mesos-reviews mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Adam B <a...@mesosphere.io>
Subject Re: Review Request 58096: Added authorization for frameworks in /roles endpoint.
Date Wed, 17 May 2017 08:08:34 GMT

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/58096/#review175213
-----------------------------------------------------------



Looks pretty good to me. Just a few minor comments


src/master/http.cpp
Lines 3504 (patched)
<https://reviews.apache.org/r/58096/#comment248641>

    What makes a role "active"? Having `active` frameworks registered for that role? This
function seems to return a list of all roles that have one or more weights, quota, reservations,
or registered frameworks associated with them. More accurate would be to call it `knownRoles`.



src/master/http.cpp
Lines 3507 (patched)
<https://reviews.apache.org/r/58096/#comment248639>

    Nit: `ObjectApprover` singular, since it's a single approver that can approve/deny multiple
frameworks, not an approver per framework.



src/master/http.cpp
Lines 3524 (patched)
<https://reviews.apache.org/r/58096/#comment248644>

    `futures` is an over-vague variable name, especially since neither are Futures by this
point. Can we do better?


- Adam B


On May 10, 2017, 9:33 a.m., Jay Guo wrote:
> 
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/58096/
> -----------------------------------------------------------
> 
> (Updated May 10, 2017, 9:33 a.m.)
> 
> 
> Review request for mesos, Adam B, Alexander Rojas, and Benjamin Mahler.
> 
> 
> Bugs: MESOS-7260
>     https://issues.apache.org/jira/browse/MESOS-7260
> 
> 
> Repository: mesos
> 
> 
> Description
> -------
> 
> While /roles displays a list of frameworksIds that register with
> a role, it did NOT filter them based on VIEW_FRAMEWORK ACL, which
> impose a security risk. This patch fixed this issue by taking a
> frameworksApprover in `Master::Http::roles()` which is used to
> filter framework IDs.
> 
> 
> Diffs
> -----
> 
>   src/master/http.cpp e2590a17044ac019b24a24629428d4ec8adc0c31 
> 
> 
> Diff: https://reviews.apache.org/r/58096/diff/7/
> 
> 
> Testing
> -------
> 
> see next patch in the chain.
> 
> 
> Thanks,
> 
> Jay Guo
> 
>


Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message