mesos-reviews mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Greg Mann <g...@mesosphere.io>
Subject Re: Review Request 72816: Fixed broken authorization in the CSI server.
Date Mon, 31 Aug 2020 19:42:40 GMT


> On Aug. 31, 2020, 2:07 a.m., Qian Zhang wrote:
> > So we actually rely on `LocalImplicitResourceProviderObjectApprover` to authorize
CSI server, right?
> > 
> > https://github.com/apache/mesos/blob/1.10.0/src/authorizer/local/authorizer.cpp#L1128:L1140

Yes - it seems like we should probably update the name of that class now, given this change.
I'll submit a patch to do so.


- Greg


-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/72816/#review221751
-----------------------------------------------------------


On Aug. 29, 2020, 12:44 a.m., Greg Mann wrote:
> 
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/72816/
> -----------------------------------------------------------
> 
> (Updated Aug. 29, 2020, 12:44 a.m.)
> 
> 
> Review request for mesos and Qian Zhang.
> 
> 
> Repository: mesos
> 
> 
> Description
> -------
> 
> The CSI server must use a principal when authenticating
> which contains a claim that allows the authorizer to
> implicitly approve requests from the CSI server to the
> agent's HTTP API.
> 
> 
> Diffs
> -----
> 
>   src/slave/csi_server.cpp 3f29a814daf5335a9079a9a33d77c6bee72d321d 
> 
> 
> Diff: https://reviews.apache.org/r/72816/diff/1/
> 
> 
> Testing
> -------
> 
> Testing details at the end of this chain. This patch is required for the upcoming tests
to pass when Mesos is built with SSL enabled.
> 
> 
> Thanks,
> 
> Greg Mann
> 
>


Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message