
> 
> Diff: https://reviews.apache.org/r/56178/diff/
> 
> 
> Testing
> -------
> 
> Tested on various configurations in internal CI.
> 
> 
> Thanks,
> 
> Benjamin Bannier
> 
>


Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message