mesos-reviews mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Andrei Sekretenko <asekrete...@mesosphere.io>
Subject Re: Review Request 72089: Introduced `getApprover(...)` authorizer interface.
Date Thu, 27 Feb 2020 18:28:00 GMT

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/72089/
-----------------------------------------------------------

(Updated Feb. 27, 2020, 6:28 p.m.)


Review request for mesos, Benjamin Mahler and Greg Mann.


Changes
-------

Renamed `provideObjectApprover(...)` into `getApprover(...)`; extended comments, filed MESOS-10099
for Operator API authz errors followup.


Summary (updated)
-----------------

Introduced `getApprover(...)` authorizer interface.


Bugs: MESOS-10056
    https://issues.apache.org/jira/browse/MESOS-10056


Repository: mesos


Description (updated)
-------

This patch introduces a breaking change in the Authorizer interface:
`getObjectApprover(...)` method that returnes ObjectApprover
which should not be stored for a long time is replaced with
`getApprover(...)` method that returns ObjectApprover
that must be kept valid (by authorizer implementation) throughout its
whole lifetime.

This unblocks way to synchronous (without dispatch to another actor)
authorization in cases where principal is known to be long-lived;
examples are the scheduler API (see MESOS-10056) and v1 operator API
events (see MESOS-10057).

The local authorizer is modified accordingly.

NOTE: This patch breaks compatibility with custom authorizers which
do not implement this method!


Diffs (updated)
-----

  docs/authorization.md 698e485fca481d1398594f743141d1cd0af830be 
  include/mesos/authorizer/authorizer.hpp a86a6eeb592adfc267dcf3faef40e8da3471feaf 
  src/authorizer/local/authorizer.hpp 2516a37d2019c097dea4e6dbf75a7efbef3853f0 
  src/authorizer/local/authorizer.cpp 16c0ffa9c315e0a2b4127c2d325232733f0e4e75 
  src/common/http.hpp 4a0f4a8c2ee9f07032d082ed039c4ea3bba6137a 
  src/common/http.cpp c5b2a91958c870e272895520ba04fc5287891c3c 
  src/tests/api_tests.cpp 87550168d950f7c423c57627b0349d99b39881ca 
  src/tests/master_load_tests.cpp 6bbc1c061684e0c55edde6ab31ef51542d0be980 
  src/tests/mesos.hpp 73b18663d4dbf0ee179c298ea77b548d5de40921 
  src/tests/mesos.cpp 664c3027fd5bdfb1e81a4d9966fe93b2181479e4 


Diff: https://reviews.apache.org/r/72089/diff/5/

Changes: https://reviews.apache.org/r/72089/diff/4-5/


Testing
-------


Thanks,

Andrei Sekretenko


Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message