mesos-reviews mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jan Schlicht <...@mesosphere.io>
Subject Re: Review Request 67501: Added authorization for storage operations.
Date Thu, 28 Jun 2018 08:47:24 GMT 

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/67501/
-----------------------------------------------------------

(Updated June 28, 2018, 10:47 a.m.)


Review request for mesos, Benjamin Bannier and Chun-Hung Hsiao.


Changes
-------

Use `role` instead of `principal` as authorization object in `DESTROY_BLOCK_DISK` and `DESTROY_MOUNT_DISK`.


Bugs: MESOS-7329
    https://issues.apache.org/jira/browse/MESOS-7329


Repository: mesos


Description
-------

Framework operations `CREATE_VOLUME`, `DESTROY_VOLUME`, `CREATE_BLOCK`,
`DESTROY_BLOCK` are authorized. Respective ACL actions have been added
to the local authorizer. Currently access can only be given to either
'ANY' or 'NONE' resource providers.


Diffs (updated)
-----

  docs/authorization.md cd8622b9848b7a020c079cc1901e3933fa6eb0c0 
  include/mesos/authorizer/acls.proto e4889939481dabe6c1c2876a54d654f98d00dec8 
  include/mesos/authorizer/authorizer.proto bb1010d7eb97de17807b0a730ce16a4b28bc2aa3 
  src/authorizer/local/authorizer.cpp 61e9ab5ce9f1ce4eee4a3f8502c9b60140efcb7e 
  src/master/master.hpp 4180341e2c7b16503a4376c501f611bb78ba901c 
  src/master/master.cpp 4ade16f044f8a4fdafd5afaba4e6a23232f83a5a 
  src/tests/authorization_tests.cpp f6f77692112d2299f3009fde4468f82bfd934c60 


Diff: https://reviews.apache.org/r/67501/diff/6/

Changes: https://reviews.apache.org/r/67501/diff/5-6/


Testing
-------

make check


Thanks,

Jan Schlicht
Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message