> On Aug. 31, 2020, 2:07 a.m., Qian Zhang wrote:
> > So we actually rely on `LocalImplicitResourceProviderObjectApprover` to authorize
CSI server, right?
> >
> > https://github.com/apache/mesos/blob/1.10.0/src/authorizer/local/authorizer.cpp#L1128:L1140
Yes - it seems like we should probably update the name of that class now, given this change.
I'll submit a patch to do so.
- Greg
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/72816/#review221751
-----------------------------------------------------------
On Aug. 29, 2020, 12:44 a.m., Greg Mann wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/72816/
> -----------------------------------------------------------
>
> (Updated Aug. 29, 2020, 12:44 a.m.)
>
>
> Review request for mesos and Qian Zhang.
>
>
> Repository: mesos
>
>
> Description
> -------
>
> The CSI server must use a principal when authenticating
> which contains a claim that allows the authorizer to
> implicitly approve requests from the CSI server to the
> agent's HTTP API.
>
>
> Diffs
> -----
>
> src/slave/csi_server.cpp 3f29a814daf5335a9079a9a33d77c6bee72d321d
>
>
> Diff: https://reviews.apache.org/r/72816/diff/1/
>
>
> Testing
> -------
>
> Testing details at the end of this chain. This patch is required for the upcoming tests
to pass when Mesos is built with SSL enabled.
>
>
> Thanks,
>
> Greg Mann
>
>
|