mesos-reviews mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Joseph Wu <jos...@mesosphere.io>
Subject Re: Review Request 62637: Added an object approver to authorize requests from resource providers.
Date Wed, 15 Nov 2017 22:54:46 GMT

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/62637/#review191084
-----------------------------------------------------------




src/authorizer/local/authorizer.cpp
Lines 558-567 (patched)
<https://reviews.apache.org/r/62637/#comment268677>

    Note that the committed iteration of the standalone AuthZ code does not pass anything
to the Approver.
    
    It should be easy enough to:
    1) Create an `ObjectApprover` object that takes an `ContainerID` i.e. Part of this discarded
change: https://reviews.apache.org/r/62144/
    2) Modify the 4 APIs with `s/!authorizer->accept()/!authorizer->accept(containerId)/`


- Joseph Wu


On Oct. 16, 2017, 4:15 p.m., Chun-Hung Hsiao wrote:
> 
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/62637/
> -----------------------------------------------------------
> 
> (Updated Oct. 16, 2017, 4:15 p.m.)
> 
> 
> Review request for mesos, Alexander Rojas, Greg Mann, Jie Yu, and Joseph Wu.
> 
> 
> Bugs: MESOS-8100
>     https://issues.apache.org/jira/browse/MESOS-8100
> 
> 
> Repository: mesos
> 
> 
> Description
> -------
> 
> This patch adds `LocalImplicitResourceProviderObjectApprover`, which
> authorize standalone container calls from a resource provider if the
> container IDs are prefixed with the namespace string.
> 
> 
> Diffs
> -----
> 
>   src/authorizer/local/authorizer.cpp 2fe7b879e649b13322cfcb300c21ef1ed0fea410 
> 
> 
> Diff: https://reviews.apache.org/r/62637/diff/2/
> 
> 
> Testing
> -------
> 
> make
> 
> 
> Thanks,
> 
> Chun-Hung Hsiao
> 
>


Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message