mesos-reviews mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Zhitao Li <zhitaoli...@gmail.com>
Subject Re: Review Request 66531: Added new authorization for `UpdateVolume`.
Date Thu, 19 Apr 2018 18:18:10 GMT


> On April 17, 2018, 4:14 p.m., Greg Mann wrote:
> > src/master/master.cpp
> > Lines 4924-4925 (original), 4980-4981 (patched)
> > <https://reviews.apache.org/r/66531/diff/1/?file=1995228#file1995228line4980>
> >
> >     You need to finish implementing authorization here, and below for SHRINK_VOLUME.
> 
> Zhitao Li wrote:
>     Will fix, but I have question/comments on operation authorization handling in `Master::_accept`:
>     1. We don't really check that `authorizations.size() == operations.size()`. My feeling
is that this at least leaves space for error when devs adding new operations;
>     2. we allow part of the operations which are authorized to proceed while drop unauthorized
operations. I'm not convinced it's either safe from security perspective or clear from user
perspective;
>     3. I see some comments about `We may want to retry this failed authorization request
rather than dropping it immediately.`. If authorization result is "Unavaiable" rather than
"Rejected", should that be reflected from result type?

Reading this a lot, I do not see we can safely retry failed authorization when operations
are chained. In fact, I feel that we should look into refactoring the large code blob and
extract authorization handling into its own block (rather than scattered through the `switch/case`).

That should be a separate patch though.


- Zhitao


-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/66531/#review201357
-----------------------------------------------------------


On April 10, 2018, 12:24 p.m., Zhitao Li wrote:
> 
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/66531/
> -----------------------------------------------------------
> 
> (Updated April 10, 2018, 12:24 p.m.)
> 
> 
> Review request for mesos, Chun-Hung Hsiao and Greg Mann.
> 
> 
> Bugs: MESOS-8748
>     https://issues.apache.org/jira/browse/MESOS-8748
> 
> 
> Repository: mesos
> 
> 
> Description
> -------
> 
> The new authorization action is modelled after `CreateVolume`, and will
> be shared by both `GROW_VOLUME` and `SHRINK_VOLUME` operations and
> corresponding operator APIs.
> 
> 
> Diffs
> -----
> 
>   include/mesos/authorizer/acls.proto 8ef33210644e7d2924b402a3158b1b38c1fdb464 
>   include/mesos/authorizer/authorizer.proto 1508c01130013d74ed2b2574a2428f38e3d2c064

>   src/authorizer/local/authorizer.cpp c098ba9ded1b29a2e079cf09ab80b61f6fa4af05 
>   src/master/master.hpp 0d9620dd0c232dc1df83477e838eeb7313bf8828 
>   src/master/master.cpp f7da675e8fe96159e5335c9e83b65b67ed90eda8 
> 
> 
> Diff: https://reviews.apache.org/r/66531/diff/1/
> 
> 
> Testing
> -------
> 
> Manually created ACL and verified that untrusted principals will not allow to grow/shrink
volumes.
> Also created unit test in next patch.
> 
> 
> Thanks,
> 
> Zhitao Li
> 
>


Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message