mesos-reviews mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Meng Zhu <m...@mesosphere.io>
Subject Re: Review Request 70549: Added authorization for `UpdateQuota` call in the master.
Date Wed, 22 May 2019 12:48:46 GMT


> On May 9, 2019, 6:43 a.m., Alexander Rukletsov wrote:
> > include/mesos/authorizer/authorizer.proto
> > Lines 138-140 (original), 139-144 (patched)
> > <https://reviews.apache.org/r/70549/diff/2/?file=2143530#file2143530line139>
> >
> >     If my understanding is correct, both `UPDATE_QUOTA` and `UPDATE_QUOTA_CONFIG`
are per role but use different objects in payload. Can we convert `QuotaConfig` to `QuotaInfo`
for the purpose of authorization and spare extra action altogether? I see that authorization
implementation is identical and does not rely on differences between `QuotaConfig` and `QuotaInfo`.

We cannot convert QuotaConfig to QuotaInfo without loss of information (e.g. limits).
While the local authorizer only looks at the role field, it is not guaranteed that an external
module could look into other info of the QuotaInfo. This is why a new authorization is needed.


> On May 9, 2019, 6:43 a.m., Alexander Rukletsov wrote:
> > include/mesos/authorizer/authorizer.proto
> > Lines 143 (patched)
> > <https://reviews.apache.org/r/70549/diff/2/?file=2143530#file2143530line143>
> >
> >     If you do plan to keep this action, the naming convention in this file suggests:
`UPDATE_QUOTA_WITH_CONFIG` or `UPDATE_QUOTA_WITH_QUOTA_CONFIG`.

Sounds good.


- Meng


-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/70549/#review215160
-----------------------------------------------------------


On May 22, 2019, 5:48 a.m., Meng Zhu wrote:
> 
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/70549/
> -----------------------------------------------------------
> 
> (Updated May 22, 2019, 5:48 a.m.)
> 
> 
> Review request for mesos, Alexander Rukletsov, Andrei Sekretenko, and Benjamin Mahler.
> 
> 
> Bugs: MESOS-9640
>     https://issues.apache.org/jira/browse/MESOS-9640
> 
> 
> Repository: mesos
> 
> 
> Description
> -------
> 
> A new authorizable action `UPDATE_QUOTA_WITH_CONFIG` is added.
> This disambiguates with the old action `UPDATE_QUOTA` which
> are used for the old `SetQuota` and `RemoveQuota` calls.
> `UPDATE_QUOTA` action requires `QuotaInfo` as the object while
> the new `UpdatedQuota` call uses `QuotaConfig`. To keep it compatible
> with any external authorization modules, a new action  is introduced.
> 
> 
> Diffs
> -----
> 
>   include/mesos/authorizer/authorizer.proto e2740c402732bb37db991ec92b9301e58b33215b

>   src/master/master.hpp 5ad128d00d3cdf0dca89eb637ae196987bdce412 
>   src/master/quota_handler.cpp a18d8bafda5604d1844f7f7ed31d4ea80fbf6d04 
>   src/tests/master_authorization_tests.cpp ee69910a34416728bf14ed23f4a6faae6c1204a0 
> 
> 
> Diff: https://reviews.apache.org/r/70549/diff/3/
> 
> 
> Testing
> -------
> 
> make check
> 
> 
> Thanks,
> 
> Meng Zhu
> 
>


Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message