mesos-reviews mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Qian Zhang <zhq527...@gmail.com>
Subject Re: Review Request 72816: Fixed broken authorization in the CSI server.
Date Mon, 31 Aug 2020 02:07:08 GMT

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/72816/#review221751
-----------------------------------------------------------


Ship it!




So we actually rely on `LocalImplicitResourceProviderObjectApprover` to authorize CSI server,
right?

https://github.com/apache/mesos/blob/1.10.0/src/authorizer/local/authorizer.cpp#L1128:L1140

- Qian Zhang


On Aug. 29, 2020, 8:44 a.m., Greg Mann wrote:
> 
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/72816/
> -----------------------------------------------------------
> 
> (Updated Aug. 29, 2020, 8:44 a.m.)
> 
> 
> Review request for mesos and Qian Zhang.
> 
> 
> Repository: mesos
> 
> 
> Description
> -------
> 
> The CSI server must use a principal when authenticating
> which contains a claim that allows the authorizer to
> implicitly approve requests from the CSI server to the
> agent's HTTP API.
> 
> 
> Diffs
> -----
> 
>   src/slave/csi_server.cpp 3f29a814daf5335a9079a9a33d77c6bee72d321d 
> 
> 
> Diff: https://reviews.apache.org/r/72816/diff/1/
> 
> 
> Testing
> -------
> 
> Testing details at the end of this chain. This patch is required for the upcoming tests
to pass when Mesos is built with SSL enabled.
> 
> 
> Thanks,
> 
> Greg Mann
> 
>


Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message