mesos-reviews mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Alexander Rojas <alexan...@mesosphere.io>
Subject Re: Review Request 55887: Check task user before allowing a task to be launched on the agent.
Date Mon, 06 Feb 2017 15:12:40 GMT

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/55887/#review164351
-----------------------------------------------------------




src/slave/slave.cpp (line 1659)
<https://reviews.apache.org/r/55887/#comment236037>

    `authorizeTask()` returns a `Future<bool>`, which means you cannot be sure is going
to be ready on return. That doesn't mean you could block here.  I recomend to check [here](https://github.com/apache/mesos/blob/30f7f3e1965885406d6d3e49348bee7e7d0df9d5/src/master/master.cpp#L3345-L3380)
to follow the pattern we use in these cases. Something like:
    
    ```c++
    list<Future<bool>> authorizations;
    foreach (const TaskInfo& _task, tasks) {
      authorizations.insert(authorizeTask(_task, framework));
    }
    
    // Await calls the `.then` clause when all the futures in
    // the list reach a final state.
    await(authorizations)
      .then([](const list<Future<bool>>& authorizations) {
        // Add here the actual body of the foreach
      });
    ```


- Alexander Rojas


On Jan. 25, 2017, 1:31 a.m., Anindya Sinha wrote:
> 
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/55887/
> -----------------------------------------------------------
> 
> (Updated Jan. 25, 2017, 1:31 a.m.)
> 
> 
> Review request for mesos, Adam B, Alexander Rojas, and Jiang Yan Xu.
> 
> 
> Bugs: MESOS-6953
>     https://issues.apache.org/jira/browse/MESOS-6953
> 
> 
> Repository: mesos
> 
> 
> Description
> -------
> 
> Added support for action `run_tasks` on the agent's flag `acl`. Based on
> the ACL configured for `run_tasks`, a task to be launched on the agent
> will be (dis)allowed to launch on the agent.
> If a task or task group cannot be launched due to failed authorization,
> a `TASK_FAILED` Status Update shall be sent with a reason code of
> `REASON_TASK_UNAUTHORIZED` or `REASON_TASK_GROUP_UNAUTHORIZED` as
> applicable.
> Note that in case of a task group, all tasks fail if any of the tasks
> within the task group encounter the authorization error.
> 
> 
> Diffs
> -----
> 
>   src/slave/slave.hpp 0dadbe50be15f89b791da55fa10f1b434693ee0f 
>   src/slave/slave.cpp 0548b04073c0ba4adfc4433d75fd18c2ba79d891 
> 
> Diff: https://reviews.apache.org/r/55887/diff/
> 
> 
> Testing
> -------
> 
> All tests passed.
> 
> 
> Thanks,
> 
> Anindya Sinha
> 
>


Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message