mesos-reviews mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Alexander Rojas <alexan...@mesosphere.io>
Subject Re: Review Request 58096: Added authorization for frameworks in /roles endpoint.
Date Wed, 10 May 2017 12:25:49 GMT

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/58096/#review174445
-----------------------------------------------------------




src/master/http.cpp
Line 406 (original), 412-418 (patched)
<https://reviews.apache.org/r/58096/#comment247620>

    More compact and readable if you do:
    
    ```c++
    if (approveViewFrameworkInfo(frameworkApprover, framework->info)) {
      writer->element(frameworkId.value());
    }
    ```



src/master/http.cpp
Lines 422 (patched)
<https://reviews.apache.org/r/58096/#comment247619>

    I think this comment should be in the previous patch.


- Alexander Rojas


On May 8, 2017, 9:56 a.m., Jay Guo wrote:
> 
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/58096/
> -----------------------------------------------------------
> 
> (Updated May 8, 2017, 9:56 a.m.)
> 
> 
> Review request for mesos, Adam B, Alexander Rojas, and Benjamin Mahler.
> 
> 
> Bugs: MESOS-7260
>     https://issues.apache.org/jira/browse/MESOS-7260
> 
> 
> Repository: mesos
> 
> 
> Description
> -------
> 
> While /roles displays a list of frameworksIds that register with
> a role, it did NOT filter them based on VIEW_FRAMEWORK ACL, which
> impose a security risk. This patch fixed this issue by taking a
> frameworksApprover in `Master::Http::roles()` which is used to
> filter framework IDs.
> 
> 
> Diffs
> -----
> 
>   src/master/http.cpp e2590a17044ac019b24a24629428d4ec8adc0c31 
> 
> 
> Diff: https://reviews.apache.org/r/58096/diff/5/
> 
> 
> Testing
> -------
> 
> see next patch in the chain.
> 
> 
> Thanks,
> 
> Jay Guo
> 
>


Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message