mesos-reviews mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Alexander Rojas <alexan...@mesosphere.io>
Subject Re: Review Request 56178: Enabled the authorizer to work with MULTI_ROLE frameworks.
Date Mon, 06 Feb 2017 11:32:37 GMT


> On Feb. 3, 2017, 11:26 a.m., Adam B wrote:
> > src/authorizer/local/authorizer.cpp, line 244
> > <https://reviews.apache.org/r/56178/diff/1/?file=1621348#file1621348line244>
> >
> >     Seems like framework_info is always set, so how/why would we ever fall through
to the other cases?
> 
> Benjamin Bannier wrote:
>     Yes, this is currently dead code. I was also wondering whether it should be removed,
but decided against it since it provides some level of redundancy as long as `value` still
exists and code in the master and in authorizers might not evolve consistently.
>     
>     Do you believe it should be removed?

The main reason the `object->value` is still there, is that the local authorizer is a reference
implementation for module writers who want to build their own modules, as such, it does provide
a reference. I myself will vote to remove the `value` field if possible. However, we makred
as deprecated in November 2016 which means we need it there until June (at the same time it
had said it is supposed to be removed on 1.2).


- Alexander


-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/56178/#review164109
-----------------------------------------------------------


On Feb. 3, 2017, 1:10 p.m., Benjamin Bannier wrote:
> 
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/56178/
> -----------------------------------------------------------
> 
> (Updated Feb. 3, 2017, 1:10 p.m.)
> 
> 
> Review request for mesos, Adam B, Alexander Rojas, and Benjamin Mahler.
> 
> 
> Bugs: MESOS-7022
>     https://issues.apache.org/jira/browse/MESOS-7022
> 
> 
> Repository: mesos
> 
> 
> Description
> -------
> 
> This updates the local authorizer so that MULTI_ROLE frameworks can be
> authorized.
> 
> For non-MULTI_ROLE frameworks we continue to support use of the
> deprecated 'value' field in the authorization request's 'Object';
> however for MULTI_ROLE frameworks the 'value' field will not be set,
> and authorizers still relying on it should be updated to instead use
> the object's 'framework_info' field to extract roles to authorize
> against from.
> 
> 
> Diffs
> -----
> 
>   src/authorizer/local/authorizer.cpp b98e1fcdf2ee5ec1f6ac0be6f8accdefaa390a09 
>   src/master/master.cpp 284566ca72bd5c6bd581db9b65d404f86aa7bf61 
> 
> Diff: https://reviews.apache.org/r/56178/diff/
> 
> 
> Testing
> -------
> 
> Tested on various configurations in internal CI.
> 
> 
> Thanks,
> 
> Benjamin Bannier
> 
>


Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message